James Elliott
b2cbcf3913
fix(handlers): consent session prevents standard flow ( #3668 )
...
This fixes an issue where consent sessions prevent the standard workflow.
2022-07-26 15:43:39 +10:00
James Elliott
f55082d4db
fix(authorization): final slash in url matches ignored ( #3717 )
...
This fixes an issue with the URL matching machinery which ignores the final slash of a URL. Introduced in 664d65d7fbFixes #3692
2022-07-18 14:59:13 +10:00
James Elliott
664d65d7fb
fix(authorization): object path not normalized ( #3661 )
...
This fixes an issue where the object path is not normalized.
2022-07-05 11:32:10 +10:00
James Elliott
ab1d0c51d3
feat(authorization): acl resource regex named groups ( #3597 )
...
This adds the named group functionality from domain_regex to the resource criteria.
2022-06-28 12:51:05 +10:00
James Elliott
3c1bb3ec19
feat(authorization): domain regex match with named groups ( #2789 )
...
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 22:38:49 +11:00
James Elliott
3c81e75d79
feat(commands): add access-control check-policy command ( #2871 )
...
This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
2022-02-28 14:15:01 +11:00
James Elliott
b4e570358e
fix: include major in go.mod module directive ( #2278 )
...
* build: include major in go.mod module directive
* fix: xflags
* revert: cobra changes
* fix: mock doc
2021-08-11 11:16:46 +10:00
James Elliott
ef3c2faeb5
fix(authorization): configuration reports 2fa disabled with 2fa oidc clients ( #2089 )
...
This resolves an issue where if you have zero two_factor ACL rules but enabled two_factor OIDC clients, 2FA is reported as disabled.
2021-06-18 11:38:01 +10:00
James Elliott
4dce8f9496
perf(authorizer): preload access control lists ( #1640 )
...
* adjust session refresh to always occur (for disabled users)
* feat: adds filtering option for Request Method in ACL's
* simplify flow of internal/authorization/authorizer.go's methods
* implement query string checking
* utilize authorizer.Object fully
* make matchers uniform
* add tests
* add missing request methods
* add frontend enhancements to handle request method
* add request method to 1FA Handler Suite
* add internal ACL representations (preparsing)
* expand on access_control next
* add docs
* remove unnecessary slice for network names and instead just use a plain string
* add warning for ineffectual bypass policy (due to subjects)
* add user/group wildcard support
* fix(authorization): allow subject rules to match anonymous users
* feat(api): add new params
* docs(api): wording adjustments
* test: add request method into testing and proxy docs
* test: add several checks and refactor schema validation for ACL
* test: add integration test for methods acl
* refactor: apply suggestions from code review
* docs(authorization): update description
2021-03-05 15:18:31 +11:00
Philipp Staiger
5c4edf2f4d
[FEATURE] Support for subject combinations in ACLs ( #1142 )
2020-06-25 18:22:42 +10:00
Amir Zarrinkafsh
aebcb38f90
[MISC] Fix goimports ordering for repo ( #947 )
2020-05-01 16:56:42 +10:00
Dustin Sweigart
951dc71325
[FEATURE] Support multiple domains and multiple subjects in ACLs ( #869 )
...
* added support for listing multiple domains and multiple subjects
* updated documentation to show use of multiple domains and subjects
* updated config.template.yml to display multiple domains as a list
* updated config.template.yml to display multiple subjects as a list
* updated docs/configuration/access-control.md to display multiple domains as a list
* updated docs/configuration/access-control.md to display multiple subjects as a list
* removed redundant check that always returned true
* Commentary definition for `weak`
2020-04-16 10:18:11 +10:00
Amir Zarrinkafsh
de2c5836fd
[Buildkite] Introduce CI linting with golangci-lint and reviewdog ( #832 )
...
* [Buildkite] Introduce CI linting with golangci-lint and reviewdog
* Initial pass of golangci-lint
* Add gosimple (megacheck) recommendations
* Add golint recommendations
* [BUGFIX] Migrate authentication traces from v3 mongodb
* Add deadcode recommendations
* [BUGFIX] Fix ShortTimeouts suite when run in dev workflow
* Add unused recommendations
* Add unparam recommendations
* Disable linting on unfixable errors instead of skipping files
* Adjust nolint notation for unparam
* Fix ineffectual assignment to err raised by linter.
* Export environment variable in agent hook
* Add ineffassign recommendations
* Add staticcheck recommendations
* Add gocyclo recommendations
* Adjust ineffassign recommendations
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-04-09 11:05:17 +10:00
Clément Michaud
c578c8651d
[MISC] Add unit tests to authorization module and trace logs. ( #638 )
...
This aims to help debug #637 .
2020-02-19 09:15:09 +11:00
Clément Michaud
d1d02d9eae
[FIX] Redirect to default URL after 1FA when default policy is one_factor. ( #611 )
...
* Redirect to default URL after 1FA when default policy is one_factor.
User is now redirected to the default redirection URL after 1FA if
the default policy is set to one_factor and there is no target URL
or if the target URL is unsafe.
Also, if the default policy is set to one_factor and the user is already
authenticated, if she visits the login portal, the 'already authenticated'
view is displayed with a logout button.
This fixes #581 .
* Update users.yml
* Fix permissions issue causing suite test failure
2020-02-05 08:18:02 +11:00
Amir Zarrinkafsh
fabb76754e
Rename org from clems4ever to authelia
...
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
Clement Michaud
3b2d733367
Move source code into internal directory to follow standard project layout.
...
https://github.com/golang-standards/project-layout
2019-11-17 16:30:33 +01:00
