Commit Graph

9 Commits (da2570c5859ad3bbaf0011e91b80722d70262306)

Author SHA1 Message Date
Clément Michaud 94a63edabb
[MISC] Fix comment dealing with aes implementation. (#791) 2020-03-29 10:07:05 +11:00
Clément Michaud 4264e64f9b
[MISC] Encrypt session data in redis store. (#789)
This is a regression from v3. With this change session data is encrypted with AES-GCM using a 256-bit key derived from the provided secret.

Fixes #652.
2020-03-28 17:10:39 +11:00
James Elliott 26369fff3d
[FEATURE] Support Argon2id password hasing and improved entropy (#679)
* [FEATURE] Support Argon2id Passwords

- Updated go module github.com/simia-tech/crypt
- Added Argon2id support for file based authentication backend
- Made it the default method
- Made it so backwards compatibility with SHA512 exists
- Force seeding of the random string generator used for salts to ensure they are all different
- Added command params to the authelia hash-password command
- Automatically remove {CRYPT} from hashes as they are updated
- Automatically change hashes when they are updated to the configured algorithm
- Made the hashing algorithm parameters completely configurable
- Added reasonably comprehensive test suites
- Updated docs
- Updated config template

* Adjust error output

* Fix unit test

* Add unit tests and argon2 version check

* Fix new unit tests

* Update docs, added tests

* Implement configurable values and more comprehensive testing

* Added cmd params to hash_password, updated docs, misc fixes

* More detailed error for cmd, fixed a typo

* Fixed cmd flag error, minor refactoring

* Requested Changes and Minor refactoring

* Increase entropy

* Update docs for entropy changes

* Refactor to reduce nesting and easier code maintenance

* Cleanup Errors (uniformity for the function call)

* Check salt length, fix docs

* Add Base64 string validation for argon2id

* Cleanup and Finalization
- Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go
- Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len
- Fixed an error in validator that would allow a zero salt length
- Added a test to verify the upstream crypt module supports our defined random salt chars
- Updated docs
- Removed unused "HashingAlgorithm" string type

* Update crypt go mod, support argon2id key length and major refactor

* Config Template Update, Final Tests

* Use schema defaults for hash-password cmd

* Iterations check

* Docs requested changes

* Test Coverage, suggested edits

* Wording edit

* Doc changes

* Default sanity changes

* Default sanity changes - docs

* CI Sanity changes

* Memory in MB
2020-03-06 12:38:02 +11:00
Clément Michaud ea9b408b70
[FIX] Fix default redirection URL not taken into account (#600)
* Remove unused mongo docker-compose file.

* Default redirection URL was not taken into account.

* Fix possible storage options in config template.

* Remove useless checks in u2f registration endpoints.

* Add default redirection url in config of duo suite.

* Fix log line in response handler of 2FA methods.

* Fix integration tests.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-02-01 13:54:50 +01:00
James Elliott 736ed3f212 Misc Spelling Corrections
- Mostly changes to spelling of comments/docs/displayed text
- A few changes to test function names
2020-01-21 12:16:00 +11:00
Clement Michaud 5942e00412 Introduce hasU2F and hasTOTP in user info. 2019-12-08 14:31:48 +01:00
Clement Michaud b89f63e9c1 Fix and parallelize integration tests. 2019-12-05 11:05:24 +01:00
Clement Michaud c78a732c6a Rewrite and fix remaining suites in Go. 2019-12-05 11:05:24 +01:00
Clement Michaud 3b2d733367 Move source code into internal directory to follow standard project layout.
https://github.com/golang-standards/project-layout
2019-11-17 16:30:33 +01:00