Commit Graph

2744 Commits

Author SHA1 Message Date
James Elliott
143db66445
feat(oidc): userinfo endpoint (#2146)
This is a required endpoint for OIDC and is one we missed in our initial implementation. Also adds some rudamentary documentaiton about the implemented endpoints.
2021-07-10 14:56:33 +10:00
renovate[bot]
d2422e9965
build(deps): update haproxy docker tag to v2.4.2 (#2168)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-09 08:49:30 +10:00
renovate[bot]
4d7a6e9678
build(deps): update dependency @types/chai to v4.2.21 (#2167)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-09 07:16:18 +10:00
Clément Michaud
21f9056c00
fix(oidc): use lower case in log messages (#2153) 2021-07-08 12:44:43 +10:00
Clément Michaud
98d9cad62e
fix(regulation): use lower case in error messages (#2152) 2021-07-08 12:04:43 +10:00
Clément Michaud
2d634e9b20
fix(session): use lower case in error messages (#2150) 2021-07-08 11:33:22 +10:00
renovate[bot]
eae8effe7e
build(deps): update dependency @types/qrcode.react to v1.0.2 (#2163)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 10:22:58 +10:00
renovate[bot]
d68fdaa9fa
build(deps): update dependency @material-ui/core to v4.12.1 (#2162)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 09:56:16 +10:00
renovate[bot]
6063ffe226
build(deps): update dependency @types/react to v17.0.14 (#2164)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 09:26:46 +10:00
renovate[bot]
9059005d0c
build(deps): update dependency @types/react-dom to v17.0.9 (#2165)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 08:11:13 +10:00
renovate[bot]
f081c6fe82
build(deps): update dependency @types/react-router-dom to v5.1.8 (#2166)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 07:39:03 +10:00
renovate[bot]
6a6ee18b9b
build(deps): update dependency @types/jest to v26.0.24 (#2160)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 12:16:15 +10:00
renovate[bot]
7d6097942c
build(deps): update dependency @types/enzyme to v3.10.9 (#2159)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 10:58:49 +10:00
renovate[bot]
4c2932eb71
build(deps): update dependency @types/chai to v4.2.20 (#2158)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 09:38:35 +10:00
renovate[bot]
e4a769f69c
build(deps): update dependency @material-ui/core to v4.12.0 (#2157)
* build(deps): update dependency @material-ui/core to v4.12.0

* fix(web): adjust deprecations

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-07-07 09:10:31 +10:00
Arsenović Arsen
8ee0597486
feat(authentication): use the passwordmodify exop for pwd resets with ldap (#2124)
Implement the LDAP password modify extended operation for LDAP providers that advertise they support it.
2021-07-06 19:13:17 +10:00
allcontributors[bot]
565515646a
docs: add davama as a contributor for userTesting (#2156)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:22:57 +10:00
allcontributors[bot]
546607593c
docs: add dakriy as a contributor for code (#2155)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:19:38 +10:00
allcontributors[bot]
4117bafdce
docs: add ArsenArsen as a contributor for code, test, security (#2154)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:13:51 +10:00
Amir Zarrinkafsh
711b5ff0db
feat: publish and deploy to apt.authelia.com (#2148)
This automates the process of publishing our `*.deb` files for stable Authelia releases to apt.authelia.com.
2021-07-05 12:49:48 +10:00
renovate[bot]
2a98e47299
build(deps): update dependency @craco/craco to v6.2.0 (#2147)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-05 07:18:28 +10:00
James Elliott
31c5c820f0
refactor(authentication): log ldap warning on startup in rare condition (#2141)
This is so on startup administrators who have a LDAP server implementation that may not support password hashing by default are clearly warned. This only triggers if the disable password reset option is not enabled, we cannot find the extension OID for the Extended Password Modify Operation, and the implementation is not Active Directory. Active Directory has it's own method for this which doesn't advertise an OID.
2021-07-04 15:44:11 +10:00
James Elliott
ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00
Clément Michaud
2dbd7ed219
fix(utils): use lower case in error messages (#2144) 2021-07-04 08:08:24 +10:00
renovate[bot]
907680c035
build(deps): update module github.com/spf13/cobra to v1.2.1 (#2143)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-03 07:04:53 +10:00
Amir Zarrinkafsh
c8b51d1190
build(deps): update swagger-ui to v3.51.1 (#2140) 2021-07-02 19:08:10 +10:00
James Elliott
b2638d4af9
fix(authentication): use passwdmodify oid instead of whoami oid (#2139)
This is the correct OID for the passwdModify Extended Operation.
2021-07-02 11:33:10 +10:00
James Elliott
cb71df5d9b
feat(authentiation): check ldap support for extended operations on startup (#2133)
* feat(authentiation): check ldap server on startup

This PR adds a startup check to the LDAP authentication backend. It additionally adds support for checking supportedExtension OIDs, currently only checking passwdModifyOID (1.3.6.1.4.1.4203.1.11.3). This can relatively easily be enhanced to add detection for other rootDSE capabilities like supportedControl and supportedCapabilities as necessary.

* test(authentication): add unit tests for new feature

* refactor(authentication): factorize ldap user provider newup

* refactor: minor adjustments
2021-07-02 09:16:16 +10:00
renovate[bot]
f759b27bb0
build(deps): update module github.com/spf13/cobra to v1.2.0 (#2138)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-02 08:08:03 +10:00
renovate[bot]
6b5028af49
build(deps): update dependency @types/react to v17.0.13 (#2135)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-02 07:05:59 +10:00
renovate[bot]
a6e344f504
build(deps): update dependency @types/react to v17.0.12 (#2134)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-01 19:30:30 +10:00
renovate[bot]
411c98f68d
build(deps): update dependency typescript to v4.3.5 (#2130)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-01 11:21:38 +10:00
Philipp Staiger
7ff0a39c02
fix(suites): disable cgo for delve during development (#2129)
#2101 introduced a minor regression when using the authelia scripts suite for developing.

The following issues occurred:

```
[00] # runtime/cgo
[00] cgo: exec gcc: exec: "gcc": executable file not found in $PATH
```

Adding the CGO_ENABLED=0 before the dlv build command in the run-backend-dev.sh fixed the issue.
2021-07-01 10:28:24 +10:00
dakriy
851396c972
feat(web): add autocomplete fields to first factor and reset password pages (#2125) 2021-06-30 19:04:55 +02:00
renovate[bot]
87c3985c75
build(deps): update module github.com/valyala/fasthttp to v1.28.0 (#2127)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-30 21:12:03 +10:00
renovate[bot]
b1551e794b
build(deps): update dependency prettier to v2.3.2 (#2122)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-27 14:33:54 +10:00
renovate[bot]
9640b48b60
build(deps): update haproxy docker tag to v2.4.1 (#2120)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-27 14:22:29 +10:00
Amir Zarrinkafsh
636991031d
ci(buildkite): fix conditional for debian packages (#2123) 2021-06-27 13:58:58 +10:00
Amir Zarrinkafsh
4349adb090
ci(buildkite): add conditional for debian package builds with dep bumps (#2121) 2021-06-26 13:56:54 +10:00
Amir Zarrinkafsh
93e20a44e9
feat: build and distribute .deb packages (#2114)
* feat: build and distribute .deb packages

Creates .deb packages for distribution via GitHub releases and Buildkite builds for the following architectures:

* amd64
* armhf
* arm64

* fix: pkgver reference in debpackages.sh

* refactor: split deb packaging jobs and quote variables

* fix: pipeline upload for debpackages

* fix: depends_on key for debpackages

* fix: add depends_on: ~ for debpackages step

* fix: pre-artifact hook for debpackages

* fix: add .deb suffix in pre-artifact hook

* fix: variable reference in debhelper.sh

* refactor: silence wget output in debhelper.sh

* refactor: make build concurrency gate only depend_on docker builds

* refactor: make build concurrency gate also depend_on coverage build

* refactor: remove dependencies for build concurrency gate
2021-06-26 11:45:21 +10:00
Amir Zarrinkafsh
756aee507f
refactor: cra build path (#2117)
* refactor: cra build path

The `authelia-scripts` helper currently performs steps to move files around in different stages of development and CI/CD.

We now utilise the `BUILD_PATH` environment variable to adjust the output directory for the web frontend from the default of `./web/build/` simplifying the helper somewhat.

Additionally we no longer build the Go binary in the unit test stage of our CI/CD as this is not necessary.

* fix: build output directory in coverage dockerfile
2021-06-25 21:53:20 +10:00
Amir Zarrinkafsh
41f1162651
build(deps): update swagger-ui to v3.51.0 (#2118) 2021-06-25 18:46:50 +10:00
renovate[bot]
85ed04e429
build(deps): update dependency react-otp-input to v2.4.0 (#2115)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-24 21:22:30 +10:00
Amir Zarrinkafsh
8db0bc9ae1
refactor: drop qemu binary requirement (#2116)
QEMU binaries no longer need to be baked into containers.
2021-06-24 18:24:47 +10:00
renovate[bot]
5c78dfaa0d
build(deps): update traefik docker tag to v2.4.9 (#2113)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-23 08:49:05 +10:00
James Elliott
524c6eb1dc
docs: refactor access control configuration sections (#1945)
Refactors the access-control configuration documentation to be up-to-date and conform to our style guidelines. Additionally went over each part and reworded things that needed it.
2021-06-22 16:00:45 +10:00
Amir Zarrinkafsh
4cab3a4a4e
refactor: drop cgo requirement for sqlite (#2101)
* refactor: drop cgo requirement for sqlite

Replace github.com/mattn/go-sqlite3 with modernc.org/sqlite which drops our CGO requirement.

* refactor: newline for consistency with dockerfiles
2021-06-22 10:45:33 +10:00
renovate[bot]
f1a4c46196
build(deps): update module github.com/fasthttp/session/v2 to v2.4.0 (#2108)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-22 07:07:26 +10:00
renovate[bot]
92427e2c85
build(deps): update dependency query-string to v7.0.1 (#2109)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-22 06:44:17 +10:00
renovate[bot]
d5fcfeda61
build(deps): update module github.com/fasthttp/router to v1.4.0 (#2107)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-21 22:14:38 +10:00