snyk-bot
9dec33f23c
fix: package.json & package-lock.json to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
2019-10-19 18:43:03 +02:00
Clément Michaud
eee8c59562
Remove reference to CONTRIBUTORS.md in readme.
2019-10-19 18:34:14 +02:00
Clement Michaud
624a3c740c
Remove CONTRIBUTORS.md as the list is provided in Github.
2019-10-19 18:31:11 +02:00
yaleman
73e593d5a7
spelling correction
2019-10-19 18:12:31 +02:00
Clement Michaud
cb18a99630
Install xvfb in travis container.
2019-10-19 18:10:23 +02:00
snyk-bot
dd6823f227
fix: package.json & package-lock.json to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-10-19 17:57:40 +02:00
Clement Michaud
dd0add9618
Update the footer of emails sent after request initiation.
2019-09-26 17:33:07 +02:00
Clement Michaud
828baab6b1
3.16.0
2019-09-25 23:56:20 +02:00
Clement Michaud
f95515f912
Add changelog for 3.16.0.
2019-09-25 23:56:20 +02:00
Clement Michaud
5fb47ac848
Fix security issue with handlebars.
2019-09-25 22:03:59 +02:00
Nain Tornez
190e85a79d
docs: fix urls
2019-09-25 20:51:31 +02:00
Callan Bryant
fbe7b77bce
Update vulnerable dependencies
...
* lodash
* mixin-deep
* set-value
* union-value
NPM also updated the schema of package-lock.json.
2019-07-29 14:55:24 +02:00
Max Planck
e40777735b
Use Node 8.7 to be in line with current master
2019-07-03 17:23:52 +02:00
Max Planck
81e39b93b6
Added the ability for users to configure a CA when using ldaps
2019-07-03 17:23:52 +02:00
Clement Michaud
4979f2bd2d
Remove tests with dockerhub image.
2019-06-28 22:40:06 +02:00
Max Planck
21d55a027d
Added debugging logging output to track down
...
*domain mismatches
*session cookie issues
2019-06-07 17:39:04 +02:00
Max Planck
80b1428849
Added environment variable parsing for:
...
*session secret
*e-mail service password
*smtp server password
*duo-auth api secret key
*ldap bind password
These still need to be specified in the configuration file
but can have dummy values there while the real values are
passed in via environment variables.
2019-06-07 17:39:04 +02:00
Max Planck
cb4eb710fb
Added ldap password environment variable.
2019-06-07 17:39:04 +02:00
Clément Michaud
8478216e5d
Update README.md
2019-04-25 13:36:14 +02:00
Clement Michaud
dd36902467
3.15.0
2019-04-24 23:55:21 +02:00
Clement Michaud
e37ee9e5c7
Add changelog for version 3.15.0.
2019-04-24 23:55:07 +02:00
Clement Michaud
4f63de4020
Remove useless packages from server package.json.
2019-04-24 23:53:23 +02:00
Clement Michaud
186839d6e5
Remove the shared directory and move files to server.
2019-04-17 23:31:56 +02:00
Clement Michaud
5a195f7ebd
Update README to mention nginx and Traefik and update images.
2019-04-17 23:06:56 +02:00
Clément Michaud
e0dab01442
Update README.md
2019-04-17 00:28:31 +02:00
Clement Michaud
743b84aeaa
Change license from MIT to Apache 2.0.
2019-04-16 23:40:15 +02:00
Clement Michaud
ab8402314b
Add a link to the breaking changes markdown in README.
2019-04-16 22:58:45 +02:00
Clement Michaud
b36f2c78f9
3.14.0
2019-04-16 22:53:48 +02:00
Clement Michaud
9e90662a89
Update CHANGELOG.md and add BREAKING.md.
2019-04-16 22:53:42 +02:00
Amir Zarrinkafsh
7d639df0b6
Fix nginx.md examples to reflect latest breaking changes
2019-04-16 21:24:18 +02:00
Clement Michaud
4016ff1bba
[BREAKING] Create a suite for Traefik proxy.
...
* Removal of the Redirect header sent by Authelia /api/verify endpoint.
* Authelia does not consume Host header anymore but X-Forwarded-Proto and X-Forwarded-Host
to compute the link sent in identity verification emails.
* Authelia used Host header as the application name for U2F authentication but it's now using
X-Forwarded-* headers.
2019-04-12 09:24:54 +02:00
ViViDboarder
617e929e1a
Fix relative paths and add error handling
2019-04-12 09:24:54 +02:00
ViViDboarder
356b82f443
Fix lint error
2019-04-12 09:24:54 +02:00
ViViDboarder
0922b3c215
Build x-original-url from forwarded headers
...
This is to allow broader support for proxies. In particular, this allows
support with Traefik.
This patch also includes some examples of configuration with Traefik.
2019-04-12 09:24:54 +02:00
Clement Michaud
36d65c284e
Add a test checking forwarded headers on bypass-based resources.
2019-04-10 22:34:15 +02:00
Amir Zarrinkafsh
c074270b54
Fix attaching User/Groups headers for bypass strategy
2019-04-10 21:32:12 +02:00
Clement Michaud
87e06e6528
Remove bad error message when registering U2F device.
2019-03-31 20:39:20 +02:00
Clement Michaud
8a76b5118d
Add network criteria in ACLs to specify policy based on network subnet.
2019-03-31 20:11:07 +02:00
Clement Michaud
3c6e2ae448
3.13.0
2019-03-29 14:12:58 +01:00
Clement Michaud
23658dbcdf
Update the CHANGELOG before release of v3.13.0.
2019-03-29 14:12:41 +01:00
Clement Michaud
e7c09fddc6
Simplify nginx example configuration.
2019-03-28 23:14:36 +01:00
Clement Michaud
81207b49ad
Fix failing second factor when no default redirection url set.
...
When no default redirection url was set, Duo push second factor was shown as
failing even if authentication was successful.
2019-03-28 22:38:16 +01:00
Clément Michaud
e3b6410e79
Merge pull request #344 from nightah/duo-additions
...
Capture IP address and Target URL in Duo 2FA request
2019-03-27 10:47:23 +01:00
Amir Zarrinkafsh
274c6135c7
Capture IP address and Target URL in Duo 2FA request
2019-03-27 19:44:50 +11:00
Clément Michaud
c2810101a4
Update README.md
2019-03-25 09:04:58 +01:00
Clément Michaud
30f47a1451
Merge pull request #342 from clems4ever/duo-push
...
Add Duo Push Notification option as 2FA.
2019-03-24 23:55:44 +01:00
Clement Michaud
28cc5e7e1b
Fix integration tests.
2019-03-24 23:29:46 +01:00
Clement Michaud
a4b129a676
Security Key method is not displayed if browser does not support it.
2019-03-24 22:36:49 +01:00
Clement Michaud
a717b965c1
Display only available 2FA methods.
...
For instance Duo Push Notification method is not displayed if the API
is not configured.
2019-03-24 22:23:25 +01:00
Clement Michaud
d09a307ff8
Fix redirection after 2FA method change.
...
Authelia was using links with href="#" that changed the URL when clicked
on. Therefore, this commit removes the href property and apply link style
to tags without href property.
2019-03-24 20:02:55 +01:00