Commit Graph

2366 Commits

Author SHA1 Message Date
renovate[bot]
c98b2a7d59
build(deps): update traefik docker tag to v2.4.12 (#2203)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-27 10:29:31 +10:00
renovate[bot]
ae17c88908
build(deps): update dependency @types/react to v17.0.15 (#2201)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-25 07:52:21 +10:00
renovate[bot]
0be9586224
build(deps): update module github.com/jackc/pgx/v4 to v4.13.0 (#2202)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-25 06:05:07 +10:00
renovate[bot]
ea9331fecd
build(deps): update module github.com/fasthttp/router to v1.4.1 (#2196)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-23 10:06:45 +10:00
renovate[bot]
c251abb0aa
build(deps): update module github.com/fasthttp/session/v2 to v2.4.1 (#2197)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-23 07:43:55 +10:00
James Elliott
911d71204f
fix(handlers): handle xhr requests to /api/verify with 401 (#2189)
This changes the way XML HTTP requests are handled on the verify endpoint so that they are redirected using a 401 instead of a 302/303.
2021-07-22 13:52:37 +10:00
renovate[bot]
7a4779b08e
build(deps): update dependency @material-ui/core to v4.12.2 (#2190)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-07-20 09:18:17 +10:00
Georg Lauterbach
51dcf7c02b
docs(oidc): add guidance to community docs for minio (#2191) 2021-07-20 08:23:55 +10:00
Georg Lauterbach
bf2b413172
Update OIDC MinIO community content (#2188)
* update OIDC MinIO community content
2021-07-17 08:50:05 +10:00
James Elliott
ddeb46b262
fix(handlers): send status 303 auth requests that are not get/head (#2184)
When a request occurs, if the browser is not performing a HTTP GET/HEAD request, the 302 status code is not valid. This commit resolves this. MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302.
2021-07-16 13:43:48 +10:00
renovate[bot]
596346de1e
build(deps): update traefik docker tag to v2.4.11 (#2187)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-16 06:42:05 +10:00
James Elliott
8342a46ba1
feat(oidc): implement client type public (#2171)
This implements the public option for clients which allows using Authelia as an OpenID Connect Provider for cli applications and SPA's where the client secret cannot be considered secure.
2021-07-15 21:02:03 +10:00
James Elliott
0da770d900
docs: misc fixes (#2186)
This fixes misc broken links in the docs as well as an invalid viewBox element.
2021-07-15 13:21:47 +10:00
James Elliott
76189b86b7
docs(oidc): misc docs fixes and additional references (#2185)
This fixes a few anchor issues in the OpenID Connect docs, as well as adds some additional references and fixes the name of one of the endpoints.
2021-07-15 13:04:44 +10:00
James Elliott
c794d57afc
perf(authentication): improve active directory default users filter (#2181)
This adds a performance change to the default Active Directory users filter. Basically as per TechNet the (sAMAccountType=805306368) filter is the same as (&(objectCategory=person)(objectClass=user)) except the performance is better.
2021-07-14 20:30:25 +10:00
Georg Lauterbach
9d7cfb8455
docs: update and enhance oidc documentation (#2142)
Update and adjust OIDC documentation. This also adds information for users about RP's that have been tested.

Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-07-14 11:36:07 +10:00
renovate[bot]
3537cce660
build(deps): update mariadb docker tag to v10.6.3 (#2180)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-13 22:46:04 +02:00
James Elliott
f292050822
fix(authentication): ldap connection left open (#2179)
The recent ldap changes in cb71df5 left a connection to the LDAP server open at startup. This resolves this which prevents an ugly log message and unnecessary open sockets.
2021-07-13 21:12:50 +10:00
renovate[bot]
69bfc28a60
build(deps): update golang docker tag to v1.16.6 (#2176)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-13 12:07:31 +10:00
dependabot[bot]
d465c38f0d
build(deps): bump addressable from 2.7.0 to 2.8.0 in /docs (#2175)
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-13 11:04:57 +10:00
renovate[bot]
e98cbacb2d
build(deps): update module github.com/google/uuid to v1.3.0 (#2174)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-13 10:56:33 +10:00
renovate[bot]
242a00b980
build(deps): update module github.com/jackc/pgx/v4 to v4.12.0 (#2169)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-11 02:48:46 +10:00
James Elliott
143db66445
feat(oidc): userinfo endpoint (#2146)
This is a required endpoint for OIDC and is one we missed in our initial implementation. Also adds some rudamentary documentaiton about the implemented endpoints.
2021-07-10 14:56:33 +10:00
renovate[bot]
d2422e9965
build(deps): update haproxy docker tag to v2.4.2 (#2168)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-09 08:49:30 +10:00
renovate[bot]
4d7a6e9678
build(deps): update dependency @types/chai to v4.2.21 (#2167)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-09 07:16:18 +10:00
Clément Michaud
21f9056c00
fix(oidc): use lower case in log messages (#2153) 2021-07-08 12:44:43 +10:00
Clément Michaud
98d9cad62e
fix(regulation): use lower case in error messages (#2152) 2021-07-08 12:04:43 +10:00
Clément Michaud
2d634e9b20
fix(session): use lower case in error messages (#2150) 2021-07-08 11:33:22 +10:00
renovate[bot]
eae8effe7e
build(deps): update dependency @types/qrcode.react to v1.0.2 (#2163)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 10:22:58 +10:00
renovate[bot]
d68fdaa9fa
build(deps): update dependency @material-ui/core to v4.12.1 (#2162)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 09:56:16 +10:00
renovate[bot]
6063ffe226
build(deps): update dependency @types/react to v17.0.14 (#2164)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 09:26:46 +10:00
renovate[bot]
9059005d0c
build(deps): update dependency @types/react-dom to v17.0.9 (#2165)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 08:11:13 +10:00
renovate[bot]
f081c6fe82
build(deps): update dependency @types/react-router-dom to v5.1.8 (#2166)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-08 07:39:03 +10:00
renovate[bot]
6a6ee18b9b
build(deps): update dependency @types/jest to v26.0.24 (#2160)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 12:16:15 +10:00
renovate[bot]
7d6097942c
build(deps): update dependency @types/enzyme to v3.10.9 (#2159)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 10:58:49 +10:00
renovate[bot]
4c2932eb71
build(deps): update dependency @types/chai to v4.2.20 (#2158)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-07 09:38:35 +10:00
renovate[bot]
e4a769f69c
build(deps): update dependency @material-ui/core to v4.12.0 (#2157)
* build(deps): update dependency @material-ui/core to v4.12.0

* fix(web): adjust deprecations

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-07-07 09:10:31 +10:00
Arsenović Arsen
8ee0597486
feat(authentication): use the passwordmodify exop for pwd resets with ldap (#2124)
Implement the LDAP password modify extended operation for LDAP providers that advertise they support it.
2021-07-06 19:13:17 +10:00
allcontributors[bot]
565515646a
docs: add davama as a contributor for userTesting (#2156)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:22:57 +10:00
allcontributors[bot]
546607593c
docs: add dakriy as a contributor for code (#2155)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:19:38 +10:00
allcontributors[bot]
4117bafdce
docs: add ArsenArsen as a contributor for code, test, security (#2154)
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-07-06 15:13:51 +10:00
Amir Zarrinkafsh
711b5ff0db
feat: publish and deploy to apt.authelia.com (#2148)
This automates the process of publishing our `*.deb` files for stable Authelia releases to apt.authelia.com.
2021-07-05 12:49:48 +10:00
renovate[bot]
2a98e47299
build(deps): update dependency @craco/craco to v6.2.0 (#2147)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-05 07:18:28 +10:00
James Elliott
31c5c820f0
refactor(authentication): log ldap warning on startup in rare condition (#2141)
This is so on startup administrators who have a LDAP server implementation that may not support password hashing by default are clearly warned. This only triggers if the disable password reset option is not enabled, we cannot find the extension OID for the Extended Password Modify Operation, and the implementation is not Active Directory. Active Directory has it's own method for this which doesn't advertise an OID.
2021-07-04 15:44:11 +10:00
James Elliott
ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00
Clément Michaud
2dbd7ed219
fix(utils): use lower case in error messages (#2144) 2021-07-04 08:08:24 +10:00
renovate[bot]
907680c035
build(deps): update module github.com/spf13/cobra to v1.2.1 (#2143)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-03 07:04:53 +10:00
Amir Zarrinkafsh
c8b51d1190
build(deps): update swagger-ui to v3.51.1 (#2140) 2021-07-02 19:08:10 +10:00
James Elliott
b2638d4af9
fix(authentication): use passwdmodify oid instead of whoami oid (#2139)
This is the correct OID for the passwdModify Extended Operation.
2021-07-02 11:33:10 +10:00
James Elliott
cb71df5d9b
feat(authentiation): check ldap support for extended operations on startup (#2133)
* feat(authentiation): check ldap server on startup

This PR adds a startup check to the LDAP authentication backend. It additionally adds support for checking supportedExtension OIDs, currently only checking passwdModifyOID (1.3.6.1.4.1.4203.1.11.3). This can relatively easily be enhanced to add detection for other rootDSE capabilities like supportedControl and supportedCapabilities as necessary.

* test(authentication): add unit tests for new feature

* refactor(authentication): factorize ldap user provider newup

* refactor: minor adjustments
2021-07-02 09:16:16 +10:00