Commit Graph

1686 Commits

Author SHA1 Message Date
allcontributors[bot]
8191ca2330
docs: add dchidell as a contributor (#1803)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-03-11 12:13:22 +11:00
allcontributors[bot]
28922c762b
docs: add except as a contributor (#1802)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-11 12:11:09 +11:00
James Elliott
c310049faa
refactor(authentication): use crypto constant time compare (#1800)
* refactor(authentication): use crypto constant time compare

Improve security with usage of the crypto/subtle ConstantTimeCompare() method for hash comparison.

Fixes #1799

* docs: add explicit labels for chat types
2021-03-11 12:08:49 +11:00
David Chidell
5cf11f87c8
docs(authorizer): important headers for access-control networks (#1794)
* Document X-Forwarded-For capabilities within access-control networks

Adds a short paragraph detailing X-Forwarded-For header behaviour
into the documentation.

* Update docs/configuration/access-control.md

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-11 10:18:39 +11:00
dependabot[bot]
c4864ca64c
build(deps): bump elliptic from 6.5.3 to 6.5.4 in /web (#1796)
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-10 16:11:36 +11:00
James Elliott
1e46ec6c44
ci: restore dependabot rules (#1797)
Restores the dependabot rules in buildkite for the purpose of security fixes which are handled by dependabot still.
2021-03-10 15:53:33 +11:00
James Elliott
98b47227ee
release: v4.27.0 (#1795) 2021-03-10 11:53:49 +11:00
renovate[bot]
5001749b1b
build(deps): update module github.com/sirupsen/logrus to v1.8.1 (#1792)
* build(deps): update module github.com/sirupsen/logrus to v1.8.1

* fix: go mod tidy (go.sum)

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-03-10 11:33:14 +11:00
renovate[bot]
99a7c5ac2f
build(deps): update dependency @types/node to v14.14.33 (#1793)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-10 10:43:45 +11:00
James Elliott
e041143f87
feat(session): add redis sentinel provider (#1768)
* feat(session): add redis sentinel provider

* refactor(session): use int for ports as per go standards

* refactor(configuration): adjust tests and validation

* refactor(configuration): add err format consts

* refactor(configuration): explicitly map redis structs

* refactor(session): merge redis/redis sentinel providers

* refactor(session): add additional checks to redis providers

* feat(session): add redis cluster provider

* fix: update config for new values

* fix: provide nil certpool to affected tests/mocks

* test: add additional tests to cover uncovered code

* docs: expand explanation of host and nodes relation for redis

* ci: add redis-sentinel to suite highavailability, add redis-sentinel quorum

* fix(session): sentinel password

* test: use redis alpine library image for redis sentinel, use expose instead of ports, use redis ip, adjust redis ip range, adjust redis config

* test: make entrypoint.sh executable, fix entrypoint.sh if/elif

* test: add redis failover tests

* test: defer docker start, adjust sleep, attempt logout before login, attempt visit before login and tune timeouts, add additional logging

* test: add sentinel integration test

* test: add secondary node failure to tests, fix password usage, bump test timeout, add sleep

* feat: use sentinel failover cluster

* fix: renamed addrs to sentineladdrs upstream

* test(session): sentinel failover

* test: add redis standard back into testing

* test: move redis standalone test to traefik2

* fix/docs: apply suggestions from code review
2021-03-10 10:03:05 +11:00
renovate[bot]
073c558296
build(deps): update traefik docker tag to v2.4.7 (#1790)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-09 14:18:48 +11:00
renovate[bot]
ac7ee18610
build(deps): update dependency @types/react-dom to v17.0.2 (#1789)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-09 09:45:12 +11:00
renovate[bot]
9dcb2e06fb
build(deps): update dependency @types/node to v14.14.32 (#1784)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-09 09:28:31 +11:00
renovate[bot]
d7484bd7e2
build(deps): update dependency @types/react to v17.0.3 (#1785)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-08 15:59:25 +11:00
renovate[bot]
095b9fa16d
build(deps): update dependency typescript to v4.2.3 (#1780)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-05 22:32:51 +11:00
James Elliott
4dce8f9496
perf(authorizer): preload access control lists (#1640)
* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description
2021-03-05 15:18:31 +11:00
renovate[bot]
455b859047
build(deps): update haproxy docker tag to v2.3.6 (#1779)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-04 14:15:01 +11:00
renovate[bot]
1438cf5deb
build(deps): update dependency chai to v4.3.3 (#1778)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-04 12:15:04 +11:00
Amir Zarrinkafsh
2a1f5e3f8d
fix(configuration): lower argon2id default memory requirements (#1762)
* fix(configuration): lower argon2id default memory requirements

The current default hashing value of 1024MB (1GB) is far too aggressive to cover all use cases.
Reducing this number and encouraging users to to read the documentation and tune will result in less issues and a better user experience.

* test: fix broken tests
2021-03-03 20:19:28 +11:00
renovate[bot]
f24ec3989a
build(deps): update dependency chai to v4.3.1 (#1776)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-03 13:14:32 +11:00
renovate[bot]
5cf98de225
build(deps): update module github.com/fasthttp/router to v1.3.9 (#1775)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 22:03:47 +11:00
renovate[bot]
92154a1193
build(deps): update traefik docker tag to v2.4.6 (#1774)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 15:07:51 +11:00
renovate[bot]
e2f08f568a
build(deps): update module github.com/valyala/fasthttp to v1.22.0 (#1772)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 11:27:03 +11:00
renovate[bot]
abe8e438a2
build(deps): update module github.com/fasthttp/router to v1.3.8 (#1771)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 08:58:28 +11:00
renovate[bot]
bd610b5b5b
build(deps): update dependency query-string to v6.14.1 (#1769)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-28 16:40:01 +11:00
renovate[bot]
96bb3e2f88
build(deps): update dependency eslint-config-prettier to v8.1.0 (#1764)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-25 10:58:41 +11:00
renovate[bot]
f09eb1fcc8
build(deps): update dependency typescript to v4.2.2 (#1760)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-24 10:56:21 +11:00
allcontributors[bot]
2f4724e7f9
docs: add ThinkChaos as a contributor (#1761)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-02-24 10:39:37 +11:00
ThinkChaos
ba65a3db82
feat(handlers): authorization header switch via query param to /api/verify (#1563)
* [FEATURE] Add auth query param to /api/verify (#1353)

When `/api/verify` is called with `?auth=basic`, use the standard
Authorization header instead of Proxy-Authorization.

* [FIX] Better basic auth error reporting

* [FIX] Return 401 when using basic auth instead of redirecting

* [TESTS] Add tests for auth=basic query param

* [DOCS] Mention auth=basic argument and provide nginx example

* docs: add/adjust basic auth query arg docs for proxies

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-24 10:35:04 +11:00
Amir Zarrinkafsh
4f099b76d7
build(deps): downgrade module github.com/mattn/go-sqlite3 to v1.14.6 (#1758) 2021-02-23 14:51:31 +11:00
renovate[bot]
64b01b2811
build(deps): update mariadb docker tag to v10.5.9 (#1757)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-23 12:49:16 +11:00
renovate[bot]
40099edc45
build(deps): update dependency react-scripts to v4.0.3 (#1756)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-23 10:54:38 +11:00
renovate[bot]
dc341a3894
build(deps): update dependency eslint-config-prettier to v8 (#1750)
* build(deps): update dependency eslint-config-prettier to v8

* fix(web): update eslint/prettier config to v8.0

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-23 10:26:57 +11:00
renovate[bot]
d000e5dbeb
build(deps): update module github.com/otiai10/copy to v1.5.0 (#1753)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-23 05:41:51 +11:00
renovate[bot]
17bf3f860b
build(deps): update osixia/openldap docker tag to v1.5.0 (#1749)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 22:08:23 +11:00
renovate[bot]
30d45dd3fc
build(deps): update module github.com/sirupsen/logrus to v1.8.0 (#1747)
* build(deps): update module github.com/sirupsen/logrus to v1.8.0

* go mod tidy

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-02-22 21:52:08 +11:00
renovate[bot]
b10adf6cf4
build(deps): update module github.com/golang/mock to v1.5.0 (#1746)
* build(deps): update module github.com/golang/mock to v1.5.0

* build(deps): go mod tidy

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-22 20:33:17 +11:00
renovate[bot]
68af1fdfca
build(deps): update module github.com/authelia/session/v2 to v2.4.1 (#1745)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 17:48:10 +11:00
renovate[bot]
a8f83568c0
build(deps): update dependency query-string to v6.14.0 (#1744)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 17:23:58 +11:00
renovate[bot]
19a5e28930
build(deps): update dependency eslint-import-resolver-typescript to v2.4.0 (#1743)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 17:05:37 +11:00
James Elliott
0f7891a823
build(deps): update module github.com/valyala/fasthttp to v1.21.0 (#1755) 2021-02-22 16:37:40 +11:00
renovate[bot]
36d02f9cf5
build(deps): update traefik docker tag to v2.4.5 (#1742)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 16:21:43 +11:00
renovate[bot]
e77ef2d1dc
build(deps): update module github.com/spf13/cobra to v1.1.3 (#1741)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 15:47:07 +11:00
renovate[bot]
59b3c2cbd8
build(deps): update haproxy docker tag to v2.3.5 (#1737)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 15:06:10 +11:00
Amir Zarrinkafsh
582ca4cbb1
ci(buildkite): optimise job to agent assignment (#1754)
Split out unit-testing jobs to ensure that the workloads are evenly spread.
2021-02-22 14:24:01 +11:00
Amir Zarrinkafsh
49aa5e0eb8
ci(buildkite): change to concurrency gates (#1752)
* ci(buildkite): change to concurrency gates

Continuation of #1751.

* ci(buildkite): optimise concurrency gates
2021-02-22 12:48:20 +11:00
Amir Zarrinkafsh
6daeaf4e47
ci(buildkite): add concurrency limits to build and test steps (#1751)
Due to the unpredictability of changes that Renovate can submit this PR will allow us to control the number of jobs that will run simultaneously per step.
2021-02-22 11:13:51 +11:00
Amir Zarrinkafsh
74721a9f41
feat: go:embed static assets (#1733)
* feat: go:embed static assets

Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers.

Key points to note:

Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`.

To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows.

* fix(suites): increase ldap suite test timeout

* fix(server): fix swagger asset CSP
2021-02-22 10:07:06 +11:00
James Elliott
8bc7ef5d8f
release: v4.26.2 (#1736) 2021-02-22 09:02:15 +11:00
renovate[bot]
c343e53dd6
build(deps): update dependency @types/node to v14.14.31 (#1734)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-20 14:55:11 +11:00