RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,727 Commits
27 Branches
187 Tags
61 MiB
Commit Graph

181 Commits (f2ee86472d8e6e108efb8c518508d9199428fee2)

Author SHA1 Message Date
James Elliott f2ee86472d
revert: 2fa skip 2022-12-30 23:51:52 +11:00
James Elliott 0e2770e72d
Merge remote-tracking branch 'origin/master' into feat-settings-ui 2022-12-27 20:05:02 +11:00
James Elliott f685f247cf
feat(notification): important events notifications (#4644) 
This adds important event notifications.
 2022-12-27 19:59:08 +11:00
James Elliott a771cc6c2b
fix(notification): missing display name (#4653) 2022-12-27 10:54:58 +11:00
James Elliott 4a2fd3dea7
Merge remote-tracking branch 'origin/master' into feat-settings-ui 2022-12-23 16:08:47 +11:00
James Elliott 0bb657e11c
refactor(notifier): utilize smtp lib (#4403) 
This drops a whole heap of code we were maintaining in favor of a SMTP library.

Closes #2678
 2022-12-23 16:06:49 +11:00
James Elliott d67554ab88
feat(authentication): ldap time replacements (#4483) 
This adds and utilizes several time replacements for both specialized LDAP implementations.

Closes #1964, Closes #1284
 2022-12-21 21:31:21 +11:00
James Elliott 728902335b
refactor: const int type stringers (#4588) 2022-12-17 23:39:24 +11:00
James Elliott a186dca3bf
Merge remote-tracking branch 'origin/master' into feat-settings-ui 
# Conflicts:
#	api/openapi.yml
 2022-12-17 15:47:34 +11:00
James Elliott d13247ce43
refactor(server): simplify templating and url derivation (#4547) 
This refactors a few areas of the server templating and related functions.
 2022-12-17 11:49:05 +11:00
James Elliott 67381b1318
fix: no webauthn devices doesn't display correctly (#4537) 
* fix: no webauthn devices doesn't display correctly

* refactor: factorize
 2022-12-12 12:21:27 +11:00
James Elliott 5d1b840e2b
refactor: merge master and fix missing rebinds (#4404) 
* build(deps): update module github.com/jackc/pgx/v5 to v5.1.0 (#4365)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* docs: add smkent as a contributor for code, design, and ideas (#4367)

* update README.md

* update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* build(deps): update module github.com/ory/fosite to v0.43.0 (#4269)

This updates fosite and refactors our usage out of compose.

* refactor(cmd): restrict bootstrap pnpm tasks to dev environment (#4370)

* build(deps): update alpine docker tag to v3.16.3 (#4362)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update module github.com/ory/x to v0.0.514 (#4368)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* refactor: sql formatting (#4371)

* refactor: sql spacing

* refactor editor config

* docs: clarify cloudflare docs (#4373)

* build(deps): update dependency @types/react-dom to v18.0.9 (#4379)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update typescript-eslint monorepo to v5.43.0 (#4380)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency @types/jest to v29.2.3 (#4381)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency esbuild to v0.15.14 (#4383)

* build(deps): update material-ui monorepo to v5.10.14 (#4385)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency vite to v3.2.4 (#4386)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update font awesome to v6.2.1 (#4389)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency typescript to v4.9.3 (#4390)

* docs: adjust issue templates (#4391)

* docs: adjust issue templates

* docs: adjust wording

* build(deps): update dependency jest-watch-typeahead to v2.2.1 (#4392)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency i18next to v22.0.6 (#4395)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update github.com/duosecurity/duo_api_golang digest to 091daa0 (#4396)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update traefik docker tag to v2.9.5 (#4398)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update module github.com/jackc/pgx/v5 to v5.1.1 (#4400)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update mariadb docker tag to v10.10.2 (#4399)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency eslint-plugin-react to v7.31.11 (#4401)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* build(deps): update dependency eslint to v8.28.0 (#4402)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix(storage): schema inconsistency (#4262)

* fix: missing pg rebinds

* fix: refactoring issues

* fix: refactoring issues

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2022-11-19 17:42:03 +11:00
Stephen Kent 2584e3d328
feat: move webauthn device enrollment flow to new settings ui (#4376) 
The current 2-factor authentication method registration flow requires
email verification for both initial 2FA registration, and 2FA
re-registration even if the user is already logged in with 2FA.

This change removes email ID verification for users who are already
logged in with 2-factor authentication. Users who have only completed
first factor authentication (password) are still required to complete
email ID verification.
 2022-11-19 16:48:47 +11:00
Stephen Kent 92b3a5804b
feat: provide webauthn device description from frontend on registration (#4363) 2022-11-13 18:59:21 +11:00
James Elliott ad68f33aeb
build(deps): update module github.com/ory/fosite to v0.43.0 (#4269) 
This updates fosite and refactors our usage out of compose.
 2022-11-13 14:26:10 +11:00
James Elliott 9b66bb4fe2
Merge remote-tracking branch 'origin/master' into feat-settings-ui 
# Conflicts:
#	internal/model/webauthn.go
 2022-11-13 09:19:22 +11:00
James Elliott 5a23df4544
refactor: uuid parse bytes (#4311) 
Use ParseBytes instead since it supports a byte encoded string.
 2022-11-01 10:31:13 +11:00
Clément Michaud a69ba22f46 feat: implement a ui for supporting multiple u2f devices 2022-10-30 09:52:49 +01:00
James Elliott a283fda6d6
fix(oidc): handle authorization post requests (#4270) 
This fixes an issue where the authorization endpoint was not handling post requests as per the specification. It also fixes the missing CORS middleware on the authorization endpoint.
 2022-10-26 19:14:43 +11:00
James Elliott 3aaca0604f
feat(oidc): implicit consent (#4080) 
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
 2022-10-20 13:16:36 +11:00
James Elliott 3a70f6739b
feat(authentication): file password algorithms (#3848) 
This adds significant enhancements to the file auth provider including multiple additional algorithms.
 2022-10-17 21:51:59 +11:00
James Elliott dc79c8ea59
refactor: any (#4133) 
* refactor: any

* refactor: fix test
 2022-10-05 16:05:23 +11:00
James Elliott 6810c91d34
feat(oidc): issuer jwk certificates (#3989) 
This allows for JWKs to include certificate information, either signed via Global PKI, Enterprise PKI, or self-signed.
 2022-10-02 13:07:40 +11:00
James Elliott ed7092c59a
feat: envoy support (#3793) 
Adds support for Envoy and Istio using the X-Authelia-URL header. The documentation will be published just before the release.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2022-10-01 21:47:09 +10:00
James Elliott 8cdf4a5624
fix(authorization): regex subj doesn't redirect anon user (#4037) 
This fixes an issue with the authorization policies where if the Domain Regex or Resources criteria would incorrectly return 403 Forbidden statuses instead of 302 Found statuses.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2022-09-26 14:33:08 +10:00
Manuel Nuñez ca85992ac6
fix(handlers): verify handler (#3956) 
When an anonymous user tries to access a forbidden resource with no subject, we should response with 403.

Fixes #3084
 2022-09-05 08:21:30 +10:00
James Elliott 2325031052
refactor: clean up uri checking functions (#3943) 2022-09-03 11:51:02 +10:00
James Elliott 319a8cf9d4
fix(notification): text emails not encoded properly (#3854) 
This fixes an issue where the plain text portion of emails is not encoded with quoted printable encoding.
 2022-08-27 07:39:20 +10:00
James Elliott 9c00104cb2
fix(utils): domain suffix improperly checked (#3799) 2022-08-07 21:13:56 +10:00
Amir Zarrinkafsh 2d26b4e115
refactor: fix linter directives for go 1.19 and golangci-lint 1.48.0 (#3798) 2022-08-07 11:24:00 +10:00
James Elliott b2cbcf3913
fix(handlers): consent session prevents standard flow (#3668) 
This fixes an issue where consent sessions prevent the standard workflow.
 2022-07-26 15:43:39 +10:00
James Elliott df016be29e
fix(notification): incorrect date header format (#3684) 
* fix(notification): incorrect date header format

The date header in the email envelopes was incorrectly formatted missing a space between the `Date:` header and the value of this header. This also refactors the notification templates system allowing people to manually override the envelope itself.

* test: fix tests and linting issues

* fix: misc issues

* refactor: misc refactoring

* docs: add example for envelope with message id

* refactor: organize smtp notifier

* refactor: move subject interpolation

* refactor: include additional placeholders

* docs: fix missing link

* docs: gravity

* fix: rcpt to command

* refactor: remove mid

* refactor: apply suggestions

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* refactor: include pid

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
 2022-07-18 10:56:09 +10:00
James Elliott f115f77df8
fix(web): offline_access consent description (#3679) 2022-07-11 16:24:09 +10:00
James Elliott ce779b2533
refactor(middlewares): factorize responses (#3628) 2022-07-08 22:18:52 +10:00
James Elliott 24f5caed97
refactor: factorize verify handler (#3662) 
This factorizes a few sections of the /api/verify handler and improves both the code flow and error output of the section of code.
 2022-07-08 12:32:43 +10:00
Manuel Nuñez da012ab2d6
fix(handlers): fix redirect with timed out sessions on rules with bypass policy (#3599) 
This change replaced a returned error with a warning when the idle timeout was exceeded.

Fixes #3587
 2022-07-05 09:58:35 +10:00
James Elliott d9c7cd6564
fix(model): potential panic (#3538) 
This fixes a potential panic in the conversion from a fosite.Requester to an *OAuth2Session object.
 2022-06-17 22:25:14 +10:00
James Elliott b2c60ef898
feat: major documentation refresh (#3475) 
This marks the launch of the new documentation website.
 2022-06-15 17:51:47 +10:00
James Elliott 001589cd6d
feat(metrics): implement prometheus metrics (#3234) 
Adds ability to record metrics and gather them for Prometheus.
 2022-06-14 17:20:13 +10:00
James Elliott 607bbcc324
fix(handler): oidc two factor handling (#3512) 2022-06-14 15:17:11 +10:00
James Elliott a50d425863
refactor(middlewares): convert the bridge to a builder (#3338) 
This adjusts the bridge to be utilized as a builder in order to make it more reusable.
 2022-06-10 11:34:43 +10:00
James Elliott a7106ad7e9
fix(handler): missing notification values (#3321) 
This ensures all template types share the same template values and display them correctly regardless if text/html/other.

Fixes #3319.
 2022-05-09 08:43:12 +10:00
James Elliott 1db00717ee
fix(oidc): pre-conf consent skipped entirely for anon users (#3250) 
This fixes an issue where pre-configured consent is entirely skipped if the process was initiated via an anonymous user.
 2022-05-03 15:28:58 +10:00
James Elliott abf1c86ab9
fix(oidc): subject generated for anonymous users (#3238) 
Fix and issue that would prevent a correct ID Token from being generated for users who start off anonymous. This also avoids generating one in the first place for anonymous users.
 2022-04-25 10:31:05 +10:00
James Elliott e99fb7a08f
feat(configuration): configurable default second factor method (#3081) 
This allows configuring the default second factor method.
 2022-04-18 09:58:24 +10:00
James Elliott 4710de33a4
refactor(configuration): remove ptr for duoapi and notifier (#3200) 
This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.
 2022-04-16 09:34:26 +10:00
James Elliott 92aba8eb0b
feat(server): zxcvbn password policy server side (#3151) 
This is so the zxcvbn ppolicy is checked on the server.
 2022-04-15 19:30:51 +10:00
James Elliott f97474f01b
fix(oidc): show detailed error reasons (#3175) 2022-04-12 21:39:15 +10:00
James Elliott 9d5ac4526e
fix(configuration): remove unused password policy option (#3149) 
Removes the min score option from the ZXCVBN policy and adds tests.
 2022-04-09 09:21:49 +10:00
James Elliott 66a450ed38
feat(oidc): pre-configured consent (#3118) 
Allows users to pre-configure consent if enabled by the client configuration by selecting a checkbox during consent.

Closes #2598
 2022-04-08 15:35:21 +10:00