Commit Graph

1719 Commits

Author SHA1 Message Date
renovate[bot]
1f3cf34080
build(deps): update dependency @types/node to v14.14.37 (#1859)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-28 02:21:52 +11:00
renovate[bot]
5ab334dcdc
build(deps): update haproxy docker tag to v2.3.8 (#1858)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-28 02:06:58 +11:00
renovate[bot]
322592f679
build(deps): update module github.com/fasthttp/router to v1.3.10 (#1856)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-27 09:13:15 +11:00
renovate[bot]
77e21165c9
build(deps): update arm64v8/alpine docker tag to v3.13.3 (#1855)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 13:54:11 +11:00
renovate[bot]
2177c93aef
build(deps): update arm32v7/alpine docker tag to v3.13.3 (#1854)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 13:22:22 +11:00
renovate[bot]
e6929cdf3e
build(deps): update alpine docker tag to v3.13.3 (#1853)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 11:30:30 +11:00
renovate[bot]
13ba4d1795
build(deps): update dependency @types/jest to v26.0.22 (#1851)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 10:40:48 +11:00
renovate[bot]
b1d18cab9d
build(deps): update dependency @types/node to v14.14.36 (#1852)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 09:52:01 +11:00
renovate[bot]
2b75e98402
build(deps): update module github.com/jackc/pgx/v4 to v4.11.0 (#1850)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 09:04:32 +11:00
renovate[bot]
6d4d1d5e2f
build(deps): update traefik docker tag to v2.4.8 (#1848)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-24 19:34:55 +01:00
James Elliott
5b9f505e6c
docs: add issue templates (#1847)
* docs: add issue templates
* ci: skip .github/ dir
2021-03-24 09:50:11 +11:00
renovate[bot]
7a88c848ad
build(deps): update dependency @types/react-dom to v17.0.3 (#1845)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-23 20:12:11 +11:00
James Elliott
a44f0cf959
fix: redis sentinel secret missing (#1839)
* fix: redis sentinel secret missing

* refactor: use consts for authentication_backend.file.password errs

* fix: unit test for new default port

* test: cover additional misses

* test: fix windows/linux specific test error

* test: more windows specific tests

* test: remove superfluous url.IsAbs

* test: validator 100% coverage
2021-03-22 20:04:09 +11:00
renovate[bot]
7ccbaaffe3
build(deps): update dependency query-string to v7 (#1840)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-19 11:03:23 +11:00
Amir Zarrinkafsh
66b010cb59
docs: fix haproxy examples for /api/verify?auth=basic (#1835)
The previous examples did not appropriately pass through the WWW-Authenticate header and 401 when the user was unauthenticated therefore not resulting in a basic auth login prompt.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-18 19:56:08 +11:00
renovate[bot]
8ff018c82f
build(deps): update dependency @types/jest to v26.0.21 (#1837)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-17 21:03:07 +01:00
renovate[bot]
e7c9d55c23
build(deps): update haproxy docker tag to v2.3.7 (#1834)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-17 08:51:46 +11:00
renovate[bot]
ef03751f5f
build(deps): update font awesome (#1833)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-16 21:46:32 +01:00
renovate[bot]
3cb5a5e7ee
build(deps): update dependency @types/node to v14.14.35 (#1830)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-16 09:52:30 +11:00
James Elliott
a0248cd096
test(suites): short mode skip suites testing (#1823)
This PR changes the suites tests so if go test -short is used, they are skipped per go standards and a message is displayed. Additionally removed some redundant types from suite_high_availability_test.go and adjusted a warning about a nil req var.
2021-03-14 18:08:26 +11:00
James Elliott
4f5bda768b
release: v4.27.2 (#1822) 2021-03-13 16:34:39 +11:00
James Elliott
e3e8df26f2
refactor(session): use github.com/fasthttp/session/v2 instead of github.com/authelia/session/v2 (#1809)
Reverts to the upstream library instead of our maintenance fork.
2021-03-13 16:06:19 +11:00
James Elliott
391c8671e9
fix(handlers): log user as '<anonymous>' instead of a blank string (#1808) 2021-03-13 15:52:07 +11:00
Amir Zarrinkafsh
25fe7b1ebe
fix(web): fix compilation and running in development mode (#1821)
During a `yarn start` the react frontend would throw the following errors during compilation:

```
Starting the development server...

Compiled with warnings.

./src/index.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-4-1!./node_modules/postcss-loader/src??postcss!./src/index.css)
Warning

Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.

./node_modules/@fortawesome/fontawesome-svg-core/styles.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-4-1!./node_modules/postcss-loader/src??postcss!./node_modules/@fortawesome/fontawesome-svg-core/styles.css)
Warning

Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.

./src/components/FingerTouchIcon.module.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-5-1!./node_modules/postcss-loader/src??postcss!./src/components/FingerTouchIcon.module.css)
Warning

Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.

./src/components/PushNotificationIcon.module.css (./node_modules/css-loader/dist/cjs.js??ref--5-oneOf-5-1!./node_modules/postcss-loader/src??postcss!./src/components/PushNotificationIcon.module.css)
Warning

Greetings, time traveller. We are in the golden age of prefix-less CSS, where Autoprefixer is no longer needed for your stylesheet.

Search for the keywords to learn more about each warning.
To ignore, add // eslint-disable-next-line to the line before.
```

This in turn would mean that the server would never finish loading.
This change will allow the code to compile and run appropriately both in production and development modes.
2021-03-13 14:09:51 +11:00
renovate[bot]
e5a6b6b85d
build(deps): update dependency @types/node to v14.14.34 (#1814)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-13 10:47:21 +11:00
dependabot[bot]
cb41f5a643
build(deps): bump react-dev-utils from 11.0.3 to 11.0.4 in /web (#1813)
Bumps [react-dev-utils](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-dev-utils) from 11.0.3 to 11.0.4.
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/facebook/create-react-app/blob/master/CHANGELOG-1.x.md)
- [Commits](https://github.com/facebook/create-react-app/commits/HEAD/packages/react-dev-utils)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-13 10:14:05 +11:00
renovate[bot]
28239214f6
build(deps): update dependency chai to v4.3.4 (#1816)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-13 09:55:32 +11:00
allcontributors[bot]
d43d477265
docs: add craSH as a contributor (#1820)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-13 09:39:40 +11:00
James Elliott
1a43ca7b8a
docs(authorization): document changed resources behavior (#1819)
I missed documenting this change, but prior to 4.27.0 the query param was never considered when matching resources. But that's no longer the case.

Fixes #1817
2021-03-13 09:36:22 +11:00
James Elliott
5e72f8e8c7
build(deps): update to golang 1.16.2 explicitly (#1818) 2021-03-13 09:32:13 +11:00
James Elliott
5a5efa5e02
fix(server): send 404 on missing api endpoints instead of 405 (#1806)
Returns a 404 instead of 405 on bad API endpoints. The original issue was resolved in 3487fd392e however this resolves another issue that's related. Additionally this ensures the behavior is tested.
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>

Fixes #1520
Closes #1534
2021-03-11 18:36:58 +11:00
James Elliott
2fabfecb55
release: v4.27.1 (#1801) 2021-03-11 12:29:07 +11:00
allcontributors[bot]
ac329c53e3
docs: add mardom1 as a contributor (#1804)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-03-11 12:15:31 +11:00
allcontributors[bot]
8191ca2330
docs: add dchidell as a contributor (#1803)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-03-11 12:13:22 +11:00
allcontributors[bot]
28922c762b
docs: add except as a contributor (#1802)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-11 12:11:09 +11:00
James Elliott
c310049faa
refactor(authentication): use crypto constant time compare (#1800)
* refactor(authentication): use crypto constant time compare

Improve security with usage of the crypto/subtle ConstantTimeCompare() method for hash comparison.

Fixes #1799

* docs: add explicit labels for chat types
2021-03-11 12:08:49 +11:00
David Chidell
5cf11f87c8
docs(authorizer): important headers for access-control networks (#1794)
* Document X-Forwarded-For capabilities within access-control networks

Adds a short paragraph detailing X-Forwarded-For header behaviour
into the documentation.

* Update docs/configuration/access-control.md

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-11 10:18:39 +11:00
dependabot[bot]
c4864ca64c
build(deps): bump elliptic from 6.5.3 to 6.5.4 in /web (#1796)
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-10 16:11:36 +11:00
James Elliott
1e46ec6c44
ci: restore dependabot rules (#1797)
Restores the dependabot rules in buildkite for the purpose of security fixes which are handled by dependabot still.
2021-03-10 15:53:33 +11:00
James Elliott
98b47227ee
release: v4.27.0 (#1795) 2021-03-10 11:53:49 +11:00
renovate[bot]
5001749b1b
build(deps): update module github.com/sirupsen/logrus to v1.8.1 (#1792)
* build(deps): update module github.com/sirupsen/logrus to v1.8.1

* fix: go mod tidy (go.sum)

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-10 11:33:14 +11:00
renovate[bot]
99a7c5ac2f
build(deps): update dependency @types/node to v14.14.33 (#1793)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-10 10:43:45 +11:00
James Elliott
e041143f87
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider

* refactor(session): use int for ports as per go standards

* refactor(configuration): adjust tests and validation

* refactor(configuration): add err format consts

* refactor(configuration): explicitly map redis structs

* refactor(session): merge redis/redis sentinel providers

* refactor(session): add additional checks to redis providers

* feat(session): add redis cluster provider

* fix: update config for new values

* fix: provide nil certpool to affected tests/mocks

* test: add additional tests to cover uncovered code

* docs: expand explanation of host and nodes relation for redis

* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum

* fix(session): sentinel password

* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config

* test: make entrypoint.sh executable, fix entrypoint.sh if/elif

* test: add redis failover tests

* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging

* test: add sentinel integration test

* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep

* feat: use sentinel failover cluster

* fix: renamed addrs to sentineladdrs upstream

* test(session): sentinel failover

* test: add redis standard back into testing

* test: move redis standalone test to traefik2

* fix/docs: apply suggestions from code review
2021-03-10 10:03:05 +11:00
renovate[bot]
073c558296
build(deps): update traefik docker tag to v2.4.7 (#1790)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-09 14:18:48 +11:00
renovate[bot]
ac7ee18610
build(deps): update dependency @types/react-dom to v17.0.2 (#1789)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-09 09:45:12 +11:00
renovate[bot]
9dcb2e06fb
build(deps): update dependency @types/node to v14.14.32 (#1784)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-09 09:28:31 +11:00
renovate[bot]
d7484bd7e2
build(deps): update dependency @types/react to v17.0.3 (#1785)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-08 15:59:25 +11:00
renovate[bot]
095b9fa16d
build(deps): update dependency typescript to v4.2.3 (#1780)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-05 22:32:51 +11:00
James Elliott
4dce8f9496
perf(authorizer): preload access control lists (#1640)
* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description
2021-03-05 15:18:31 +11:00
renovate[bot]
455b859047
build(deps): update haproxy docker tag to v2.3.6 (#1779)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-04 14:15:01 +11:00