Commit Graph

1557 Commits (f74ada099c94f80900d23623a2b13cf30d075030)

Author SHA1 Message Date
Clement Michaud 67613d9fbe Support ldap:// protocol for ldap url to be backward compatible with v3. 2019-10-30 09:29:43 +01:00
Clement Michaud 931887a0a7 Use Golang modules to freeze dependencies. 2019-10-29 00:40:45 +01:00
Clement Michaud a86c652485 Isolate test resources under test directory. 2019-10-29 00:40:45 +01:00
Clement Michaud b1d59dcec4 Add documentation on Authelia v4 in README and add a migration document. 2019-10-29 00:40:45 +01:00
Clement Michaud 828f565290 Bootstrap Go implementation of Authelia.
This is going to be the v4.

Expected improvements:
- More reliable due to static typing.
- Bump of performance.
- Improvement of logging.
- Authelia can be shipped as a single binary.
- Will likely work on ARM architecture.
2019-10-28 23:28:59 +01:00
Clement Michaud 325076a827 3.16.3 2019-10-28 21:38:55 +01:00
Clement Michaud fbc0de5ee8 Update changelog of previous versions. 2019-10-28 21:38:49 +01:00
Clement Michaud a2258aeb7e 3.16.2 2019-10-28 21:35:43 +01:00
Clement Michaud f86cb05474 Merge tag 'v3.16.1'
3.16.1
2019-10-28 21:34:45 +01:00
Clement Michaud 8d26364787 Remove concurrently package. 2019-10-19 21:25:34 +02:00
snyk-bot 9dec33f23c fix: package.json & package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
2019-10-19 18:43:03 +02:00
Clément Michaud eee8c59562
Remove reference to CONTRIBUTORS.md in readme. 2019-10-19 18:34:14 +02:00
Clement Michaud 624a3c740c Remove CONTRIBUTORS.md as the list is provided in Github. 2019-10-19 18:31:11 +02:00
yaleman 73e593d5a7 spelling correction 2019-10-19 18:12:31 +02:00
Clement Michaud cb18a99630 Install xvfb in travis container. 2019-10-19 18:10:23 +02:00
snyk-bot dd6823f227 fix: package.json & package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-10-19 17:57:40 +02:00
Clement Michaud dd0add9618 Update the footer of emails sent after request initiation. 2019-09-26 17:33:07 +02:00
Clement Michaud 8984e0a980 3.16.1 2019-09-26 00:22:54 +02:00
Clement Michaud f6cc88eb86 Update NPM api key. 2019-09-26 00:22:39 +02:00
Clement Michaud 828baab6b1 3.16.0 2019-09-25 23:56:20 +02:00
Clement Michaud f95515f912 Add changelog for 3.16.0. 2019-09-25 23:56:20 +02:00
Clement Michaud 5fb47ac848 Fix security issue with handlebars. 2019-09-25 22:03:59 +02:00
Nain Tornez 190e85a79d docs: fix urls 2019-09-25 20:51:31 +02:00
Callan Bryant fbe7b77bce Update vulnerable dependencies
* lodash
* mixin-deep
* set-value
* union-value

NPM also updated the schema of package-lock.json.
2019-07-29 14:55:24 +02:00
Max Planck e40777735b Use Node 8.7 to be in line with current master 2019-07-03 17:23:52 +02:00
Max Planck 81e39b93b6 Added the ability for users to configure a CA when using ldaps 2019-07-03 17:23:52 +02:00
Clement Michaud 4979f2bd2d Remove tests with dockerhub image. 2019-06-28 22:40:06 +02:00
Max Planck 21d55a027d Added debugging logging output to track down
*domain mismatches
*session cookie issues
2019-06-07 17:39:04 +02:00
Max Planck 80b1428849 Added environment variable parsing for:
*session secret
*e-mail service password
*smtp server password
*duo-auth api secret key
*ldap bind password
These still need to be specified in the configuration file
but can have dummy values there while the real values are
passed in via environment variables.
2019-06-07 17:39:04 +02:00
Max Planck cb4eb710fb Added ldap password environment variable. 2019-06-07 17:39:04 +02:00
Clément Michaud 8478216e5d
Update README.md 2019-04-25 13:36:14 +02:00
Clement Michaud dd36902467 3.15.0 2019-04-24 23:55:21 +02:00
Clement Michaud e37ee9e5c7 Add changelog for version 3.15.0. 2019-04-24 23:55:07 +02:00
Clement Michaud 4f63de4020 Remove useless packages from server package.json. 2019-04-24 23:53:23 +02:00
Clement Michaud 186839d6e5 Remove the shared directory and move files to server. 2019-04-17 23:31:56 +02:00
Clement Michaud 5a195f7ebd Update README to mention nginx and Traefik and update images. 2019-04-17 23:06:56 +02:00
Clément Michaud e0dab01442
Update README.md 2019-04-17 00:28:31 +02:00
Clement Michaud 743b84aeaa Change license from MIT to Apache 2.0. 2019-04-16 23:40:15 +02:00
Clement Michaud ab8402314b Add a link to the breaking changes markdown in README. 2019-04-16 22:58:45 +02:00
Clement Michaud b36f2c78f9 3.14.0 2019-04-16 22:53:48 +02:00
Clement Michaud 9e90662a89 Update CHANGELOG.md and add BREAKING.md. 2019-04-16 22:53:42 +02:00
Amir Zarrinkafsh 7d639df0b6 Fix nginx.md examples to reflect latest breaking changes 2019-04-16 21:24:18 +02:00
Clement Michaud 4016ff1bba [BREAKING] Create a suite for Traefik proxy.
* Removal of the Redirect header sent by Authelia /api/verify endpoint.
* Authelia does not consume Host header anymore but X-Forwarded-Proto and X-Forwarded-Host
  to compute the link sent in identity verification emails.
* Authelia used Host header as the application name for U2F authentication but it's now using
  X-Forwarded-* headers.
2019-04-12 09:24:54 +02:00
ViViDboarder 617e929e1a Fix relative paths and add error handling 2019-04-12 09:24:54 +02:00
ViViDboarder 356b82f443 Fix lint error 2019-04-12 09:24:54 +02:00
ViViDboarder 0922b3c215 Build x-original-url from forwarded headers
This is to allow broader support for proxies. In particular, this allows
support with Traefik.

This patch also includes some examples of configuration with Traefik.
2019-04-12 09:24:54 +02:00
Clement Michaud 36d65c284e Add a test checking forwarded headers on bypass-based resources. 2019-04-10 22:34:15 +02:00
Amir Zarrinkafsh c074270b54 Fix attaching User/Groups headers for bypass strategy 2019-04-10 21:32:12 +02:00
Clement Michaud 87e06e6528 Remove bad error message when registering U2F device. 2019-03-31 20:39:20 +02:00
Clement Michaud 8a76b5118d Add network criteria in ACLs to specify policy based on network subnet. 2019-03-31 20:11:07 +02:00