Commit Graph

311 Commits

Author SHA1 Message Date
Clement Michaud
9624aa6311 Adapt authentication methods configuration to be backward compatible
Prior version of configuration file can be used, the authentication methods
will be set to default values (two_factor as default method).
2017-10-09 23:14:05 +02:00
Clement Michaud
bc8fe623df Use minified version of Authelia in npm package 2017-10-09 02:03:11 +02:00
Clement Michaud
9559bff5de Remove artifacts of only_basic_auth query param 2017-10-09 02:03:05 +02:00
Clément Michaud
2641fb1620 Merge pull request #130 from clems4ever/revert-filesystem-notifier
Revert filesystem notifier
2017-10-09 01:58:06 +02:00
Clement Michaud
46deb765bb 3.5.0 2017-10-09 01:15:40 +02:00
Clement Michaud
a0aab77449 Add a section dealing with basic auth in README 2017-10-09 01:14:19 +02:00
Clement Michaud
9ddc0949b6 Add a way to logout at second factor stage 2017-10-09 01:07:43 +02:00
Clement Michaud
1cf4e57bb1 Redirect user when he has already validated some factors
Example 1: The user has validated first factor when accessing a service
protected by basic auth. When he tries to access another service protected
by second factor, he is redirected to second factor step to complete
authentication.

Example 2: The user has already validated second factor. When he access auth
service, he is redirected either to /loggedin page that displays an "already
logged in" page or to the URL provided in the "redirect" query parameter.
2017-10-09 01:07:32 +02:00
Clement Michaud
c061dbfda4 Customize the authentication method to be used by a sub-domain
One can now customize the default authentication method for all sub-domains,
i.e., either 'two_factor' or 'basic_auth' and define specific authentication
method per sub-domain.

For example, one can specify that every sub-domain must be authenticated with
two factor except one sub-domain that must be authenticated with basic auth.
2017-10-08 23:39:29 +02:00
Clement Michaud
e4274fbe1b Add a note about filesystem notifier option
This note tells the users testing with npm that they can enable the
filesystem notifier feature to test identity validation without access
to mailcatcher webmail.
2017-10-08 22:58:56 +02:00
Clément Michaud
6940e15ffa Merge pull request #125 from clems4ever/improve-logs
Improve logging format for clarity
2017-10-08 22:49:50 +02:00
Clément Michaud
83348f49c2 Merge pull request #129 from clems4ever/dockerhub-deployment
Deploy latest along with release tag
2017-10-08 22:49:41 +02:00
Clement Michaud
346c559141 Make file system an available notifier option for testing purpose 2017-10-08 22:48:20 +02:00
Clement Michaud
78f6028c1b Improve logging format for clarity
Previously, logs were not very friendly and it was hard to track
a request because of the lack of request ID.
Now every log message comes with a header containing: method, path
request ID, session ID, IP of the user, date.

Moreover, the configurations displayed in the logs have their secrets
hidden from this commit.
2017-10-08 22:33:50 +02:00
Clement Michaud
09b4bcadd4 Deploy latest along with release tag
Prior to this fix, every master commits was released to Dockerhub under latest
tag and tagged commit was released with a version tag in Dockerhub.
'Latest' tag in dockerhub should reference the latest released version and not
the head of master branch.

Thus, after this fix, 'latest' tag references the latest released version of
Authelia and 'master' tag references the head of master git branch.
2017-10-08 18:56:18 +02:00
Clément Michaud
26418278bc Merge pull request #127 from clems4ever/adapt-acl-config
Adapt ACL configuration to make it more flexible
2017-10-08 17:31:19 +02:00
Clement Michaud
b7a180af9b Fix randomness in integration tests 2017-10-08 17:13:29 +02:00
Clement Michaud
54c93fc945 Fix randomness with integration tests
The notification message pops up and hide after few seconds.
Sometimes, chrome drivers tries to click on a button that moves due
to the notification message animation and thus miss it.
2017-10-08 16:28:12 +02:00
Clement Michaud
d86a3f8393 3.4.2 2017-10-08 16:11:16 +02:00
Clement Michaud
bf56e378e0 Fail docker publication when login to docker fails 2017-10-08 16:11:05 +02:00
Clement Michaud
267cf2921d Adapt ACL configuration to make it more flexible
Basically, the ACL configuration was very static and it was not allowed
to remove 'any', 'groups', 'users'. The application crashed when those
keys did not exist.
After this fix, every key is optional and replaced by a default value
for the app configuration to be complete and used by Authelia.

Later, a configuration validator will be implemented to detect issues
with configuration at startup.
2017-10-08 15:34:58 +02:00
Clement Michaud
f3f61d4e13 3.4.1 2017-10-08 14:48:46 +02:00
Clément Michaud
15374f39d1 Merge pull request #122 from clems4ever/disable-autocomplete
Disable autocomplete for TOTP field
2017-10-07 23:44:33 +02:00
Clément Michaud
7aa458e306 Merge pull request #121 from clems4ever/disable-express-powered-by
Disable x-powered-by header sent by express
2017-10-07 22:46:07 +02:00
Clement Michaud
e05d1c9c0f Disable autocomplete for TOTP field 2017-10-07 22:23:28 +02:00
Clement Michaud
2349de6698 Disable x-powered-by header sent by express 2017-10-07 22:18:40 +02:00
Clément Michaud
0fee64ed88 Merge pull request #120 from clems4ever/fix-missing-images
Fix missing images in notification messages
2017-10-07 22:13:35 +02:00
Clément Michaud
b74cf5fd77 Merge pull request #119 from clems4ever/remove-smtp-logs
Remove useless logs displaying smtp credentials
2017-10-07 22:10:11 +02:00
Clement Michaud
ae720c5230 Fix missing images in notification messages 2017-10-07 21:58:41 +02:00
Clement Michaud
a4d7ade791 Remove useless logs displaying smtp credentials 2017-10-07 21:48:43 +02:00
Clément Michaud
9933900395 Merge pull request #106 from clems4ever/username-in-group-filter
Use username matcher instead of user dn in group filter
2017-10-07 14:22:13 +02:00
Clement Michaud
66449eedb0 Use username matcher instead of user dn in group filter
Previously, string "{0}" was replaced by the user dn in the groups_filter
attributes of the LDAP configuration.
However, if the groups children only have a memberUid attribute, one would
like to use the username instead of the user dn.

Since the user dn can be built from the username, "{0}" is now replaced
by the username instead of the user dn so that an LDAP relying on attribute
'memberUid' can be used.
2017-10-07 14:10:22 +02:00
Clément Michaud
be81f04248 Merge pull request #105 from clems4ever/split-client-server
Split client and server
2017-10-07 11:36:05 +02:00
Clement Michaud
d8ff186303 Split client and server
Client and server now have their own tsconfig so that the transpilation is only
done on the part that is being modified.

It also allows faster transpilation since tests are now excluded from tsconfig.
They are compiled by ts-node during unit tests execution.
2017-10-07 00:49:42 +02:00
Clement Michaud
444d278a1e 3.4.0 2017-10-04 21:53:19 +02:00
Clément Michaud
89de19bb35 Merge pull request #98 from clems4ever/disable-second-factor
Allow basic auth for certain subdomains
2017-09-26 23:25:07 +02:00
Clement Michaud
4cbf6efa42 Disable second factor for certain subdomain 2017-09-26 23:09:33 +02:00
Clément Michaud
1636fc27e5 Fix bad merge on README.md 2017-09-25 13:32:25 +02:00
Clément Michaud
92ef190202 Merge pull request #97 from clems4ever/smtp-notifier
Add SMTP notifier as an available option in configuration
2017-09-24 23:56:44 +02:00
Clement Michaud
f564174998 Remove FileSystem notifier completely 2017-09-24 23:20:51 +02:00
Clement Michaud
4cd78f3f83 Add SMTP notifier as an available option in configuration
One can now plug its own SMTP server to send notifications
for identity validation and password reset requests.

Filesystem has been removed from the template configuration file
since even tests now use mail catcher (the fake webmail) to
retrieve the email and the confirmation link.
2017-09-24 23:20:45 +02:00
Clément Michaud
7a2b45a66f Merge pull request #95 from clems4ever/acl-by-resources
Refine access control with per resource ACLs
2017-09-24 21:54:18 +02:00
Clement Michaud
cf16272a73 Refine access control with per resource ACLs
ACLs can now be defined by subdomain AND resource using pattern matching
with regular expressions.
It allows a very fine-grained access control to backend resources.

[Note] For using example environmnent, user must update its /etc/hosts with
new subdomains updated in README.
2017-09-24 21:39:47 +02:00
Clément Michaud
59d0a06a95 Merge pull request #94 from clems4ever/nginx-abort-connection
Add Content-Length header to the forwarded request to Authelia
2017-09-23 19:01:29 +02:00
Clement Michaud
e48b196f38 Add Content-Length header to the forwarded request to Authelia
It seems nginx is closing the connection for some backends if
`proxy_set_header Content-Length "";` is not added to the
verification endpoint.
2017-09-23 18:02:21 +02:00
Clément Michaud
72612e00aa Merge pull request #92 from clems4ever/header-vars
Set headers values Remote-User and Remote-Groups in /verify response
2017-09-22 21:42:11 +02:00
Clement Michaud
d005b83365 Set headers values Remote-User and Remote-Groups in /verify response 2017-09-22 21:25:15 +02:00
Clément Michaud
ae5b647d23 Merge pull request #89 from clems4ever/redis-connection-issue-logs
Make failing connection to redis more clear in the logs
2017-09-22 21:05:33 +02:00
Clement Michaud
0a33b2d5ee Add logs to detect redis connection issues earlier
Before this fix, the application was simply crashing during execution
when connection to redis was failing.

Now, it is correctly handled with failing promises and logs have been
enabled to clearly see the problem
2017-09-22 20:52:05 +02:00
Clément Michaud
36962cfc2c Merge pull request #91 from clems4ever/redirect-url
Add redirection URL as a query parameter during authentication
2017-09-22 18:59:44 +02:00