Commits · master · id / auth

12 Feb, 2020 1 commit

Add tracing support to the authentication client · 3d44524a

ale authored Feb 12, 2020

This does *not* add context propagation, just a span representing
the client-side Authenticate call.

3d44524a

11 Feb, 2020 4 commits
- Upgrade ai3/go-common (fix typo) · ecc0ff2f
  ale authored Feb 11, 2020
  
  ecc0ff2f
- Upgrade ai3/go-common (better LDAP connection pooling) · eb6259f8
  ale authored Feb 11, 2020
  
  eb6259f8
- Apply blacklists even on unknown users · 283441b1
  ale authored Feb 11, 2020
```
IP-based blacklists should run anyway in that case. The change
simplifies the doAuthenticate() flow, and the ratelimit API.

Add a test for this case too.
```
  283441b1
- Show ratelimit / blacklist names in output logs · 40fbc768
  ale authored Feb 11, 2020
```
Meant to simplify debugging.
```
  40fbc768
10 Feb, 2020 1 commit
- Fix nil pointer deref when ldap.params.attrs is not defined · e517e314
  ale authored Feb 10, 2020
```
The correct code is also easier to read.
```
  e517e314
09 Feb, 2020 1 commit

Add a service configuration flag to always ignore 2FA · b9d0d3e2

ale authored Feb 09, 2020

Used for services that require authentication with the primary user
password regardless of any other configuration option.

b9d0d3e2

06 Feb, 2020 1 commit
- Upgrade go-common (configurable client timeouts) · b9eb46d4
  ale authored Feb 06, 2020
  
  b9eb46d4
04 Jan, 2020 2 commits

Instrument blacklists · d9667028
ale authored Jan 04, 2020

d9667028

Do not ignore DeviceInfo if 'id' is not set · 50b069a1

ale authored Jan 04, 2020

Some services (e.g. smtp auth) don't provide us with a device ID.
Ignoring the rest of the information, such as the IP, prevents ratelimits
and blacklists from working.

50b069a1

24 Oct, 2019 2 commits
- Have the client retry on temporary network errors · ffc5d879
  ale authored Oct 24, 2019
  
  ffc5d879
- Bypass ratelimit/blacklists if key is empty · d21e2d6b
  ale authored Oct 24, 2019
  
  d21e2d6b
23 Oct, 2019 2 commits
- Add bypass documentation · eeb17c2f
  ale authored Oct 23, 2019
  
  eeb17c2f
- Add possibility to bypass ratelimits with user-defined criteria · b1d49a94
  ale authored Oct 23, 2019
  
  b1d49a94
25 Sep, 2019 1 commit
- Add documentation on the encoding of password fields · 1325dff1
  ale authored Sep 25, 2019
  
  1325dff1
01 Aug, 2019 1 commit
- Fix an error when 'services' is not set in config · 66ca475f
  ale authored Aug 01, 2019
  
  66ca475f
30 Jun, 2019 1 commit
- Update go-common/clientutil · 2b0dc1aa
  ale authored Jun 30, 2019
  
  2b0dc1aa
24 Jun, 2019 2 commits
- Improve logging of all requests in a uniform manner · 070500a9
  ale authored Jun 24, 2019
  
  070500a9
- Only log unexpected LDAP errors · 7e23df34
  ale authored Jun 24, 2019
  
  7e23df34
30 May, 2019 2 commits
- Fix a typo in the previous commit · c91bff9f
  ale authored May 30, 2019
  
  c91bff9f
- Add the possibility to override the service used for ASP matching · d9c6788f
  ale authored May 30, 2019
  
  d9c6788f
25 May, 2019 1 commit
- Ignore padding when decoding base64 data in wire protocol · ab15167e
  ale authored May 25, 2019
```
The auth_client C library writes padded url-base64-encoded data.
```
  ab15167e
24 May, 2019 1 commit
- Directly write the 'auth' command with conn.PrintfLine · 5f6c4202
  ale authored May 24, 2019
  
  5f6c4202
04 May, 2019 5 commits
- Merge branch 'multi-2fa' into 'master' · b9fd2573
  ale authored May 04, 2019
```
Return all supported 2FA mechanisms in the authentication response

See merge request !6
```
  b9fd2573
- Add go-cmp vendor dependency · dab5b7f1
  ale authored May 04, 2019
  
  dab5b7f1
- Add method to check for supported 2FA mechanism in response · 17567196
  ale authored May 04, 2019
  
  17567196
- Use go-cmp instead of reflect.DeepEqual · aedc1339
  ale authored May 04, 2019
  
  aedc1339
- Return all supported 2FA mechanisms in the authentication response · 589dd889
  ale authored May 04, 2019
  
  589dd889
29 Apr, 2019 2 commits

Show warnings when there are errors in the users file · e29f41a8

ale authored Apr 29, 2019

Currently the only part that can fail is the U2F registration
decoding. As a side effect of validating user objects early, it also
gets rid of runtime allocations by just storing a map of backend.User
objects.

e29f41a8

Add a defaults file to specify additional options · d00c9490
ale authored Apr 29, 2019

d00c9490

03 Apr, 2019 3 commits
- Add latency metrics · 7abef0d7
  ale authored Apr 03, 2019
```
Measure latency of the authentication requests (only the ones where we
actually perform encryption).
```
  7abef0d7
- Update dependencies (go-common/unix) · 78905166
  ale authored Apr 03, 2019
  
  78905166
- Update dependencies (scrypt) · 17891195
  ale authored Apr 03, 2019
  
  17891195
01 Apr, 2019 6 commits
- Refactor backends into a cleaner API · c544c4bd
  ale authored Apr 01, 2019
```
This should make the server code more readable by disentangling it
from the backend implementation.
```
  c544c4bd
- Merge branch 'sql' into 'master' · fca48375
  ale authored Apr 01, 2019
```
SQL support

See merge request !4
```
  fca48375
- Fix tests after master rebase · 20cb3ed8
  ale authored Apr 01, 2019
  
  20cb3ed8
- Add sql dependencies and documentation · 056fbeee
  ale authored Apr 01, 2019
  
  056fbeee
- Add a SQL backend · aa79431d
  ale authored Apr 01, 2019
```
This first version (with tests) only supports the SQLite driver.
```
  aa79431d
- Fix the documentation for backends_dir · f095fa5e
  ale authored Apr 01, 2019
```
It wasn't updated after the config refactoring.
```
  f095fa5e
27 Mar, 2019 1 commit
- Update deps (fix u2f encoding error) · 33ded555
  ale authored Mar 27, 2019
  
  33ded555