This adds a check to the domains configuration to ensure the domain value is not part of the public suffix list at https://publicsuffix.org. These domains are special and users cannot write cookies with this domain value, this makes them unusable with Authelia and this more readily makes that apparent.
This fixes an issue where version 4 was actually serialized as version 5 due to some binary math issues. It also fixes the fact the leap value was incorrect, it should have been set to unknown.
This adds support to configure multiple session cookie domains.
Closes#1198
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
* build(deps): update module github.com/fasthttp/session/v2 to v2.4.15
* fix(session): adjust api for changes in upstream library
Fixes#3751.
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
This adds a random provider which makes usage of random operations mockable, and may allow us in the future to swap out the Cryptographical CPU random generator with dedicated hardware random generators.
* build(deps): update module github.com/deckarep/golang-set to v2
* fix: utilise new major for lib
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
This should lead to a small performance gain by caching the openapi.yml with etags as well as eliminating the use of nonce crypto generation when not required.
This fixes an issue introduced by the pending migration to the new SMTP library in 0bb657e where the auth mechanism is never defined. This only affects commits that are yet to be versioned.
This commit replaces `os.Setenv` with `t.Setenv` in tests. The environment variable is automatically restored to its original value when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.Setenv
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
This allows specifying paths to a combination of files and directories with the --config option provided none of the specified file paths reside directly inside one of the specified directory paths. The directory paths are not recursive, and load .yml and .yaml files at this time.
This moves a lot of machinery for commands into a context.Context with other struct values. This allows for PreRunE's to reliably load the configuration and avoids use of global vars.
This adds a GLAuth LDAP implementation which purely adds sane defaults for GLAuth. There are no functional differences just when the implementation option is set to 'glauth' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details.
This adds a lldap LDAP implementation which purely adds sane defaults for lldap. There are no functional differences just when the implementation option is set to 'lldap' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details.
This adds a FreeIPA LDAP implementation which purely adds sane defaults for FreeIPA. There are no functional differences just when the implementation option is set to 'freeipa' sane defaults which should be sufficient for most use cases are set. See the documentation at https://www.authelia.com/r/ldap#defaults for more details.
Closes#2177, Closes#2161
This adds experimental file filters which are not guaranteed under our stability policies. These filters take effect after reading the files and before parsing their content.