Clement Michaud
a5592252c7
Bump npm dependencies
2018-03-23 10:13:00 +01:00
Clement Michaud
3f6c375446
3.7.0
2017-11-28 22:40:42 +01:00
Clement Michaud
515a82eb8d
Add links and tooltips at second factor stage to better guide the user
...
A link to U2F explains what is a U2F security key and how they are used.
A tooltip on U2F device registration link is telling the user he needs a
security key to register.
2017-11-28 21:56:50 +01:00
Clement Michaud
ca885e4b15
Fix not working u2f when using Firefox
...
The u2f-api package does not use the official u2f script provided by Yubikey.
Unfortunately, it was blocked by Firefox. This change reintroduces the
official u2f script.
2017-11-09 00:21:24 +01:00
Clement Michaud
e3e1235755
Fix unhandled error exception thrown by Bluebirds in tests
2017-11-01 16:30:51 +01:00
Clement Michaud
6d11801d56
Change the how-to to build Authelia in the README
2017-10-31 22:11:01 +01:00
Clement Michaud
7b68a543bf
Strengthen password in LDAP using SHA512 crypt algorithm
...
Uses the crypt() function to do password encryption. This function handles
several schemes such as: MD5, Blowfish, SHA1, SHA2.
SHA-512 is used in Authelia for best security.
The algorithm is fully described in
https://www.akkadia.org/drepper/SHA-crypt.txt
The 'crypt3' npm package has been added as a dependency to use the crypt()
function. The package needs to be compiled in order to call the c function,
that's why python, make and C++ compiler are installed temporarily in the
Docker image.
2017-10-31 07:27:36 +01:00
Clement Michaud
5570ac3d84
3.6.0
2017-10-16 22:32:55 +02:00
Clement Michaud
bf3e71d732
Fix unhandled rejections in unit tests
2017-10-15 01:34:37 +02:00
Clement Michaud
3a88ca95b8
Check TOTP token with window of 1
...
A window of 1 means the token is checked against current time slot T
as well as at time slot T-1 and T+1.
A time slot is 30 seconds by default in Authelia.
2017-10-15 00:44:10 +02:00
Clément Michaud
f041b946d9
Merge pull request #140 from clems4ever/improve-endpoint-errors
...
Every public endpoints return 200 with harmonized error messages or 401
2017-10-14 12:22:24 +02:00
Clement Michaud
56fdc40290
Every public endpoints return 200 with harmonized error messages or 401
...
Now, /verify can return 401 or 403 depending on the user authentication.
Every public API endpoints and pages return 200 with error message in
JSON body or 401 if the user is not authorized.
This policy makes it complicated for an attacker to know what is the source of
the failure and hide server-side bugs (not returning 500), bugs being potential
threats.
2017-10-14 11:57:38 +02:00
Clement Michaud
2a3fde5ee7
Add a schema validator to check user configuration
2017-10-10 01:14:36 +02:00
Clement Michaud
46deb765bb
3.5.0
2017-10-09 01:15:40 +02:00
Clement Michaud
78f6028c1b
Improve logging format for clarity
...
Previously, logs were not very friendly and it was hard to track
a request because of the lack of request ID.
Now every log message comes with a header containing: method, path
request ID, session ID, IP of the user, date.
Moreover, the configurations displayed in the logs have their secrets
hidden from this commit.
2017-10-08 22:33:50 +02:00
Clement Michaud
d86a3f8393
3.4.2
2017-10-08 16:11:16 +02:00
Clement Michaud
f3f61d4e13
3.4.1
2017-10-08 14:48:46 +02:00
Clement Michaud
d8ff186303
Split client and server
...
Client and server now have their own tsconfig so that the transpilation is only
done on the part that is being modified.
It also allows faster transpilation since tests are now excluded from tsconfig.
They are compiled by ts-node during unit tests execution.
2017-10-07 00:49:42 +02:00
Clement Michaud
444d278a1e
3.4.0
2017-10-04 21:53:19 +02:00
Clement Michaud
4cd78f3f83
Add SMTP notifier as an available option in configuration
...
One can now plug its own SMTP server to send notifications
for identity validation and password reset requests.
Filesystem has been removed from the template configuration file
since even tests now use mail catcher (the fake webmail) to
retrieve the email and the confirmation link.
2017-09-24 23:20:45 +02:00
Clement Michaud
0a33b2d5ee
Add logs to detect redis connection issues earlier
...
Before this fix, the application was simply crashing during execution
when connection to redis was failing.
Now, it is correctly handled with failing promises and logs have been
enabled to clearly see the problem
2017-09-22 20:52:05 +02:00
FrozenDragoon
489dbf9e30
Merge branch 'master' into feature-dockercompose
2017-09-11 13:28:39 -05:00
Clement Michaud
1643f4779c
3.3.19
2017-09-09 01:36:36 +02:00
Clement Michaud
f4926ac138
Fix npm package missing dist directory
2017-09-09 00:43:19 +02:00
Clement Michaud
85834befb6
3.3.2
2017-09-05 00:43:06 +02:00
Clement Michaud
dbb936679c
Try to fix issue with npm publishing
2017-09-05 00:43:00 +02:00
Clement Michaud
432568f8f5
3.3.1
2017-09-04 23:49:15 +02:00
Clement Michaud
d4a2b5dab9
Try to fix issue with npm publishing
2017-09-04 23:49:11 +02:00
Clement Michaud
86bb5c5a19
3.3.0
2017-09-04 21:51:58 +02:00
Clement Michaud
690c73e557
Fix installing authelia with npm install -g
2017-09-04 21:42:59 +02:00
Clement Michaud
50636587a8
Notifications to users do not use notifyjs anymore. They are more common and located in the form areas to improve visibility on mobile devices.
2017-09-02 16:33:57 +02:00
Clement Michaud
7be61d7357
3.2.0
2017-08-03 00:58:04 +02:00
Clement Michaud
c12a085f8e
Replace mocha integration tests by cucumber tests
2017-07-31 22:20:33 +02:00
Clement Michaud
e45ac39c8f
Add Mongo as scalable and resilient storage backend
2017-07-31 00:29:00 +02:00
Clement Michaud
1de4155ac9
3.1.4
2017-07-19 21:07:51 +02:00
Clement Michaud
8f797c025a
3.1.3
2017-07-19 00:44:42 +02:00
Clement Michaud
aa863f23fa
3.1.2
2017-07-17 23:27:33 +02:00
Clement Michaud
2242f0b9ce
3.1.1
2017-07-16 16:31:32 +02:00
Clement Michaud
5873a4c328
3.1.0
2017-07-16 15:07:51 +02:00
Clement Michaud
f516aaf243
Adding one integration test for redis
2017-07-14 00:25:11 +02:00
Clement Michaud
925b58fabc
Add redis option to the express-session middleware
2017-07-13 23:14:31 +02:00
Clément Michaud
888bdd2bf9
Merge pull request #45 from clems4ever/ldap-bind
...
Fix LDAP search operation when user has no rights to search attributes in DB.
2017-07-13 21:47:09 +02:00
Clement Michaud
b3f755ac24
Upgrade nodemailer, request and assert npm packages
2017-06-29 18:56:41 +02:00
Clement Michaud
e56c2492ed
Fix integration test and package Travis scripts
2017-06-29 13:09:08 +02:00
Clement Michaud
0b96a0547d
3.0.1
2017-06-19 10:23:56 +02:00
Clement Michaud
1a6f3137eb
npm install breaks because it does not find entrypoint file
2017-06-19 10:14:08 +02:00
Clement Michaud
29c8e7e954
3.0.0
2017-06-16 18:16:41 +02:00
Clement Michaud
ddf1e48535
Refactor client to make it responsive and testable
2017-06-16 18:16:38 +02:00
Clement Michaud
e849768a0f
2.1.9
2017-06-01 22:46:47 +02:00
Clement Michaud
b804882ce0
2.1.8
2017-06-01 22:35:46 +02:00
Clement Michaud
361e36c566
2.1.7
2017-06-01 22:32:40 +02:00
Clement Michaud
15a95163f4
2.1.6
2017-06-01 22:23:08 +02:00
Clement Michaud
66bc6e8ec4
2.1.5
2017-06-01 22:16:33 +02:00
Clement Michaud
8a297b5db5
2.1.4
2017-06-01 22:10:18 +02:00
Clement Michaud
9e89a690fb
Finish migration to typescript
2017-05-21 22:45:54 +02:00
Clement Michaud
c98c07832d
Move TOTP authenticator to typescript
2017-05-21 12:14:59 +02:00
Clement Michaud
bf74667726
Move TOTP Validator and Generator to typescript
2017-05-20 19:16:57 +02:00
Clement Michaud
57278a7306
Move notifiers to typescript
2017-05-20 16:01:56 +02:00
Clement Michaud
b0c6c61df5
Migrate server to typescript
2017-05-20 16:01:18 +02:00
Clement Michaud
e1b7877c24
Fix packaging in travis
2017-05-20 16:00:55 +02:00
Clement Michaud
4356cfe7c1
First step to typescript transformation
2017-05-20 16:00:47 +02:00
Clement Michaud
6f8b95b0ce
2.1.3
2017-05-14 21:49:40 +02:00
Clement Michaud
0b3499f68f
2.1.2
2017-05-14 17:00:13 +02:00
Clement Michaud
dabd24e06a
Adding integration tests for testing the example deployment
2017-05-14 16:50:57 +02:00
Clement Michaud
32ff6cb387
Remove qrcode dependency as an npm package and replace it with a client side cross-browser library that generates qrcodes
2017-05-14 13:37:05 +02:00
Clement Michaud
55c56e5da8
2.1.1
2017-04-10 23:36:18 +02:00
Clement Michaud
4dbc39ecc6
2.1.0
2017-03-25 19:33:44 +01:00
Clement Michaud
1fc27083c9
2.0.5
2017-03-16 22:37:35 +01:00
Clement Michaud
c2c47eee85
Fix url to git repository in package.json
2017-03-16 22:37:30 +01:00
Clement Michaud
8cd80bfd96
2.0.4
2017-03-16 22:33:56 +01:00
Clement Michaud
e4a8f39dba
2.0.3
2017-03-16 01:32:56 +01:00
Clement Michaud
95130f491c
2.0.2
2017-03-16 00:02:13 +01:00
Clement Michaud
e21f865631
2.0.1
2017-01-29 18:16:27 +01:00
Clement Michaud
85212e1afb
2.0.0
2017-01-29 18:16:04 +01:00
Clement Michaud
7008d9d0bb
Add content in the configuration section of the README. Create a npm command called authelia
2017-01-29 16:55:23 +01:00
Clement Michaud
2cc854b968
Adding ApiDoc documentation to the repository
2017-01-29 01:33:48 +01:00
Clement Michaud
5be5b34522
Remove temporarily integration tests
2017-01-28 20:13:56 +01:00
Clement Michaud
90494407a9
Register TOTP secrets per user
2017-01-28 18:27:54 +01:00
Clement Michaud
05046338ed
Implement password reset
2017-01-27 01:20:03 +01:00
Clement Michaud
d3db94105e
Registration process sends an email to allow user to register its U2F device
2017-01-22 17:54:45 +01:00
Clement Michaud
8b4339f8da
Use filesystem data store to save u2f meta info
2017-01-21 20:24:35 +01:00
Clement Michaud
9670b23a8b
Implement FIDO u2f authentication
2017-01-21 17:41:06 +01:00
Clement Michaud
d21164af58
Validate first factor through a post request
2017-01-19 01:01:37 +01:00
Clement Michaud
d54384a4e9
1.0.11
2017-01-12 23:28:23 +01:00
Clement Michaud
5ca8767142
1.0.10
2016-12-18 13:42:23 +01:00
Clement Michaud
7e2f43266d
Adding description to the npm package
2016-12-18 13:42:17 +01:00
Clement Michaud
b4e04ff330
1.0.9
2016-12-18 13:32:01 +01:00
Clement Michaud
14bc709228
1.0.8
2016-12-18 13:08:31 +01:00
Clement Michaud
4a81b7e831
1.0.7
2016-12-18 03:14:00 +01:00
Clement Michaud
a2395a0e9e
Fix publication in npm
2016-12-18 03:05:13 +01:00
Clement Michaud
41b7440ab5
1.0.1
2016-12-18 01:54:24 +01:00
Clement Michaud
318bf33d2c
Move unit tests to unitary directory and add integration tests
2016-12-18 00:07:56 +01:00
Clement Michaud
e13315eb92
Move files from app to src and tests in root directory + adding more tests
2016-12-17 02:06:40 +01:00
Clement Michaud
d7d743bdfa
First commit with tests
2016-12-10 01:47:58 +01:00