* add a nolint for gosec 'possibly hardcoded password' that was incorrect
* make all parameters consistent
* update the docs for the correct key name 'password' instead of 'password_options' or 'password_hashing'
* reword some of the docs
* apply suggestions from code review
Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
* added regulation validator
* made regulations find_time and ban_time values duration notation strings
* added DefaultRegulationConfiguration for the validator
* made session expiration and inactivity values duration notation strings
* TOTP period does not need to be converted because adjustment should be discouraged
* moved TOTP defaults to DefaultTOTPConfiguration and removed the consts
* arranged the root config validator in configuration file order
* adjusted tests for the changes
* moved duration notation docs to root of configuration
* added references to duration notation where applicable
* project wide gofmt and goimports:
* run gofmt
* run goimports -local github.com/authelia/authelia -w on all files
* Make jwt_secret error uniform and add tests
* now at 100% coverage for internal/configuration/validator/configuration.go
* [FEATURE] Support Argon2id Passwords
- Updated go module github.com/simia-tech/crypt
- Added Argon2id support for file based authentication backend
- Made it the default method
- Made it so backwards compatibility with SHA512 exists
- Force seeding of the random string generator used for salts to ensure they are all different
- Added command params to the authelia hash-password command
- Automatically remove {CRYPT} from hashes as they are updated
- Automatically change hashes when they are updated to the configured algorithm
- Made the hashing algorithm parameters completely configurable
- Added reasonably comprehensive test suites
- Updated docs
- Updated config template
* Adjust error output
* Fix unit test
* Add unit tests and argon2 version check
* Fix new unit tests
* Update docs, added tests
* Implement configurable values and more comprehensive testing
* Added cmd params to hash_password, updated docs, misc fixes
* More detailed error for cmd, fixed a typo
* Fixed cmd flag error, minor refactoring
* Requested Changes and Minor refactoring
* Increase entropy
* Update docs for entropy changes
* Refactor to reduce nesting and easier code maintenance
* Cleanup Errors (uniformity for the function call)
* Check salt length, fix docs
* Add Base64 string validation for argon2id
* Cleanup and Finalization
- Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go
- Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len
- Fixed an error in validator that would allow a zero salt length
- Added a test to verify the upstream crypt module supports our defined random salt chars
- Updated docs
- Removed unused "HashingAlgorithm" string type
* Update crypt go mod, support argon2id key length and major refactor
* Config Template Update, Final Tests
* Use schema defaults for hash-password cmd
* Iterations check
* Docs requested changes
* Test Coverage, suggested edits
* Wording edit
* Doc changes
* Default sanity changes
* Default sanity changes - docs
* CI Sanity changes
* Memory in MB
This reduce the size of the docker image and avoid confusing users.
We keep the commands in authelia-scripts too in order to keep the
current workflow of developers.
James Elliott
Amir Zarrinkafsh
Clément Michaud