Commit Graph

10 Commits

Author SHA1 Message Date
Clement Michaud
1cf4e57bb1 Redirect user when he has already validated some factors
Example 1: The user has validated first factor when accessing a service
protected by basic auth. When he tries to access another service protected
by second factor, he is redirected to second factor step to complete
authentication.

Example 2: The user has already validated second factor. When he access auth
service, he is redirected either to /loggedin page that displays an "already
logged in" page or to the URL provided in the "redirect" query parameter.
2017-10-09 01:07:32 +02:00
Clement Michaud
c061dbfda4 Customize the authentication method to be used by a sub-domain
One can now customize the default authentication method for all sub-domains,
i.e., either 'two_factor' or 'basic_auth' and define specific authentication
method per sub-domain.

For example, one can specify that every sub-domain must be authenticated with
two factor except one sub-domain that must be authenticated with basic auth.
2017-10-08 23:39:29 +02:00
Clement Michaud
78f6028c1b Improve logging format for clarity
Previously, logs were not very friendly and it was hard to track
a request because of the lack of request ID.
Now every log message comes with a header containing: method, path
request ID, session ID, IP of the user, date.

Moreover, the configurations displayed in the logs have their secrets
hidden from this commit.
2017-10-08 22:33:50 +02:00
Clement Michaud
267cf2921d Adapt ACL configuration to make it more flexible
Basically, the ACL configuration was very static and it was not allowed
to remove 'any', 'groups', 'users'. The application crashed when those
keys did not exist.
After this fix, every key is optional and replaced by a default value
for the app configuration to be complete and used by Authelia.

Later, a configuration validator will be implemented to detect issues
with configuration at startup.
2017-10-08 15:34:58 +02:00
Clément Michaud
15374f39d1 Merge pull request #122 from clems4ever/disable-autocomplete
Disable autocomplete for TOTP field
2017-10-07 23:44:33 +02:00
Clement Michaud
e05d1c9c0f Disable autocomplete for TOTP field 2017-10-07 22:23:28 +02:00
Clement Michaud
2349de6698 Disable x-powered-by header sent by express 2017-10-07 22:18:40 +02:00
Clement Michaud
a4d7ade791 Remove useless logs displaying smtp credentials 2017-10-07 21:48:43 +02:00
Clement Michaud
66449eedb0 Use username matcher instead of user dn in group filter
Previously, string "{0}" was replaced by the user dn in the groups_filter
attributes of the LDAP configuration.
However, if the groups children only have a memberUid attribute, one would
like to use the username instead of the user dn.

Since the user dn can be built from the username, "{0}" is now replaced
by the username instead of the user dn so that an LDAP relying on attribute
'memberUid' can be used.
2017-10-07 14:10:22 +02:00
Clement Michaud
d8ff186303 Split client and server
Client and server now have their own tsconfig so that the transpilation is only
done on the part that is being modified.

It also allows faster transpilation since tests are now excluded from tsconfig.
They are compiled by ts-node during unit tests execution.
2017-10-07 00:49:42 +02:00