RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,305 Commits
27 Branches
187 Tags
61 MiB
Commit Graph

6 Commits (cef374cdc184ca15fb516507d9f16356d15a0b95)

Author SHA1 Message Date
James Elliott a4edf21320
fix(authorization): subject wildcard domain rule not matching (#4187) 
This fixes an issue where the subject wildcard domain rules (those containing {user} and {group}) are not considered matches even though they may be once a user authenticates.

Fixes #4186
 2022-10-18 19:14:34 +11:00
James Elliott 8cdf4a5624
fix(authorization): regex subj doesn't redirect anon user (#4037) 
This fixes an issue with the authorization policies where if the Domain Regex or Resources criteria would incorrectly return 403 Forbidden statuses instead of 302 Found statuses.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2022-09-26 14:33:08 +10:00
James Elliott ab1d0c51d3
feat(authorization): acl resource regex named groups (#3597) 
This adds the named group functionality from domain_regex to the resource criteria.
 2022-06-28 12:51:05 +10:00
James Elliott 3c1bb3ec19
feat(authorization): domain regex match with named groups (#2789) 
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
 2022-04-01 22:38:49 +11:00
James Elliott b4e570358e
fix: include major in go.mod module directive (#2278) 
* build: include major in go.mod module directive

* fix: xflags

* revert: cobra changes

* fix: mock doc
 2021-08-11 11:16:46 +10:00
James Elliott 4dce8f9496
perf(authorizer): preload access control lists (#1640) 
* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description
 2021-03-05 15:18:31 +11:00