Commit Graph

86 Commits (e8e8c8f7da1fa8b11e00d93d81f72c4bf2297004)

Author SHA1 Message Date
Clement Michaud bf3e71d732 Fix unhandled rejections in unit tests 2017-10-15 01:34:37 +02:00
Clement Michaud 3a88ca95b8 Check TOTP token with window of 1
A window of 1 means the token is checked against current time slot T
as well as at time slot T-1 and T+1.
A time slot is 30 seconds by default in Authelia.
2017-10-15 00:44:10 +02:00
Clément Michaud f041b946d9 Merge pull request #140 from clems4ever/improve-endpoint-errors
Every public endpoints return 200 with harmonized error messages or 401
2017-10-14 12:22:24 +02:00
Clement Michaud 56fdc40290 Every public endpoints return 200 with harmonized error messages or 401
Now, /verify can return 401 or 403 depending on the user authentication.
Every public API endpoints and pages return 200 with error message in
JSON body or 401 if the user is not authorized.

This policy makes it complicated for an attacker to know what is the source of
the failure and hide server-side bugs (not returning 500), bugs being potential
threats.
2017-10-14 11:57:38 +02:00
Clement Michaud 2a3fde5ee7 Add a schema validator to check user configuration 2017-10-10 01:14:36 +02:00
Clement Michaud 46deb765bb 3.5.0 2017-10-09 01:15:40 +02:00
Clement Michaud 78f6028c1b Improve logging format for clarity
Previously, logs were not very friendly and it was hard to track
a request because of the lack of request ID.
Now every log message comes with a header containing: method, path
request ID, session ID, IP of the user, date.

Moreover, the configurations displayed in the logs have their secrets
hidden from this commit.
2017-10-08 22:33:50 +02:00
Clement Michaud d86a3f8393 3.4.2 2017-10-08 16:11:16 +02:00
Clement Michaud f3f61d4e13 3.4.1 2017-10-08 14:48:46 +02:00
Clement Michaud d8ff186303 Split client and server
Client and server now have their own tsconfig so that the transpilation is only
done on the part that is being modified.

It also allows faster transpilation since tests are now excluded from tsconfig.
They are compiled by ts-node during unit tests execution.
2017-10-07 00:49:42 +02:00
Clement Michaud 444d278a1e 3.4.0 2017-10-04 21:53:19 +02:00
Clement Michaud 4cd78f3f83 Add SMTP notifier as an available option in configuration
One can now plug its own SMTP server to send notifications
for identity validation and password reset requests.

Filesystem has been removed from the template configuration file
since even tests now use mail catcher (the fake webmail) to
retrieve the email and the confirmation link.
2017-09-24 23:20:45 +02:00
Clement Michaud 0a33b2d5ee Add logs to detect redis connection issues earlier
Before this fix, the application was simply crashing during execution
when connection to redis was failing.

Now, it is correctly handled with failing promises and logs have been
enabled to clearly see the problem
2017-09-22 20:52:05 +02:00
FrozenDragoon 489dbf9e30 Merge branch 'master' into feature-dockercompose 2017-09-11 13:28:39 -05:00
Clement Michaud 1643f4779c 3.3.19 2017-09-09 01:36:36 +02:00
Clement Michaud f4926ac138 Fix npm package missing dist directory 2017-09-09 00:43:19 +02:00
Clement Michaud 85834befb6 3.3.2 2017-09-05 00:43:06 +02:00
Clement Michaud dbb936679c Try to fix issue with npm publishing 2017-09-05 00:43:00 +02:00
Clement Michaud 432568f8f5 3.3.1 2017-09-04 23:49:15 +02:00
Clement Michaud d4a2b5dab9 Try to fix issue with npm publishing 2017-09-04 23:49:11 +02:00
Clement Michaud 86bb5c5a19 3.3.0 2017-09-04 21:51:58 +02:00
Clement Michaud 690c73e557 Fix installing authelia with npm install -g 2017-09-04 21:42:59 +02:00
Clement Michaud 50636587a8 Notifications to users do not use notifyjs anymore. They are more common and located in the form areas to improve visibility on mobile devices. 2017-09-02 16:33:57 +02:00
Clement Michaud 7be61d7357 3.2.0 2017-08-03 00:58:04 +02:00
Clement Michaud c12a085f8e Replace mocha integration tests by cucumber tests 2017-07-31 22:20:33 +02:00
Clement Michaud e45ac39c8f Add Mongo as scalable and resilient storage backend 2017-07-31 00:29:00 +02:00
Clement Michaud 1de4155ac9 3.1.4 2017-07-19 21:07:51 +02:00
Clement Michaud 8f797c025a 3.1.3 2017-07-19 00:44:42 +02:00
Clement Michaud aa863f23fa 3.1.2 2017-07-17 23:27:33 +02:00
Clement Michaud 2242f0b9ce 3.1.1 2017-07-16 16:31:32 +02:00
Clement Michaud 5873a4c328 3.1.0 2017-07-16 15:07:51 +02:00
Clement Michaud f516aaf243 Adding one integration test for redis 2017-07-14 00:25:11 +02:00
Clement Michaud 925b58fabc Add redis option to the express-session middleware 2017-07-13 23:14:31 +02:00
Clément Michaud 888bdd2bf9 Merge pull request #45 from clems4ever/ldap-bind
Fix LDAP search operation when user has no rights to search attributes in DB.
2017-07-13 21:47:09 +02:00
Clement Michaud b3f755ac24 Upgrade nodemailer, request and assert npm packages 2017-06-29 18:56:41 +02:00
Clement Michaud e56c2492ed Fix integration test and package Travis scripts 2017-06-29 13:09:08 +02:00
Clement Michaud 0b96a0547d 3.0.1 2017-06-19 10:23:56 +02:00
Clement Michaud 1a6f3137eb npm install breaks because it does not find entrypoint file 2017-06-19 10:14:08 +02:00
Clement Michaud 29c8e7e954 3.0.0 2017-06-16 18:16:41 +02:00
Clement Michaud ddf1e48535 Refactor client to make it responsive and testable 2017-06-16 18:16:38 +02:00
Clement Michaud e849768a0f 2.1.9 2017-06-01 22:46:47 +02:00
Clement Michaud b804882ce0 2.1.8 2017-06-01 22:35:46 +02:00
Clement Michaud 361e36c566 2.1.7 2017-06-01 22:32:40 +02:00
Clement Michaud 15a95163f4 2.1.6 2017-06-01 22:23:08 +02:00
Clement Michaud 66bc6e8ec4 2.1.5 2017-06-01 22:16:33 +02:00
Clement Michaud 8a297b5db5 2.1.4 2017-06-01 22:10:18 +02:00
Clement Michaud 9e89a690fb Finish migration to typescript 2017-05-21 22:45:54 +02:00
Clement Michaud c98c07832d Move TOTP authenticator to typescript 2017-05-21 12:14:59 +02:00
Clement Michaud bf74667726 Move TOTP Validator and Generator to typescript 2017-05-20 19:16:57 +02:00
Clement Michaud 57278a7306 Move notifiers to typescript 2017-05-20 16:01:56 +02:00