techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
2,588 Commits 1 Branch 0 Tags 25 MiB
4ebd8fdf4e
Commit Graph

7 Commits

Author SHA1 Message Date
James Elliott
3c1bb3ec19
feat(authorization): domain regex match with named groups () 
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
 2022-04-01 22:38:49 +11:00
James Elliott
ef3c2faeb5
fix(authorization): configuration reports 2fa disabled with 2fa oidc clients () 
This resolves an issue where if you have zero two_factor ACL rules but enabled two_factor OIDC clients, 2FA is reported as disabled.
 2021-06-18 11:38:01 +10:00
James Elliott
1e30b00f7e
fix(validator): misleading warning for empty acl domains () 
This fixes misleading errors for ACL rules with an empty list of domains. This also enables admins to have a default policy with zero ACL rules as long as the default policy is not deny or bypass. It also adds a rule number to all ACL rule related log messages which is the position in the YAML list plus 1. Lastly it adds comprehensive per rule HIT/MISS logging when Authelia trace logging is enabled. This trace logging includes the rule number.
 2021-04-14 20:53:23 +10:00
James Elliott
4dce8f9496
perf(authorizer): preload access control lists () 
* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description
 2021-03-05 15:18:31 +11:00
Amir Zarrinkafsh
81e34d84de
[MISC] Validate all sections of ACLs on startup () 
* [MISC] Validate all sections of ACLs on startup

This change ensure that all sections of the `access_control` key are validated on startup.

* Change error format to clearly identify values
 2021-01-16 21:05:41 +11:00
Amir Zarrinkafsh
9ca0e940da
[FEATURE] Validate ACLs and add network groups () 
* adds validation to ACL's
* adds a new networks section that can be used as aliases in other sections (currently access_control)
 2021-01-04 21:55:23 +11:00
Clement Michaud
3b2d733367 Move source code into internal directory to follow standard project layout. 
https://github.com/golang-standards/project-layout
 2019-11-17 16:30:33 +01:00