Commit Graph

2123 Commits

Author SHA1 Message Date
James Elliott
31c5c820f0
refactor(authentication): log ldap warning on startup in rare condition (#2141)
This is so on startup administrators who have a LDAP server implementation that may not support password hashing by default are clearly warned. This only triggers if the disable password reset option is not enabled, we cannot find the extension OID for the Extended Password Modify Operation, and the implementation is not Active Directory. Active Directory has it's own method for this which doesn't advertise an OID.
2021-07-04 15:44:11 +10:00
James Elliott
ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00
Clément Michaud
2dbd7ed219
fix(utils): use lower case in error messages (#2144) 2021-07-04 08:08:24 +10:00
renovate[bot]
907680c035
build(deps): update module github.com/spf13/cobra to v1.2.1 (#2143)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-03 07:04:53 +10:00
Amir Zarrinkafsh
c8b51d1190
build(deps): update swagger-ui to v3.51.1 (#2140) 2021-07-02 19:08:10 +10:00
James Elliott
b2638d4af9
fix(authentication): use passwdmodify oid instead of whoami oid (#2139)
This is the correct OID for the passwdModify Extended Operation.
2021-07-02 11:33:10 +10:00
James Elliott
cb71df5d9b
feat(authentiation): check ldap support for extended operations on startup (#2133)
* feat(authentiation): check ldap server on startup

This PR adds a startup check to the LDAP authentication backend. It additionally adds support for checking supportedExtension OIDs, currently only checking passwdModifyOID (1.3.6.1.4.1.4203.1.11.3). This can relatively easily be enhanced to add detection for other rootDSE capabilities like supportedControl and supportedCapabilities as necessary.

* test(authentication): add unit tests for new feature

* refactor(authentication): factorize ldap user provider newup

* refactor: minor adjustments
2021-07-02 09:16:16 +10:00
renovate[bot]
f759b27bb0
build(deps): update module github.com/spf13/cobra to v1.2.0 (#2138)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-02 08:08:03 +10:00
renovate[bot]
6b5028af49
build(deps): update dependency @types/react to v17.0.13 (#2135)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-02 07:05:59 +10:00
renovate[bot]
a6e344f504
build(deps): update dependency @types/react to v17.0.12 (#2134)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-01 19:30:30 +10:00
renovate[bot]
411c98f68d
build(deps): update dependency typescript to v4.3.5 (#2130)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-01 11:21:38 +10:00
Philipp Staiger
7ff0a39c02
fix(suites): disable cgo for delve during development (#2129)
#2101 introduced a minor regression when using the authelia scripts suite for developing.

The following issues occurred:

```
[00] # runtime/cgo
[00] cgo: exec gcc: exec: "gcc": executable file not found in $PATH
```

Adding the CGO_ENABLED=0 before the dlv build command in the run-backend-dev.sh fixed the issue.
2021-07-01 10:28:24 +10:00
dakriy
851396c972
feat(web): add autocomplete fields to first factor and reset password pages (#2125) 2021-06-30 19:04:55 +02:00
renovate[bot]
87c3985c75
build(deps): update module github.com/valyala/fasthttp to v1.28.0 (#2127)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-30 21:12:03 +10:00
renovate[bot]
b1551e794b
build(deps): update dependency prettier to v2.3.2 (#2122)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-27 14:33:54 +10:00
renovate[bot]
9640b48b60
build(deps): update haproxy docker tag to v2.4.1 (#2120)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-27 14:22:29 +10:00
Amir Zarrinkafsh
636991031d
ci(buildkite): fix conditional for debian packages (#2123) 2021-06-27 13:58:58 +10:00
Amir Zarrinkafsh
4349adb090
ci(buildkite): add conditional for debian package builds with dep bumps (#2121) 2021-06-26 13:56:54 +10:00
Amir Zarrinkafsh
93e20a44e9
feat: build and distribute .deb packages (#2114)
* feat: build and distribute .deb packages

Creates .deb packages for distribution via GitHub releases and Buildkite builds for the following architectures:

* amd64
* armhf
* arm64

* fix: pkgver reference in debpackages.sh

* refactor: split deb packaging jobs and quote variables

* fix: pipeline upload for debpackages

* fix: depends_on key for debpackages

* fix: add depends_on: ~ for debpackages step

* fix: pre-artifact hook for debpackages

* fix: add .deb suffix in pre-artifact hook

* fix: variable reference in debhelper.sh

* refactor: silence wget output in debhelper.sh

* refactor: make build concurrency gate only depend_on docker builds

* refactor: make build concurrency gate also depend_on coverage build

* refactor: remove dependencies for build concurrency gate
2021-06-26 11:45:21 +10:00
Amir Zarrinkafsh
756aee507f
refactor: cra build path (#2117)
* refactor: cra build path

The `authelia-scripts` helper currently performs steps to move files around in different stages of development and CI/CD.

We now utilise the `BUILD_PATH` environment variable to adjust the output directory for the web frontend from the default of `./web/build/` simplifying the helper somewhat.

Additionally we no longer build the Go binary in the unit test stage of our CI/CD as this is not necessary.

* fix: build output directory in coverage dockerfile
2021-06-25 21:53:20 +10:00
Amir Zarrinkafsh
41f1162651
build(deps): update swagger-ui to v3.51.0 (#2118) 2021-06-25 18:46:50 +10:00
renovate[bot]
85ed04e429
build(deps): update dependency react-otp-input to v2.4.0 (#2115)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-24 21:22:30 +10:00
Amir Zarrinkafsh
8db0bc9ae1
refactor: drop qemu binary requirement (#2116)
QEMU binaries no longer need to be baked into containers.
2021-06-24 18:24:47 +10:00
renovate[bot]
5c78dfaa0d
build(deps): update traefik docker tag to v2.4.9 (#2113)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-23 08:49:05 +10:00
James Elliott
524c6eb1dc
docs: refactor access control configuration sections (#1945)
Refactors the access-control configuration documentation to be up-to-date and conform to our style guidelines. Additionally went over each part and reworded things that needed it.
2021-06-22 16:00:45 +10:00
Amir Zarrinkafsh
4cab3a4a4e
refactor: drop cgo requirement for sqlite (#2101)
* refactor: drop cgo requirement for sqlite

Replace github.com/mattn/go-sqlite3 with modernc.org/sqlite which drops our CGO requirement.

* refactor: newline for consistency with dockerfiles
2021-06-22 10:45:33 +10:00
renovate[bot]
f1a4c46196
build(deps): update module github.com/fasthttp/session/v2 to v2.4.0 (#2108)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-22 07:07:26 +10:00
renovate[bot]
92427e2c85
build(deps): update dependency query-string to v7.0.1 (#2109)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-22 06:44:17 +10:00
renovate[bot]
d5fcfeda61
build(deps): update module github.com/fasthttp/router to v1.4.0 (#2107)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-21 22:14:38 +10:00
renovate[bot]
81069101a2
build(deps): update module github.com/valyala/fasthttp to v1.27.0 (#2106)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-21 19:53:24 +10:00
Amir Zarrinkafsh
89a6b24845
refactor(web): move linting and testing deps to dev deps (#2105)
* refactor(web): move eslint and prettier to dev deps

* refactor(web): move chai, enzyme, jest and react-test-renderer
2021-06-21 09:39:17 +10:00
renovate[bot]
709f06e950
build(deps): update dependency @types/chai to v4.2.19 (#2104)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-20 13:15:44 +10:00
renovate[bot]
645e39b7af
build(deps): pin dependencies (#2102)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-19 11:21:59 +02:00
Amir Zarrinkafsh
3494353641
refactor(web): use absolute imports with aliases (#2100)
* refactor(web): use absolute imports with aliases

Refactors all of the TS/JS frontend to utilise absolute imports along with import aliases.
Each of the paths within `src` are represented with their own alias:

* @assets
* @components
* @constants (new)
* @hooks
* @layouts
* @models
* @services
* @themes
* @utils
* @views

`Routes.ts` and `constant.ts` have been relocated to the constants directory for consistency.
2021-06-19 10:20:43 +02:00
renovate[bot]
986f88fd89
build(deps): update mariadb docker tag to v10.6.2 (#2099)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-19 08:33:13 +10:00
renovate[bot]
babdbb1560
build(deps): update dependency @types/react-dom to v17.0.8 (#2097)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-18 18:59:31 +10:00
Amir Zarrinkafsh
f32a0a7407
test(web): integration test auto theme (#2096)
Allows capturing of code coverage for the `auto` theme in the Standalone suite.
2021-06-18 17:15:58 +10:00
James Elliott
0d7b33022c
build: add enhanced information (#2067)
This commit adjusts the build flags to include version information in the LDFLAGS using the -X options. Additionally this makes the information recorded at build time more comprehensive. All build information can now be obtained via the `authelia build` command, and the `authelia version` command is now `authelia --version`. Lastly this adjusts the Dockerfile to utilize docker cache more effectively.
2021-06-18 14:35:43 +10:00
James Elliott
ef3c2faeb5
fix(authorization): configuration reports 2fa disabled with 2fa oidc clients (#2089)
This resolves an issue where if you have zero two_factor ACL rules but enabled two_factor OIDC clients, 2FA is reported as disabled.
2021-06-18 11:38:01 +10:00
James Elliott
438555886e
build(deps): replace jwt-go (#2092)
This replaces github.com/dgrijalva/jwt-go and github.com/form3tech-oss/jwt-go with github.com/golang-jwt/jwt which will be the maintained package going forward.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-06-18 10:39:19 +10:00
Amir Zarrinkafsh
fc71030c18
feat(examples): improve local setup script (#2094)
The local setup script expects to be run as root and would only work on a fresh clone of the repo. Now if not run as root the user will be prompted for sudo elevation at the beginning of the script and the script will also survive re-runs on a dirty clone.
2021-06-18 10:01:09 +10:00
renovate[bot]
55d87f99e4
build(deps): update dependency typescript to v4.3.4 (#2093)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-18 07:34:23 +10:00
Amir Zarrinkafsh
a004164bc3
ci(autheliabot): remove commentary on all-contributor commits (#2091) 2021-06-17 17:35:18 +10:00
allcontributors[bot]
d518e1023e
docs: add AlexGustafsson as a contributor for code, doc (#2090)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-06-17 16:52:28 +10:00
Alex Gustafsson
150116a172
feat(web): implement automatic theme switch for light/dark (#2046)
* Implement an automatic theme

The "auto" theme will automatically switch between "dark" and "light"
depending on user preference. This allows for automatic dark mode.

* fix(configuration): allow the "auto" theme when validating

The new theme "auto" was not allowed to be used in a configuration file.

* docs: clarify what critera controls the automatic theme

How the "auto" theme functioned was unclear.

* docs: typeset themes as code

* fix(web): apply useEffector to media query watch

* docs: add technical details

* fix(configuration): resolve merge conflicts
2021-06-17 16:42:03 +10:00
renovate[bot]
78a9faacfe
build(deps): update dependency typescript to v4.3.3 (#2088)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-17 10:19:45 +10:00
renovate[bot]
df2a442896
build(deps): update module github.com/spf13/viper to v1.8.0 (#2087)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-17 09:43:21 +10:00
James Elliott
fcfff9748c
feat(handlers): synology password complexity err on reset (#2083)
This responds to the client with the correct error when used with Synology LDAP servers.
2021-06-16 12:50:14 +10:00
renovate[bot]
9e836d990c
build(deps): update arm32v7/alpine docker tag to v3.14.0 (#2086)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-16 10:34:54 +10:00
renovate[bot]
d0921efa28
build(deps): update arm64v8/alpine docker tag to v3.14.0 (#2085)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-16 10:13:37 +10:00