Commit Graph

153 Commits

Author SHA1 Message Date
Clement Michaud
8ef402511c Add Duo Push Notification option as 2FA. 2019-03-24 15:15:49 +01:00
Clement Michaud
d9e487c99f Display only one 2FA option.
Displaying only one option at 2FA stage will allow to add more options
like DUO push or OAuth.

The user can switch to other option and in this case the option is
remembered so that next time, the user will see the same option. The
latest option is considered as the prefered option by Authelia.
2019-03-23 19:34:00 +01:00
Clement Michaud
40574bc8ec Fix the bypass strategy.
Before this fix an anonymous user was not able to access a resource
that were configured with a bypass policy. This was due to a useless
check of the userid in the auth session. Moreover, in the case of an
anonymous user, we should not check the inactivity period since there
is no session.

Also refactor /verify endpoint for better testability and add tests
in a new suite.
2019-03-22 23:51:36 +01:00
Clement Michaud
76fa325f08 [BREAKING] Create a suite for kubernetes tests.
Authelia client uses hash router instead of browser router in order to work
with Kubernetes nginx-ingress-controller. This is also better for users having
old browsers.

This commit is breaking because it requires to change the configuration of the
proxy to include the # in the URL of the login portal.
2019-03-16 00:13:27 +01:00
Clement Michaud
f8a12b8482 Fix dead link in README of suites. 2019-03-04 00:02:45 +01:00
Clement Michaud
06aa9803bf Update the documentation to include info about suites and authelia-scripts. 2019-03-03 11:40:32 +01:00
Clement Michaud
6ce0ae5d90 Remove description of suites and use suite name instead. 2019-03-03 11:39:41 +01:00
Clement Michaud
e8d7fe4111 Move users_database.yml files to dedicated suites. 2019-03-03 11:39:41 +01:00
Clement Michaud
4c0bb2ce7f Rename some suites and add a README for each of them. 2019-03-03 11:39:41 +01:00
Clement Michaud
6d45692906 Create a specific suite for short timeouts to let humans use simple suite. 2019-03-03 11:39:41 +01:00
Clement Michaud
716ae9d378 Bump mocha to use forbidOnly and forbidPending options. 2019-03-03 11:39:40 +01:00
Clement Michaud
c534753c2c Increase timeout to prepare environment to 30 seconds. 2019-03-03 11:39:40 +01:00
Clement Michaud
d82ebfab0e Move dockerhub example in a suite. 2019-03-03 11:39:40 +01:00
Clement Michaud
8bf87b6b47 Rename minimal suite into simple. 2019-03-03 11:39:40 +01:00
Clement Michaud
a1c9bb6302 Improve authelia-scripts to add suites with Docker-based Authelia server. 2019-03-03 11:39:40 +01:00
Clement Michaud
38271e3335 Better integrate Docker related commands in authelia-scripts. 2019-03-03 11:39:40 +01:00
Clement Michaud
a56e5adc42 Create /tmp/authelia/db directory when starting minimal suite. 2019-03-03 11:39:40 +01:00
Clement Michaud
d2ae2524b7 Create database directory before running integration tests. 2019-03-03 11:39:40 +01:00
Clement Michaud
4adb0569ac Display Authelia server logs when tests fail. 2019-03-03 11:39:40 +01:00
Clement Michaud
ecdc91b221 Leave more room for Authelia to spawn and terminate. 2019-03-03 11:39:40 +01:00
Clement Michaud
7ee1e39b8d Build before running integration tests. 2019-03-03 11:39:40 +01:00
Clement Michaud
b3d381bfa7 Fix integration and unit tests. 2019-03-03 11:39:40 +01:00
Clement Michaud
5614bea827 Fix unit tests. 2019-03-03 11:39:40 +01:00
Clement Michaud
50d4ab1368 Finish migrating integration tests to mocha. 2019-03-03 11:39:40 +01:00
Clement Michaud
29e2799021 Use driver methods for minimal suite. 2019-03-03 11:39:40 +01:00
Clement Michaud
3702d6607d Replace WaitRedirected assertion by VerifyUrlIs. 2019-03-03 11:39:40 +01:00
Clement Michaud
036d1a4f51 Replace SeeNotification by VerifyNotificationDisplayed assertion. 2019-03-03 11:39:40 +01:00
Clement Michaud
c487ed0a37 Migrate more tests to mocha. 2019-03-03 11:39:40 +01:00
Clement Michaud
7c2fd91271 Add basic authentication related tests. 2019-03-03 11:39:40 +01:00
Clement Michaud
595ee97182 Add test behavior VisitPageAndWaitUrlIs. 2019-03-03 11:39:40 +01:00
Clement Michaud
c579355c5b Migrate more Cucumber tests into Mocha. 2019-03-03 11:39:40 +01:00
Clement Michaud
efceb66ffa Migrate some tests to mocha. 2019-03-03 11:39:40 +01:00
Clement Michaud
c5af4498ab Introduce the concept of suite in authelia-scripts. 2019-03-03 11:39:40 +01:00
Clement Michaud
e37cca5d45 Add config file in complete suite and remove useless files. 2019-03-03 11:39:40 +01:00
Clement Michaud
cc973c5df3 Rename e2e suites. 2019-03-03 11:39:40 +01:00
Clement Michaud
d3a790627e Fix inactivity Ãe2e tests. 2019-03-03 11:39:40 +01:00
Clement Michaud
d2a547eca6 Fix e2e tests for complete configuration. 2019-03-03 11:39:40 +01:00
Clement Michaud
387187b152 Move minimal configuration into suites directory. 2019-03-03 11:39:40 +01:00
Clement Michaud
c5eb86e0fd Fix e2e test with minimal configuration. 2019-03-03 11:39:40 +01:00
Clement Michaud
eccf08b6b0 Authelia can be run locally while communicating with docker environment. 2019-03-03 11:39:40 +01:00
Clement Michaud
b53d16d8a1 Introduce Subject and Object in authorization module. 2018-11-17 18:29:10 +01:00
Clement Michaud
97bfafb6eb [BREAKING] Flatten the ACL rules to enable some use cases.
With previous configuration format rules were not ordered between groups and
thus not predictable. Also in some cases `any` must have been a higher
precedence than `groups`. Flattening the rules let the user apply whatever
policy he can think of.

When several rules match the (subject, domain, resource), the first one is
applied.

NOTE: This commit changed the format for declaring ACLs. Be sure to update
your configuration file before upgrading.
2018-11-17 18:08:29 +01:00
Clement Michaud
42581dfe93 Fix open redirection vulnerability.
In order to redirect the user after authentication, Authelia uses
rd query parameter provided by the proxy. However an attacker could
use phishing to make the user be redirected to a bad domain. In order
to avoid the user to be redirected to a bad location, Authelia now
verifies the redirection URL is under the protected domain.
2018-11-17 17:48:20 +01:00
Clement Michaud
baa1899536 Fix U2F sign request after u2f library upgrade. 2018-11-17 13:58:48 +01:00
Clement Michaud
9a0e5290d1 Use mailcatcher for minimal config setup. 2018-11-15 22:28:29 +01:00
Clement Michaud
05c423c6f8 Add integration test for keep me logged in feature. 2018-10-23 20:41:02 +02:00
Clément Michaud
67f84b97c8
Enable authentication to Mongo and Redis. (#263)
* Fix issue in unit test of IdentityCheckMiddleware.

* Enable authentication to Mongo server.

* Enable authentication to Redis.
2018-08-26 13:10:23 +02:00
Clément Michaud
9dab40c2ce
Add support for users database on disk. (#262)
In order to simplify the deployment of Authelia for
testing, LDAP is now optional made optional thanks
to users database stored in a file. One can update
the file manually even while Authelia is running.

With this feature the minimal configuration requires
only two components: Authelia and nginx.

The users database is obviously made for development
environments only as it prevents Authelia to be scaled
to more than one instance.

Note: Configuration has been updated. Key `ldap` has
been nested in `authentication_backend`.
2018-08-26 10:30:43 +02:00
Clément Michaud
c503765dd6
Implement retry mechanism for broken connections to mongo (#258)
Before this patch, when Authelia started, if Mongo was not
up and running, Authelia failed to connect and never retried.
Now, everytime Authelia faces a broken connection, it tries
to reconnect during the next operation.
2018-08-19 16:51:36 +02:00
Clément Michaud
0dd9a5f815
Make session cookie name customizable. (#256)
This option is optional and set to authelia_session
by default.
2018-08-19 13:07:00 +02:00