Commit Graph

2454 Commits (c9d86a9240f56a6025141a0a1beb8c03a9a78e8d)

Author SHA1 Message Date
James Elliott 0da770d900
docs: misc fixes (#2186)
This fixes misc broken links in the docs as well as an invalid viewBox element.
2021-07-15 13:21:47 +10:00
James Elliott 76189b86b7
docs(oidc): misc docs fixes and additional references (#2185)
This fixes a few anchor issues in the OpenID Connect docs, as well as adds some additional references and fixes the name of one of the endpoints.
2021-07-15 13:04:44 +10:00
James Elliott c794d57afc
perf(authentication): improve active directory default users filter (#2181)
This adds a performance change to the default Active Directory users filter. Basically as per TechNet the (sAMAccountType=805306368) filter is the same as (&(objectCategory=person)(objectClass=user)) except the performance is better.
2021-07-14 20:30:25 +10:00
Georg Lauterbach 9d7cfb8455
docs: update and enhance oidc documentation (#2142)
Update and adjust OIDC documentation. This also adds information for users about RP's that have been tested.

Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-07-14 11:36:07 +10:00
renovate[bot] 3537cce660
build(deps): update mariadb docker tag to v10.6.3 (#2180)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-13 22:46:04 +02:00
James Elliott f292050822
fix(authentication): ldap connection left open (#2179)
The recent ldap changes in cb71df5 left a connection to the LDAP server open at startup. This resolves this which prevents an ugly log message and unnecessary open sockets.
2021-07-13 21:12:50 +10:00
renovate[bot] 69bfc28a60
build(deps): update golang docker tag to v1.16.6 (#2176)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-13 12:07:31 +10:00
dependabot[bot] d465c38f0d
build(deps): bump addressable from 2.7.0 to 2.8.0 in /docs (#2175)
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-13 11:04:57 +10:00
renovate[bot] e98cbacb2d
build(deps): update module github.com/google/uuid to v1.3.0 (#2174)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-13 10:56:33 +10:00
renovate[bot] 242a00b980
build(deps): update module github.com/jackc/pgx/v4 to v4.12.0 (#2169)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-11 02:48:46 +10:00
James Elliott 143db66445
feat(oidc): userinfo endpoint (#2146)
This is a required endpoint for OIDC and is one we missed in our initial implementation. Also adds some rudamentary documentaiton about the implemented endpoints.
2021-07-10 14:56:33 +10:00
renovate[bot] d2422e9965
build(deps): update haproxy docker tag to v2.4.2 (#2168)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-09 08:49:30 +10:00
renovate[bot] 4d7a6e9678
build(deps): update dependency @types/chai to v4.2.21 (#2167)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-09 07:16:18 +10:00
Clément Michaud 21f9056c00
fix(oidc): use lower case in log messages (#2153) 2021-07-08 12:44:43 +10:00
Clément Michaud 98d9cad62e
fix(regulation): use lower case in error messages (#2152) 2021-07-08 12:04:43 +10:00
Clément Michaud 2d634e9b20
fix(session): use lower case in error messages (#2150) 2021-07-08 11:33:22 +10:00
renovate[bot] eae8effe7e
build(deps): update dependency @types/qrcode.react to v1.0.2 (#2163)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 10:22:58 +10:00
renovate[bot] d68fdaa9fa
build(deps): update dependency @material-ui/core to v4.12.1 (#2162)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 09:56:16 +10:00
renovate[bot] 6063ffe226
build(deps): update dependency @types/react to v17.0.14 (#2164)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 09:26:46 +10:00
renovate[bot] 9059005d0c
build(deps): update dependency @types/react-dom to v17.0.9 (#2165)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 08:11:13 +10:00
renovate[bot] f081c6fe82
build(deps): update dependency @types/react-router-dom to v5.1.8 (#2166)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 07:39:03 +10:00
renovate[bot] 6a6ee18b9b
build(deps): update dependency @types/jest to v26.0.24 (#2160)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 12:16:15 +10:00
renovate[bot] 7d6097942c
build(deps): update dependency @types/enzyme to v3.10.9 (#2159)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 10:58:49 +10:00
renovate[bot] 4c2932eb71
build(deps): update dependency @types/chai to v4.2.20 (#2158)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 09:38:35 +10:00
renovate[bot] e4a769f69c
build(deps): update dependency @material-ui/core to v4.12.0 (#2157)
* build(deps): update dependency @material-ui/core to v4.12.0

* fix(web): adjust deprecations

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-07-07 09:10:31 +10:00
Arsenović Arsen 8ee0597486
feat(authentication): use the passwordmodify exop for pwd resets with ldap (#2124)
Implement the LDAP password modify extended operation for LDAP providers that advertise they support it.
2021-07-06 19:13:17 +10:00
allcontributors[bot] 565515646a
docs: add davama as a contributor for userTesting (#2156)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:22:57 +10:00
allcontributors[bot] 546607593c
docs: add dakriy as a contributor for code (#2155)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:19:38 +10:00
allcontributors[bot] 4117bafdce
docs: add ArsenArsen as a contributor for code, test, security (#2154)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:13:51 +10:00
Amir Zarrinkafsh 711b5ff0db
feat: publish and deploy to apt.authelia.com (#2148)
This automates the process of publishing our `*.deb` files for stable Authelia releases to apt.authelia.com.
2021-07-05 12:49:48 +10:00
renovate[bot] 2a98e47299
build(deps): update dependency @craco/craco to v6.2.0 (#2147)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-05 07:18:28 +10:00
James Elliott 31c5c820f0
refactor(authentication): log ldap warning on startup in rare condition (#2141)
This is so on startup administrators who have a LDAP server implementation that may not support password hashing by default are clearly warned. This only triggers if the disable password reset option is not enabled, we cannot find the extension OID for the Extended Password Modify Operation, and the implementation is not Active Directory. Active Directory has it's own method for this which doesn't advertise an OID.
2021-07-04 15:44:11 +10:00
James Elliott ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00
Clément Michaud 2dbd7ed219
fix(utils): use lower case in error messages (#2144) 2021-07-04 08:08:24 +10:00
renovate[bot] 907680c035
build(deps): update module github.com/spf13/cobra to v1.2.1 (#2143)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-03 07:04:53 +10:00
Amir Zarrinkafsh c8b51d1190
build(deps): update swagger-ui to v3.51.1 (#2140) 2021-07-02 19:08:10 +10:00
James Elliott b2638d4af9
fix(authentication): use passwdmodify oid instead of whoami oid (#2139)
This is the correct OID for the passwdModify Extended Operation.
2021-07-02 11:33:10 +10:00
James Elliott cb71df5d9b
feat(authentiation): check ldap support for extended operations on startup (#2133)
* feat(authentiation): check ldap server on startup

This PR adds a startup check to the LDAP authentication backend. It additionally adds support for checking supportedExtension OIDs, currently only checking passwdModifyOID (1.3.6.1.4.1.4203.1.11.3). This can relatively easily be enhanced to add detection for other rootDSE capabilities like supportedControl and supportedCapabilities as necessary.

* test(authentication): add unit tests for new feature

* refactor(authentication): factorize ldap user provider newup

* refactor: minor adjustments
2021-07-02 09:16:16 +10:00
renovate[bot] f759b27bb0
build(deps): update module github.com/spf13/cobra to v1.2.0 (#2138)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-02 08:08:03 +10:00
renovate[bot] 6b5028af49
build(deps): update dependency @types/react to v17.0.13 (#2135)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-02 07:05:59 +10:00
renovate[bot] a6e344f504
build(deps): update dependency @types/react to v17.0.12 (#2134)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-01 19:30:30 +10:00
renovate[bot] 411c98f68d
build(deps): update dependency typescript to v4.3.5 (#2130)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-01 11:21:38 +10:00
Philipp Staiger 7ff0a39c02
fix(suites): disable cgo for delve during development (#2129)
#2101 introduced a minor regression when using the authelia scripts suite for developing.

The following issues occurred:

```
[00] # runtime/cgo
[00] cgo: exec gcc: exec: "gcc": executable file not found in $PATH
```

Adding the CGO_ENABLED=0 before the dlv build command in the run-backend-dev.sh fixed the issue.
2021-07-01 10:28:24 +10:00
dakriy 851396c972
feat(web): add autocomplete fields to first factor and reset password pages (#2125) 2021-06-30 19:04:55 +02:00
renovate[bot] 87c3985c75
build(deps): update module github.com/valyala/fasthttp to v1.28.0 (#2127)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-30 21:12:03 +10:00
renovate[bot] b1551e794b
build(deps): update dependency prettier to v2.3.2 (#2122)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-27 14:33:54 +10:00
renovate[bot] 9640b48b60
build(deps): update haproxy docker tag to v2.4.1 (#2120)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-27 14:22:29 +10:00
Amir Zarrinkafsh 636991031d
ci(buildkite): fix conditional for debian packages (#2123) 2021-06-27 13:58:58 +10:00
Amir Zarrinkafsh 4349adb090
ci(buildkite): add conditional for debian package builds with dep bumps (#2121) 2021-06-26 13:56:54 +10:00
Amir Zarrinkafsh 93e20a44e9
feat: build and distribute .deb packages (#2114)
* feat: build and distribute .deb packages

Creates .deb packages for distribution via GitHub releases and Buildkite builds for the following architectures:

* amd64
* armhf
* arm64

* fix: pkgver reference in debpackages.sh

* refactor: split deb packaging jobs and quote variables

* fix: pipeline upload for debpackages

* fix: depends_on key for debpackages

* fix: add depends_on: ~ for debpackages step

* fix: pre-artifact hook for debpackages

* fix: add .deb suffix in pre-artifact hook

* fix: variable reference in debhelper.sh

* refactor: silence wget output in debhelper.sh

* refactor: make build concurrency gate only depend_on docker builds

* refactor: make build concurrency gate also depend_on coverage build

* refactor: remove dependencies for build concurrency gate
2021-06-26 11:45:21 +10:00