Commit Graph

193 Commits

Author SHA1 Message Date
Amir Zarrinkafsh
f392f51df6
[MISC] Append log file instead of overwriting (#1450)
* [MISC] Append log file instead of overwriting

If Authelia is restarted when a `log_file_path` is defined upon restart the log file is overwritten as opposed to appending the existing file.

This change ensures that the log file will be appended to, users will need to ensure that they rotate/truncate this over time especially if running in `debug` or `trace`.

* Amend documentation for log_file_path
2020-11-13 10:14:45 +11:00
dependabot-preview[bot]
a5f07d7ade
[MISC] (deps): Bump haproxy from 2.2.4-alpine to 2.3.0-alpine in /internal/suites/example/compose/haproxy (#1431)
* [MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy

Bumps haproxy from 2.2.4-alpine to 2.3.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Fix HAProxy suite

Looks like the new version of HAProxy has config validation which expects a newline at the bottom of `haproxy.cfg`.
CI was failing with the following error:
[NOTICE] 313/021816 (1) : haproxy version is 2.3.0-1c0a722
[ALERT] 313/021816 (1) : parsing [/usr/local/etc/haproxy/haproxy.cfg:80]: Missing LF on last line, file might have been truncated at position 42.
[ALERT] 313/021816 (1) : Error(s) found in configuration file : /usr/local/etc/haproxy/haproxy.cfg
[ALERT] 313/021816 (1) : Fatal errors found in configuration.

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-11-09 13:35:18 +11:00
dependabot-preview[bot]
ee0b37c796
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1432)
Bumps golang from 1.15.3-alpine to 1.15.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-09 09:04:06 +11:00
Amir Zarrinkafsh
66b1600455
[MISC] Warn for poorly tuned argon2id deployments (#1426)
The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments.
We could potentially look to expand this to FreeBSD in future too.
2020-11-06 08:57:03 +11:00
James Elliott
956dbfb8de
[BUGFIX] Add ability to specify SMTP HELO/EHLO identifier (#1416)
* add docs
* add configuration option for SMTP called `identifier`
* default should act the same as before
2020-11-05 10:22:10 +11:00
Amir Zarrinkafsh
a83ccd7188
[FEATURE] Add Remote-Name and Remote-Email headers (#1402) 2020-10-26 22:38:08 +11:00
dependabot-preview[bot]
662da9523b
[MISC] (deps): Bump node in /internal/suites/example/compose/duo-api (#1407)
Bumps node from 14-alpine to 15-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 11:11:37 +11:00
dependabot-preview[bot]
4f50818667
[MISC] (deps): Bump node in /internal/suites/example/compose/authelia (#1406)
Bumps node from 14-alpine to 15-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 09:39:06 +11:00
dependabot-preview[bot]
19ba79cfa1
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind (#1400)
Bumps alpine from 3.12.0 to 3.12.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-23 17:59:48 +11:00
dependabot-preview[bot]
607e6711f5
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1377)
Bumps golang from 1.15.2-alpine to 1.15.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-16 14:02:33 +11:00
dependabot-preview[bot]
4a9ed76f32
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1359)
Bumps haproxy from 2.2.3-alpine to 2.2.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-08 10:46:43 +11:00
Amir Zarrinkafsh
607f829431
[DOCS] Clean HAProxy examples (#1338)
Remove headers that are not required and fix a typo.
2020-09-23 17:29:46 +10:00
Amir Zarrinkafsh
5b98b4d090
[BUGFIX] Fix HAProxy redirects (#1333)
Including updates to docs examples.
2020-09-23 09:06:26 +10:00
Amir Zarrinkafsh
b1a01b1727
[CI] Update QEMU to v5.1.0-2 (#1321)
* [CI] Update QEMU to v5.1.0-2

* Fix linter errors from golangci-lint update
2020-09-18 22:05:43 +10:00
dependabot-preview[bot]
1c08670b06
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1313)
Bumps golang from 1.15.1-alpine to 1.15.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-11 12:28:40 +10:00
dependabot-preview[bot]
01760d167f
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1312)
Bumps haproxy from 2.2.2-alpine to 2.2.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-10 11:21:20 +10:00
Amir Zarrinkafsh
771c220d38
[FEATURE] Support updated haproxy-auth-request (#1310)
* [FEATURE] Support updated haproxy-auth-request
This version removes the dependency of lua-socket which seemed to result in many unsupported and broken BSD/Pfsense deployments.

* Fix docs indentation

* Add haproxy-lua-http to TLS enabled configuration
2020-09-10 10:52:57 +10:00
Amir Zarrinkafsh
3c861922a6
[MISC] Address errors from linter updates (#1308) 2020-09-04 13:20:17 +10:00
dependabot-preview[bot]
f8eada87ec
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1301)
Bumps golang from 1.15.0-alpine to 1.15.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-04 10:34:48 +10:00
James Elliott
a92b0bff1d
[FEATURE] Plain Text Email Notifications (#1238)
* add a plain text email template
* use plain text email template for file based emails
* add config option to SMTP emails named disable_html_emails
  * config option is a boolean that when set to true will only send plain text emails
* add docs for more complex SMTP notifier options
* update template
* add rfc1341 multipart logic to notifier
* check for errors after identity_verification

* * fix nil ptr
* go mod tidy
* remove needless checks

* * use multipart/atlernative instead

* * add rfc5322 compliant date header

* * fix linting issues
2020-08-21 12:16:23 +10:00
Shawn Haggard
307f321e02
[MISC] Fixed typo in X-Forwarded headers (#1280) 2020-08-21 11:15:20 +10:00
dependabot-preview[bot]
e0a0d1e252
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1267)
Bumps golang from 1.14.6-alpine to 1.15.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-13 11:50:54 +10:00
dependabot-preview[bot]
ed17c8fbc4
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1250)
Bumps haproxy from 2.2.1-alpine to 2.2.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-04 08:02:35 +10:00
dependabot-preview[bot]
f6a616ae3d
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1235)
Bumps haproxy from 2.2.0-alpine to 2.2.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-28 11:18:16 +10:00
dependabot-preview[bot]
14f17ed9ac
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1214)
Bumps golang from 1.14.5-alpine to 1.14.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-20 12:42:13 +10:00
Amir Zarrinkafsh
bcd6a6aa45
[FEATURE] Add IPv6 support (#1196) 2020-07-16 16:36:37 +10:00
James Elliott
ea1fae6491
[MISC] Storage Schema Versioning Model (#1057)
* [MISC] Storage Schema Versioning Model 

* fixup go.sum
* remove pq
* fix int to text issue
* fix incorrect SQL text
* use key_name vs key
* use transactions for all queries during upgrades
* fix missing parenthesis
* move upgrades to their own file
* add provider name for future usage in upgrades
* fix missing create config table values
* fix using the const instead of the provider SQL
* import logging once and reuse
* update docs
* remove db at suite teardown
* apply suggestions from code review
* fix mysql
* make errors more uniform
* style changes
* remove commented code sections
* remove commented code sections
* add schema version type
* add sql mock unit tests
* go mod tidy
* test blank row situations
2020-07-16 15:56:08 +10:00
dependabot-preview[bot]
045771161e
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1201)
Bumps golang from 1.14.4-alpine to 1.14.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-07-16 11:56:11 +10:00
dependabot-preview[bot]
fea58c52e0
[MISC] (deps): Bump haproxy in /internal/suites/example/compose/haproxy (#1190)
Bumps haproxy from 2.1-alpine to 2.2.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-13 14:21:45 +10:00
Philipp Staiger
5c4edf2f4d
[FEATURE] Support for subject combinations in ACLs (#1142) 2020-06-25 18:22:42 +10:00
Amir Zarrinkafsh
29e54c231b
[MISC] Template global config and refactor some /api endpoints (#1135)
* [MISC] Template global config and refactor some /api endpoints
* /api/configuration has been removed in favour of templating said global config
* /api/configuration/extended has been renamed to /api/configuration and display_name has been removed
* /api/user/info has been modified to include display_name

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-06-21 15:40:37 +02:00
vdot0x23
61883437cc
[DEV] Set chromedriver path with env variable (#1123) 2020-06-19 21:25:41 +10:00
Amir Zarrinkafsh
e43bc93047
[FEATURE] Add configurable display name to frontend (#1124)
* [FEATURE] Add configurable display name to frontend
This feature allows users with a LDAP backend to specify an attribute (default is "displayname") to retrieve a users name for the portal greeting.
Similarly for the file based backend a new required key "name" has been introduced.

This can also be used down the line with OIDC as a separate scope.

* Update references from Name to DisplayName
* Update compose bundles to include displayname refs
* Update LDAP automatic profile refresh
* Ensure display name is updated
* Fix bug which prevented trace logging for profile refresh to not trigger
2020-06-19 20:50:21 +10:00
vdot0x23
6ccc92e47e
do not hardcode /bin/bash (#1122)
Co-authored-by: Victor Büttner <victor@0x23.dk>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-06-18 09:49:13 +02:00
Amir Zarrinkafsh
ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
Amir Zarrinkafsh
a9b0caf4ee
[MISC] Catch and warn on malformed configuration yaml (#1089)
If the configuration yaml is poorly indented or special values are not appropriately escaped Authelia attempts to load said configuration and fails.

This attempts to unmarshal the config into an empty interface to catch and warn on malformed yaml.

Using the example from issue https://github.com/authelia/authelia/issues/1053#issuecomment-634791662

```yaml
host: 0.0.0.0
port: 9091
log_level: debug

jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU

default_redirection_url: example.com

totp:
  issuer: example.com
  period: 30
  skew: 1

authentication_backend:
  file:
    path: /etc/authelia/users_database.yml

access_control:
  default_policy: deny
  rules:
    - domain: example.com
      policy: bypass
    - domain: "*.example.com"
      policy: one_factor

session:
  name: authelia_session
  secret: TVPMIcDFbBwhnW3kLJzKhdjeHhtqisr7m28FgRY8oLh2A4lwuV2jV2ZGdGbh4aa
  expiration: 3600
  inactivity: 300
  domain: example.com

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

storage:
  mysql:
    host: example.com
    port: 3306
    database: authelia
    username: authelia
    password: example.com

notifier:
  smtp:
    username: example.com
    password: example.com
    host: smtp.gmail.com
    port: 465
    sender: example.com
```

We would actually get a more meaningful error which helps pinpoint the issue:
`Error malformed yaml: line 23: did not find expected alphabetic or numeric character`
2020-06-09 08:22:41 +10:00
Clément Michaud
b30b066138
[MISC] Validate domain set in session is not a wildcard domain. (#1092) 2020-06-07 17:47:02 +02:00
Amir Zarrinkafsh
d123fe4785
[CI] Add Codecov support (#1065)
* [CI] Add Codecov support

* [CI] Capture backend coverage from integration tests

* [CI] Remove unnecessary artifacts for coverage build

* [CI] Only run coverage elements where necessary

* [CI] Simplify post-command hook

* Fix yarn dependencies and collect coverage

* [CI] Include cmd/authelia/ path in coverage

* [CI] Exclude internal/suites/ in coverage

Closes #1061.
2020-06-05 10:43:19 +10:00
dependabot-preview[bot]
4f5eb93c4b
[MISC] (deps): Bump golang in /internal/suites/example/compose/authelia (#1077)
Bumps golang from 1.14.3-alpine to 1.14.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-06-02 23:28:09 +02:00
Amir Zarrinkafsh
24c2375b21
[MISC] Fix unit tests for Go 1.14+ (#1075)
Due to a [change in net/url](https://golang.org/doc/go1.14#net/url) tests need to be adjusted:

When parsing of a URL fails (for example by Parse or ParseRequestURI), the resulting Error message will now quote the unparsable URL. This provides clearer structure and consistency with other parsing errors.
2020-06-02 19:09:13 +10:00
Clément Michaud
eec6424bc9
[DEV] Debug authelia when running a suite. (#1060)
* [DEV] Debug authelia when running a suite.

This runs dlv debugger within authelia backend container so that an IDE can remote
debug the application using port 2345.

* Apply suggestions from code review

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-01 16:50:55 +10:00
dependabot-preview[bot]
1aac6f75cc
[MISC] (deps): Bump alpine in /internal/suites/example/compose/kind (#1068)
Bumps alpine from 3.11.6 to 3.12.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-01 10:42:07 +10:00
Amir Zarrinkafsh
b27c1fbae9
[CI] Add PathPrefix integration test suite (#1052)
Add a suite for testing the PathPrefix feature implemented earlier to serve authelia under a multi-purpose domain.

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-27 13:55:44 +02:00
Clément Michaud
a0e4f8e336
[MISC] Remove executable permission of nginx backend files. (#1040)
* [MISC] Remove executable permission of nginx backend files.

* Set permissions to 644 on k8s tar'd files

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-25 10:54:21 +10:00
Amir Zarrinkafsh
e793e9c4e3
[BUGFIX] Add path to generated links for emails (#1045) 2020-05-24 09:51:34 +10:00
Amir Zarrinkafsh
0f100d4f7b
[DEPRECATE] Warning for PUBLIC_DIR environment variable (#938) 2020-05-21 14:51:28 +10:00
Clément Michaud
b264e63235
[DEV] Fix permission issue with dev workflow. (#1033)
* [DEV] Fix permission issue with dev workflow.

nginx backend was facing permission denied errors because the permissions of the html
files were too restricted. Moreover those files were added to the docker image while they
could just be mounted as other services.

* Fix Kubernetes integration test

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-05-21 14:35:22 +10:00
Amir Zarrinkafsh
7488206195
[BUGFIX] Relax CSP for trusted-types (#1036)
This will need to be revisited to re-introduce trusted-types when we have a clear handle on all the libraries and their implementation to support this.
2020-05-21 13:16:37 +10:00
James Elliott
fcd0b5e46a
[FEATURE] Allow Authelia to listen on a specified path (#1027)
* [FEATURE] Allow Authelia to listen on a specified path

* Fix linting and add a couple typescript types

* Template index.html to support base_url

* Update docs and configuration template

* Access base path from body attribute.

* Update CSP

* Fix unit test
Also remove check for body as this will never get triggered, react itself is loaded inside the body so this has to always be successful.

* Template index.html with ${PUBLIC_URL}

* Define PUBLIC_URL in .env(s)

* Add docs clarification

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-21 12:20:55 +10:00
James Elliott
469daedd36
[FEATURE] Delay 1FA Authentication (#993)
* adaptively delay 1FA by the actual execution time of authentication
* should grow and shrink over time as successful attempts are made
* uses the average of the last 10 successful attempts to calculate
* starts at an average of 1000ms
* minimum is 250ms
* a random delay is added to the largest of avg or minimum
* the random delay is between 0ms and 85ms
* bump LDAP suite to 80s timeout
* bump regulation scenario to 45s
* add mutex locking
* amend logging
* add docs
* add tests

Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
2020-05-21 00:03:15 +02:00