1
0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Commit Graph

17 Commits

Author SHA1 Message Date
James Elliott
b2cbcf3913
fix(handlers): consent session prevents standard flow ()
This fixes an issue where consent sessions prevent the standard workflow.
2022-07-26 15:43:39 +10:00
James Elliott
f55082d4db
fix(authorization): final slash in url matches ignored ()
This fixes an issue with the URL matching machinery which ignores the final slash of a URL. Introduced in 664d65d7fb.

Fixes 
2022-07-18 14:59:13 +10:00
James Elliott
664d65d7fb
fix(authorization): object path not normalized ()
This fixes an issue where the object path is not normalized.
2022-07-05 11:32:10 +10:00
James Elliott
ab1d0c51d3
feat(authorization): acl resource regex named groups ()
This adds the named group functionality from domain_regex to the resource criteria.
2022-06-28 12:51:05 +10:00
James Elliott
3c1bb3ec19
feat(authorization): domain regex match with named groups ()
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
2022-04-01 22:38:49 +11:00
James Elliott
3c81e75d79
feat(commands): add access-control check-policy command ()
This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
2022-02-28 14:15:01 +11:00
James Elliott
b4e570358e
fix: include major in go.mod module directive ()
* build: include major in go.mod module directive

* fix: xflags

* revert: cobra changes

* fix: mock doc
2021-08-11 11:16:46 +10:00
James Elliott
ef3c2faeb5
fix(authorization): configuration reports 2fa disabled with 2fa oidc clients ()
This resolves an issue where if you have zero two_factor ACL rules but enabled two_factor OIDC clients, 2FA is reported as disabled.
2021-06-18 11:38:01 +10:00
James Elliott
4dce8f9496
perf(authorizer): preload access control lists ()
* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description
2021-03-05 15:18:31 +11:00
Philipp Staiger
5c4edf2f4d
[FEATURE] Support for subject combinations in ACLs () 2020-06-25 18:22:42 +10:00
Amir Zarrinkafsh
aebcb38f90
[MISC] Fix goimports ordering for repo () 2020-05-01 16:56:42 +10:00
Dustin Sweigart
951dc71325
[FEATURE] Support multiple domains and multiple subjects in ACLs ()
* added support for listing multiple domains and multiple subjects

* updated documentation to show use of multiple domains and subjects

* updated config.template.yml to display multiple domains as a list

* updated config.template.yml to display multiple subjects as a list

* updated docs/configuration/access-control.md to display multiple domains as a list

* updated docs/configuration/access-control.md to display multiple subjects as a list

* removed redundant check that always returned true

* Commentary definition for `weak`
2020-04-16 10:18:11 +10:00
Amir Zarrinkafsh
de2c5836fd
[Buildkite] Introduce CI linting with golangci-lint and reviewdog ()
* [Buildkite] Introduce CI linting with golangci-lint and reviewdog

* Initial pass of golangci-lint

* Add gosimple (megacheck) recommendations

* Add golint recommendations

* [BUGFIX] Migrate authentication traces from v3 mongodb

* Add deadcode recommendations

* [BUGFIX] Fix ShortTimeouts suite when run in dev workflow

* Add unused recommendations

* Add unparam recommendations

* Disable linting on unfixable errors instead of skipping files

* Adjust nolint notation for unparam

* Fix ineffectual assignment to err raised by linter.

* Export environment variable in agent hook

* Add ineffassign recommendations

* Add staticcheck recommendations

* Add gocyclo recommendations

* Adjust ineffassign recommendations

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-04-09 11:05:17 +10:00
Clément Michaud
c578c8651d
[MISC] Add unit tests to authorization module and trace logs. ()
This aims to help debug .
2020-02-19 09:15:09 +11:00
Clément Michaud
d1d02d9eae
[FIX] Redirect to default URL after 1FA when default policy is one_factor. ()
* Redirect to default URL after 1FA when default policy is one_factor.

User is now redirected to the default redirection URL after 1FA if
the default policy is set to one_factor and there is no target URL
or if the target URL is unsafe.

Also, if the default policy is set to one_factor and the user is already
authenticated, if she visits the login portal, the 'already authenticated'
view is displayed with a logout button.

This fixes .

* Update users.yml

* Fix permissions issue causing suite test failure
2020-02-05 08:18:02 +11:00
Amir Zarrinkafsh
fabb76754e
Rename org from clems4ever to authelia
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
Clement Michaud
3b2d733367 Move source code into internal directory to follow standard project layout.
https://github.com/golang-standards/project-layout
2019-11-17 16:30:33 +01:00