Commit Graph

379 Commits (df52b1b4c493650b050be7944d96fccc86c59cb3)

Author SHA1 Message Date
renovate[bot] 31e1ca6b59
build(deps): update haproxy docker tag to v2.6.6 (#4051)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-23 20:00:17 +10:00
renovate[bot] d6a30baef0
build(deps): update caddy docker tag to v2.6.1 (#4049)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-23 09:51:18 +10:00
renovate[bot] f5baf2ea1a
build(deps): update caddy docker tag to v2.6.0 (#4042)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-21 12:57:47 +10:00
renovate[bot] 8cf290a1df
build(deps): update mariadb docker tag to v10.9.3 (#4041)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-21 12:37:27 +10:00
renovate[bot] d08dcb31d4
build(deps): update traefik docker tag to v2.8.5 (#4008)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-14 15:57:16 +10:00
renovate[bot] a02fd4b5bc
build(deps): update haproxy docker tag to v2.6.5 (#3982)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-08 13:55:30 +10:00
renovate[bot] cd8b2d22c6
build(deps): update golang docker tag to v1.19.1 (#3978)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-07 09:18:07 +10:00
renovate[bot] 48eb9a8ac3
build(deps): update traefik docker tag to v2.8.4 (#3945)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-09-05 09:54:51 +10:00
renovate[bot] f690324e94
build(deps): update mariadb docker tag to v10.9.2 (#3881)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-24 15:45:17 +10:00
renovate[bot] 29faf53a05
build(deps): update haproxy docker tag to v2.6.4 (#3873)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-23 12:48:11 +10:00
renovate[bot] ec7d9e2350
build(deps): update haproxy docker tag to v2.6.3 (#3865)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-20 12:01:24 +10:00
renovate[bot] 7dc03f7f7c
build(deps): update traefik docker tag to v2.8.3 (#3836) 2022-08-14 21:22:34 +10:00
renovate[bot] 6adcb3e24d
build(deps): update traefik docker tag to v2.8.2 (#3828)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-12 10:44:26 +10:00
renovate[bot] c9f355bed9
build(deps): update dependency alpine to v3.16.2 (#3820)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-10 10:03:03 +10:00
renovate[bot] e5b5930bf9
build(deps): update dependency golang to v1.19.0 (#3783)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-03 18:24:35 +10:00
renovate[bot] 1eff10b891
build(deps): update dependency golang to v1.18.5 (#3778)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-02 07:06:38 +10:00
renovate[bot] db53b32877
build(deps): update dependency haproxy to v2.6.2 (#3735) 2022-07-23 12:24:06 +10:00
renovate[bot] 88b80ac38f
build(deps): update dependency alpine to v3.16.1 (#3723)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-19 11:52:10 +10:00
renovate[bot] f77e386b82
build(deps): update dependency caddy to v2.5.2 (#3696)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-14 11:30:01 +10:00
renovate[bot] 1d5469de43
build(deps): update dependency golang to v1.18.4 (#3695)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-13 11:06:14 +10:00
renovate[bot] a75d7bf6e5
build(deps): update dependency traefik to v2.8.1 (#3688) 2022-07-12 11:36:12 +10:00
James Elliott ce779b2533
refactor(middlewares): factorize responses (#3628) 2022-07-08 22:18:52 +10:00
James Elliott 290a38e424
fix(configuration): address parsing failure (#3653)
This fixes an issue with parsing address types from strings.
2022-07-05 14:43:12 +10:00
James Elliott 0f7da4fd90
fix(suites): fix passive health checks for caddy suite (#3627)
This change fixes an issue that was incorrectly marking the primary load balancer target for the front end in dev mode as down.
2022-06-30 11:39:50 +10:00
renovate[bot] 1ae2dec3a7
build(deps): update dependency traefik to v2.8.0 (#3636)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-06-30 09:16:11 +10:00
James Elliott f355a45ff3
fix(configuration): storage encryption_key required log grammar issue (#3617) 2022-06-28 17:13:47 +10:00
renovate[bot] 95f940b53c
build(deps): update dependency traefik to v2.7.2 (#3610)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-06-28 09:21:23 +10:00
James Elliott fcac438637
feat(commands): enhance crypto generation capabilities (#2842)
This expands the functionality of the certificates and rsa commands and merges them into one command called cypto which can either use the cert or pair subcommands to generate certificates or key-pairs respectively. The rsa, ecdsa, and ed25519 subcommands exist for both the cert and pair commands. A new --ca-path argument for the cert subcommand allows Authelia to sign other certs with CA certs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-06-27 18:27:57 +10:00
renovate[bot] 97f63e3722
build(deps): update dependency haproxy to v2.6.1 (#3574)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-06-23 11:27:21 +10:00
Manuel Nuñez 1991c443ba
feat(web): auto-redirect on appropriate authentication state changes (#3187)
This PR checks the authentication state of the Authelia portal on either a focus event or 1-second timer and if a state change has occurred will redirect accordingly.

Closes #3000.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-06-19 22:43:19 +10:00
James Elliott 0eb6e31252
refactor(metrics): simplify names (#3515) 2022-06-14 21:51:33 +10:00
James Elliott 001589cd6d
feat(metrics): implement prometheus metrics (#3234)
Adds ability to record metrics and gather them for Prometheus.
2022-06-14 17:20:13 +10:00
renovate[bot] bf1fcf59cc
build(deps): update dependency traefik to v2.7.1 (#3510)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-06-14 07:38:28 +10:00
James Elliott 6f0bb0db29
ci: fix docker-compose tty issue (#3496) 2022-06-08 19:47:20 +10:00
Amir Zarrinkafsh 9861467831
ci: add integration container for samba and refactor duo (#3480)
This change utilises a specific integration container for the ActiveDirectory suite and simplifies the DuoPush suite.
2022-06-05 03:51:33 +10:00
Amir Zarrinkafsh 74a7e96409
ci: add integration containers for duo and haproxy (#3479)
* ci: add integration containers for duo and haproxy

This change utilises specific integration containers for the DuoPush and HAProxy suites.
In the case of DuoPush suite specifically in dev mode the container will be built on suite startup.

* ci: factorize pre-command hook and unset async on trigger steps
2022-06-04 19:38:13 +10:00
renovate[bot] f07f6b7dda
build(deps): update dependency haproxy to v2.6.0 (#3465)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-06-03 09:07:08 +10:00
renovate[bot] a683a3837b
build(deps): update dependency golang to v1.18.3 (#3460)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-06-02 11:01:48 +10:00
James Elliott 2037a0ee4f
fix(commands): hash-password usage instructions (#3437)
This fixes the hash-password usage instructions and ensures it uses mostly a configuration source based config. In addition it updates our recommended argon2id parameters with the RFC recommendations.
2022-06-02 09:18:45 +10:00
renovate[bot] d436b800bb
build(deps): update dependency mariadb to v10.8.3 (#3419)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-25 10:23:40 +10:00
renovate[bot] a2a0c99db3
build(deps): update dependency traefik to v2.7.0 (#3427)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-05-25 08:44:44 +10:00
renovate[bot] 5b9a40d46a
build(deps): update dependency alpine to v3.16.0 (#3420)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-24 12:04:54 +10:00
renovate[bot] 9cf9aae20b
build(deps): update dependency haproxy to v2.5.7 (#3397)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-18 14:43:24 +10:00
renovate[bot] 1bd862a814
build(deps): update dependency golang to v1.18.2 (#3345)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-11 10:23:48 +10:00
James Elliott bda87db79c
test(suites): caddy (#3305) 2022-05-07 11:55:52 +10:00
Amir Zarrinkafsh cac8919f97
test: add redis restart test back to traefik2 suite (#3298)
* test: add redis restart test back to traefik2 suite

* refactor(suites): mustpress -> mustinput for totp

* refactor(suites): rename suites for test ordering
2022-05-04 11:01:36 +10:00
renovate[bot] f8bb51da4d
build(deps): update dependency traefik to v2.6.6 (#3296)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-04 09:29:51 +10:00
renovate[bot] f88e7dd242
build(deps): update module github.com/go-rod/rod to v0.106.4 (#3042) 2022-05-03 22:37:56 +10:00
renovate[bot] e6ad8fe83e
build(deps): update dependency golang to v1.18.1 (#3019)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-05-03 19:35:44 +10:00
Amir Zarrinkafsh 91c0c81818
refactor(suites): stop integration tests on first failure (#3270)
* refactor(suites): stop integration tests on first failure

* refactor(suites): remove additional nginx instance

* refactor(suites): log relevant containers

* refactor(suites): add traefik2 logs to stdout

* refactor(suites): explicitly enable traefik for tests

* refactor(suites): remove redis restart and duplicate pathprefix tests

* ci(buildkite): allow manual retry on integration tests
2022-05-02 14:50:37 +10:00
renovate[bot] 8ee92231ba
build(deps): update dependency haproxy to v2.5.6 (#3255)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-27 16:12:44 +10:00
James Elliott 06ba312c28
fix(commands): invalid opaque id service name (#3235)
This fixes the service type being openid_connect instead of openid as expected. This also allows bulk generating opaque identifiers for users.
2022-04-25 18:49:18 +10:00
renovate[bot] b18eea039c
build(deps): update node.js to v18 (#3225)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-21 18:28:35 +10:00
Amir Zarrinkafsh daaa16c182
refactor(suites): validate totp inputs (#3218)
This change validates the inputs for the TOTP code entry.
This was previously discarded and left unvalidated during the move to rod from within the integration tests.
2022-04-19 14:11:15 +10:00
Amir Zarrinkafsh 92e219b34b
fix(suites): add missing traefik routes (#3217)
This change includes missing routes for both the Traefik and Traefik2 suites, issues would have manifested running dev mode tests for these suites when attempting to load translations.
2022-04-19 13:36:49 +10:00
James Elliott e56690c2df
refactor(configuration): ensure all keys are validated (#3208)
This ensures keys that exist in slices are validated.
2022-04-16 20:48:07 +10:00
renovate[bot] c5cb36c526
build(deps): update dependency golang to v1.17.9 (#3198)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-15 15:53:15 +10:00
James Elliott 6e0853a81b
build(deps): update dependency golang (#3180) 2022-04-13 14:28:31 +10:00
James Elliott cf93e66391
test(suites): fix backend endpoints (#3158) 2022-04-10 08:05:27 +10:00
Manuel Nuñez 086b97d21f
test(suites): revert por binding (#3155)
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-10 07:44:47 +10:00
James Elliott 5a0a15f377
feat(commands): user opaque identifiers commands (#3144)
Add commands for handling user opaque identifiers.
2022-04-09 17:13:19 +10:00
James Elliott 0a970aef8a
feat(oidc): persistent storage (#2965)
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
renovate[bot] 004490c7b1
build(deps): update dependency alpine to v3.15.4 (#3114)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-05 11:15:43 +10:00
Clément Michaud 3ca438e3d5
feat: implement mutual tls in the web server (#3065)
Mutual TLS helps prevent untrusted clients communicating with services like Authelia. This can be utilized to reduce the attack surface.

Fixes #3041
2022-04-05 09:57:47 +10:00
James Elliott 2502d89682
fix(server): respond with 404/405 appropriately (#3087)
This adjusts the not found handler to not respond with a 404 on not found endpoints that are part of the /api or /.well-known folders, and respond with a 405 when the method isn't implemented.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-04-04 09:58:01 +10:00
Manuel Nuñez bfd5d66ed8
feat(notification): password reset notification custom templates (#2828)
Implemented a system to allow overriding email templates, including the remote IP, and sending email notifications when the password was reset successfully.

Closes #2755, Closes #2756

Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 22:24:51 +10:00
James Elliott 36cf662458
refactor: misc password policy refactoring (#3102)
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 10:48:26 +10:00
Manuel Nuñez 8659ba394d
feat(authentication): password policy (#2723)
Implement a password policy with visual feedback in the web portal.

Co-authored-by: Manuel Nuñez <@mind-ar>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-04-03 08:32:57 +10:00
James Elliott 0116506330
feat(oidc): implement amr claim (#2969)
This adds the amr claim which stores methods used to authenticate with Authelia by the users session.
2022-04-01 22:18:58 +11:00
renovate[bot] df9492ca0e
build(deps): update dependency traefik to v2.6.3 (#3075)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-31 17:00:08 +11:00
renovate[bot] 56048dd199
build(deps): update dependency alpine to v3.15.3 (#3072)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-29 14:08:54 +11:00
renovate[bot] b86c7b5284
build(deps): update dependency traefik to v2.6.2 (#3059)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-03-26 20:53:04 +11:00
renovate[bot] 2d981f7916
build(deps): update dependency alpine to v3.15.2 (#3051)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-03-26 19:46:15 +11:00
renovate[bot] 9eb23a301b
build(deps): update dependency alpine to v3.15.1 (#3028)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-03-17 15:53:30 +11:00
renovate[bot] 99326c2688
build(deps): update dependency haproxy to v2.5.5 (#3018)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-16 13:43:33 +11:00
James Elliott 6d937cf6cc
refactor(model): rename from models (#2968) 2022-03-06 16:47:40 +11:00
James Elliott 8f05846e21
feat: webauthn (#2707)
This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 22:20:43 +11:00
James Elliott 1b2af90e5a
feat(commands): totp qr code in png format (#2673)
This allows exporting the TOTP QR code for easy registration when using `authelia storage totp generate` or `authelia storage totp export`.
2022-03-02 18:50:36 +11:00
renovate[bot] f8d9c6eab7
build(deps): update dependency haproxy to v2.5.4 (#2931)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-01 15:04:34 +11:00
James Elliott 3c81e75d79
feat(commands): add access-control check-policy command (#2871)
This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
2022-02-28 14:15:01 +11:00
renovate[bot] e286741357
build(deps): update dependency mariadb to v10.8.2 (#2917)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-27 10:12:17 +11:00
renovate[bot] 4b1bd01167
build(deps): update dependency traefik to v2.6.1 (#2912)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-24 21:13:08 +11:00
renovate[bot] eb76de6cdc
build(deps): update dependency haproxy to v2.5.3 (#2897)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-02-24 03:12:26 +11:00
Clément Michaud 5d4003c291
refactor: directly return error where sufficient (#2855) 2022-02-10 09:07:53 +11:00
James Elliott 1772a83190
refactor: apply godot recommendations (#2839) 2022-01-31 16:25:15 +11:00
renovate[bot] d8cf272757
build(deps): update traefik docker tag to v2.5.7 (#2815)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-21 13:43:06 +11:00
renovate[bot] 535ad2a697
build(deps): update haproxy docker tag to v2.5.1 (#2793)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2022-01-12 23:54:50 +11:00
renovate[bot] 2a1e7fc793
build(deps): update traefik docker tag to v2.5.6 (#2738)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-23 10:44:39 +11:00
renovate[bot] 93352aa36b
build(deps): update traefik docker tag to v2.5.5 (#2706)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-12 14:47:03 +11:00
renovate[bot] f9586b99a9
build(deps): update traefik docker tag to v1.7.34 (#2705)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-12 11:15:01 +11:00
James Elliott 104a61ecd6
refactor(web): only fetch totp conf if required (#2663)
Prevents the TOTP user config from being requested when the user has not registered or is already authenticated 2FA.
2021-12-02 21:28:16 +11:00
James Elliott f90ca855e3
feat(storage): postgresql schema and ssl options (#2659)
Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process.
2021-12-02 16:36:03 +11:00
Aram Akhavan 5b3fa1fffb
docs: consistent naming for configuration file (#2626)
* change all instances (file names and docs) of "config.template.yml" to "configuration.template.yml" so its consistent with the expectations of the Dockerfile

* Keep config.template.yml named as is

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* Update index.html

* revert filename changes and add a note about docker

* refactor: apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-12-02 15:50:05 +11:00
James Elliott 7df242f1e3
refactor: remove ioutil (#2635)
Was deprecated in 1.16 and has more performant options available.
2021-12-02 00:14:15 +11:00
James Elliott ad8e844af6
feat(totp): algorithm and digits config (#2634)
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm).

Fixes #1226.
2021-12-01 23:11:29 +11:00
Philipp Staiger 01b77384f9
feat(duo): multi device selection (#2137)
Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator.

Closes #594. Closes #1039.
2021-12-01 14:32:58 +11:00
James Elliott 9ceee6c660
feat(storage): only store identity token metadata (#2627)
This change makes it so only metadata about tokens is stored. Tokens can still be resigned due to conversion methods that convert from the JWT type to the database type. This should be more efficient and should mean we don't have to encrypt tokens or token info in the database at least for now.
2021-11-30 17:58:21 +11:00
James Elliott 347bd1be77
feat(storage): encrypted secret values (#2588)
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes #682
2021-11-25 12:56:58 +11:00
renovate[bot] 290e3f7aaa
build(deps): update alpine docker tag to v3.15.0 (#2631)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-25 08:46:44 +11:00
renovate[bot] c128359c74
build(deps): update haproxy docker tag to v2.5.0 (#2624)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-24 11:36:46 +11:00