techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
56fdc40290
authelia/test/features
History
Clement Michaud 56fdc40290 Every public endpoints return 200 with harmonized error messages or 401 
Now, /verify can return 401 or 403 depending on the user authentication.
Every public API endpoints and pages return 200 with error message in
JSON body or 401 if the user is not authorized.

This policy makes it complicated for an attacker to know what is the source of
the failure and hide server-side bugs (not returning 500), bugs being potential
threats.
2017-10-14 11:57:38 +02:00
..
step_definitions Fix randomness with integration tests 2017-10-08 16:28:12 +02:00
support Disable second factor for certain subdomain 2017-09-26 23:09:33 +02:00
access-control.feature Split client and server 2017-10-07 00:49:42 +02:00
auth-portal-redirection.feature Redirect user when he has already validated some factors 2017-10-09 01:07:32 +02:00
authentication.feature Every public endpoints return 200 with harmonized error messages or 401 2017-10-14 11:57:38 +02:00
basic-auth.feature Remove artifacts of only_basic_auth query param 2017-10-09 02:03:05 +02:00
redirection.feature Fix randomness with integration tests 2017-10-08 16:28:12 +02:00
regulation.feature Every public endpoints return 200 with harmonized error messages or 401 2017-10-14 11:57:38 +02:00
reset-password.feature Every public endpoints return 200 with harmonized error messages or 401 2017-10-14 11:57:38 +02:00
resilience.feature Disable second factor for certain subdomain 2017-09-26 23:09:33 +02:00
restrictions.feature Every public endpoints return 200 with harmonized error messages or 401 2017-10-14 11:57:38 +02:00