Commit Graph

250 Commits

Author SHA1 Message Date
James Elliott
87f3cf71c1
docs(oidc): provide beta intentions clarification and fix typo (#2632) 2021-11-25 16:11:31 +11:00
James Elliott
347bd1be77
feat(storage): encrypted secret values (#2588)
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes #682
2021-11-25 12:56:58 +11:00
James Elliott
3695aa8140
feat(storage): primary key for all tables and general qol refactoring (#2431)
This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database.

Fixes #1337
2021-11-23 20:45:38 +11:00
Amir Zarrinkafsh
0be883befb
feat: customizable static assets (#2597)
* feat: customizable static assets

This change provides the means to override specific assets from the embedded Go FS with files situated on disk.

We only allow overriding the following files currently:
* favicon.ico
* logo.png

* refactor(server): make logo string a const

* refactor(suites): override favicon and use ntp3 in traefik2 suite

* test(suites): test logo override in traefik2 suite

* test(suites): test asset override fallback in traefik suite

Closes #1630.
2021-11-15 19:37:58 +11:00
Amir Zarrinkafsh
7d5a59098d
docs: add hashicorp vault oidc configuration and update minio tested version (#2592) 2021-11-11 15:36:21 +11:00
Justin Sievenpiper
04831c2433
feat(session): add support for acl-based sentinel auth against redis (#2516)
Implements the sentinel username parameter which can be different to the redis username.
2021-10-31 11:49:27 +11:00
James Elliott
183f0974ae
docs: fix tables (#2468)
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-10-08 11:32:57 +11:00
Amir Zarrinkafsh
8685e095e9
fix(web): clarify 2fa informational message (#2451) 2021-10-07 10:54:48 +11:00
Amir Zarrinkafsh
209b39ffd0
docs: fix required flag for smtp notifier sender option (#2446)
Fixes: #2445.
2021-10-04 13:44:59 +11:00
Amir Zarrinkafsh
33fe1262bd
docs: fix typo in secrets env var (#2432) 2021-10-01 13:30:56 +10:00
Amir Zarrinkafsh
3d312cf3b9
refactor: replace yarn with pnpm (#2424)
* Check for pnpm in authelia-scripts
* Improve husky hooks to check for required apps
* Use pnpm in coverage dockerfile
* Use pnpm in dev workflow
* Stop buildx log truncation
* Ignore pnpm lockfile in yamllint
* Update versions required for docker and docker-compose in contributing docs
2021-09-29 17:24:21 +10:00
dependabot[bot]
3b2e4ad477
build(deps): bump nokogiri from 1.11.4 to 1.12.5 in /docs (#2420)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.4 to 1.12.5.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.4...v1.12.5)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-09-29 09:24:34 +10:00
yossbg
05406cfc7b
feat(ntp): check clock sync on startup (#2251)
This adds method to validate the system clock is synchronized on startup. Configuration allows adjusting the server address, enabled state, desync limit, and if the error is fatal.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-09-17 14:44:35 +10:00
Alex Gustafsson
a88c5588e8
feat: add config flag to hash-password tool (#2047)
This change implements a --config flag for the hash-password which parses the config and validates it just as it would at run-time. The values specified in the config replace those specified as parameters.

* feat(cmd): add config flag to hash-password tool
* fix(cmd): fix linting issue

Closes: #1709.
2021-09-16 10:20:42 +10:00
James Elliott
f1b2b4d79e
docs(oidc): remove invalid footnote (#2354)
Removes the footnote from beta2.
2021-09-09 12:24:47 +10:00
Amir Zarrinkafsh
cc765115b2
ci: add husky with pre-commit and commit-msg hooks (#2352)
* ci: add husky with pre-commit and commit-msg hooks

This change includes two new hooks as part of our GitHub workflow with husky:

* `pre-commit`: Performs linting with golangci-lint and eslint/prettier
* `commit-msg`: Ensures that the commit messages conform to our guidelines and will error and provide context to a user when they do not.

The `prepare` command which has been included is executed each time a `yarn install` is executed.

* ci: extend @commitlint/config-conventional configuration

* fix: lint all dot js files
2021-09-09 12:22:11 +10:00
Nicolas Reymundo
eb07bff5d4
docs: add wekan and portainer to community oidc list (#2302) 2021-08-20 07:59:52 +10:00
Nicolas Reymundo
34ad7da213
docs: add nextcloud community tested oidc apps (#2298)
Adds additional oidc apps.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-08-19 22:17:42 +10:00
polandy
880a6c5832
docs: add gitea redirect_uri with notes to community docs (#2275)
* docs: add gitea redirect_uri with notes to community docs

* docs: remove unnecessary dash from Gitea notes

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-10 20:48:31 +10:00
James Elliott
c0ebe3eb8c
fix(notifier): use sane default connection timeout (#2273) 2021-08-10 10:52:41 +10:00
James Elliott
997036f9c3
fix(configuration): make notifier logging consistent and more specific (#2268)
This ensures the notifier logs are more specific to give people a clear picture of if they either have no notifier specified or multiple.
2021-08-07 13:58:08 +10:00
James Elliott
b5d0e667cc
docs(configuration): add migration note about k8s (#2266)
This adds some additional information about configuration on k8s for version 4.30+.
2021-08-07 09:55:17 +10:00
James Elliott
9ebad9bec2
fix(storage): set sane default connection timeout (#2256)
This sets a sane default connection timeout for SQL connections.
2021-08-06 15:35:14 +10:00
James Elliott
b2a49e1780
feat(authentication): allow customizable ldap connection timeout (#2240)
This implements both a connection timeout for LDAP connections, and makes it configurable by administrators. The default is 5s. The reason for this commit is currently if a connection to an LDAP server cannot be established it does not timeout in a reasonable period.
2021-08-05 14:30:00 +10:00
James Elliott
a3b14871ba
perf(authentication): improve ldap dynamic replacement performance (#2239)
This change means we only check the filters for the existence of placeholders that cannot be replaced at startup. We then utilized cached results of that lookup for subsequent replacements.
2021-08-05 14:17:07 +10:00
James Elliott
c5c6bda8b0
refactor: configuration agnostic healthcheck (#2231)
This makes the healthcheck simple and configured directly by Authelia's configuration on startup.
2021-08-05 14:02:07 +10:00
James Elliott
171b323274
docs: enhance supported proxies documentation (#2210)
This enhances the supported proxies documentation to be more comprehensive.
2021-08-04 11:21:49 +10:00
James Elliott
1440394b60
docs: fix missing line from the lite guide (#2230)
This ensures users checkout the latest tagged release when using the lite deployment.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 20:52:13 +10:00
James Elliott
a7e867a699
feat(configuration): replace viper with koanf (#2053)
This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-08-03 19:55:21 +10:00
James Elliott
942fd69776
docs(logging): fix invalid key log_file (#2226)
A small fix to the documentation regarding migrating configuration.
2021-08-03 10:44:21 +10:00
James Elliott
ec2fc27910
docs: fix parents (#2225) 2021-08-03 07:23:40 +10:00
James Elliott
158783a9d4
feat(configuration): replace several configuration options (#2209)
This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration.

BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0
2021-08-02 21:55:30 +10:00
James Elliott
0fbd3c3938
docs: update and unify contact options (#2213)
This updates and unifies the contact options so it is easier to maintain. All contact options now link back to one of two locations, and both of these locations are a copy and paste for the most part.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-07-30 14:19:17 +10:00
James Elliott
2bb7b2efec
docs: update style guidelines (#2172)
Update the style guidelines.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2021-07-30 14:17:44 +10:00
James Elliott
d49f2908e0
docs(oidc): fix links (#2212) 2021-07-30 09:41:42 +10:00
Georg Lauterbach
51dcf7c02b
docs(oidc): add guidance to community docs for minio (#2191) 2021-07-20 08:23:55 +10:00
Georg Lauterbach
bf2b413172
Update OIDC MinIO community content (#2188)
* update OIDC MinIO community content
2021-07-17 08:50:05 +10:00
James Elliott
8342a46ba1
feat(oidc): implement client type public (#2171)
This implements the public option for clients which allows using Authelia as an OpenID Connect Provider for cli applications and SPA's where the client secret cannot be considered secure.
2021-07-15 21:02:03 +10:00
James Elliott
0da770d900
docs: misc fixes (#2186)
This fixes misc broken links in the docs as well as an invalid viewBox element.
2021-07-15 13:21:47 +10:00
James Elliott
76189b86b7
docs(oidc): misc docs fixes and additional references (#2185)
This fixes a few anchor issues in the OpenID Connect docs, as well as adds some additional references and fixes the name of one of the endpoints.
2021-07-15 13:04:44 +10:00
James Elliott
c794d57afc
perf(authentication): improve active directory default users filter (#2181)
This adds a performance change to the default Active Directory users filter. Basically as per TechNet the (sAMAccountType=805306368) filter is the same as (&(objectCategory=person)(objectClass=user)) except the performance is better.
2021-07-14 20:30:25 +10:00
Georg Lauterbach
9d7cfb8455
docs: update and enhance oidc documentation (#2142)
Update and adjust OIDC documentation. This also adds information for users about RP's that have been tested.

Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-07-14 11:36:07 +10:00
dependabot[bot]
d465c38f0d
build(deps): bump addressable from 2.7.0 to 2.8.0 in /docs (#2175)
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-13 11:04:57 +10:00
James Elliott
143db66445
feat(oidc): userinfo endpoint (#2146)
This is a required endpoint for OIDC and is one we missed in our initial implementation. Also adds some rudamentary documentaiton about the implemented endpoints.
2021-07-10 14:56:33 +10:00
Amir Zarrinkafsh
711b5ff0db
feat: publish and deploy to apt.authelia.com (#2148)
This automates the process of publishing our `*.deb` files for stable Authelia releases to apt.authelia.com.
2021-07-05 12:49:48 +10:00
James Elliott
ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00
James Elliott
524c6eb1dc
docs: refactor access control configuration sections (#1945)
Refactors the access-control configuration documentation to be up-to-date and conform to our style guidelines. Additionally went over each part and reworded things that needed it.
2021-06-22 16:00:45 +10:00
Amir Zarrinkafsh
fc71030c18
feat(examples): improve local setup script (#2094)
The local setup script expects to be run as root and would only work on a fresh clone of the repo. Now if not run as root the user will be prompted for sudo elevation at the beginning of the script and the script will also survive re-runs on a dirty clone.
2021-06-18 10:01:09 +10:00
Alex Gustafsson
150116a172
feat(web): implement automatic theme switch for light/dark (#2046)
* Implement an automatic theme

The "auto" theme will automatically switch between "dark" and "light"
depending on user preference. This allows for automatic dark mode.

* fix(configuration): allow the "auto" theme when validating

The new theme "auto" was not allowed to be used in a configuration file.

* docs: clarify what critera controls the automatic theme

How the "auto" theme functioned was unclear.

* docs: typeset themes as code

* fix(web): apply useEffector to media query watch

* docs: add technical details

* fix(configuration): resolve merge conflicts
2021-06-17 16:42:03 +10:00
James Elliott
2c42464fc8
refactor(configuration): use key log instead of logging (#2072)
* refactor: logging config key to log

This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging).

* docs: add step to getting started to get the latest tagged commit

This is so we avoid issues with changes on master having differences that don't work on the latest docker tag.

* test: adjust tests

* docs: adjust doc strings
2021-06-08 23:15:43 +10:00