Commit Graph

23 Commits

Author SHA1 Message Date
James Elliott
29a900226d
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557)
* add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia
* this is in ADDITION to system certs and are trusted by both LDAP and SMTP
* added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS
* remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use
* use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section
* added temporary translations from the old names to the new ones for all deprecated options
* added docs
* updated example configuration
* final deprecations to be done in 4.28.0
* doc updates
* fix misc linting issues
* uniform deprecation notices for ease of final removal
* added additional tests covering previously uncovered areas and the new configuration options
* add non-fatal to certificate loading when system certs could not be loaded
* adjust timeout of Suite ShortTimeouts
* add warnings pusher for the StructValidator
* make the schema suites uninform
* utilize the warnings in the StructValidator
* fix test suite usage for skip_verify
* extract LDAP filter parsing into it's own function to make it possible to test
* test LDAP filter parsing
* update ErrorContainer interface
* add tests to the StructValidator
* add NewTLSConfig test
* move baseDN for users/groups into parsed values
* add tests to cover many of the outstanding areas in LDAP
* add explicit deferred LDAP conn close to UpdatePassword
* add some basic testing to SMTP notifier
* suggestions from code review
2021-01-04 21:28:55 +11:00
Amir Zarrinkafsh
774c1c0207
[MISC] Consistently utilise correct logging interface (#1487)
This change aims to utilise the correct logging interface consistently.

The only instances where stdlib log is utilised is for tests and when commands that Authelia supports; for example certificate generation, password hashing and config validation.
2020-11-25 09:54:36 +11:00
James Elliott
956dbfb8de
[BUGFIX] Add ability to specify SMTP HELO/EHLO identifier (#1416)
* add docs
* add configuration option for SMTP called `identifier`
* default should act the same as before
2020-11-05 10:22:10 +11:00
Amir Zarrinkafsh
b1a01b1727
[CI] Update QEMU to v5.1.0-2 (#1321)
* [CI] Update QEMU to v5.1.0-2

* Fix linter errors from golangci-lint update
2020-09-18 22:05:43 +10:00
James Elliott
a92b0bff1d
[FEATURE] Plain Text Email Notifications (#1238)
* add a plain text email template
* use plain text email template for file based emails
* add config option to SMTP emails named disable_html_emails
  * config option is a boolean that when set to true will only send plain text emails
* add docs for more complex SMTP notifier options
* update template
* add rfc1341 multipart logic to notifier
* check for errors after identity_verification

* * fix nil ptr
* go mod tidy
* remove needless checks

* * use multipart/atlernative instead

* * add rfc5322 compliant date header

* * fix linting issues
2020-08-21 12:16:23 +10:00
Amir Zarrinkafsh
cc06ab6c18
[CI] Add gocritic linter (#977)
* [CI] Add gocritic linter

* Implement gocritic recommendations
The outstanding recommendations are due to be addressed in #959 and #971 respectively.

* Fix implementation tests

* Fix remaining linting issues.

* Fix tests.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-06 10:52:06 +10:00
Amir Zarrinkafsh
1600e0f7da
[CI] Add wsl linter (#980)
* [CI] Add wsl linter

* Implement wsl recommendations

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-05 21:35:32 +02:00
Amir Zarrinkafsh
e67f63ee44
[CI] Add godot linter (#958)
* [CI] Add godot linter

* Implement godot recommendations
2020-05-02 15:06:39 +10:00
James Elliott
e89e040949
[FIX] File Notifier Default Permissions (#902)
* [FIX] File Notifier Default Permissions

* set to 0600 for security
* recreate file if it exists with correct perms
* remove named return vars from notifier
2020-04-23 12:01:24 +10:00
James Elliott
fca190dedc
[MISC] Linting unparam fixes (#892)
* remove unused bools
2020-04-21 15:53:47 +10:00
James Elliott
9e9dee43ac
[FEATURE] Notifier Startup Checks (#889)
* implement SMTP notifier startup check
* check dial, starttls, auth, mail from, rcpt to, reset, and quit
* log the error on failure
* implement mock
* misc optimizations, adjustments, and refactoring
* implement validate_skip config option
* fix comments to end with period
* fix suites that used smtp notifier without a smtp container
* add docs
* add file notifier startup check
* move file mode into const.go
* disable gosec linting on insecureskipverify since it's intended, warned, and discouraged
* minor PR commentary adjustment
* apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 14:59:38 +10:00
Amir Zarrinkafsh
de2c5836fd
[Buildkite] Introduce CI linting with golangci-lint and reviewdog (#832)
* [Buildkite] Introduce CI linting with golangci-lint and reviewdog

* Initial pass of golangci-lint

* Add gosimple (megacheck) recommendations

* Add golint recommendations

* [BUGFIX] Migrate authentication traces from v3 mongodb

* Add deadcode recommendations

* [BUGFIX] Fix ShortTimeouts suite when run in dev workflow

* Add unused recommendations

* Add unparam recommendations

* Disable linting on unfixable errors instead of skipping files

* Adjust nolint notation for unparam

* Fix ineffectual assignment to err raised by linter.

* Export environment variable in agent hook

* Add ineffassign recommendations

* Add staticcheck recommendations

* Add gocyclo recommendations

* Adjust ineffassign recommendations

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-04-09 11:05:17 +10:00
James Elliott
2fed503e5e
[FEATURE] Customizable Email Subject (#830)
* [FEATURE] Customizable Email Subject

* allow users to optionally change email subject
* this is so they can more easily communicate the source of the email

* Update docs/configuration/notifier/smtp.md

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-09 10:21:28 +10:00
James Elliott
8aade7f40e
[MISC] Update durations to notation format and housekeeping (#824)
* added regulation validator
* made regulations find_time and ban_time values duration notation strings
* added DefaultRegulationConfiguration for the validator
* made session expiration and inactivity values duration notation strings
* TOTP period does not need to be converted because adjustment should be discouraged
* moved TOTP defaults to DefaultTOTPConfiguration and removed the consts
* arranged the root config validator in configuration file order
* adjusted tests for the changes
* moved duration notation docs to root of configuration
* added references to duration notation where applicable
* project wide gofmt and goimports:
* run gofmt
* run goimports -local github.com/authelia/authelia -w on all files
* Make jwt_secret error uniform and add tests
* now at 100% coverage for internal/configuration/validator/configuration.go
2020-04-05 22:37:21 +10:00
James Elliott
e1cd524f65
[FEATURE] SMTPS support (#643)
* [FEATURE] SMTPS Support
- Added port_tls option to enable SMTPS, off by default.

* Remove configuration variable for SMTPS

Instead we enable SMTPS on port 465 only. The reason for this is so we don't require an additional configuration variable.

* Add SMTPS warning and updated docs

* Adjust SMTPS warning
2020-02-20 12:09:46 +11:00
James Elliott
152b33e4fa [FIX] SMTP Notifier Unhandled Error Conditions (#585)
- Only attempt to close the connection once it's established.
- Defer the client Quit/Close so that it always executes at the end.
- Fixes #585
2020-01-28 15:19:54 +11:00
James Elliott
242386e279 Force TLS and valid x509 certs in SMTP Notifier by default
- Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN
- Removed: secure (notifier smtp conf) boolean string
- Added: disable_verify_cert (notifier smtp conf) boolean
    - disables X509 validation of certificates
- Added: disable_require_tls (notifier smtp conf) boolean
    - allows emails to be sent over plain text (for non-authenticated only)
- Added: trusted_cert (notifier smtp conf) string (path)
    - allows specifying the path of a PEM format cert to add to trusted cert pool
- Make SMTP notifier return errors on connection over plain text
- Make SMTP notifier return errors on TLS connection with invalid certs
- Implemented various debug logging for the SMTP notifier
- Implemented explicit SMTP closes on errors (previously left con open)
- Split SMTPNotifier Send func to seperate funcs for:
    - writing future test suites and startup checks more easily
    - organization and readability
- Add details of changes to docs/security.yml
- Adjust config.yml's (template and test) for the changes
2020-01-10 17:37:16 +01:00
James Elliott
1ef3485418 Fix duplicate Content-Type header in SMTPNotifier
- SMTPNotifier would send the Content-Type header twice
- Fixes #498
2020-01-10 17:37:16 +01:00
Amir Zarrinkafsh
612881ca67 Fix spelling errors 2020-01-10 11:33:18 +01:00
James Elliott
6e946dc859 Added sec warn, more debug logging detail
- Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text)
- Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
2019-12-28 09:35:01 +01:00
James Elliott
c4b56a6002 Implement SMTP StartTLS and Adaptive Auth
- If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending
- Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs)
- Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism
- Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported
- Changed secure key to use boolean values instead of strings
- Arranged SMTP notifier properties/vars to be in the same order
- Log the steps for STARTTLS (debug only)
- Log the steps for AUTH (debug only)
2019-12-28 09:35:01 +01:00
Amir Zarrinkafsh
fabb76754e
Rename org from clems4ever to authelia
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
Clement Michaud
3b2d733367 Move source code into internal directory to follow standard project layout.
https://github.com/golang-standards/project-layout
2019-11-17 16:30:33 +01:00