Commit Graph

2268 Commits

Author SHA1 Message Date
Kristof Mattei
b20f62b015
Update example to set correct internal trusted ranges. (#1575) 2021-01-02 07:36:12 +11:00
dependabot-preview[bot]
baaaf1e8a5
[MISC] (deps): Bump qrcode.react from 1.0.0 to 1.0.1 in /web (#1574)
Bumps [qrcode.react](https://github.com/zpao/qrcode.react) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/zpao/qrcode.react/releases)
- [Changelog](https://github.com/zpao/qrcode.react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zpao/qrcode.react/compare/v1.0.0...v1.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-31 13:17:02 +11:00
dependabot-preview[bot]
a6066288bc
[MISC] (deps): Bump @types/node from 14.14.16 to 14.14.17 in /web (#1573)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.16 to 14.14.17.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-31 13:01:33 +11:00
dependabot-preview[bot]
5d76db1794
[MISC] (deps): Bump @types/react-router-dom from 5.1.6 to 5.1.7 in /web (#1572)
Bumps [@types/react-router-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-router-dom) from 5.1.6 to 5.1.7.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-router-dom)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-31 12:20:26 +11:00
dependabot-preview[bot]
0f33166ae0
[MISC] (deps): Bump query-string from 6.13.7 to 6.13.8 in /web (#1570)
Bumps [query-string](https://github.com/sindresorhus/query-string) from 6.13.7 to 6.13.8.
- [Release notes](https://github.com/sindresorhus/query-string/releases)
- [Commits](https://github.com/sindresorhus/query-string/compare/v6.13.7...v6.13.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-31 08:28:49 +11:00
dependabot-preview[bot]
620f51d610
[MISC] (deps): Bump arm64v8/alpine from 3.12.2 to 3.12.3 (#1571)
Bumps arm64v8/alpine from 3.12.2 to 3.12.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-31 08:07:29 +11:00
Amir Zarrinkafsh
49ae9b0a69
[CI] Update QEMU to v5.2.0-1 (#1567)
* [CI] Update QEMU to v5.2.0-1

* Fix linting error from golangci-lint 1.34.1 update

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-30 07:23:24 +11:00
Amir Zarrinkafsh
1debc820fa
[DOCS] Fix typo in IPv6 address notes (#1566) 2020-12-30 06:33:57 +11:00
Amir Zarrinkafsh
b12528a65c
[FEATURE] Display TOTP secret on device registration (#1551)
* This change provides the TOTP secret which allows users to copy and utilise for password managers and other applications.
* Hide TextField if secret isn't present
* This ensure that the TextField is removed on a page or if there is no secret present.
* Add multiple buttons and set default value to OTP URL
* Remove inline icon and add icons under text field which allow copying of the secret key and the whole OTP URL.
* Fix integration tests
* Add notifications on click for secret buttons
* Also remove autoFocus on TextField so a user can identify that the full OTP URL is in focus.
2020-12-29 13:30:00 +11:00
James Elliott
2763aefe81
[BUGFIX] Static Session Expiration Key (#1564)
* [BUGFIX] Static Session Expiration Key

* keys for session expiration are random for each instance of Authelia
* this is caused by upstream setting it to a random value
* using a temporary bugfix fork of github.com/fasthttp/session to resolve locally
* add some misc doc additions
2020-12-29 12:44:47 +11:00
dependabot-preview[bot]
251684fd4a
[MISC] (deps): Bump @types/node from 14.14.14 to 14.14.16 in /web (#1561)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.14 to 14.14.16.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-24 08:31:46 +11:00
dependabot-preview[bot]
d478da50a5
[MISC] (deps): Bump axios from 0.21.0 to 0.21.1 in /web (#1555)
Bumps [axios](https://github.com/axios/axios) from 0.21.0 to 0.21.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.21.0...v0.21.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-12-23 22:05:50 +11:00
dependabot-preview[bot]
ad3f4d233f
[MISC] (deps): Bump @fortawesome/react-fontawesome in /web (#1556)
Bumps [@fortawesome/react-fontawesome](https://github.com/FortAwesome/react-fontawesome) from 0.1.13 to 0.1.14.
- [Release notes](https://github.com/FortAwesome/react-fontawesome/releases)
- [Changelog](https://github.com/FortAwesome/react-fontawesome/blob/master/CHANGELOG.md)
- [Commits](https://github.com/FortAwesome/react-fontawesome/compare/0.1.13...0.1.14)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-23 21:36:34 +11:00
Amir Zarrinkafsh
e5504fa918
[MISC] Add Buildkite logo to badge (#1554) 2020-12-22 12:29:50 +11:00
dependabot-preview[bot]
336b32818a
[MISC] (deps): [Security] Bump node-notifier from 8.0.0 to 8.0.1 in /web (#1553)
Bumps [node-notifier](https://github.com/mikaelbr/node-notifier) from 8.0.0 to 8.0.1. **This update includes a security fix.**
- [Release notes](https://github.com/mikaelbr/node-notifier/releases)
- [Changelog](https://github.com/mikaelbr/node-notifier/blob/v8.0.1/CHANGELOG.md)
- [Commits](https://github.com/mikaelbr/node-notifier/compare/v8.0.0...v8.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-22 09:45:45 +11:00
ZMiguel Valdiviesso
39bb2d2d1a
Add config example for LDAP groupOfUniqueNames group structure (#1549)
* Add config example for groupOfUniqueNames group structure

* Update ldap.md

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-22 08:16:20 +11:00
dependabot-preview[bot]
d5904bdae4
[MISC] (deps): Bump arm32v7/alpine from 3.12.2 to 3.12.3 (#1552)
Bumps arm32v7/alpine from 3.12.2 to 3.12.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-22 07:55:55 +11:00
dependabot-preview[bot]
ee3ce69f9f
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind (#1548)
Bumps alpine from 3.12.2 to 3.12.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-19 14:11:31 +11:00
dependabot-preview[bot]
a9635aafd2
[MISC] (deps): Bump alpine from 3.12.2 to 3.12.3 (#1547)
Bumps alpine from 3.12.2 to 3.12.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-19 12:55:57 +11:00
dependabot-preview[bot]
5ea3aebd44
[MISC] (deps): Bump arm32v7/alpine from 3.12.1 to 3.12.2 (#1545)
Bumps arm32v7/alpine from 3.12.1 to 3.12.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-17 09:36:56 +11:00
James Elliott
18627d5869
[RELEASE] v4.24.1 (#1543) 2020-12-16 14:11:41 +11:00
Amir Zarrinkafsh
b989c1b169
[MISC] Refactor and address most errcheck linter ignores (#1511)
* [MISC] Refactor and address most errcheck linter ignores

This is mostly a quality of life change.
When we first implemented the errcheck linter we ignored a number of items in our legacy codebase with intent to revisit down the track.

* Handle errors for regulation marks and remove unnecessary logging
2020-12-16 12:47:31 +11:00
Amir Zarrinkafsh
7c6a86882f
[MISC] Catch OpenLDAP ppolicy error (#1508)
* [MISC] Catch OpenLDAP ppolicy error

Further to the discussion over at #361, this change now ensures that OpenLDAP password complexity errors are caught and appropriately handled.

This change also includes the PasswordComplexity test suite in the LDAP integration suite. This is because a ppolicy has been setup and enforced.

* Remove password history for integration tests

* Adjust max failures due to regulation trigger

* Fix error handling for password resets

* Refactor and include code suggestions
2020-12-16 12:30:03 +11:00
Amir Zarrinkafsh
52e6435896
[DOCS] Add Discord badge to README.md (#1542)
* [DOCS] Add Discord badge to README.md

* add to contact section

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-16 12:08:51 +11:00
Amir Zarrinkafsh
f2282f78a9
[DOCS] Add notes for IPv6 literal address (#1541) 2020-12-16 11:31:39 +11:00
Begley Brothers (Development)
a7968bc77b
[DOCS] Update hash-password example with single quotes (#1537)
* [Doc] Single quote the hash-password input

Closes #1536

* Update docs/configuration/authentication/file.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-12-16 11:07:51 +11:00
Clément Michaud
86c4577127
[DOCS] Add a note on regexps in ACLs (#1533)
Fixes #1523
2020-12-16 11:00:58 +11:00
dependabot-preview[bot]
21fd616f8c
[MISC] (deps): Bump @types/node from 14.14.13 to 14.14.14 in /web (#1540)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.13 to 14.14.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-12-16 10:35:59 +11:00
dependabot-preview[bot]
b5e23f3392
[MISC] (deps): Bump arm64v8/alpine from 3.12.1 to 3.12.2 (#1539)
Bumps arm64v8/alpine from 3.12.1 to 3.12.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-15 22:29:24 +01:00
dependabot-preview[bot]
7c4abf7b26
[MISC] (deps): Bump @types/node from 14.14.12 to 14.14.13 in /web (#1530)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.12 to 14.14.13.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-14 13:19:35 +11:00
dependabot-preview[bot]
c14af472dd
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind (#1531)
Bumps alpine from 3.12.1 to 3.12.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-14 09:12:55 +11:00
dependabot-preview[bot]
ceee1f1bb0
[MISC] (deps): Bump alpine from 3.12.1 to 3.12.2 (#1532)
Bumps alpine from 3.12.1 to 3.12.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-14 07:50:55 +11:00
dependabot-preview[bot]
6c930d88a8
[MISC] (deps): Bump typescript from 4.1.2 to 4.1.3 in /web (#1528)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-12 12:37:45 +11:00
dependabot-preview[bot]
101bbef5a6
[MISC] (deps): [Security] Bump ini from 1.3.5 to 1.3.7 in /web (#1524)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. **This update includes a security fix.**
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-12 12:05:38 +11:00
dependabot-preview[bot]
f246b629c3
[MISC] (deps): Bump @types/node from 14.14.11 to 14.14.12 in /web (#1522)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.11 to 14.14.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-12 11:35:51 +11:00
dependabot-preview[bot]
c2708c40ab
[MISC] (deps): Bump golang from 1.15.5-alpine to 1.15.6-alpine (#1519)
Bumps golang from 1.15.5-alpine to 1.15.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-12 10:52:08 +11:00
dependabot-preview[bot]
12a6286dc1
[MISC] (deps): Bump @types/jest from 26.0.17 to 26.0.19 in /web (#1525)
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 26.0.17 to 26.0.19.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-11 10:03:29 +11:00
dependabot-preview[bot]
c9d8851b5d
[MISC] (deps): Bump @types/node from 14.14.10 to 14.14.11 in /web (#1516)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.10 to 14.14.11.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-09 10:31:18 +11:00
dependabot-preview[bot]
c63d20c9a2
[MISC] (deps): Bump @types/jest from 26.0.16 to 26.0.17 in /web (#1514)
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 26.0.16 to 26.0.17.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-09 10:10:23 +11:00
dependabot-preview[bot]
a7fa59a70b
[MISC] (deps): Bump @craco/craco from 5.9.0 to 6.0.0 in /web (#1515)
Bumps [@craco/craco](https://github.com/gsoft-inc/craco) from 5.9.0 to 6.0.0.
- [Release notes](https://github.com/gsoft-inc/craco/releases)
- [Commits](https://github.com/gsoft-inc/craco/compare/v5.9.0...v6.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-09 06:25:31 +11:00
dependabot-preview[bot]
d7fea74177
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1512)
Bumps golang from 1.15.5-alpine to 1.15.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-07 12:47:48 +11:00
James Elliott
fc034fbabc
[RELEASE] v4.24.0 (#1507) 2020-12-03 18:30:49 +11:00
Amir Zarrinkafsh
0bf192aae0
[CI] Adjust reviewdog filtermode for linting (#1506)
This will ensure that linter errors are picked up for the entire codebase instead of just against the default of [added/modified lines](https://github.com/reviewdog/reviewdog#added-default).
2020-12-03 18:06:42 +11:00
James Elliott
426f5260ad
[FEATURE] LDAP StartTLS (#1500)
* add start_tls config option
* add StartTLS method to the LDAP conn factory and the mock
* implemented use of the StartTLS method when the config is set to true
* add mock unit tests
* add docs
* add TLS min version support
* add tests to tls version method
* fix lint issues
* minor adjustments
* remove SSL3.0
* add tls consts
* deprecate old filter placeholders
* remove redundant fake hashing in file auth provider (to delay username enumeration, was replaced by #993
* make suite ActiveDirectory use StartTLS
* misc adjustments to docs
* suggested changes from code review
* deprecation notice conformity
* add mock test for LDAPS plus StartTLS
2020-12-03 16:23:52 +11:00
dependabot-preview[bot]
ba9e89e750
[MISC] (deps): Bump @material-ui/core from 4.11.1 to 4.11.2 in /web (#1504)
Bumps [@material-ui/core](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui) from 4.11.1 to 4.11.2.
- [Release notes](https://github.com/mui-org/material-ui/releases)
- [Changelog](https://github.com/mui-org/material-ui/blob/v4.11.2/CHANGELOG.md)
- [Commits](https://github.com/mui-org/material-ui/commits/v4.11.2/packages/material-ui)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-03 11:56:46 +11:00
dependabot-preview[bot]
9e90c8b044
[MISC] (deps): Bump @material-ui/icons from 4.9.1 to 4.11.2 in /web (#1503)
Bumps [@material-ui/icons](https://github.com/mui-org/material-ui/tree/HEAD/packages/material-ui-icons) from 4.9.1 to 4.11.2.
- [Release notes](https://github.com/mui-org/material-ui/releases)
- [Changelog](https://github.com/mui-org/material-ui/blob/v4.11.2/CHANGELOG.md)
- [Commits](https://github.com/mui-org/material-ui/commits/v4.11.2/packages/material-ui-icons)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-03 11:35:45 +11:00
dependabot-preview[bot]
c9837568b5
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1501)
Bumps haproxy from 2.3.1-alpine to 2.3.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-03 09:54:21 +11:00
dependabot-preview[bot]
e99e7e8be0
[MISC] (deps): Bump @types/jest from 26.0.15 to 26.0.16 in /web (#1498)
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 26.0.15 to 26.0.16.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-02 10:27:11 +11:00
James Elliott
365304a684
[FEATURE] Add Optional Check for Session Username on VerifyGet (#1427)
* Adding the Session-Username header to the /api/verify endpoint when using cookie auth will check the value stored in the session store for the username and the header value are the same.
* use strings.EqualFold to compare case insensitively
* add docs
* add unit tests
* invalidate session if it is theoretically hijacked and log it as a warning (can only be determined if the header doesn't match the cookie)
* add example PAM script
* go mod tidy
* go mod bump to 1.15
2020-12-02 10:03:44 +11:00
dependabot-preview[bot]
9d3bc378ac
[MISC] (deps): Bump @craco/craco from 5.8.0 to 5.9.0 in /web (#1496)
Bumps [@craco/craco](https://github.com/gsoft-inc/craco) from 5.8.0 to 5.9.0.
- [Release notes](https://github.com/gsoft-inc/craco/releases)
- [Commits](https://github.com/gsoft-inc/craco/compare/v5.8.0...v5.9.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-01 08:58:10 +11:00