Commit Graph

829 Commits

Author SHA1 Message Date
Amir Zarrinkafsh
05592cbe2d
[MISC] Add github comment workflow for automated builds (#605) 2020-02-01 12:56:11 +01:00
Clément Michaud
e303ae0083
[MISC] Remove unused mongo docker-compose file. (#599) 2020-02-01 22:19:26 +11:00
Clément Michaud
426b29c382
[MISC] Add a CONTRIBUTING.md to the project. (#604) 2020-02-01 22:05:43 +11:00
Amir Zarrinkafsh
1b478e8f3d
[Buildkite] Do not persist Docker secret in builds (#603) 2020-02-01 19:10:18 +11:00
Amir Zarrinkafsh
275af90137
[Buildkite] Re-order pipeline to improve security (#598) 2020-01-31 15:16:46 +11:00
Amir Zarrinkafsh
49e739d009
[Buildkite] Add automatic deployment and removal of Docker images for Branches and PRs (#592) 2020-01-30 08:37:11 +01:00
James Elliott
152b33e4fa [FIX] SMTP Notifier Unhandled Error Conditions (#585)
- Only attempt to close the connection once it's established.
- Defer the client Quit/Close so that it always executes at the end.
- Fixes #585
2020-01-28 15:19:54 +11:00
Amir Zarrinkafsh
722cbb63a0 [Buildkite] Remove redundant if clause in post-checkout hook 2020-01-28 10:06:03 +11:00
Amir Zarrinkafsh
e646323555 [MISC] Fix AUR badge links in README.md 2020-01-28 10:06:03 +11:00
James Elliott
31ca4f891f [FIX] Disable regulation when max_retries set to 0 (#584)
- Only set regulator to enabled if max_retries is not set to 0, default is false (zero value).
- Added test for the scenario.
- Fixes #584
2020-01-27 22:54:24 +11:00
Amir Zarrinkafsh
25c0b60540 [MISC] Update docs to include updated proxy configuration (#580)
Includes updated documentation for:
* nginx
* Traefik 1.x
* Traefik 2.x
2020-01-27 00:24:49 +01:00
Amir Zarrinkafsh
107126929b Update README.md with AUR references and remove CHANGELOG.md (#576)
* Update README.md
Provide badges and references to the AUR for Arch Linux Authelia packages.
Closes #571 #572.

* Add systemd unit file
Include the unit in future release artifacts.

* Remove CHANGELOG.md
As of future releases Changelog details will dynamically be generated.

* Update README.md
Add badge for authelia-git package.

* Update Changelog to only publish explicit Docker tag
Do not include Major and Minor versions, as these will change over time.
2020-01-24 10:21:17 +01:00
Clement Michaud
aca8be40ac Release v4.2.0 2020-01-22 09:12:21 +01:00
Amir Zarrinkafsh
6f669ec8b7 Package config.template.yml in published artifacts 2020-01-22 08:43:06 +01:00
Amir Zarrinkafsh
d36fbb73b7 Add example for v3 -> v4 migrations utilising Docker 2020-01-22 11:53:15 +11:00
Amir Zarrinkafsh
9a685fefad Update alpine to 3.11.3 2020-01-22 11:53:15 +11:00
Clement Michaud
2acf8bf21c Add hash-password and migrate commands to authelia binary.
This reduce the size of the docker image and avoid confusing users.

We keep the commands in authelia-scripts too in order to keep the
current workflow of developers.
2020-01-22 11:53:15 +11:00
Clement Michaud
bb7781fd2b Use env variables to configure secrets in Standalone suite. 2020-01-22 10:15:25 +11:00
Clement Michaud
cab97d5f2f Bind secret environment variable to allow unmarshalling. 2020-01-22 10:15:25 +11:00
Clement Michaud
c95c7210d8 Put secrets in env variables of Kubernetes Deployment.
This is preliminary work to bootstrap the Helm chart and rely on
the Kubernetes vault.

WARNING: those variables should never be set in the configuration
in a production environment. They have been set here for ease of
deployment and because this is a showcase.
2020-01-22 10:15:25 +11:00
Clement Michaud
e92d3ced3a Introduce viper in order to read secrets from env variables. 2020-01-22 10:15:25 +11:00
Clement Michaud
ea86b62527 Add validation for notifier configuration. 2020-01-22 10:15:25 +11:00
Clement Michaud
9b5b091a44 Update CHANGELOG for v4.1.0. 2020-01-21 23:26:14 +01:00
Clément Michaud
fffff82735
Create FUNDING.yml 2020-01-21 22:20:13 +01:00
James Elliott
736ed3f212 Misc Spelling Corrections
- Mostly changes to spelling of comments/docs/displayed text
- A few changes to test function names
2020-01-21 12:16:00 +11:00
Clement Michaud
47b34b4026 Escape special LDAP characters as suggested by OWASP.
https://owasp.org/www-project-cheat-sheets/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html
2020-01-21 09:46:17 +11:00
Amir Zarrinkafsh
1059551133
Optimise deploy artifacts step (#564)
* Optimise deploy artifacts step
authelia-scripts is not required to publish GitHub artifacts as we utilise [Hub](https://hub.github.com/), this should save ~10 seconds in this step.

* Specify release number in pipeline

* Change buildkite and github published artifacts back to gzip

* Update README.md
2020-01-20 10:53:55 +11:00
Clement Michaud
aafd8fdbd8 Add a sponsorship badge and section to README. 2020-01-19 22:55:37 +01:00
Clement Michaud
99830d95f6 Add a section on vulnerability reporting under security in README. 2020-01-19 22:55:37 +01:00
Amir Zarrinkafsh
a02fb1438e Add Traefik2 suite and refactor Traefik suite (#562)
* Update Traefik 1.x to v1.7.20 for integration tests

* Add suite for Traefik 2.x

* Refactor Traefik2 suite to utilise Docker labels

* Move Traefik2 middleware definition to a file based provider

* Expose Traefik2 dashboard
The API/Dashboard can be reached at https://traefik.example.com:8080/

* Move Traefik frontend/backend definitions to Docker labels

* Move Traefik2 router/service definitions to Docker labels

* Normalise all Traefik configuration via labels and commands
When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files.

* Define ports for Authelia frontend/backend services

* Adjust Traefik2 suite to new dev workflow

* Normalise all Traefik2 middlewares via labels

* Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 11:06:37 +01:00
Clément Michaud
6054addfcc
Update README.md 2020-01-19 00:31:08 +01:00
Amir Zarrinkafsh
68919a3b4e Update README.md
Remove Gitter badge and add Matrix badge, a Matrix <-> Gitter bridge exists to allow communication across the two channels.
2020-01-19 10:28:29 +11:00
Clément Michaud
2e86f270cd Encode URL set to rd parameter. (#559)
* Encode URL set to rd parameter.

URL encoding that parameter solves PR #476.

Some URL parameters set during redirection were magically disappearing
after the redirection due to the authentication process. By using URL encoding,
those parameters should not be stripped anymore.

* Fix integration tests.
2020-01-19 01:57:42 +11:00
Amir Zarrinkafsh
a0b79c61d2 Group docker deployment steps to prevent race conditions/conflicts 2020-01-18 11:17:25 +11:00
Amir Zarrinkafsh
1f684dbc75 Update README.md 2020-01-18 11:17:25 +11:00
Clément Michaud
bb24cf16f7
Update README.md 2020-01-18 00:41:29 +01:00
James Elliott
e6ddedf23d Fixes Remember Me functionality
- Adjust the remember me duration to 1 year
- Fixes #552
2020-01-18 00:27:01 +01:00
Clement Michaud
ece4423d33 Add back wait block in buildkite pipeline. 2020-01-18 00:12:36 +01:00
Clement Michaud
841de2b75d Disable inactivity timeout when user checked remember me.
Instead of checking the value of the cookie expiration we rely
on the boolean stored in the user session to check whether inactivity
timeout should be disabled.
2020-01-18 00:12:36 +01:00
Clement Michaud
6792fd5bc3 Add --ignore-certificate-errors flag to chromium-browser command in integration tests.
This flag fix error messages when running the tests for the first time.
2020-01-18 00:12:36 +01:00
Clément Michaud
9f2cca1ebf
Update Authelia logo in README and the icon of the webapp. (#556) 2020-01-17 21:30:50 +01:00
Clément Michaud
ce7b6b8167
Build docker image upfront in CI and use it in integration tests. (#555)
* Build docker image upfront in CI and use it in integration tests.

Previously, the development workflow was broken because the container
generated from Dockerfile.CI was used in dev environments but the binary
was not pre-built as it is on buildkite. I propose to just remove that
image and use the "to be published" image instead in integration tests.

This will have several advantages:
- Fix the dev workflow.
- Remove CI arch from authelia-scripts build command
- Optimize CI time in buildkite since we'll cache a way small artifact
- We don't build authelia more than once for earch arch.

* Fix suites and only build ARM images on master or tagged commits

* Optimise pipeline dependencies and Kubernetes suite to utilise cache

* Run unit tests and docker image build in parallel.

* Fix suite trying to write on read only fs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-01-17 20:46:51 +01:00
Clément Michaud
da22227563
Add trimpath build flag and fix go version to guarantee reproducible build. (#553) 2020-01-16 22:17:03 +01:00
Amir Zarrinkafsh
9b8be0fef0 Remove Travis and promote Buildkite (#545)
* Remove Travis and promote Buildkite

* Add Docker Size badge to README.md

* Call MicroBadger webhook to update metadata for shields

Add updateMicroBadger function and refactor publishDockerReadme to be called explicitly instead of on every deployManifest call.
2020-01-16 21:57:44 +01:00
Amir Zarrinkafsh
5914f96de4
Add git tag back to binary artifact. 2020-01-13 11:30:05 +11:00
Clement Michaud
a823b6368a Remove build time and git tag from binary artifact.
That way it's easy to build a given commit and check whether
it's the same binary than the one published on Github.
2020-01-12 20:17:11 +01:00
Clement Michaud
1deb46778c Prepare changelog for v4.1.0 release. 2020-01-12 20:17:11 +01:00
Amir Zarrinkafsh
072a8c468c Reduce number of Docker layers 2020-01-11 14:25:50 +11:00
James Elliott
242386e279 Force TLS and valid x509 certs in SMTP Notifier by default
- Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN
- Removed: secure (notifier smtp conf) boolean string
- Added: disable_verify_cert (notifier smtp conf) boolean
    - disables X509 validation of certificates
- Added: disable_require_tls (notifier smtp conf) boolean
    - allows emails to be sent over plain text (for non-authenticated only)
- Added: trusted_cert (notifier smtp conf) string (path)
    - allows specifying the path of a PEM format cert to add to trusted cert pool
- Make SMTP notifier return errors on connection over plain text
- Make SMTP notifier return errors on TLS connection with invalid certs
- Implemented various debug logging for the SMTP notifier
- Implemented explicit SMTP closes on errors (previously left con open)
- Split SMTPNotifier Send func to seperate funcs for:
    - writing future test suites and startup checks more easily
    - organization and readability
- Add details of changes to docs/security.yml
- Adjust config.yml's (template and test) for the changes
2020-01-10 17:37:16 +01:00
James Elliott
1ef3485418 Fix duplicate Content-Type header in SMTPNotifier
- SMTPNotifier would send the Content-Type header twice
- Fixes #498
2020-01-10 17:37:16 +01:00