1
0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Commit Graph

12 Commits

Author SHA1 Message Date
James Elliott
abf1c86ab9
fix(oidc): subject generated for anonymous users ()
Fix and issue that would prevent a correct ID Token from being generated for users who start off anonymous. This also avoids generating one in the first place for anonymous users.
2022-04-25 10:31:05 +10:00
James Elliott
0a970aef8a
feat(oidc): persistent storage ()
This moves the OpenID Connect storage from memory into the SQL storage, making it persistent and allowing it to be used with clustered deployments like the rest of Authelia.
2022-04-07 15:33:53 +10:00
James Elliott
8f05846e21
feat: webauthn ()
This implements Webauthn. Old devices can be used to authenticate via the appid compatibility layer which should be automatic. New devices will be registered via Webauthn, and devices which do not support FIDO2 will no longer be able to be registered. At this time it does not fully support multiple devices (backend does, frontend doesn't allow registration of additional devices). Does not support passwordless.
2022-03-03 22:20:43 +11:00
James Elliott
5a223b5a56
fix(storage): don't check exp against time using sql ()
This is already checked by JWT validation. There is no need and it's leading to timezone issues.

Fixes 
2021-12-04 15:34:20 +11:00
James Elliott
95a5e326a5
fix(storage): postgres schema hardcoded for tables query ()
This removes the hardcoded schema value from the PostgreSQL existing tables query, making it compatible with the new schema config option.
2021-12-03 17:29:55 +11:00
James Elliott
255aaeb2ad
feat(storage): encrypt u2f key ()
Adds encryption to the U2F public keys. While the public keys cannot be used to authenticate, only to validate someone is authenticated, if a rogue operator changed these in the database they may be able to bypass 2FA. This prevents that.
2021-12-03 11:04:11 +11:00
James Elliott
9045b75344
fix(storage): rebind all queries ()
Fixes an issue in the new storage system. We forgot to rebind a few queries to the PostgreSQL compatible format.
2021-12-02 17:06:04 +11:00
James Elliott
f90ca855e3
feat(storage): postgresql schema and ssl options ()
Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process.
2021-12-02 16:36:03 +11:00
James Elliott
a79e4dc592
fix(storage): duo/u2f upsert failure on postgresql ()
This replaces the standard duo_devices upsert with a PostgreSQL specific one and ensures the u2f_devices upsert uses the new unique key for the ON CONFLICT check.
2021-12-02 15:16:45 +11:00
James Elliott
ad8e844af6
feat(totp): algorithm and digits config ()
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm).

Fixes .
2021-12-01 23:11:29 +11:00
James Elliott
347bd1be77
feat(storage): encrypted secret values ()
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes 
2021-11-25 12:56:58 +11:00
James Elliott
3695aa8140
feat(storage): primary key for all tables and general qol refactoring ()
This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database.

Fixes 
2021-11-23 20:45:38 +11:00