Commit Graph

7 Commits

Author SHA1 Message Date
James Elliott
d33d6c2f00
ci: add yamllint (#1895)
This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit.
2021-04-11 06:51:00 +10:00
James Elliott
e041143f87
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider

* refactor(session): use int for ports as per go standards

* refactor(configuration): adjust tests and validation

* refactor(configuration): add err format consts

* refactor(configuration): explicitly map redis structs

* refactor(session): merge redis/redis sentinel providers

* refactor(session): add additional checks to redis providers

* feat(session): add redis cluster provider

* fix: update config for new values

* fix: provide nil certpool to affected tests/mocks

* test: add additional tests to cover uncovered code

* docs: expand explanation of host and nodes relation for redis

* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum

* fix(session): sentinel password

* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config

* test: make entrypoint.sh executable, fix entrypoint.sh if/elif

* test: add redis failover tests

* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging

* test: add sentinel integration test

* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep

* feat: use sentinel failover cluster

* fix: renamed addrs to sentineladdrs upstream

* test(session): sentinel failover

* test: add redis standard back into testing

* test: move redis standalone test to traefik2

* fix/docs: apply suggestions from code review
2021-03-10 10:03:05 +11:00
Amir Zarrinkafsh
ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
Clément Michaud
730e88df9d
[FEATURE] Make Authelia serve over TLS in all suites (#864)
* [BUGFIX] Fix dev workflow by using TLS for all suites.

* Fix traefik 1.x and 2.x suites.

* Display authelia logs on suite failure.

* Fix HAProxy suite.

* Extend timeout of test case.

* Display current URL in verify assertion.

* fix doLoginTwoFactor by adding a timeout

* when doLoginTwoFactor is used with blank target and a protected domain is quickly visited authelia sometimes redirects back to the portal
* fix by adding one second timeout
* bump go version to 1.14.2

* Fix Kube suite and bump dashboard.

* Update dist authelia-frontend to proxy_pass with variable

* Apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* Apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* Remove debug logs since it's polluting logs.

Also set timeout back to 5 seconds in HA suite.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-14 09:57:28 +10:00
James Elliott
626f5d2949
[FEATURE] Remember Me Configuration (#813)
* [FEATURE] Remember Me Configuration
* allow users to specify the duration of remember me using remember_me_duration in session config
* setting the duration to 0 disables remember me
* only render the remember me element if remember me is enabled
* prevent malicious users from faking remember me functionality in the backend
* add string to duration helper called ParseDurationString to parse a string into a duration
* added tests to the helper function
* use the SessionProvider to store the time.Duration instead of parsing it over and over again
* add sec doc, adjust month/min, consistency
* renamed internal/utils/constants.go to internal/utils/const.go to be consistent
* added security measure docs
* adjusted default remember me duration to be 1 month instead of 1 year
* utilize default remember me duration in the autheliaCtx mock
* adjust order of keys in session configuration examples
* add notes on session security measures secret only being redis 
* add TODO items for duration notation for both Expiration and Inactivity (will be removed soon)
* fix error text for Inactivity in the validator 
* add session validator tests
* deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY)
* remove unnecessary regex for the simplified ParseDurationString utility
* ParseDurationString only accepts decimals without leading zeros now
* comprehensively test all unit types
* remove unnecessary type unions in web
* add test to check sanity of time duration consts, this is just so they can't be accidentally changed
* simplify deref check and assignment
* fix reset password padding/margins
* adjust some doc wording
* adjust the handler configuration suite test
* actually run the handler configuration suite test (whoops)
* reduce the number of regex's used by ParseDurationString to 1, thanks to Clement
* adjust some error wording
2020-04-04 10:11:33 +11:00
Clément Michaud
c429488738
[FEATURE] [BREAKING] Support writing logs in a file. (#686)
* [FEATURE] Support writing logs in a file.

* Add documentation about logs file path.

* Rename logs_level and logs_file_path into log_level and log_file_path.

* Update BREAKING.md

Fixes #338

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-03-09 20:57:53 +01:00
Amir Zarrinkafsh
a02fb1438e Add Traefik2 suite and refactor Traefik suite (#562)
* Update Traefik 1.x to v1.7.20 for integration tests

* Add suite for Traefik 2.x

* Refactor Traefik2 suite to utilise Docker labels

* Move Traefik2 middleware definition to a file based provider

* Expose Traefik2 dashboard
The API/Dashboard can be reached at https://traefik.example.com:8080/

* Move Traefik frontend/backend definitions to Docker labels

* Move Traefik2 router/service definitions to Docker labels

* Normalise all Traefik configuration via labels and commands
When the the middleware issue with Traefik 2.x (#476) is resolved this means all Traefik related configuration can be self-contained within the respective docker-compose.yml files.

* Define ports for Authelia frontend/backend services

* Adjust Traefik2 suite to new dev workflow

* Normalise all Traefik2 middlewares via labels

* Fix typo in middleware and comment labels specifying Traefik version
2020-01-19 11:06:37 +01:00