mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Misc Spelling Corrections
- Mostly changes to spelling of comments/docs/displayed text - A few changes to test function names
This commit is contained in:
parent
47b34b4026
commit
736ed3f212
|
@ -63,7 +63,7 @@ Release Notes - Version 3.14.0
|
|||
Release Notes - Version 3.13.0
|
||||
------------------------------
|
||||
* Rewrite Authelia portal in Typescript.
|
||||
* Intoduce concept of suites and authelia-scripts.
|
||||
* Introduce concept of suites and authelia-scripts.
|
||||
* Add official support for Kubernetes and a suite.
|
||||
* Improve documentation for nginx.
|
||||
* Fix bypass policy not properly handled.
|
||||
|
@ -90,7 +90,7 @@ Release Notes - Version 3.10.0
|
|||
------------------------------
|
||||
* Add docker-compose for deploying Authelia on Swarm*.
|
||||
* Add "keep me logged in" checkbox in first factor page.
|
||||
* Fix U2F compatiblity with Firefox.
|
||||
* Fix U2F compatibility with Firefox.
|
||||
* Bump dependencies to fix vulnerabilities reported by snyk.
|
||||
* Improve documentation for dev setup.
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ func init() {
|
|||
SuitesTestCmd.Flags().BoolVar(&headless, "headless", false, "Run tests in headless mode")
|
||||
}
|
||||
|
||||
// SuitesListCmd Command for listing the available suites
|
||||
// SuitesListCmd Command for listing the available suites.
|
||||
var SuitesListCmd = &cobra.Command{
|
||||
Use: "list",
|
||||
Short: "List available suites.",
|
||||
|
@ -42,7 +42,7 @@ var SuitesListCmd = &cobra.Command{
|
|||
Args: cobra.ExactArgs(0),
|
||||
}
|
||||
|
||||
// SuitesSetupCmd Command for setuping a suite environment
|
||||
// SuitesSetupCmd Command to setup a suite environment.
|
||||
var SuitesSetupCmd = &cobra.Command{
|
||||
Use: "setup [suite]",
|
||||
Short: "Setup a Go suite environment. Suites can be listed using the list command.",
|
||||
|
|
|
@ -117,7 +117,7 @@ authentication_backend:
|
|||
# It must stand at the beginning of the pattern. (example: *.mydomain.com)
|
||||
#
|
||||
# Note: You must put patterns containing wildcards between simple quotes for the YAML
|
||||
# to be syntaxically correct.
|
||||
# to be syntactically correct.
|
||||
#
|
||||
# Definition: A `rule` is an object with the following keys: `domain`, `subject`,
|
||||
# `policy` and `resources`.
|
||||
|
|
|
@ -46,7 +46,7 @@ Integration tests are located under the `internal/suites` directory
|
|||
and are based on Selenium. A suite is a combination of environment
|
||||
and tests. Executing a suite therefore means starting the environment,
|
||||
running the tests and tearing down the environment. Each step can be
|
||||
run independantly:
|
||||
run independently:
|
||||
|
||||
# List the available suites
|
||||
$ authelia-scripts suites list
|
||||
|
|
|
@ -149,7 +149,7 @@ This documentation gives instructions that will make **Authelia** non
|
|||
highly-available and non scalable by preventing you from running multiple
|
||||
instances of the application.
|
||||
This means that **Authelia** won't be able to distribute the
|
||||
load accross multiple servers and it will prevent failover in case of a
|
||||
load across multiple servers and it will prevent failover in case of a
|
||||
crash or an hardware issue. Moreover, it will also prevent from reliably
|
||||
persisting data and consequently fail access to your platform as the devices
|
||||
registered by your users will be lost.
|
||||
|
|
|
@ -6,12 +6,12 @@ Authelia uses two mechanisms to protect against cookie theft:
|
|||
1. session attribute `httpOnly` set to true make client-side code unable to
|
||||
read the cookie.
|
||||
2. session attribute `secure` ensure the cookie will never be sent over an
|
||||
unsecure HTTP connections.
|
||||
insecure HTTP connections.
|
||||
|
||||
## Protection against multi-domain cookie attacks
|
||||
|
||||
Since Authelia uses multi-domain cookies to perform single sign-on, an
|
||||
attacker who poisonned a user's DNS cache can easily retrieve the user's
|
||||
attacker who poisoned a user's DNS cache can easily retrieve the user's
|
||||
cookies by making the user send a request to one of the attacker's IPs.
|
||||
|
||||
To mitigate this risk, it's advisable to only use HTTPS connections with valid
|
||||
|
@ -54,12 +54,12 @@ that can be used to validate the authenticity of a server with a self signed
|
|||
certificate. This can either be the public cert of the certificate authority
|
||||
used to sign the certificate or the public key itself. They must be in the PEM
|
||||
format. The certificate is added in addition to the certificates trusted by the
|
||||
;host machine. If the certificate is invalid, inaccessible, or is otherwise not
|
||||
host machine. If the certificate is invalid, inaccessible, or is otherwise not
|
||||
configured; Authelia just uses the hosts certificates.
|
||||
|
||||
### Explanation
|
||||
There are a few reasons for the security measures implemented:
|
||||
1. Transmitting usernames and passwords over plain-text is an obvious vulnerability
|
||||
1. Transmitting username's and passwords over plain-text is an obvious vulnerability
|
||||
2. The emails generated by Authelia, if transmitted in plain-text could allow
|
||||
an attacker to intercept a link used to setup 2FA; which reduces security
|
||||
3. Not validating the identity of the server allows man-in-the-middle attacks
|
||||
|
|
|
@ -67,7 +67,7 @@
|
|||
Here is the list of credentials you can log in with to test access control.<br />
|
||||
<br /> Once first factor is passed, you will need to follow the links to register a secret for the second
|
||||
factor.<br /> Authelia
|
||||
will send you a fictituous email in a <strong>fake webmail</strong> at <a
|
||||
will send you a fictitious email in a <strong>fake webmail</strong> at <a
|
||||
href="http://localhost:8085">http://localhost:8085</a>.<br />
|
||||
It will provide you with the link to complete the registration allowing you to authenticate with 2-factor.
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ func identityRetrieverFromStorage(ctx *middlewares.AutheliaCtx) (*session.Identi
|
|||
}
|
||||
|
||||
// ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password.
|
||||
// We need to ensure the attacker cannot perform user enumeration by alway replying with 200 whatever what happens in backend.
|
||||
// We need to ensure the attacker cannot perform user enumeration by always replying with 200 whatever what happens in backend.
|
||||
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
|
||||
MailSubject: "[Authelia] Reset your password",
|
||||
MailTitle: "Reset your password",
|
||||
|
@ -52,6 +52,6 @@ func resetPasswordIdentityFinish(ctx *middlewares.AutheliaCtx, username string)
|
|||
ctx.ReplyOK()
|
||||
}
|
||||
|
||||
// ResetPasswordIdentityFinish the handler for finishing the identity validation
|
||||
// ResetPasswordIdentityFinish the handler for finishing the identity validation.
|
||||
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish(
|
||||
middlewares.IdentityVerificationFinishArgs{ActionClaim: ResetPasswordAction}, resetPasswordIdentityFinish)
|
||||
|
|
|
@ -92,7 +92,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndFail() {
|
|||
s.mock.Assert200KO(s.T(), "Authentication failed, please retry later.")
|
||||
}
|
||||
|
||||
func TestRunSecondeFactorDuoPostSuite(t *testing.T) {
|
||||
func TestRunSecondFactorDuoPostSuite(t *testing.T) {
|
||||
s := new(SecondFactorDuoPostSuite)
|
||||
suite.Run(t, s)
|
||||
}
|
||||
|
|
|
@ -12,14 +12,14 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func loadInfo(username string, storageProvier storage.Provider, preferences *UserPreferences, logger *logrus.Entry) []error {
|
||||
func loadInfo(username string, storageProvider storage.Provider, preferences *UserPreferences, logger *logrus.Entry) []error {
|
||||
var wg sync.WaitGroup
|
||||
wg.Add(3)
|
||||
|
||||
errors := make([]error, 0)
|
||||
go func() {
|
||||
defer wg.Done()
|
||||
method, err := storageProvier.LoadPreferred2FAMethod(username)
|
||||
method, err := storageProvider.LoadPreferred2FAMethod(username)
|
||||
if err != nil {
|
||||
errors = append(errors, err)
|
||||
logger.Error(err)
|
||||
|
@ -34,7 +34,7 @@ func loadInfo(username string, storageProvier storage.Provider, preferences *Use
|
|||
|
||||
go func() {
|
||||
defer wg.Done()
|
||||
_, _, err := storageProvier.LoadU2FDeviceHandle(username)
|
||||
_, _, err := storageProvider.LoadU2FDeviceHandle(username)
|
||||
if err != nil {
|
||||
if err == storage.ErrNoU2FDeviceHandle {
|
||||
return
|
||||
|
@ -48,7 +48,7 @@ func loadInfo(username string, storageProvier storage.Provider, preferences *Use
|
|||
|
||||
go func() {
|
||||
defer wg.Done()
|
||||
_, err := storageProvier.LoadTOTPSecret(username)
|
||||
_, err := storageProvider.LoadTOTPSecret(username)
|
||||
if err != nil {
|
||||
if err == storage.ErrNoTOTPSecret {
|
||||
return
|
||||
|
@ -64,7 +64,7 @@ func loadInfo(username string, storageProvier storage.Provider, preferences *Use
|
|||
return errors
|
||||
}
|
||||
|
||||
// UserInfoGet get the info related to the user identitified by the session.
|
||||
// UserInfoGet get the info related to the user identified by the session.
|
||||
func UserInfoGet(ctx *middlewares.AutheliaCtx) {
|
||||
userSession := ctx.GetSession()
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ func init() {
|
|||
logrus.AddHook(logrus_stack.NewHook(callerLevels, stackLevels))
|
||||
}
|
||||
|
||||
// Logger return the standard logrues logger.
|
||||
// Logger return the standard logrus logger.
|
||||
func Logger() *logrus.Logger {
|
||||
return logrus.StandardLogger()
|
||||
}
|
||||
|
|
|
@ -87,7 +87,7 @@ func TestShouldFailSendingAnEmail(t *testing.T) {
|
|||
assert.Equal(t, "no notif", mock.Hook.LastEntry().Message)
|
||||
}
|
||||
|
||||
func TestShouldSucceedIdentityVerficationStartProcess(t *testing.T) {
|
||||
func TestShouldSucceedIdentityVerificationStartProcess(t *testing.T) {
|
||||
mock := mocks.NewMockAutheliaCtx(t)
|
||||
defer mock.Close()
|
||||
|
||||
|
|
|
@ -69,7 +69,7 @@ access_control:
|
|||
regulation:
|
||||
# Set it to 0 to disable max_retries.
|
||||
max_retries: 3
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 300
|
||||
# The length of time before a banned user can login again.
|
||||
ban_time: 900
|
||||
|
|
|
@ -85,7 +85,7 @@ regulation:
|
|||
# Set it to 0 to disable max_retries.
|
||||
max_retries: 3
|
||||
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 300
|
||||
|
||||
# The length of time before a banned user can login again.
|
||||
|
|
|
@ -212,7 +212,7 @@ regulation:
|
|||
max_retries: 3
|
||||
|
||||
# The time range during which the user can attempt login before being banned.
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 8
|
||||
|
||||
# The length of time before a banned user can login again.
|
||||
|
|
|
@ -83,7 +83,7 @@ regulation:
|
|||
# Set it to 0 to disable max_retries.
|
||||
max_retries: 3
|
||||
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 300
|
||||
|
||||
# The length of time before a banned user can login again.
|
||||
|
|
|
@ -53,7 +53,7 @@ regulation:
|
|||
# Set it to 0 to disable max_retries.
|
||||
max_retries: 3
|
||||
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 8
|
||||
|
||||
# The length of time before a banned user can login again.
|
||||
|
|
|
@ -48,7 +48,7 @@ access_control:
|
|||
regulation:
|
||||
# Set it to 0 to disable max_retries.
|
||||
max_retries: 3
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 300
|
||||
# The length of time before a banned user can login again.
|
||||
ban_time: 900
|
||||
|
|
|
@ -53,7 +53,7 @@ regulation:
|
|||
# Set it to 0 to disable max_retries.
|
||||
max_retries: 3
|
||||
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 8
|
||||
|
||||
# The length of time before a banned user can login again.
|
||||
|
|
|
@ -69,7 +69,7 @@ access_control:
|
|||
regulation:
|
||||
# Set it to 0 to disable max_retries.
|
||||
max_retries: 3
|
||||
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||
# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
|
||||
find_time: 300
|
||||
# The length of time before a banned user can login again.
|
||||
ban_time: 900
|
||||
|
|
|
@ -75,7 +75,7 @@ func (s *ResetPasswordScenario) TestShouldMakeAttackerThinkPasswordResetIsInitia
|
|||
s.doVisit(s.T(), LoginBaseURL)
|
||||
s.verifyIsFirstFactorPage(ctx, s.T())
|
||||
|
||||
// Try to initiate a password reset of an inexistant user
|
||||
// Try to initiate a password reset of an nonexistent user.
|
||||
s.doInitiatePasswordReset(ctx, s.T(), "i_dont_exist")
|
||||
|
||||
// Check that the notification make the attacker thinks the process is initiated
|
||||
|
|
|
@ -5,7 +5,7 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// CheckUntil regurly check a predicate until it's true or time out is reached
|
||||
// CheckUntil regularly check a predicate until it's true or time out is reached.
|
||||
func CheckUntil(interval time.Duration, timeout time.Duration, predicate func() (bool, error)) error {
|
||||
for {
|
||||
select {
|
||||
|
|
|
@ -31,11 +31,11 @@ See the section about [deployment](https://facebook.github.io/create-react-app/d
|
|||
|
||||
**Note: this is a one-way operation. Once you `eject`, you can’t go back!**
|
||||
|
||||
If you aren’t satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project.
|
||||
If you aren't satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project.
|
||||
|
||||
Instead, it will copy all the configuration files and the transitive dependencies (Webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own.
|
||||
|
||||
You don’t have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it.
|
||||
You don’t have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn't be useful if you couldn't customize it when you are ready for it.
|
||||
|
||||
## Learn More
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user