Commit Graph

2222 Commits

Author SHA1 Message Date
renovate[bot]
095b9fa16d
build(deps): update dependency typescript to v4.2.3 (#1780)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-05 22:32:51 +11:00
James Elliott
4dce8f9496
perf(authorizer): preload access control lists (#1640)
* adjust session refresh to always occur (for disabled users)

* feat: adds filtering option for Request Method in ACL's

* simplify flow of internal/authorization/authorizer.go's methods

* implement query string checking

* utilize authorizer.Object fully

* make matchers uniform

* add tests

* add missing request methods

* add frontend enhancements to handle request method

* add request method to 1FA Handler Suite

* add internal ACL representations (preparsing)

* expand on access_control next

* add docs

* remove unnecessary slice for network names and instead just use a plain string

* add warning for ineffectual bypass policy (due to subjects)

* add user/group wildcard support

* fix(authorization): allow subject rules to match anonymous users

* feat(api): add new params

* docs(api): wording adjustments

* test: add request method into testing and proxy docs

* test: add several checks and refactor schema validation for ACL

* test: add integration test for methods acl

* refactor: apply suggestions from code review

* docs(authorization): update description
2021-03-05 15:18:31 +11:00
renovate[bot]
455b859047
build(deps): update haproxy docker tag to v2.3.6 (#1779)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-04 14:15:01 +11:00
renovate[bot]
1438cf5deb
build(deps): update dependency chai to v4.3.3 (#1778)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-04 12:15:04 +11:00
Amir Zarrinkafsh
2a1f5e3f8d
fix(configuration): lower argon2id default memory requirements (#1762)
* fix(configuration): lower argon2id default memory requirements

The current default hashing value of 1024MB (1GB) is far too aggressive to cover all use cases.
Reducing this number and encouraging users to to read the documentation and tune will result in less issues and a better user experience.

* test: fix broken tests
2021-03-03 20:19:28 +11:00
renovate[bot]
f24ec3989a
build(deps): update dependency chai to v4.3.1 (#1776)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-03 13:14:32 +11:00
renovate[bot]
5cf98de225
build(deps): update module github.com/fasthttp/router to v1.3.9 (#1775)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 22:03:47 +11:00
renovate[bot]
92154a1193
build(deps): update traefik docker tag to v2.4.6 (#1774)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 15:07:51 +11:00
renovate[bot]
e2f08f568a
build(deps): update module github.com/valyala/fasthttp to v1.22.0 (#1772)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 11:27:03 +11:00
renovate[bot]
abe8e438a2
build(deps): update module github.com/fasthttp/router to v1.3.8 (#1771)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-02 08:58:28 +11:00
renovate[bot]
bd610b5b5b
build(deps): update dependency query-string to v6.14.1 (#1769)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-28 16:40:01 +11:00
renovate[bot]
96bb3e2f88
build(deps): update dependency eslint-config-prettier to v8.1.0 (#1764)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-25 10:58:41 +11:00
renovate[bot]
f09eb1fcc8
build(deps): update dependency typescript to v4.2.2 (#1760)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-24 10:56:21 +11:00
allcontributors[bot]
2f4724e7f9
docs: add ThinkChaos as a contributor (#1761)
* docs: update README.md

* docs: update .all-contributorsrc

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
2021-02-24 10:39:37 +11:00
ThinkChaos
ba65a3db82
feat(handlers): authorization header switch via query param to /api/verify (#1563)
* [FEATURE] Add auth query param to /api/verify (#1353)

When `/api/verify` is called with `?auth=basic`, use the standard
Authorization header instead of Proxy-Authorization.

* [FIX] Better basic auth error reporting

* [FIX] Return 401 when using basic auth instead of redirecting

* [TESTS] Add tests for auth=basic query param

* [DOCS] Mention auth=basic argument and provide nginx example

* docs: add/adjust basic auth query arg docs for proxies

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-24 10:35:04 +11:00
Amir Zarrinkafsh
4f099b76d7
build(deps): downgrade module github.com/mattn/go-sqlite3 to v1.14.6 (#1758) 2021-02-23 14:51:31 +11:00
renovate[bot]
64b01b2811
build(deps): update mariadb docker tag to v10.5.9 (#1757)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-23 12:49:16 +11:00
renovate[bot]
40099edc45
build(deps): update dependency react-scripts to v4.0.3 (#1756)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-23 10:54:38 +11:00
renovate[bot]
dc341a3894
build(deps): update dependency eslint-config-prettier to v8 (#1750)
* build(deps): update dependency eslint-config-prettier to v8

* fix(web): update eslint/prettier config to v8.0

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-23 10:26:57 +11:00
renovate[bot]
d000e5dbeb
build(deps): update module github.com/otiai10/copy to v1.5.0 (#1753)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-23 05:41:51 +11:00
renovate[bot]
17bf3f860b
build(deps): update osixia/openldap docker tag to v1.5.0 (#1749)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 22:08:23 +11:00
renovate[bot]
30d45dd3fc
build(deps): update module github.com/sirupsen/logrus to v1.8.0 (#1747)
* build(deps): update module github.com/sirupsen/logrus to v1.8.0

* go mod tidy

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-02-22 21:52:08 +11:00
renovate[bot]
b10adf6cf4
build(deps): update module github.com/golang/mock to v1.5.0 (#1746)
* build(deps): update module github.com/golang/mock to v1.5.0

* build(deps): go mod tidy

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2021-02-22 20:33:17 +11:00
renovate[bot]
68af1fdfca
build(deps): update module github.com/authelia/session/v2 to v2.4.1 (#1745)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 17:48:10 +11:00
renovate[bot]
a8f83568c0
build(deps): update dependency query-string to v6.14.0 (#1744)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 17:23:58 +11:00
renovate[bot]
19a5e28930
build(deps): update dependency eslint-import-resolver-typescript to v2.4.0 (#1743)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 17:05:37 +11:00
James Elliott
0f7891a823
build(deps): update module github.com/valyala/fasthttp to v1.21.0 (#1755) 2021-02-22 16:37:40 +11:00
renovate[bot]
36d02f9cf5
build(deps): update traefik docker tag to v2.4.5 (#1742)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 16:21:43 +11:00
renovate[bot]
e77ef2d1dc
build(deps): update module github.com/spf13/cobra to v1.1.3 (#1741)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 15:47:07 +11:00
renovate[bot]
59b3c2cbd8
build(deps): update haproxy docker tag to v2.3.5 (#1737)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-22 15:06:10 +11:00
Amir Zarrinkafsh
582ca4cbb1
ci(buildkite): optimise job to agent assignment (#1754)
Split out unit-testing jobs to ensure that the workloads are evenly spread.
2021-02-22 14:24:01 +11:00
Amir Zarrinkafsh
49aa5e0eb8
ci(buildkite): change to concurrency gates (#1752)
* ci(buildkite): change to concurrency gates

Continuation of #1751.

* ci(buildkite): optimise concurrency gates
2021-02-22 12:48:20 +11:00
Amir Zarrinkafsh
6daeaf4e47
ci(buildkite): add concurrency limits to build and test steps (#1751)
Due to the unpredictability of changes that Renovate can submit this PR will allow us to control the number of jobs that will run simultaneously per step.
2021-02-22 11:13:51 +11:00
Amir Zarrinkafsh
74721a9f41
feat: go:embed static assets (#1733)
* feat: go:embed static assets

Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers.

Key points to note:

Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`.

To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows.

* fix(suites): increase ldap suite test timeout

* fix(server): fix swagger asset CSP
2021-02-22 10:07:06 +11:00
James Elliott
8bc7ef5d8f
release: v4.26.2 (#1736) 2021-02-22 09:02:15 +11:00
renovate[bot]
c343e53dd6
build(deps): update dependency @types/node to v14.14.31 (#1734)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-20 14:55:11 +11:00
renovate[bot]
afc2af86ed
build(deps): update dependency @types/node to v14.14.30 (#1732)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-19 14:34:29 +11:00
renovate[bot]
f411abac1b
build(deps): update dependency @types/node to v14.14.29 (#1731)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-19 14:13:22 +11:00
renovate[bot]
1f16f0945a
build(deps): update arm64v8/alpine docker tag to v3.13.2 (#1727)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-18 14:09:39 +11:00
renovate[bot]
e8e030ad2f
build(deps): update arm32v7/alpine docker tag to v3.13.2 (#1729)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-18 12:52:08 +11:00
renovate[bot]
79b2b742a8
build(deps): update alpine docker tag to v3.13.2 (#1728)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-18 10:49:39 +11:00
renovate[bot]
a6215c03b7
build(deps): update dependency @types/node to v14.14.28 (#1725)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-15 09:45:42 +11:00
Amir Zarrinkafsh
2502b40cd6
fix(web): fix otp input box with themes (#1723)
#1584 introduced a regression due to the way layouts are addressed with [CSS normalization](https://material-ui.com/components/css-baseline/#layout).

This PR ensures that the OTP input box will remain a `content-box` to avoid any text display and box sizing issues caused by padding.

The OTP input has also been changed to only accept numbers.

Fixes #1720.
2021-02-13 15:31:57 +11:00
renovate[bot]
361705738a
build(deps): update dependency @types/react-dom to v17.0.1 (#1722)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 12:26:56 +11:00
renovate[bot]
056faf8857
build(deps): update dependency @types/react to v17.0.2 (#1721) 2021-02-13 11:57:32 +11:00
renovate[bot]
53c5529d28
build(deps): update dependency @types/node to v14.14.27 (#1719)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 00:30:19 +11:00
Amir Zarrinkafsh
2c32343885
release: v4.26.1 (#1718) 2021-02-12 22:15:01 +11:00
Amir Zarrinkafsh
59fa332088
build(deps): update swagger-ui to v3.43.0 (#1717) 2021-02-12 21:16:46 +11:00
Amir Zarrinkafsh
683c4a70bf
fix(web): improve 2fa enrollment process (#1706)
* refactor(web): improve 2fa enrollment process

This PR will change some of the wording and colours for the 2FA processes in order to provide more clarity and address some accessibility issues for end users.

The following is a summary of the changes:

* One-Time Password ⭢ Time-based One-Time Password
* Security Key ⭢ Security Key - U2F

![Screenshot_2021-02-02-09-36-17](https://user-images.githubusercontent.com/3339418/107138185-17656100-6967-11eb-8fac-9e75c7a82d09.png)


* QRCode ⭢ QR Code

![Screenshot_2021-02-07-05-07-25](https://user-images.githubusercontent.com/3339418/107138196-29df9a80-6967-11eb-811f-d77c9bb0159e.png)

* `Not registered yet?` text to display `Lost device?` if a user has already registered a device of said type

![Screenshot_2021-02-02-10-24-54](https://user-images.githubusercontent.com/3339418/107138205-395ee380-6967-11eb-8826-83e1438dd146.png)

* Change button and text colour in e-mails that Authelia generates
* Change Authelia email footer to be more security conscious

![Screenshot_2021-02-07-04-51-40](https://user-images.githubusercontent.com/3339418/107138211-4085f180-6967-11eb-890b-9d931bd1ce76.png)

The docs have also been updated to clarify the 2fa device enrollment limitation which only allows users to register one of each device type concurrently.

Closes #1560.
2021-02-12 16:59:42 +11:00
renovate[bot]
f188bfb1dc
build(deps): update dependency @types/node to v14.14.26 (#1716)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 14:32:41 +11:00