| Age | Commit message (Collapse) | Author |
|---|
|
(#8899)
Adds some more helpful log information to the change password feature.
Signed-off-by: Brynn Crowley <littlehill723@gmail.com>
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This adds a highly experimental option for developers looking to embed Authelia within another go binary.
Closes #5803
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Add the ability for users to change their password from their user settings, without requiring them to use the reset password workflow. User's are required to create a elevated session in order to change their password. Users may not change their password to their current password. The user's current password is required for the password change. Users must follow any established password policies. Administrators are able to turn this feature off.
Closes #3548
|
|
This adds the ability to cache successful basic authz attempts. This is done via a memory store that uses the HMAC-SHA256 algorithm to perform irreversible comparison of input parameters and has a maximum lifetime.
Closes #5006
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This implements optional LDAP connection pooling to optimize the speed of LDAP transactions.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This facilitates adding additional attributes to the Authelia authentication backends as well as custom attributes based on the Common Expression Language. This will be utilized in the future to facilitate additional features.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This fixes an issue where LDAP attribute names are treated as case-sensitive when they normally shouldn't be. This was caused by improvements to the attribute matching pattern which caused a regression.
Fixes #7791
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This fixes an issue where the memberof attribute is requested needlessly. While not necessarily a bug it's not really a feature either. The only reported issue with the current functionality is an annoying log message. In the instance this turns out to be a regression this commit should be immediately reverted.
Closes #7310
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
The user details refresh does not naturally occur via OpenID Connect 1.0 flows and instead relies on alternative activity. This helps ensure the details are more frequently updated via normal OAuth 2.0 flows.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Per our standard review process this adjusts the appropriate elements detected during the review.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Use the new go.uber.org/mock which is currently maintained.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
* ci: remove container read-only mounts
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
* refactor: linting updates
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
---------
Signed-off-by: Amir Zarrinkafsh <nightah@me.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Adds a JSON Schema for the configuration, user database, and most exports.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs.
Closes #2161
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Add additional tests to the file provider.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This fixes various issues.
Fixes #4199
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This just implements some changes from feat-settings-ui that are out of scope.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This allows users to customize the authz endpoints.
Closes #2753, Fixes #3716
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
|
|
|
|
This adds and utilizes several time replacements for both specialized LDAP implementations.
Closes #1964, Closes #1284
|
|
|
|
|
|
The BaseDN for groups was escaped improperly and failed on any BaseDN with special characters. This fixes the issue.
|
|
|
|
This implements mTLS support for LDAP, Redis, and SMTP. Specified via the tls.certificate_chain and tls.private_key options.
Closes #4044
|
|
This allows both case-insensitive and email searching for the file auth provider.
Closes #3383
|
|
Allows setting users as disabled.
|
|
This adds hot reloading to the file auth provider.
|
|
This adds significant enhancements to the file auth provider including multiple additional algorithms.
|
|
* refactor: any
* refactor: fix test
|
|
This adds a configuration option which permits the failure of feature detection (control type OIDs and extension OIDs).
|
|
This fixes an issue where consent sessions prevent the standard workflow.
|
|
* fix(notification): incorrect date header format
The date header in the email envelopes was incorrectly formatted missing a space between the `Date:` header and the value of this header. This also refactors the notification templates system allowing people to manually override the envelope itself.
* test: fix tests and linting issues
* fix: misc issues
* refactor: misc refactoring
* docs: add example for envelope with message id
* refactor: organize smtp notifier
* refactor: move subject interpolation
* refactor: include additional placeholders
* docs: fix missing link
* docs: gravity
* fix: rcpt to command
* refactor: remove mid
* refactor: apply suggestions
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
* refactor: include pid
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
|
|
This performs automatic remapping of deprecated configuration keys in most situations.
|
|
This fixes an issue with a log format for LDAP.
|
|
This allows configuring unauthenticated LDAP binding.
|
|
|
|
This fixes the hash-password usage instructions and ensures it uses mostly a configuration source based config. In addition it updates our recommended argon2id parameters with the RFC recommendations.
|
|
This fixes an issue when both the username and display name attributes are the same. If the username attribute is the same as the display name attribute previously we only set the display name profile value which is incorrect. We should set the username profile value instead and allow the display name to be blank.
|
|
This fixes an issue where the Microsoft Active Directory Server Policy Hints control was not being used to prevent avoidance of the PSO / FGPP applicable to the user.
|
