RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
304 Commits
27 Branches
187 Tags
61 MiB
Commit Graph

4 Commits (v3.6.0)

Author SHA1 Message Date
Clement Michaud 56fdc40290 Every public endpoints return 200 with harmonized error messages or 401 
Now, /verify can return 401 or 403 depending on the user authentication.
Every public API endpoints and pages return 200 with error message in
JSON body or 401 if the user is not authorized.

This policy makes it complicated for an attacker to know what is the source of
the failure and hide server-side bugs (not returning 500), bugs being potential
threats.
 2017-10-14 11:57:38 +02:00
Clement Michaud b7a180af9b Fix randomness in integration tests 2017-10-08 17:13:29 +02:00
Clement Michaud 0a33b2d5ee Add logs to detect redis connection issues earlier 
Before this fix, the application was simply crashing during execution
when connection to redis was failing.

Now, it is correctly handled with failing promises and logs have been
enabled to clearly see the problem
 2017-09-22 20:52:05 +02:00
Clement Michaud 64c06fd6b8 Parameterize authentication regulation via configuration file. Both for flexibility and for testing purposes. 2017-09-03 12:48:35 +02:00