Commit Graph

69 Commits

Author SHA1 Message Date
Clement Michaud
cf16272a73 Refine access control with per resource ACLs
ACLs can now be defined by subdomain AND resource using pattern matching
with regular expressions.
It allows a very fine-grained access control to backend resources.

[Note] For using example environmnent, user must update its /etc/hosts with
new subdomains updated in README.
2017-09-24 21:39:47 +02:00
Clement Michaud
d005b83365 Set headers values Remote-User and Remote-Groups in /verify response 2017-09-22 21:25:15 +02:00
Clement Michaud
0a33b2d5ee Add logs to detect redis connection issues earlier
Before this fix, the application was simply crashing during execution
when connection to redis was failing.

Now, it is correctly handled with failing promises and logs have been
enabled to clearly see the problem
2017-09-22 20:52:05 +02:00
Clement Michaud
7128970a53 Add redirection URL as a query parameter during authentication
Before this fix, the redirection URL was stored in the user session,
but this has a big drawback since user could open several pages in
browser and thus override the redirection URL leading the user to
be incorrectly redirected.
2017-09-22 17:53:18 +02:00
FrozenDragoon
489dbf9e30 Merge branch 'master' into feature-dockercompose 2017-09-11 13:28:39 -05:00
Clement Michaud
a39605f9d7 Stabilize integration tests by increasing timeouts 2017-09-09 00:43:18 +02:00
FrozenDragoon
e644fe7b7b Split example scripts, allow running example using pre-built docker container (example-dockerhub) or build build from source, as it is now (example-commit). 2017-09-05 06:32:50 -05:00
Clement Michaud
85462be268 Wait for notifications to fade out before going forward in integration test steps. 2017-09-03 15:02:38 +02:00
Clement Michaud
98aa23ed5e Fix client notifications not fading out after few seconds 2017-09-03 13:00:02 +02:00
Clement Michaud
64c06fd6b8 Parameterize authentication regulation via configuration file. Both for flexibility and for testing purposes. 2017-09-03 12:48:35 +02:00
Clement Michaud
20536abf8b Introduce LDAP filters to search users and groups for more flexibility. 2017-09-02 22:38:26 +02:00
Clement Michaud
50636587a8 Notifications to users do not use notifyjs anymore. They are more common and located in the form areas to improve visibility on mobile devices. 2017-09-02 16:33:57 +02:00
Clement Michaud
61d0c2e980 Fix typescript transpilation after typescript update 2017-09-01 16:06:02 +02:00
Clement Michaud
928209dc98 Fix redirection after authentication and error page when accessing restricted pages 2017-08-03 00:41:13 +02:00
Clement Michaud
c12a085f8e Replace mocha integration tests by cucumber tests 2017-07-31 22:20:33 +02:00
Clement Michaud
e45ac39c8f Add Mongo as scalable and resilient storage backend 2017-07-31 00:29:00 +02:00
Clement Michaud
fd59044f5e Open and close ldap client after each operation to avoid issues with idle connections and ECONNRESET exceptions 2017-07-19 20:59:39 +02:00
Clement Michaud
6d5fc84693 Add an icon to the webpages of example 2017-07-16 16:19:44 +02:00
Clement Michaud
74cbfc637b Add system tests to test the example from end user point of view 2017-07-16 14:55:01 +02:00
Clement Michaud
8f152d2328 Fix example environment 2017-07-14 19:05:42 +02:00
Clement Michaud
f516aaf243 Adding one integration test for redis 2017-07-14 00:25:11 +02:00
Clement Michaud
94f5a1f256 Fix unit tests of SessionConfigurationBuilder 2017-07-13 23:21:33 +02:00
Clement Michaud
e947fed979 Read configuration of redis from the yaml file. 2017-07-13 23:17:04 +02:00
Clement Michaud
925b58fabc Add redis option to the express-session middleware 2017-07-13 23:14:31 +02:00
Clement Michaud
e56c2492ed Fix integration test and package Travis scripts 2017-06-29 13:09:08 +02:00
Clement Michaud
0414d28e2b Fix LDAP binding non working on servers with restricted ACL rules and add unit tests 2017-06-29 11:29:33 +02:00
Clement Michaud
ddf1e48535 Refactor client to make it responsive and testable 2017-06-16 18:16:38 +02:00
Clement Michaud
f96074b0c9 Fix redirection url sent by email during identity validation 2017-06-16 18:16:38 +02:00
Clement Michaud
9fddcc7e93 Fix issue with domain access during first factor phase 2017-05-22 00:19:38 +02:00
Clement Michaud
9e89a690fb Finish migration to typescript 2017-05-21 22:45:54 +02:00
Clement Michaud
e3257b81a5 Move denyNotLogged function to typescript 2017-05-21 13:11:54 +02:00
Clement Michaud
fad23ff3be Move Authentication validator and routes to typescript 2017-05-21 12:58:12 +02:00
Clement Michaud
c98c07832d Move TOTP authenticator to typescript 2017-05-21 12:14:59 +02:00
Clement Michaud
b54c181d27 Move ldap client to typescript 2017-05-21 01:15:34 +02:00
Clement Michaud
bada70cf64 Move exceptions to typescript 2017-05-20 22:55:37 +02:00
Clement Michaud
bf74667726 Move TOTP Validator and Generator to typescript 2017-05-20 19:16:57 +02:00
Clement Michaud
40e02d23bf Move access-control feature to typescript 2017-05-20 17:30:42 +02:00
Clement Michaud
57278a7306 Move notifiers to typescript 2017-05-20 16:01:56 +02:00
Clement Michaud
b0c6c61df5 Migrate server to typescript 2017-05-20 16:01:18 +02:00
Clement Michaud
923886667d moving authentication regulator to typescript 2017-05-20 16:01:09 +02:00
Clement Michaud
4356cfe7c1 First step to typescript transformation 2017-05-20 16:00:47 +02:00
Clement Michaud
6d24e82835 Remove '/authentication/' base path from endpoint URLs 2017-05-14 17:41:56 +02:00
Clement Michaud
dabd24e06a Adding integration tests for testing the example deployment 2017-05-14 16:50:57 +02:00
Clement Michaud
32ff6cb387 Remove qrcode dependency as an npm package and replace it with a client side cross-browser library that generates qrcodes 2017-05-14 13:37:05 +02:00
Clement Michaud
b403cfe2f8 Rework the configuration of the access control to allow default policy for certain domains 2017-03-25 18:38:14 +01:00
Clement Michaud
e310478e6d Allow per user access control rules 2017-03-25 15:28:57 +01:00
Clement Michaud
2a73b1a431 Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 15:17:21 +01:00
Clement Michaud
4b93338bae Move config adaptation into a module and make it testable 2017-03-22 22:28:54 +01:00
Clement Michaud
c7e4f76b9c Add an LDAP user search filter in the configuration filte to specify the user attribute to search for in LDAP 2017-03-16 01:25:55 +01:00
Clement Michaud
606ddc7308 Handle SSO over multiple subdomains 2017-03-15 23:07:57 +01:00