Commit Graph

166 Commits

Author SHA1 Message Date
Clément Michaud
6f96e4b119
[DOCS] Add FreeBSD Port as deployment option in README (#1133)
* [DOCS] Add FreeBSD Port as deployment option in README.

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-21 00:22:15 +10:00
fossabot
fdb7edb054
[MISC] Add license scan report and status (#1064)
* Add license scan report and status

Signed off by: fossabot <badges@fossa.com>

* Update README.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-02 10:09:31 +10:00
Clément Michaud
d6bea97a93
[DOCS] Add a roadmap section to the documentation. (#1062)
* [DOCS] Add a roadmap section to the documentation.

Adding the roadmap will likely help people figure out what are the next big
topics that might be missing for them to take the leap and use Authelia.
Maybe some users are also waiting for a feature to unlock some use cases.

* Apply suggestions from code review

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-06-01 16:55:58 +10:00
James Elliott
3f374534ab
[FEATURE] Automatic Profile Refresh - LDAP (#912)
* [FIX] LDAP Not Checking for Updated Groups

* refactor handlers verifyFromSessionCookie
* refactor authorizer selectMatchingObjectRules
* refactor authorizer isDomainMatching
* add authorizer URLHasGroupSubjects method
* add user provider ProviderType method
* update tests
* check for new LDAP groups and update session when:
  * user provider type is LDAP
  * authorization is forbidden
  * URL has rule with group subjects

* Implement Refresh Interval

* add default values for LDAP user provider
* add default for refresh interval
* add schema validator for refresh interval
* add various tests
* rename hasUserBeenInactiveLongEnough to hasUserBeenInactiveTooLong
* use Authelia ctx clock
* add check to determine if user is deleted, if so destroy the
* make ldap user not found error a const
* implement GetRefreshSettings in mock

* Use user not found const with FileProvider
* comment exports

* use ctx.Clock instead of time pkg

* add debug logging

* use ptr to reference userSession so we don't have to retrieve it again

* add documenation
* add check for 0 refresh interval to reduce CPU cost
* remove badly copied debug msg

* add group change delta message

* add SliceStringDelta
* refactor ldap refresh to use the new func

* improve delta add/remove log message

* fix incorrect logic in SliceStringDelta
* add tests to SliceStringDelta

* add always config option
* add tests for always config option
* update docs

* apply suggestions from code review

Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>

* complete mocks and fix an old one
* show warning when LDAP details failed to update for an unknown reason

* golint fix

* actually fix existing mocks

* use mocks for LDAP refresh testing

* use mocks for LDAP refresh testing for both added and removed groups

* use test mock to verify disabled refresh behaviour
* add information to threat model
* add time const for default Unix() value

* misc adjustments to mocks

* Suggestions from code review

* requested changes
* update emails
* docs updates
* test updates
* misc

* golint fix

* set debug for dev testing

* misc docs and logging updates

* misc grammar/spelling

* use built function for VerifyGet

* fix reviewdog suggestions

* requested changes

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-04 21:39:25 +02:00
James Elliott
e95c6a294d
[HOTFIX] Prevent Username Enumeration (#950)
* [HOTFIX] Prevent Username Enumeration

* thanks to TheHllm for identifying the bug: https://github.com/TheHllm
* temporarily prevents username enumeration with file auth
* proper calculated and very slightly random fix to come

* closely replicate behaviour

* allow error to bubble up

* Synchronize security documentation.

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-02 00:32:09 +02:00
Clément Michaud
f92480b44b
[DOCS] Add SECURITY.md and update README.md. (#906)
* Add SECURITY.md and update README.md.

* Align README.md and SECURITY.md with the security documentation.
2020-04-24 10:29:30 +10:00
Amir Zarrinkafsh
9eb9d107f1
[DEPRECATE] Remove migration tools from latest version of Authelia (#894)
* [DEPRECATE] Remove migration tools from latest version of Authelia
Also update references to point to container version 4.14.2 for any of the migration examples.

* [DOCS] Remove v4 release statement in README.md
2020-04-22 13:55:30 +10:00
jess
aae665eff2
[MISC] Activating Open Collective (#601)
* Added financial contributors to the README

* Update README.md

* Update README.md

* Add logos to README.md

* Update README.md

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-04-09 00:10:33 +02:00
Amir Zarrinkafsh
a71ca1903d
[RELEASE] v4.11.0 (#810) 2020-04-01 10:53:48 +11:00
Amir Zarrinkafsh
5fc3b26cf5
[RELEASE] v4.10.0 (#799) 2020-03-31 12:04:22 +11:00
Amir Zarrinkafsh
6f116202f4
[RELEASE] v4.9.1 (#790) 2020-03-28 19:53:03 +11:00
Amir Zarrinkafsh
85cd75ffdf
[DOCS] Minor tweaks for compose bundles (#786) 2020-03-27 11:51:16 +11:00
Amir Zarrinkafsh
e843a52a04
[Docker] Include docker-compose.yml examples to run Authelia (#642)
* [Docker] Create Lite docker-compose.yml example

* [Docker] Update README.md with 3 compose bundles {Local,Lite,Full}

* [DOCS] Update Traefik2 proxy example

* [Docker] Create Local docker-compose.yml example

* [MISC] Update examples to utilise Traefik 2.2
This change enables global http -> https redirection.

* [Docker] Update Local compose to utilise loopback address

* [Docker] Drop compose version to 3.3 to cater for more distros

* [DOCS] Adjust Getting Started

* [Docker] Tweak Local bundle setup for OSX

* [Docker] Optimise setup.sh for Local bundle

* [Docker] Fix read-only mounting of user database

* [DOCS] Implement feedback for compose bundles

* [DOCS] Provide feedback on self-signed certificates

* [DOCS] Implement additional feedback for compose bundles

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-03-27 10:43:10 +11:00
James Elliott
c366233152
[RELEASE] v4.9.0 (#780) 2020-03-25 13:24:12 +11:00
Clément Michaud
8dc1f898d8
[RELEASE] v4.8.0 (#765) 2020-03-21 15:22:49 +01:00
Amir Zarrinkafsh
4f95865d56
[RELEASE] v4.7.2 (#714) 2020-03-16 20:32:06 +11:00
Amir Zarrinkafsh
7145ccc228
[RELEASE] v4.7.1 (#712) 2020-03-15 23:41:56 +11:00
Amir Zarrinkafsh
c575fda619
[RELEASE] v4.7.0 (#708) 2020-03-15 19:07:02 +11:00
Clément Michaud
aea1728afc
[RELEASE] v4.6.0 (#688) 2020-03-06 22:26:25 +01:00
James Elliott
c358ccca51
[RELEASE] v4.5.1 (#672) 2020-03-01 12:51:26 +11:00
Clément Michaud
b5a9e0f047
[DOCS] Update links in README to reference docs.authelia.com. (#667)
* [DOCS] Update links in README to reference docs.authelia.com.

* Move report section of security to the top level page.

* Fix ordering of sub-pages of 2FA feature.
2020-03-01 00:27:23 +01:00
Amir Zarrinkafsh
ac313ac89b
[DOCS] Update from Microbadger to shields.io docker badges (#666) 2020-03-01 00:12:23 +11:00
Clément Michaud
70866825c4
[DOCS] Add pointer to the documentation in README. (#663) 2020-02-29 23:22:43 +11:00
Clément Michaud
7102b258a1
[RELEASE] v4.5.0 (#657) 2020-02-28 01:23:53 +01:00
Amir Zarrinkafsh
fc526bc927
[RELEASE] 4.4.0 2020-02-19 10:01:34 +11:00
Amir Zarrinkafsh
f1a89de2e7
[MISC] Restructure repo folder layout (#628) 2020-02-09 18:04:27 +01:00
Clément Michaud
c2c4d9da79
Add a goreport card badge (#627) 2020-02-07 17:59:12 +01:00
Clement Michaud
9b99420ca0 4.3.0 2020-02-05 09:51:36 +01:00
Clément Michaud
426b29c382
[MISC] Add a CONTRIBUTING.md to the project. (#604) 2020-02-01 22:05:43 +11:00
Amir Zarrinkafsh
e646323555 [MISC] Fix AUR badge links in README.md 2020-01-28 10:06:03 +11:00
Amir Zarrinkafsh
107126929b Update README.md with AUR references and remove CHANGELOG.md (#576)
* Update README.md
Provide badges and references to the AUR for Arch Linux Authelia packages.
Closes #571 #572.

* Add systemd unit file
Include the unit in future release artifacts.

* Remove CHANGELOG.md
As of future releases Changelog details will dynamically be generated.

* Update README.md
Add badge for authelia-git package.

* Update Changelog to only publish explicit Docker tag
Do not include Major and Minor versions, as these will change over time.
2020-01-24 10:21:17 +01:00
Amir Zarrinkafsh
1059551133
Optimise deploy artifacts step (#564)
* Optimise deploy artifacts step
authelia-scripts is not required to publish GitHub artifacts as we utilise [Hub](https://hub.github.com/), this should save ~10 seconds in this step.

* Specify release number in pipeline

* Change buildkite and github published artifacts back to gzip

* Update README.md
2020-01-20 10:53:55 +11:00
Clement Michaud
aafd8fdbd8 Add a sponsorship badge and section to README. 2020-01-19 22:55:37 +01:00
Clement Michaud
99830d95f6 Add a section on vulnerability reporting under security in README. 2020-01-19 22:55:37 +01:00
Clément Michaud
6054addfcc
Update README.md 2020-01-19 00:31:08 +01:00
Amir Zarrinkafsh
68919a3b4e Update README.md
Remove Gitter badge and add Matrix badge, a Matrix <-> Gitter bridge exists to allow communication across the two channels.
2020-01-19 10:28:29 +11:00
Amir Zarrinkafsh
1f684dbc75 Update README.md 2020-01-18 11:17:25 +11:00
Clément Michaud
bb24cf16f7
Update README.md 2020-01-18 00:41:29 +01:00
Amir Zarrinkafsh
9b8be0fef0 Remove Travis and promote Buildkite (#545)
* Remove Travis and promote Buildkite

* Add Docker Size badge to README.md

* Call MicroBadger webhook to update metadata for shields

Add updateMicroBadger function and refactor publishDockerReadme to be called explicitly instead of on every deployManifest call.
2020-01-16 21:57:44 +01:00
Amir Zarrinkafsh
6cd79d0c4b Update README.md for HAProxy references 2020-01-10 11:41:01 +01:00
Amir Zarrinkafsh
fabb76754e
Rename org from clems4ever to authelia
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
Clement Michaud
f6d2029e2c Introduce architecture schema in the README. 2019-12-10 12:27:42 +01:00
Clement Michaud
d4e236bc66 Update README to announce v4 has been released. 2019-12-09 13:03:12 +01:00
Clément Michaud
778f069013
Update README.md 2019-12-07 14:39:21 +01:00
Clement Michaud
61c1365ba2 Update README and documentation to close refactoring. 2019-12-05 23:20:12 +01:00
Clément Michaud
cdb87522f4
Fix typo in Readme 2019-12-05 11:10:02 +01:00
Clément Michaud
31cf6980cb
Remove reference to package.json 2019-12-05 11:07:28 +01:00
Clément Michaud
02971ff52c
Update README.md 2019-11-20 18:49:37 +01:00
Clement Michaud
eafd9330dc Update documentation to introduce migration scripts. 2019-11-19 00:11:53 +01:00
Amir Zarrinkafsh
51465f8b77 Sync README.md from GitHub to DockerHub after push-manifest 2019-11-10 11:51:24 +01:00
Clément Michaud
0f248a01e9
Update README.md 2019-11-09 12:43:45 +01:00
Clement Michaud
b1d59dcec4 Add documentation on Authelia v4 in README and add a migration document. 2019-10-29 00:40:45 +01:00
Clément Michaud
eee8c59562
Remove reference to CONTRIBUTORS.md in readme. 2019-10-19 18:34:14 +02:00
Clément Michaud
8478216e5d
Update README.md 2019-04-25 13:36:14 +02:00
Clement Michaud
5a195f7ebd Update README to mention nginx and Traefik and update images. 2019-04-17 23:06:56 +02:00
Clément Michaud
e0dab01442
Update README.md 2019-04-17 00:28:31 +02:00
Clement Michaud
743b84aeaa Change license from MIT to Apache 2.0. 2019-04-16 23:40:15 +02:00
Clement Michaud
ab8402314b Add a link to the breaking changes markdown in README. 2019-04-16 22:58:45 +02:00
Clement Michaud
8a76b5118d Add network criteria in ACLs to specify policy based on network subnet. 2019-03-31 20:11:07 +02:00
Clément Michaud
c2810101a4
Update README.md 2019-03-25 09:04:58 +01:00
Clement Michaud
4eaafb7115 Update the documentation to include information on Duo. 2019-03-24 18:45:32 +01:00
Clement Michaud
76fa325f08 [BREAKING] Create a suite for kubernetes tests.
Authelia client uses hash router instead of browser router in order to work
with Kubernetes nginx-ingress-controller. This is also better for users having
old browsers.

This commit is breaking because it requires to change the configuration of the
proxy to include the # in the URL of the login portal.
2019-03-16 00:13:27 +01:00
Clement Michaud
de15dc52dd Add details on how to deploy Authelia in a dev environment.
Also improve some part of the documentation.
2018-11-16 15:30:26 +01:00
Clement Michaud
82e51e1a71 Improve CONTRIBUTE section of the README. 2018-11-15 22:47:27 +01:00
Clement Michaud
fac17671ee Fix broken link to getting-started in README.md 2018-11-03 13:29:06 +01:00
Clement Michaud
6efa6241d3 Fix image in README.md 2018-08-30 11:33:55 +02:00
Clement Michaud
03c6a4072b Add snyk badge. 2018-08-30 11:26:13 +02:00
Clément Michaud
878add767f Update and rename CONTRIBUTORS.md to CONTRIBUTING.md.
Update README.md to reference this new file.
2018-08-29 00:28:20 +02:00
Clement Michaud
91032a1d3c Add back gitter link instead of Slack. 2018-08-28 21:04:57 +02:00
Clement Michaud
5e4c401efe Add Paypal donation buttons in README. 2018-08-27 22:51:41 +02:00
Clément Michaud
a515ce83c7
Refactor README into several documents unders docs directory. (#265) 2018-08-26 23:46:15 +02:00
Clement Michaud
d55a7101f1 Update README to mention kubernetes in the description
Also add a link to the wiki.
2018-05-02 22:12:33 +02:00
Clement Michaud
185419e09e Update README to reference kubernetes deployment documentation 2018-04-25 08:51:43 +02:00
Clement Michaud
6586402114 Support 'redirect' in /api/verify endpoint to support Traefik
Traefik handles auth forwarding but does not manage redirections like Nginx.
Therefore, Authelia must redirect the user and Traefik will forward this
request.

To support both Nginx and Traefik, /api/verify is now configurable with the
'redirect' get parameter. If the verification fails and 'redirect' is not
provided the response will be a 401 error as before.
If the parameter is provided and set to any URL, the response will be a
redirection (302) to this URL.
2017-12-04 22:52:33 +01:00
Clement Michaud
a8974a9d8e Change domain from test.local to example.com
Warning: you will need to update your /etc/hosts to take this change into
account for the example environment to work.
2017-11-03 00:20:10 +01:00
Clement Michaud
009e7c2b78 Add basic authorization support for single-factor protected endpoints
One can now access a service using the basic authorization mechanism. Note the
service must not be protected by 2 factors.

The Remote-User and Remote-Groups are forwarded from Authelia like any browser
authentication.
2017-11-01 19:38:05 +01:00
Clement Michaud
6d11801d56 Change the how-to to build Authelia in the README 2017-10-31 22:11:01 +01:00
Clement Michaud
22d56b1faa Change basicauth.test.local into single_factor.test.local 2017-10-31 07:27:36 +01:00
Clement Michaud
a3560ef8d3 Add possible security measures in README 2017-10-31 07:27:36 +01:00
Clement Michaud
cd0a93f027 Rename authentication method from 'basic_auth' to 'single_factor' 2017-10-31 07:27:36 +01:00
Clement Michaud
0b33982701 Add notes on security measures deployed in Authelia in README 2017-10-16 20:56:26 +02:00
Clément Michaud
d5035b8704 Merge pull request #131 from clems4ever/disable-second-factor
Allow basic authentication in configuration
2017-10-09 23:27:36 +02:00
Clement Michaud
a0aab77449 Add a section dealing with basic auth in README 2017-10-09 01:14:19 +02:00
Clement Michaud
e4274fbe1b Add a note about filesystem notifier option
This note tells the users testing with npm that they can enable the
filesystem notifier feature to test identity validation without access
to mailcatcher webmail.
2017-10-08 22:58:56 +02:00
Clément Michaud
1636fc27e5 Fix bad merge on README.md 2017-09-25 13:32:25 +02:00
Clement Michaud
4cd78f3f83 Add SMTP notifier as an available option in configuration
One can now plug its own SMTP server to send notifications
for identity validation and password reset requests.

Filesystem has been removed from the template configuration file
since even tests now use mail catcher (the fake webmail) to
retrieve the email and the confirmation link.
2017-09-24 23:20:45 +02:00
Clement Michaud
cf16272a73 Refine access control with per resource ACLs
ACLs can now be defined by subdomain AND resource using pattern matching
with regular expressions.
It allows a very fine-grained access control to backend resources.

[Note] For using example environmnent, user must update its /etc/hosts with
new subdomains updated in README.
2017-09-24 21:39:47 +02:00
FrozenDragoon
e644fe7b7b Split example scripts, allow running example using pre-built docker container (example-dockerhub) or build build from source, as it is now (example-commit). 2017-09-05 06:32:50 -05:00
Clement Michaud
64c06fd6b8 Parameterize authentication regulation via configuration file. Both for flexibility and for testing purposes. 2017-09-03 12:48:35 +02:00
Clement Michaud
c12a085f8e Replace mocha integration tests by cucumber tests 2017-07-31 22:20:33 +02:00
Clément Michaud
b0e3038aa6 Add an howto to create a customized config file from config.template.yml in the "Deployment" section. 2017-07-20 11:43:48 +02:00
Clement Michaud
7cac4b8292 Add "chat on gitter" badge in the readme 2017-07-18 00:50:47 +02:00
Clement Michaud
74cbfc637b Add system tests to test the example from end user point of view 2017-07-16 14:55:01 +02:00
Clement Michaud
d55306cf43 Update README with session management and add a table of contents 2017-07-14 00:52:07 +02:00
Clement Michaud
03c1088a92 Update the README to take example environment changes and new deployment command into account 2017-06-29 13:09:13 +02:00
Clement Michaud
0978c6bebc Package the build in a script and update image sizes in README. 2017-06-16 18:16:41 +02:00
Clement Michaud
ddf1e48535 Refactor client to make it responsive and testable 2017-06-16 18:16:38 +02:00
Clement Michaud
976dd6b87c Update README to add 'grunt build' command before deploying docker services 2017-06-16 18:16:38 +02:00
Clement Michaud
7d21f8d5df Edit README to make the user add more subdomains in /etc/hosts for testing the example locally 2017-03-25 19:10:59 +01:00
Clement Michaud
38a4570b24 Edit the README to add an access control section and update the user base 2017-03-25 15:41:11 +01:00