257bd2a25a
test: fix test
2023-02-19 12:48:11 +11:00
3e53ae7b2e
test: fix test
2023-02-19 12:11:33 +11:00
a6cc022e5c
Merge remote tracking branch origin/master into feat-settings-ui
2023-02-19 11:53:11 +11:00
a13a3c45f2
fix: encoding
2023-02-19 11:48:35 +11:00
ab01fa6bca
fix(handlers): legacy authz failure on nginx ( #4956 )
...
Since nginx doesn't do portal URL detection we have to skip returning an error on the legacy authz implementation when the portal URL isn't detected. This issue only exists in unreleased versions.
2023-02-18 16:56:53 +11:00
e5cdb175b4
feat: cred props
2023-02-18 15:36:58 +11:00
5be5de02d8
feat: webauthn users
2023-02-17 06:40:40 +11:00
e84ca4956a
refactor: sql updates
2023-02-14 23:35:15 +11:00
ee56740f46
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2023-02-13 06:33:46 +11:00
6499dcf210
build(deps): update module github.com/go-webauthn/webauthn to v0.7.1 ( #4920 )
...
* build(deps): update module github.com/go-webauthn/webauthn to v0.7.1
* test: fix for upstream changes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-02-13 06:30:19 +11:00
3b6f5482b8
fix: multi-cookie domain webauthn
2023-02-12 02:47:03 +11:00
d7be1c1359
refactor: reduce complexity
2023-02-01 22:10:38 +11:00
3af20a7daf
build(deps): use @simplewebauthn/browser
2023-01-30 16:37:53 +11:00
7d17c39c52
Merge origin/master into feat-settings-ui
2023-01-25 22:11:41 +11:00
65705a646d
feat(server): customizable authz endpoints ( #4296 )
...
This allows users to customize the authz endpoints.
Closes #2753 , Fixes #3716
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-25 20:36:40 +11:00
bd279900ca
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2023-01-20 17:56:06 +11:00
8b29cf7ee8
feat(session): multiple session cookie domains ( #3754 )
...
This adds support to configure multiple session cookie domains.
Closes #1198
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2023-01-12 21:57:44 +11:00
cf4010b4fb
fix(oidc): csp blocks form_post response form submit ( #4719 )
...
This fixes an issue where the form_post response never gets submitted.
Fixes #4669
2023-01-08 07:04:06 +11:00
3d6c67fa33
build(deps): update module github.com/go-webauthn/webauthn to v0.6.0 ( #4646 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-07 14:21:27 +11:00
49d421e910
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# api/openapi.yml
# web/src/views/DeviceRegistration/RegisterWebauthn.tsx
# web/src/views/LoginPortal/SecondFactor/WebauthnMethod.tsx
2023-01-07 11:50:19 +11:00
2ab50c7f61
test(handlers): add additional coverage ( #4698 )
...
* test(handlers): handler_checks_safe_redirection
* test(handlers): password_policy
* test(handlers): health
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-01-05 09:37:43 +11:00
adaf069eab
feat(oidc): per-client pkce enforcement policy ( #4692 )
...
This implements a per-client PKCE enforcement policy with the ability to enforce that it's used, and the specific challenge mode.
2023-01-04 02:03:23 +11:00
dd781ffc51
refactor: adjust settings components
2022-12-31 18:27:43 +11:00
f2ee86472d
revert: 2fa skip
2022-12-30 23:51:52 +11:00
0e2770e72d
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2022-12-27 20:05:02 +11:00
f685f247cf
feat(notification): important events notifications ( #4644 )
...
This adds important event notifications.
2022-12-27 19:59:08 +11:00
a771cc6c2b
fix(notification): missing display name ( #4653 )
2022-12-27 10:54:58 +11:00
4a2fd3dea7
Merge remote-tracking branch 'origin/master' into feat-settings-ui
2022-12-23 16:08:47 +11:00
0bb657e11c
refactor(notifier): utilize smtp lib ( #4403 )
...
This drops a whole heap of code we were maintaining in favor of a SMTP library.
Closes #2678
2022-12-23 16:06:49 +11:00
d67554ab88
feat(authentication): ldap time replacements ( #4483 )
...
This adds and utilizes several time replacements for both specialized LDAP implementations.
Closes #1964 , Closes #1284
2022-12-21 21:31:21 +11:00
728902335b
refactor: const int type stringers ( #4588 )
2022-12-17 23:39:24 +11:00
a186dca3bf
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# api/openapi.yml
2022-12-17 15:47:34 +11:00
d13247ce43
refactor(server): simplify templating and url derivation ( #4547 )
...
This refactors a few areas of the server templating and related functions.
2022-12-17 11:49:05 +11:00
67381b1318
fix: no webauthn devices doesn't display correctly ( #4537 )
...
* fix: no webauthn devices doesn't display correctly
* refactor: factorize
2022-12-12 12:21:27 +11:00
5d1b840e2b
refactor: merge master and fix missing rebinds ( #4404 )
...
* build(deps): update module github.com/jackc/pgx/v5 to v5.1.0 (#4365 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* docs: add smkent as a contributor for code, design, and ideas (#4367 )
* update README.md
* update .all-contributorsrc
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
* build(deps): update module github.com/ory/fosite to v0.43.0 (#4269 )
This updates fosite and refactors our usage out of compose.
* refactor(cmd): restrict bootstrap pnpm tasks to dev environment (#4370 )
* build(deps): update alpine docker tag to v3.16.3 (#4362 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update module github.com/ory/x to v0.0.514 (#4368 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* refactor: sql formatting (#4371 )
* refactor: sql spacing
* refactor editor config
* docs: clarify cloudflare docs (#4373 )
* build(deps): update dependency @types/react-dom to v18.0.9 (#4379 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update typescript-eslint monorepo to v5.43.0 (#4380 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency @types/jest to v29.2.3 (#4381 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency esbuild to v0.15.14 (#4383 )
* build(deps): update material-ui monorepo to v5.10.14 (#4385 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency vite to v3.2.4 (#4386 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update font awesome to v6.2.1 (#4389 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency typescript to v4.9.3 (#4390 )
* docs: adjust issue templates (#4391 )
* docs: adjust issue templates
* docs: adjust wording
* build(deps): update dependency jest-watch-typeahead to v2.2.1 (#4392 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency i18next to v22.0.6 (#4395 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update github.com/duosecurity/duo_api_golang digest to 091daa0 (#4396 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update traefik docker tag to v2.9.5 (#4398 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update module github.com/jackc/pgx/v5 to v5.1.1 (#4400 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update mariadb docker tag to v10.10.2 (#4399 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency eslint-plugin-react to v7.31.11 (#4401 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* build(deps): update dependency eslint to v8.28.0 (#4402 )
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix(storage): schema inconsistency (#4262 )
* fix: missing pg rebinds
* fix: refactoring issues
* fix: refactoring issues
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-11-19 17:42:03 +11:00
2584e3d328
feat: move webauthn device enrollment flow to new settings ui ( #4376 )
...
The current 2-factor authentication method registration flow requires
email verification for both initial 2FA registration, and 2FA
re-registration even if the user is already logged in with 2FA.
This change removes email ID verification for users who are already
logged in with 2-factor authentication. Users who have only completed
first factor authentication (password) are still required to complete
email ID verification.
2022-11-19 16:48:47 +11:00
92b3a5804b
feat: provide webauthn device description from frontend on registration ( #4363 )
2022-11-13 18:59:21 +11:00
ad68f33aeb
build(deps): update module github.com/ory/fosite to v0.43.0 ( #4269 )
...
This updates fosite and refactors our usage out of compose.
2022-11-13 14:26:10 +11:00
9b66bb4fe2
Merge remote-tracking branch 'origin/master' into feat-settings-ui
...
# Conflicts:
# internal/model/webauthn.go
2022-11-13 09:19:22 +11:00
5a23df4544
refactor: uuid parse bytes ( #4311 )
...
Use ParseBytes instead since it supports a byte encoded string.
2022-11-01 10:31:13 +11:00
a69ba22f46
feat: implement a ui for supporting multiple u2f devices
2022-10-30 09:52:49 +01:00
a283fda6d6
fix(oidc): handle authorization post requests ( #4270 )
...
This fixes an issue where the authorization endpoint was not handling post requests as per the specification. It also fixes the missing CORS middleware on the authorization endpoint.
2022-10-26 19:14:43 +11:00
3aaca0604f
feat(oidc): implicit consent ( #4080 )
...
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
2022-10-20 13:16:36 +11:00
3a70f6739b
feat(authentication): file password algorithms ( #3848 )
...
This adds significant enhancements to the file auth provider including multiple additional algorithms.
2022-10-17 21:51:59 +11:00
dc79c8ea59
refactor: any ( #4133 )
...
* refactor: any
* refactor: fix test
2022-10-05 16:05:23 +11:00
6810c91d34
feat(oidc): issuer jwk certificates ( #3989 )
...
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
2022-10-02 13:07:40 +11:00
ed7092c59a
feat: envoy support ( #3793 )
...
Adds support for Envoy and Istio using the X-Authelia-URL header. The documentation will be published just before the release.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-10-01 21:47:09 +10:00
8cdf4a5624
fix(authorization): regex subj doesn't redirect anon user ( #4037 )
...
This fixes an issue with the authorization policies where if the Domain Regex or Resources criteria would incorrectly return 403 Forbidden statuses instead of 302 Found statuses.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2022-09-26 14:33:08 +10:00
ca85992ac6
fix(handlers): verify handler ( #3956 )
...
When an anonymous user tries to access a forbidden resource with no subject, we should response with 403.
Fixes #3084
2022-09-05 08:21:30 +10:00
2325031052
refactor: clean up uri checking functions ( #3943 )
2022-09-03 11:51:02 +10:00
James Elliott
renovate[bot]
Manuel Nuñez
Stephen Kent
Clément Michaud