Commit Graph

2294 Commits

Author SHA1 Message Date
James Elliott
a689ffe372
ci: publish authelia-git aur only on releases (#2666) 2021-12-03 15:56:31 +11:00
James Elliott
255aaeb2ad
feat(storage): encrypt u2f key (#2664)
Adds encryption to the U2F public keys. While the public keys cannot be used to authenticate, only to validate someone is authenticated, if a rogue operator changed these in the database they may be able to bypass 2FA. This prevents that.
2021-12-03 11:04:11 +11:00
James Elliott
104a61ecd6
refactor(web): only fetch totp conf if required (#2663)
Prevents the TOTP user config from being requested when the user has not registered or is already authenticated 2FA.
2021-12-02 21:28:16 +11:00
James Elliott
f0119b5c75
docs: update fail2ban example (#2661)
Updates the fail2ban examples to align with new messages.

Fixes #2649.
2021-12-02 17:09:47 +11:00
James Elliott
9045b75344
fix(storage): rebind all queries (#2662)
Fixes an issue in the new storage system. We forgot to rebind a few queries to the PostgreSQL compatible format.
2021-12-02 17:06:04 +11:00
James Elliott
f90ca855e3
feat(storage): postgresql schema and ssl options (#2659)
Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process.
2021-12-02 16:36:03 +11:00
allcontributors[bot]
252b844b46
docs: add kaysond as a contributor for doc (#2660)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-12-02 16:01:29 +11:00
Aram Akhavan
5b3fa1fffb
docs: consistent naming for configuration file (#2626)
* change all instances (file names and docs) of "config.template.yml" to "configuration.template.yml" so its consistent with the expectations of the Dockerfile

* Keep config.template.yml named as is

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* Update index.html

* revert filename changes and add a note about docker

* refactor: apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-12-02 15:50:05 +11:00
James Elliott
a79e4dc592
fix(storage): duo/u2f upsert failure on postgresql (#2658)
This replaces the standard duo_devices upsert with a PostgreSQL specific one and ensures the u2f_devices upsert uses the new unique key for the ON CONFLICT check.
2021-12-02 15:16:45 +11:00
James Elliott
bf9ab360bd
refactor(handlers): utilize referer for auth logging rm/rd (#2655)
This utilizes the referrer query parameters instead of current request query parameters for logging the requested URI and method. Minor performance improvements to header peek/sets.
2021-12-02 13:21:46 +11:00
James Elliott
f3f3b31b12
refactor(storage): totp_configurations table (#2657)
Rename column totp_period to period.
2021-12-02 12:24:10 +11:00
James Elliott
2075e76015
fix(storage): new auth log schema request method length (#2656)
This is a fix to the authentication_logs schema that prevents the VARCHAR from being insufficient for HTTP request methods such as PATCH, DELETE, OPTIONS, CONNECT.
2021-12-02 11:36:04 +11:00
renovate[bot]
6aed9f9561
build(deps): update dependency jest to v27.4.3 (#2651)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-02 10:14:48 +11:00
renovate[bot]
26eac00647
build(deps): update module github.com/mitchellh/mapstructure to v1.4.3 (#2653)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-02 08:56:17 +11:00
James Elliott
7df242f1e3
refactor: remove ioutil (#2635)
Was deprecated in 1.16 and has more performant options available.
2021-12-02 00:14:15 +11:00
James Elliott
8a12af97ab
refactor: remove previously deprecated options (#2629)
This removes the deprecated logging, host, port, and tls options per our deprecation policy.
2021-12-02 00:01:32 +11:00
James Elliott
ad8e844af6
feat(totp): algorithm and digits config (#2634)
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm).

Fixes #1226.
2021-12-01 23:11:29 +11:00
Philipp Staiger
01b77384f9
feat(duo): multi device selection (#2137)
Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator.

Closes #594. Closes #1039.
2021-12-01 14:32:58 +11:00
renovate[bot]
08b6ecb7b1
build(deps): update dependency jest to v27.4.2 (#2648)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-01 09:01:04 +11:00
James Elliott
ee14fcf3cb
docs: fix tables (#2647) 2021-11-30 22:36:16 +11:00
James Elliott
ab8f9b0697
fix(notifier): force use of sender email in smtp from cmd (#2616)
This change addresses an issue with the usage of the full sender configuration option in the MAIL FROM SMTP command. If a user includes a name in the sender this shouldn't be sent in the MAIL FROM command, instead we should extract it and use just the email portion.

Fixes #2571
2021-11-30 22:15:21 +11:00
renovate[bot]
568f210b2b
build(deps): update dependency jest to v27.4.1 (#2646)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 21:31:00 +11:00
James Elliott
9ceee6c660
feat(storage): only store identity token metadata (#2627)
This change makes it so only metadata about tokens is stored. Tokens can still be resigned due to conversion methods that convert from the JWT type to the database type. This should be more efficient and should mean we don't have to encrypt tokens or token info in the database at least for now.
2021-11-30 17:58:21 +11:00
renovate[bot]
b1d37d2069
build(deps): update dependency @types/node to v16.11.11 (#2644)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 14:13:26 +11:00
renovate[bot]
923df2cb46
build(deps): update typescript-eslint monorepo to v5.5.0 (#2643)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 10:41:28 +11:00
renovate[bot]
7ea352b730
build(deps): update dependency jest to v27.4.0 (#2642)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 10:26:13 +11:00
renovate[bot]
a85a1b68b9
build(deps): update module github.com/jackc/pgx/v4 to v4.14.1 (#2641)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-30 09:33:09 +11:00
James Elliott
bc3b0fda35
feat(regulator): enhance authentication logs (#2622)
This adds additional logging to the authentication logs such as type, remote IP, request method, redirect URL, and if the attempt was done during a ban. This also means we log attempts that occur when the attempt was blocked by the regulator for record keeping purposes, as well as record 2FA attempts which can be used to inform admins and later to regulate based on other factors.

Fixes #116, Fixes #1293.
2021-11-29 14:09:14 +11:00
renovate[bot]
d45dac39b9
build(deps): update dependency vite-plugin-istanbul to v2.3.0 (#2637)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-27 09:52:44 +11:00
renovate[bot]
6ea5711f91
build(deps): update dependency prettier to v2.5.0 (#2633)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-26 13:12:09 +11:00
James Elliott
87f3cf71c1
docs(oidc): provide beta intentions clarification and fix typo (#2632) 2021-11-25 16:11:31 +11:00
James Elliott
347bd1be77
feat(storage): encrypted secret values (#2588)
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes #682
2021-11-25 12:56:58 +11:00
renovate[bot]
eb94960348
build(deps): update dependency @types/react to v17.0.37 (#2630)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-25 09:42:51 +11:00
renovate[bot]
290e3f7aaa
build(deps): update alpine docker tag to v3.15.0 (#2631)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-25 08:46:44 +11:00
renovate[bot]
4d64b64a53
build(deps): update module github.com/knadh/koanf to v1.3.3 (#2628)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-25 03:05:35 +11:00
renovate[bot]
c128359c74
build(deps): update haproxy docker tag to v2.5.0 (#2624)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-24 11:36:46 +11:00
renovate[bot]
a05b03a3d8
build(deps): update dependency @types/node to v16.11.10 (#2623)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-24 10:53:16 +11:00
renovate[bot]
06d47d37fa
build(deps): update dependency @testing-library/jest-dom to v5.15.1 (#2620)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-24 09:56:18 +11:00
renovate[bot]
3c230bbcc4
build(deps): update module github.com/jmoiron/sqlx to v1.3.4 (#2619) 2021-11-23 21:00:13 +11:00
James Elliott
3695aa8140
feat(storage): primary key for all tables and general qol refactoring (#2431)
This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database.

Fixes #1337
2021-11-23 20:45:38 +11:00
renovate[bot]
884dc99083
build(deps): update module github.com/jackc/pgx/v4 to v4.14.0 (#2618)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-23 10:45:39 +11:00
renovate[bot]
ef8b93d502
build(deps): update dependency @vitejs/plugin-react to v1.1.0 (#2617)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-23 10:28:13 +11:00
renovate[bot]
5807a05a2c
build(deps): update dependency @types/react to v17.0.36 (#2614)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-22 10:43:05 +11:00
renovate[bot]
9b6ba84b30
build(deps): update dependency eslint-plugin-react to v7.27.1 (#2613)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-19 22:26:09 +11:00
renovate[bot]
3579c1075a
build(deps): update dependency @types/node to v16.11.9 (#2612)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-19 21:59:02 +11:00
renovate[bot]
f8f6e8dfc9
build(deps): update dependency @types/node to v16.11.8 (#2611)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-19 09:25:26 +11:00
Amir Zarrinkafsh
dbbb506fa5
ci(buildkite): fix missing commit in build-info for authelia aur package (#2609) 2021-11-18 11:57:11 +11:00
renovate[bot]
d04706eb2e
build(deps): update dependency typescript to v4.5.2 (#2607) 2021-11-18 07:59:28 +11:00
renovate[bot]
7fe948c180
build(deps): update commitlint monorepo to v15 (#2606) 2021-11-17 20:52:40 +11:00
renovate[bot]
52b1ce5ba5
build(deps): update dependency @types/react to v17.0.35 (#2605)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-16 13:56:58 +11:00