Commit Graph

1058 Commits

Author SHA1 Message Date
James Elliott
9e9dee43ac
[FEATURE] Notifier Startup Checks (#889)
* implement SMTP notifier startup check
* check dial, starttls, auth, mail from, rcpt to, reset, and quit
* log the error on failure
* implement mock
* misc optimizations, adjustments, and refactoring
* implement validate_skip config option
* fix comments to end with period
* fix suites that used smtp notifier without a smtp container
* add docs
* add file notifier startup check
* move file mode into const.go
* disable gosec linting on insecureskipverify since it's intended, warned, and discouraged
* minor PR commentary adjustment
* apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 14:59:38 +10:00
James Elliott
a26ddf9c65
[CI] Update PR commentary messages (#890)
* thank users for their contribution
* let users know about the golangci-lint reviews
* notify users about artifacts on buildkite
2020-04-21 13:08:40 +10:00
Amir Zarrinkafsh
333137d56d
[MISC] Implement final golint recommendations (#888) 2020-04-21 10:48:24 +10:00
Clément Michaud
b12d9d405f
[FEATURE] Add Content-Security-Policy meta to login portal. (#822)
CSP is used to avoid some attacks where the hacker tries to execute
untrusted code in the browser.

The policy is to use assets hosted on the the original website and in order to make CSP work with material UI, a nonce is generated at each request of index.html and injected in the template as well as provided in the Content-Security-Policy header (https://material-ui.com/styles/advanced/#how-does-one-implement-csp)

Fix #815
2020-04-21 10:23:28 +10:00
Amir Zarrinkafsh
2e784084c7
[MISC] Implement golint recommendations (#885)
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-20 23:03:38 +02:00
dependabot-preview[bot]
a6b7a8632b
[MISC] (deps): Bump @types/node from 13.13.0 to 13.13.1 in /web (#887)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 13.13.0 to 13.13.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-20 21:46:17 +02:00
dependabot-preview[bot]
fcfe8c4da8
[MISC] (deps): Bump github.com/fasthttp/router from 1.0.2 to 1.0.3 (#884)
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/fasthttp/router/releases)
- [Commits](https://github.com/fasthttp/router/compare/v1.0.2...v1.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-19 21:48:45 +02:00
James Elliott
d233057b31
[RELEASE] 4.14.2 (#882) 2020-04-19 22:06:59 +10:00
James Elliott
e72c653f6e
[BUGFIX] 2FA after 1FA only when necessary for access to target (#881)
* prevents requirement to always 2FA if the user doesn't have permission to access a target URL
2020-04-19 21:45:46 +10:00
Amir Zarrinkafsh
4b664cf15f
[RELEASE] v4.14.1 (#880) 2020-04-19 04:33:18 +10:00
dependabot-preview[bot]
b48396a8c1
[MISC] (deps): Bump @material-ui/core from 4.9.10 to 4.9.11 in /web (#879)
Bumps [@material-ui/core](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui) from 4.9.10 to 4.9.11.
- [Release notes](https://github.com/mui-org/material-ui/releases)
- [Changelog](https://github.com/mui-org/material-ui/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mui-org/material-ui/commits/4.9.11/packages/material-ui)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-18 22:39:53 +10:00
dependabot-preview[bot]
ba17206fa9
[MISC] (deps): Bump @types/node from 13.11.1 to 13.13.0 in /web (#878)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 13.11.1 to 13.13.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-18 11:46:04 +10:00
dependabot-preview[bot]
f139de97de
[MISC] (deps): Bump github.com/valyala/fasthttp from 1.9.0 to 1.10.0 (#875)
Bumps [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/valyala/fasthttp/releases)
- [Commits](https://github.com/valyala/fasthttp/compare/v1.9.0...v1.10.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-17 09:10:27 +10:00
Clément Michaud
e7f18377f4
[DOCS] Add threat model documentation under security section. (#872)
* [DOCS] Add threat model documentation under security section.

* Update docs/security/threat-model.md

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* Apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-16 18:12:41 +10:00
Amir Zarrinkafsh
69c822a7ed
[MISC] Tweak frontend portal behaviour on enter keypress (#874)
Currently the first factor login page has somewhat inconsistent behaviour when pressing enter on a field.

The typical workflow will focus the next field from username -> password -> attempt login.
However if a user wants to tab down and hit spacebar to activate the remember me option, they cannot just hit enter and attempt a login.

This change will attempt a sign-in if the username and password fields both contain data and enter is pressed on either the username, password or remember me fields.
If the first condition is not met the the respective field(s) will error (turn red) and focus will be set to the in sequential order per the normal workflow.
2020-04-16 10:09:12 +02:00
Amir Zarrinkafsh
02c55580bc
[RELEASE] v4.14.0 (#873) 2020-04-16 10:41:23 +10:00
Dustin Sweigart
951dc71325
[FEATURE] Support multiple domains and multiple subjects in ACLs (#869)
* added support for listing multiple domains and multiple subjects

* updated documentation to show use of multiple domains and subjects

* updated config.template.yml to display multiple domains as a list

* updated config.template.yml to display multiple subjects as a list

* updated docs/configuration/access-control.md to display multiple domains as a list

* updated docs/configuration/access-control.md to display multiple subjects as a list

* removed redundant check that always returned true

* Commentary definition for `weak`
2020-04-16 10:18:11 +10:00
Clément Michaud
c5e614c86b
[DOCS] Improve documentation about users unique identifier. (#871)
Following discussion in #865.
2020-04-16 09:46:51 +10:00
Sohalt
4deebe2a64
[BUGFIX] Allow username_attribute == mail_attribute (#865) 2020-04-15 22:26:23 +10:00
dependabot-preview[bot]
4d1c2f38be
[MISC] (deps): Bump github.com/fasthttp/session from 1.1.7 to 1.1.8 (#867)
Bumps [github.com/fasthttp/session](https://github.com/fasthttp/session) from 1.1.7 to 1.1.8.
- [Release notes](https://github.com/fasthttp/session/releases)
- [Commits](https://github.com/fasthttp/session/compare/v1.1.7...v1.1.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-15 09:59:33 +10:00
Clément Michaud
730e88df9d
[FEATURE] Make Authelia serve over TLS in all suites (#864)
* [BUGFIX] Fix dev workflow by using TLS for all suites.

* Fix traefik 1.x and 2.x suites.

* Display authelia logs on suite failure.

* Fix HAProxy suite.

* Extend timeout of test case.

* Display current URL in verify assertion.

* fix doLoginTwoFactor by adding a timeout

* when doLoginTwoFactor is used with blank target and a protected domain is quickly visited authelia sometimes redirects back to the portal
* fix by adding one second timeout
* bump go version to 1.14.2

* Fix Kube suite and bump dashboard.

* Update dist authelia-frontend to proxy_pass with variable

* Apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* Apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* Remove debug logs since it's polluting logs.

Also set timeout back to 5 seconds in HA suite.

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-14 09:57:28 +10:00
Amir Zarrinkafsh
94fb28c6c0
[MISC] Update Go to 1.14.2 (#863) 2020-04-13 20:14:49 +10:00
Amir Zarrinkafsh
254e5ed239
[MISC] Fix authelia-{backend,frontend} dev server logging and startup (#862)
#767 added an interactive tty to the authelia-frontend server due toe a bump in react-scripts, this in turn consumes all logging and pages on a failure and made it difficult to interact with within the dev workflow.
The tty has been replaced with an open stdin as this also satisfies the react-scripts requirement.

This change also ignores the web directory in the reflex script to avoid errors and long start-ups in the authelia-frontend container.
2020-04-13 15:00:44 +10:00
dependabot-preview[bot]
84f94dfe0c
[MISC] (deps): Bump query-string from 6.12.0 to 6.12.1 in /web (#861)
Bumps [query-string](https://github.com/sindresorhus/query-string) from 6.12.0 to 6.12.1.
- [Release notes](https://github.com/sindresorhus/query-string/releases)
- [Commits](https://github.com/sindresorhus/query-string/compare/v6.12.0...v6.12.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-13 13:56:26 +10:00
dependabot-preview[bot]
49630664e7
[MISC] (deps): Bump github.com/fasthttp/router from 1.0.1 to 1.0.2 (#860)
Bumps [github.com/fasthttp/router](https://github.com/fasthttp/router) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/fasthttp/router/releases)
- [Commits](https://github.com/fasthttp/router/compare/v1.0.1...v1.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-13 12:47:27 +10:00
dependabot-preview[bot]
94d985b465
[MISC] (deps): Bump github.com/spf13/viper from 1.6.2 to 1.6.3 (#859)
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.6.2...v1.6.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-13 11:46:04 +10:00
dependabot-preview[bot]
4162243621
[MISC] (deps): Bump @material-ui/core from 4.9.9 to 4.9.10 in /web (#857)
Bumps [@material-ui/core](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui) from 4.9.9 to 4.9.10.
- [Release notes](https://github.com/mui-org/material-ui/releases)
- [Changelog](https://github.com/mui-org/material-ui/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mui-org/material-ui/commits/v4.9.10/packages/material-ui)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-12 00:48:06 +10:00
James Elliott
04d875b101
[RELEASE] v4.13.1 (#856) 2020-04-11 15:29:03 +10:00
James Elliott
92084bc5b2
[MISC] Add http debug routes (#848)
* [MISC] Add debug endpoints to Authelia

* enabled only with trace logging
* allows go tool pprof usage when enabled
* enables both the expvarhandler and pprofhandler from fasthttp
* simplify tls/non-tls listen and serve
* make it easy to define custom settings of the fasthttp server in the future
* make name param optional
* add note about the trace setting in the documentation
2020-04-11 14:59:58 +10:00
James Elliott
b0b3d61954
[DOCS] Adjust yaml snippets and misc adjustments (#855)
* [DOCS] Adjust yaml snippets

* use two spaces
* use yaml syntax highlighting
* other misc uniformity changes
* fix misc grammar
* add responsible disclosure link

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-11 14:46:07 +10:00
James Elliott
b3ce7fc379
[BUGFIX] Password hashing schema map mismatch with docs (#852)
* add a nolint for gosec 'possibly hardcoded password' that was incorrect
* make all parameters consistent
* update the docs for the correct key name 'password' instead of 'password_options' or 'password_hashing'
* reword some of the docs
* apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-11 13:54:18 +10:00
dependabot-preview[bot]
b0f81380c2
[MISC] (deps): Bump @types/react-router-dom from 5.1.3 to 5.1.4 in /web (#854)
Bumps [@types/react-router-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-router-dom) from 5.1.3 to 5.1.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-router-dom)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-11 12:58:28 +10:00
Sohalt
653c1ad815
[DOCS] Fix typo in the template and docs for Postgres (#853)
* update config.template.yml
* update postgres documentation
2020-04-11 12:38:57 +10:00
Amir Zarrinkafsh
0189688588
[MISC] Allow HEAD method on /api/verify (#850)
This is to natively support the upstream HAProxy module haproxy-auth-request without patching.
2020-04-11 12:14:26 +10:00
Amir Zarrinkafsh
76e8142032
[DOCS] Add Remote-User and Remote-Groups headers to Traefik docs and examples (#849) 2020-04-11 11:49:54 +10:00
Valentin Höbel
a20faec1fb
[BUGFIX] Fix indenting on lite compose bundle (#851)
docker-compose up -d no longer complains about the public service because of wrong indentation
2020-04-11 00:12:21 +10:00
James Elliott
bb1158b91e
[DOCS] Fix Password Hashing Example Spacing (#847) 2020-04-10 10:08:42 +10:00
dependabot-preview[bot]
91d2b75b64
[MISC] (deps): Bump @types/react from 16.9.33 to 16.9.34 in /web (#844)
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 16.9.33 to 16.9.34.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-09 22:49:42 +02:00
Amir Zarrinkafsh
3de1827b21
[Buildkite] Control clean builds with agent metadata (#840)
This is to optimise build times at the sacrifice of disk space/clean up tasks.
2020-04-09 14:46:04 +10:00
Amir Zarrinkafsh
49ac65eb41
[RELEASE] v4.13.0 (#839) 2020-04-09 11:50:34 +10:00
Amir Zarrinkafsh
de2c5836fd
[Buildkite] Introduce CI linting with golangci-lint and reviewdog (#832)
* [Buildkite] Introduce CI linting with golangci-lint and reviewdog

* Initial pass of golangci-lint

* Add gosimple (megacheck) recommendations

* Add golint recommendations

* [BUGFIX] Migrate authentication traces from v3 mongodb

* Add deadcode recommendations

* [BUGFIX] Fix ShortTimeouts suite when run in dev workflow

* Add unused recommendations

* Add unparam recommendations

* Disable linting on unfixable errors instead of skipping files

* Adjust nolint notation for unparam

* Fix ineffectual assignment to err raised by linter.

* Export environment variable in agent hook

* Add ineffassign recommendations

* Add staticcheck recommendations

* Add gocyclo recommendations

* Adjust ineffassign recommendations

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-04-09 11:05:17 +10:00
James Elliott
2fed503e5e
[FEATURE] Customizable Email Subject (#830)
* [FEATURE] Customizable Email Subject

* allow users to optionally change email subject
* this is so they can more easily communicate the source of the email

* Update docs/configuration/notifier/smtp.md

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-09 10:21:28 +10:00
jess
aae665eff2
[MISC] Activating Open Collective (#601)
* Added financial contributors to the README

* Update README.md

* Update README.md

* Add logos to README.md

* Update README.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-09 00:10:33 +02:00
dependabot-preview[bot]
410c1a3530
[MISC] (deps): Bump @types/react from 16.9.32 to 16.9.33 in /web (#838)
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 16.9.32 to 16.9.33.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-08 23:43:56 +02:00
dependabot-preview[bot]
f05bce66f0
[MISC] (deps): Bump go.mongodb.org/mongo-driver from 1.3.1 to 1.3.2 (#836)
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.3.1...v1.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-08 22:56:01 +02:00
dependabot-preview[bot]
f7c5611c47
[MISC] (deps): Bump @types/node from 13.11.0 to 13.11.1 in /web (#837)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 13.11.0 to 13.11.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-08 22:29:23 +02:00
Amir Zarrinkafsh
13712d0f36
[Buildkite] Fine-grained control of build steps for agent allocation (#835) 2020-04-08 11:31:33 +10:00
Amir Zarrinkafsh
bb07f432ab
[BUGFIX] Fix indenting on local compose bundle (#833) 2020-04-07 19:32:18 +10:00
dependabot-preview[bot]
a1f9a4ecd7
[MISC] (deps): Bump query-string from 6.11.1 to 6.12.0 in /web (#831)
Bumps [query-string](https://github.com/sindresorhus/query-string) from 6.11.1 to 6.12.0.
- [Release notes](https://github.com/sindresorhus/query-string/releases)
- [Commits](https://github.com/sindresorhus/query-string/compare/v6.11.1...v6.12.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-04-06 22:32:13 +10:00
Amir Zarrinkafsh
b692aa73d3
[MISC] Fix dev workflow for Standalone suite (#811)
Since the TLS change was implemented, the Standalone suite attempts to reach authelia-frontend:3001. This only works for the dist/CI based workflow as nginx is run in place of node and the respective ports are exposed.
This change will attempt authelia-frontend:3001 initially for the Standalone suite but given the server is unreachable in the dev workflow, it will mark authelia-frontend:3001 as unavailable for 180s and route all requests to authelia-frontend:3000 instead.
2020-04-06 10:15:05 +10:00