Commit Graph

4 Commits

Author SHA1 Message Date
Clement Michaud
42581dfe93 Fix open redirection vulnerability.
In order to redirect the user after authentication, Authelia uses
rd query parameter provided by the proxy. However an attacker could
use phishing to make the user be redirected to a bad domain. In order
to avoid the user to be redirected to a bad location, Authelia now
verifies the redirection URL is under the protected domain.
2018-11-17 17:48:20 +01:00
Clement Michaud
9a0e5290d1 Use mailcatcher for minimal config setup. 2018-11-15 22:28:29 +01:00
Clement Michaud
05c423c6f8 Add integration test for keep me logged in feature. 2018-10-23 20:41:02 +02:00
Clement Michaud
6d6162f26c Add tests for minimal configuration 2018-08-10 00:12:04 +02:00