Commit Graph

2960 Commits (cc2d55e4f5d13d008e1911334709381dd6ba4bf6)

Author SHA1 Message Date
James Elliott e7112bfbd6
feat(oidc): client id claims (#3150)
Adds the authorized party (azp) and client_id registered claims to ID Tokens.
2022-04-09 16:55:24 +10:00
James Elliott 148ec1e2e0
fix(oidc): missing amr claim supported in discovery (#3147)
This adds the AMR claim to discovery.
2022-04-09 09:35:13 +10:00
James Elliott 9d5ac4526e
fix(configuration): remove unused password policy option (#3149)
Removes the min score option from the ZXCVBN policy and adds tests.
2022-04-09 09:21:49 +10:00
James Elliott f9da940bfc
fix(web): description of profile scope is not accurate (#3146)
This adjusts the profile scope to be described as "Access your profile information" as it accesses more than the display name now.
2022-04-09 08:47:21 +10:00
renovate[bot] e0a6d39363
build(deps): update module github.com/knadh/koanf to v1.4.1 (#3143)
* build(deps): update module github.com/knadh/koanf to v1.4.1

* fix: go.sum

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-08 23:55:02 +10:00
James Elliott 44bd70712c
fix(configuration): sector identifier not parsed correctly (#3142)
This fixes an issue preventing the sector identifier for OpenID Connect clients from being parsed.
2022-04-08 17:38:38 +10:00
James Elliott 66a450ed38
feat(oidc): pre-configured consent (#3118)
Allows users to pre-configure consent if enabled by the client configuration by selecting a checkbox during consent.

Closes #2598
2022-04-08 15:35:21 +10:00
James Elliott 4503ac07be
fix(web): lowercase locales are not consistent with localization platforms (#3141)
This fixes an issue with localization platforms and the docs regarding localization, and the forcing locale names to lowercase.
2022-04-08 14:53:46 +10:00
James Elliott 2da50f6128
docs: add k8s important notes (#3140)
Add some implementation notes about k8s.

Fixes #2882
2022-04-08 14:15:35 +10:00
James Elliott ce6bf74c8d
fix(server): incorrect remote ip logged in error handler (#3139)
This fixes edge cases where the remote IP was not correctly logged. Generally this is not an issue as most errors do not hit this handler, but in instances where a transport error occurs this is important.
2022-04-08 14:13:47 +10:00
James Elliott 90edf11b88
feat(web): add user display name to oidc consent view (#3138)
This adds the current logged in users display name to the consent page as well as some other minor tweaks.

Closes #2595
2022-04-08 12:50:55 +10:00
Lorenz Schmid 5f51dcdb51
docs: fix missing backtick (#3136)
Fix formatting error introduced in #3131

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-08 09:33:14 +10:00
renovate[bot] d47b21b4ec
build(deps): update module github.com/go-ldap/ldap/v3 to v3.4.3 (#3137)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-08 09:30:59 +10:00
renovate[bot] 89112eb774
build(deps): update dependency @types/react to v18 (#3134)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-08 09:14:57 +10:00
James Elliott 9b6bcca1ba
feat(totp): secret customization (#2681)
Allow customizing the shared secrets size specifically for apps which don't support 256bit shared secrets.
2022-04-08 09:01:01 +10:00
renovate[bot] fe08bf56b0
build(deps): update dependency @types/react-dom to v18 (#3135)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-08 08:22:27 +10:00
renovate[bot] acff4a6b68
build(deps): update github.com/duosecurity/duo_api_golang digest to 46fb282 (#3130)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-08 08:02:55 +10:00
Lorenz Schmid efccf77c10
docs(oidc): seafile integration example (#3131)
- Adds description and callback URL for the Seafile file server.
- Orders the entries in the two OIDC integration tables by name.
2022-04-08 07:11:43 +10:00
James Elliott ad84c8c33e
feat(oidc): opaque subject identifiers (#3129)
This is a meta commit for a feature originally implemented in 0a970aef8a documenting the change from using the username as a subject identifier to a specification compliant subject identifier in the form of RFC4122 UUID V4 subject identifiers. This is a required change in order to be compliant with the specification as per https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes. Relying parties which utilize the subject identifier / sub claim may need manual intervention in order to relink accounts. Users who have issues will have to consult with the documentation of their individual relying parties in order to relink accounts. Users who utilized the subject identifier as a means to provision their users are also encouraged to utilize the preferred_username claim from the profile scope.
2022-04-07 17:35:54 +10:00
James Elliott 8bb8207808
feat(oidc): pairwise subject identifiers (#3116)
Allows configuring clients with a sector identifier to allow pairwise subject types.
2022-04-07 16:13:01 +10:00
James Elliott 0a970aef8a
feat(oidc): persistent storage (#2965)
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
James Elliott 06fd7105ea
refactor(templates): utilize more accurate naming (#3125) 2022-04-07 13:05:20 +10:00
James Elliott 4ebd8fdf4e
feat(oidc): provide cors config including options handlers (#3005)
This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.
2022-04-07 10:58:51 +10:00
renovate[bot] a694cf851f
build(deps): update module github.com/fasthttp/router to v1.4.8 (#3126)
* build(deps): update module github.com/fasthttp/router to v1.4.8

* fix: go.sum

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 21:42:17 +10:00
renovate[bot] 6dde133cc1
build(deps): update module github.com/fasthttp/session/v2 to v2.4.9 (#3127)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 20:58:13 +10:00
James Elliott b325965a55
build(deps): update module github.com/go-webauthn/webauthn to v0.3.0 (#3123) 2022-04-06 14:45:01 +10:00
renovate[bot] a6a924cf79
build(deps): update dependency eslint-plugin-import to v2.26.0 (#3121)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 09:34:20 +10:00
renovate[bot] 5f4ce14615
build(deps): update dependency @testing-library/jest-dom to v5.16.4 (#3119)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 08:22:27 +10:00
renovate[bot] d96c93ef2b
build(deps): update module github.com/valyala/fasthttp to v1.35.0 (#3120)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-06 07:57:23 +10:00
renovate[bot] 89b78f0ad3
build(deps): update dependency vite to v2.9.1 (#3079)
* build(deps): update dependency vite to v2.9.1

* fix(web): load correct vite env vars

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-05 15:43:52 +10:00
renovate[bot] 004490c7b1
build(deps): update dependency alpine to v3.15.4 (#3114)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-05 11:15:43 +10:00
renovate[bot] 3ea41edbaa
build(deps): update typescript-eslint monorepo to v5.18.0 (#3113)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-05 10:55:29 +10:00
Clément Michaud 3ca438e3d5
feat: implement mutual tls in the web server (#3065)
Mutual TLS helps prevent untrusted clients communicating with services like Authelia. This can be utilized to reduce the attack surface.

Fixes #3041
2022-04-05 09:57:47 +10:00
James Elliott a2eb0316c8
feat(web): password reset custom url (#3111)
This allows providing a custom URL for password resets. If provided the disable_reset_password option is ignored, the password reset API is disabled, and the button provided in the UI to reset the password redirects users to the configured endpoint.

Closes #1934, Closes #2854

Co-authored-by: you1996 <youssri@flyweight.tech>
2022-04-04 17:46:55 +10:00
James Elliott b8280dfed6
build(deps): update dependency swagger-ui to 4.10.3 (#3110) 2022-04-04 14:59:27 +10:00
James Elliott 73212671fc
build(web): remove unused types (#3109) 2022-04-04 13:19:07 +10:00
James Elliott fb59ff6972
build: enable empty out dir vite option (#3107) 2022-04-04 12:55:09 +10:00
James Elliott aac4c4772c
feat(web): i18n asset overrides (#3040)
This allows overriding translation files in folders with lowercase RFC5646 / BCP47 Format language codes. This also fixes an issues where languages which don't expressly match the language code specified due to having a variant will also match the existing codes.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-04 12:15:26 +10:00
James Elliott ee9ce27ccf
ci: codeql only on code changes (#3108) 2022-04-04 10:02:33 +10:00
James Elliott 2502d89682
fix(server): respond with 404/405 appropriately (#3087)
This adjusts the not found handler to not respond with a 404 on not found endpoints that are part of the /api or /.well-known folders, and respond with a 405 when the method isn't implemented.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-04 09:58:01 +10:00
Amir Zarrinkafsh fa143ea029
fix(web): update client rendering method (#3106)
This PR utilises the React 18 Client Rendering API along with createRoot as opposed to the React 17 ReactDOM.render method.
2022-04-04 09:39:18 +10:00
renovate[bot] ec8d71f63f
build(deps): update material-ui monorepo (#3105)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-04 07:24:27 +10:00
James Elliott 7230db7cea
refactor(configuration): decode_hooks blackbox and better testing (#3097) 2022-04-03 22:44:52 +10:00
Manuel Nuñez bfd5d66ed8
feat(notification): password reset notification custom templates (#2828)
Implemented a system to allow overriding email templates, including the remote IP, and sending email notifications when the password was reset successfully.

Closes #2755, Closes #2756

Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 22:24:51 +10:00
James Elliott 9e05066097
refactor(handlers): ppolicy (#3103)
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 21:58:27 +10:00
renovate[bot] 0f6ca55016
build(deps): update dependency eslint-import-resolver-typescript to v2.7.1 (#3104)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-03 17:02:59 +10:00
renovate[bot] 0559e33263
build(deps): update dependency prettier to v2.6.2 (#3100)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 16:21:13 +10:00
James Elliott 36cf662458
refactor: misc password policy refactoring (#3102)
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 10:48:26 +10:00
Manuel Nuñez 8659ba394d
feat(authentication): password policy (#2723)
Implement a password policy with visual feedback in the web portal.

Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 08:32:57 +10:00
bgh-github cd2d88f9f3
docs: add oidc details for miniflux app (#3096)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-02 17:28:48 +11:00