Commit Graph

65 Commits (e8536cbb96bfc2e3a0d11476eff3ff8962648d19)

Author SHA1 Message Date
dependabot-preview[bot] 6aa0e5fa7d
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1591)
Bumps haproxy from 2.3.2-alpine to 2.3.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-01-11 10:01:26 +11:00
dependabot-preview[bot] ee3ce69f9f
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind (#1548)
Bumps alpine from 3.12.2 to 3.12.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-19 14:11:31 +11:00
Amir Zarrinkafsh 7c6a86882f
[MISC] Catch OpenLDAP ppolicy error (#1508)
* [MISC] Catch OpenLDAP ppolicy error

Further to the discussion over at #361, this change now ensures that OpenLDAP password complexity errors are caught and appropriately handled.

This change also includes the PasswordComplexity test suite in the LDAP integration suite. This is because a ppolicy has been setup and enforced.

* Remove password history for integration tests

* Adjust max failures due to regulation trigger

* Fix error handling for password resets

* Refactor and include code suggestions
2020-12-16 12:30:03 +11:00
dependabot-preview[bot] c14af472dd
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind (#1531)
Bumps alpine from 3.12.1 to 3.12.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-14 09:12:55 +11:00
dependabot-preview[bot] d7fea74177
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1512)
Bumps golang from 1.15.5-alpine to 1.15.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-07 12:47:48 +11:00
dependabot-preview[bot] c9837568b5
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1501)
Bumps haproxy from 2.3.1-alpine to 2.3.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-03 09:54:21 +11:00
Amir Zarrinkafsh aa64d0c4e5
[FEATURE] Support MSAD password reset via unicodePwd attribute (#1460)
* Added `ActiveDirectory` suite for integration tests with Samba AD
* Updated documentation
* Minor styling refactor to suites
* Clean up LDAP user provisioning
* Fix Authelia home splash to reference correct link for webmail
* Add notification message for password complexity errors
* Add password complexity integration test
* Rename implementation default from rfc to custom
* add specific defaults for LDAP (activedirectory implementation)
* add docs to show the new defaults
* add docs explaining the importance of users filter
* add tests
* update instances of LDAP implementation names to use the new consts where applicable
* made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead
* update config examples due to the new defaults
* apply changes from code review
* replace schema default name from MSAD to ActiveDirectory for consistency
* fix missing default for username_attribute
* replace test raising on empty username attribute with not raising on empty

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-11-27 20:59:22 +11:00
Timo 495e57b46c
[DOCS] Make HAProxy regex case insensitive (#1478) 2020-11-24 12:35:38 +11:00
dependabot-preview[bot] f42b1ea229
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1463)
Bumps haproxy from 2.3.0-alpine to 2.3.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-16 11:49:52 +11:00
dependabot-preview[bot] 6e5b930f64
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1464)
Bumps golang from 1.15.4-alpine to 1.15.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-16 11:07:44 +11:00
Amir Zarrinkafsh f392f51df6
[MISC] Append log file instead of overwriting (#1450)
* [MISC] Append log file instead of overwriting

If Authelia is restarted when a `log_file_path` is defined upon restart the log file is overwritten as opposed to appending the existing file.

This change ensures that the log file will be appended to, users will need to ensure that they rotate/truncate this over time especially if running in `debug` or `trace`.

* Amend documentation for log_file_path
2020-11-13 10:14:45 +11:00
dependabot-preview[bot] a5f07d7ade
[MISC] (deps): Bump haproxy from 2.2.4-alpine to 2.3.0-alpine in /internal/suites/example/compose/haproxy (#1431)
* [MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy

Bumps haproxy from 2.2.4-alpine to 2.3.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Fix HAProxy suite

Looks like the new version of HAProxy has config validation which expects a newline at the bottom of `haproxy.cfg`.
CI was failing with the following error:
[NOTICE] 313/021816 (1) : haproxy version is 2.3.0-1c0a722
[ALERT] 313/021816 (1) : parsing [/usr/local/etc/haproxy/haproxy.cfg:80]: Missing LF on last line, file might have been truncated at position 42.
[ALERT] 313/021816 (1) : Error(s) found in configuration file : /usr/local/etc/haproxy/haproxy.cfg
[ALERT] 313/021816 (1) : Fatal errors found in configuration.

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-09 13:35:18 +11:00
dependabot-preview[bot] ee0b37c796
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1432)
Bumps golang from 1.15.3-alpine to 1.15.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-09 09:04:06 +11:00
Amir Zarrinkafsh a83ccd7188
[FEATURE] Add Remote-Name and Remote-Email headers (#1402) 2020-10-26 22:38:08 +11:00
dependabot-preview[bot] 662da9523b
[MISC] (deps): Bump node in /internal/suites/example/compose/duo-api (#1407)
Bumps node from 14-alpine to 15-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 11:11:37 +11:00
dependabot-preview[bot] 4f50818667
[MISC] (deps): Bump node in /internal/suites/example/compose/authelia (#1406)
Bumps node from 14-alpine to 15-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 09:39:06 +11:00
dependabot-preview[bot] 19ba79cfa1
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind (#1400)
Bumps alpine from 3.12.0 to 3.12.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-23 17:59:48 +11:00
dependabot-preview[bot] 607e6711f5
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1377)
Bumps golang from 1.15.2-alpine to 1.15.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-16 14:02:33 +11:00
dependabot-preview[bot] 4a9ed76f32
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1359)
Bumps haproxy from 2.2.3-alpine to 2.2.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-08 10:46:43 +11:00
Amir Zarrinkafsh 607f829431
[DOCS] Clean HAProxy examples (#1338)
Remove headers that are not required and fix a typo.
2020-09-23 17:29:46 +10:00
Amir Zarrinkafsh 5b98b4d090
[BUGFIX] Fix HAProxy redirects (#1333)
Including updates to docs examples.
2020-09-23 09:06:26 +10:00
dependabot-preview[bot] 1c08670b06
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1313)
Bumps golang from 1.15.1-alpine to 1.15.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-11 12:28:40 +10:00
dependabot-preview[bot] 01760d167f
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1312)
Bumps haproxy from 2.2.2-alpine to 2.2.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-10 11:21:20 +10:00
Amir Zarrinkafsh 771c220d38
[FEATURE] Support updated haproxy-auth-request (#1310)
* [FEATURE] Support updated haproxy-auth-request
This version removes the dependency of lua-socket which seemed to result in many unsupported and broken BSD/Pfsense deployments.

* Fix docs indentation

* Add haproxy-lua-http to TLS enabled configuration
2020-09-10 10:52:57 +10:00
dependabot-preview[bot] f8eada87ec
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1301)
Bumps golang from 1.15.0-alpine to 1.15.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-04 10:34:48 +10:00
dependabot-preview[bot] e0a0d1e252
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1267)
Bumps golang from 1.14.6-alpine to 1.15.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-13 11:50:54 +10:00
dependabot-preview[bot] ed17c8fbc4
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1250)
Bumps haproxy from 2.2.1-alpine to 2.2.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-04 08:02:35 +10:00
dependabot-preview[bot] f6a616ae3d
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1235)
Bumps haproxy from 2.2.0-alpine to 2.2.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-28 11:18:16 +10:00
dependabot-preview[bot] 14f17ed9ac
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1214)
Bumps golang from 1.14.5-alpine to 1.14.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-20 12:42:13 +10:00
dependabot-preview[bot] 045771161e
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1201)
Bumps golang from 1.14.4-alpine to 1.14.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-07-16 11:56:11 +10:00
dependabot-preview[bot] fea58c52e0
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1190)
Bumps haproxy from 2.1-alpine to 2.2.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-13 14:21:45 +10:00
Amir Zarrinkafsh e43bc93047
[FEATURE] Add configurable display name to frontend (#1124)
* [FEATURE] Add configurable display name to frontend
This feature allows users with a LDAP backend to specify an attribute (default is "displayname") to retrieve a users name for the portal greeting.
Similarly for the file based backend a new required key "name" has been introduced.

This can also be used down the line with OIDC as a separate scope.

* Update references from Name to DisplayName
* Update compose bundles to include displayname refs
* Update LDAP automatic profile refresh
* Ensure display name is updated
* Fix bug which prevented trace logging for profile refresh to not trigger
2020-06-19 20:50:21 +10:00
vdot0x23 6ccc92e47e
do not hardcode /bin/bash (#1122)
Co-authored-by: Victor Büttner <victor@0x23.dk>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-06-18 09:49:13 +02:00
Amir Zarrinkafsh ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
Amir Zarrinkafsh d123fe4785
[CI] Add Codecov support (#1065)
* [CI] Add Codecov support

* [CI] Capture backend coverage from integration tests

* [CI] Remove unnecessary artifacts for coverage build

* [CI] Only run coverage elements where necessary

* [CI] Simplify post-command hook

* Fix yarn dependencies and collect coverage

* [CI] Include cmd/authelia/ path in coverage

* [CI] Exclude internal/suites/ in coverage

Closes #1061.
2020-06-05 10:43:19 +10:00
dependabot-preview[bot] 4f5eb93c4b
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1077)
Bumps golang from 1.14.3-alpine to 1.14.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-06-02 23:28:09 +02:00
Clément Michaud eec6424bc9
[DEV] Debug authelia when running a suite. (#1060)
* [DEV] Debug authelia when running a suite.

This runs dlv debugger within authelia backend container so that an IDE can remote
debug the application using port 2345.

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-01 16:50:55 +10:00
dependabot-preview[bot] 1aac6f75cc
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind (#1068)
Bumps alpine from 3.11.6 to 3.12.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-01 10:42:07 +10:00
Amir Zarrinkafsh b27c1fbae9
[CI] Add PathPrefix integration test suite (#1052)
Add a suite for testing the PathPrefix feature implemented earlier to serve authelia under a multi-purpose domain.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-27 13:55:44 +02:00
Clément Michaud a0e4f8e336
[MISC] Remove executable permission of nginx backend files. (#1040)
* [MISC] Remove executable permission of nginx backend files.

* Set permissions to 644 on k8s tar'd files

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-25 10:54:21 +10:00
Clément Michaud b264e63235
[DEV] Fix permission issue with dev workflow. (#1033)
* [DEV] Fix permission issue with dev workflow.

nginx backend was facing permission denied errors because the permissions of the html
files were too restricted. Moreover those files were added to the docker image while they
could just be mounted as other services.

* Fix Kubernetes integration test

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-21 14:35:22 +10:00
dependabot-preview[bot] 29673195b6
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1024)
Bumps golang from 1.14.2-alpine to 1.14.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-17 22:17:10 +02:00
Clément Michaud af5754bcab
[MISC] Add coverage for Remote-User and Remote-Groups (#982)
* Fix dev workflow.

* Fix dev workflow.

* Cover Remote-User and Remote-Groups using Traefik.

* Cover Remote-User and Remote-Groups using HAProxy.

* Fix redirection after unauthorized response when using HAProxy.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-06 11:50:37 +10:00
Amir Zarrinkafsh f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
dependabot-preview[bot] ab8db21214
[MISC] (deps): Bump node in /internal/suites/example/compose/authelia (#930)
Bumps node from 12-alpine to 14-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-27 13:13:03 +10:00
dependabot-preview[bot] 6c0e9f84b0
[MISC] (deps): Bump node in /internal/suites/example/compose/duo-api (#929)
Bumps node from 12-alpine to 14-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-27 12:53:16 +10:00
Clément Michaud 29325ab273
Fix CSP not propagated in default handler. (#915)
Also:
- not hide the CSP header in the dist version of suites.
- Fix CSP errors due to FontAwesome loading stylesheets dynamically.
2020-04-26 00:12:55 +02:00
Daniel Sutton ca4a890fb2
[MISC] Update to alpine 3.11.6 (#917)
* update to alpine 3.11.6

Signed-off-by: Daniel Sutton <daniel@ducksecops.uk>
2020-04-25 22:56:32 +02:00
Clément Michaud b12d9d405f
[FEATURE] Add Content-Security-Policy meta to login portal. (#822)
CSP is used to avoid some attacks where the hacker tries to execute
untrusted code in the browser.

The policy is to use assets hosted on the the original website and in order to make CSP work with material UI, a nonce is generated at each request of index.html and injected in the template as well as provided in the Content-Security-Policy header (https://material-ui.com/styles/advanced/#how-does-one-implement-csp)

Fix #815
2020-04-21 10:23:28 +10:00
Clément Michaud 730e88df9d
[FEATURE] Make Authelia serve over TLS in all suites (#864)
* [BUGFIX] Fix dev workflow by using TLS for all suites.

* Fix traefik 1.x and 2.x suites.

* Display authelia logs on suite failure.

* Fix HAProxy suite.

* Extend timeout of test case.

* Display current URL in verify assertion.

* fix doLoginTwoFactor by adding a timeout

* when doLoginTwoFactor is used with blank target and a protected domain is quickly visited authelia sometimes redirects back to the portal
* fix by adding one second timeout
* bump go version to 1.14.2

* Fix Kube suite and bump dashboard.

* Update dist authelia-frontend to proxy_pass with variable

* Apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* Apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* Remove debug logs since it's polluting logs.

Also set timeout back to 5 seconds in HA suite.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-14 09:57:28 +10:00