1
0
mirror of https://github.com/volatiletech/authboss.git synced 2025-01-10 04:17:59 +02:00
Commit Graph

433 Commits

Author SHA1 Message Date
Aaron L
e38d4652d5 Bump version 2018-12-16 22:52:27 -08:00
Aaron L
f70bdd5eeb Add EventAuthHijack to work around ordering issue
Lock/Confirm and possibly other authentication preemption mechanisms
hook into 'Before(EventAuth)', but the ordering of these rejection
mechanisms mixed with the 2fa acceptance response could result in a
dual response.
2018-12-16 22:50:26 -08:00
Aaron L
019073081f Fix same hook like bug but for failures 2018-12-13 23:10:16 -08:00
Aaron L
0e85072885 Fix bug where After Auth hooks could fail
- User was not being set in the Context for 2fa success paths meaning
  things like lock and remember event handlers would fail.
2018-12-13 23:04:28 -08:00
Aaron L
6f3e7ca54a Add more flexibility to authboss.Middleware
- Add requirements and responses for the authboss middleware. This lets
  us later add new types that don't break the API instead of a list of
  bools.
2018-12-10 23:00:27 -08:00
Aaron L
adaf5a9192 Fix session persistence security hole in totp/sms
- Reorder the lookups to ensure CurrentUser is always looked up before
  any temporary pending PIDs.
- See changelog for more details
2018-12-10 22:23:37 -08:00
Aaron L
7518918b47 Fix test regex to accept all base64 characters 2018-12-10 20:13:44 -08:00
Aaron L
003476b6d5 Revert "Make removal of 2fa require e-mail verification"
This reverts commit 5b876d21c3.
2018-12-10 20:12:34 -08:00
Aaron L
d08fd7a196 Merge branch 'jmhodges/patch-2' into dev 2018-12-09 23:56:59 -08:00
Aaron L
aa6187d73b Merge branch 'jmhodges/patch-1' into dev 2018-12-09 23:55:43 -08:00
Aaron L
9254c094cf Remove L from two factor recovery codes
- This is a difficult letter to tell apart from the number 1 depending
  on the font. 0 and o should be okay since all letters are lowercase.
2018-12-09 20:27:59 -08:00
Jeff Hodges
028e8bd137
link to godoc in relevant places in the README.md 2018-12-08 19:55:34 -08:00
Jeff Hodges
ddab48d8da
correct defaults package link in README.md 2018-12-08 19:49:22 -08:00
Aaron L
90eb33a4b1 Fix panic in JSON renderer on empty body 2018-12-07 09:32:45 -08:00
Aaron L
5b876d21c3 Make removal of 2fa require e-mail verification
- Fix a bug in a test regex that would fail occaisonally
2018-12-04 23:41:45 -08:00
Aaron L
1c254ce6ce Update changelog 2018-11-14 18:31:17 -08:00
Aaron L
4eafb62a8f Merge branch 'rarguelloF/fix-rules-lowercase' into dev 2018-11-14 18:30:27 -08:00
Rodrigo Argüello Flores
63e9512667
Fix default.Rules lowercase condition 2018-11-10 19:36:44 +09:00
Aaron L
87b06f40ed Document 2fa e-mail verification
- Move TOC underneath important info in readme
2018-11-04 23:23:00 -08:00
Aaron L
b5103a916f Update changelog 2018-11-04 23:00:14 -08:00
Aaron L
cf24e257d8 Merge branch 'rarguelloF/fix-login-get' into dev 2018-11-04 22:59:03 -08:00
Aaron L
6c663762e4 Fix couple bugs with remember and 2fa
- Fix bug where setup paths were not mountpathed so twofactor_verify
  would redirect to a 404.
- Fix bug in remember where a user would be remembered even if logged in
  depending on the middleware order (if something had previously called
  LoadCurrentUser/LoadCurrentUserID it was fine, if not, the user was
  half-authed even if he was cleared of half-auth previously).
2018-11-04 22:49:43 -08:00
Aaron L
9f965c8531 Fix bug in sms email validation 2018-11-04 21:17:54 -08:00
Aaron L
931ccfba1f Add twofactor setup e-mail validation options 2018-11-01 22:49:25 -07:00
Rodrigo Argüello Flores
af3f34f140
Fix login get endpoint when no FormValueRedirect is given 2018-11-01 14:44:54 +09:00
Aaron L
97b72a4816 Bump version 2018-10-28 23:29:25 -07:00
Aaron L
5a62b6c20c Fix some broken tests 2018-10-28 23:28:04 -07:00
Aaron L
25eda89076 Ensure important events are firing for 2fa modules 2018-10-28 23:17:10 -07:00
Aaron L
3944d57c9d Make the default json renderer write a status 2018-10-28 22:58:00 -07:00
Aaron L
d84ea6fac5 Fix default responder's content-type check
- Fix #189
2018-09-27 22:06:56 -07:00
Aaron L
dc5a3def97 Fix bug in LoadCurrentUser error handling 2018-09-17 20:42:03 -07:00
Aaron L
8213e87e83 Rewrite docs to 80 cols
- Fix #183
2018-09-15 15:39:26 -07:00
Aaron L
2eeaf342f9 Add control over confirm http method 2018-09-12 19:58:56 -07:00
Aaron L
79d1893bdc Add ability to override mail root
- Add config option for MailRoot
- Make confirm and recover use MailRoot if present, otherwise assemble
  URL like normal.
2018-09-12 19:49:48 -07:00
Aaron L
13e6714c87 Change redirector to do more API-like things
- Add an option to coerce HTTP 307/308 -> 200 for API redirects
- Change the status message to always show up during a redirect.
2018-09-12 17:11:23 -07:00
Aaron L
98147bc020 Fix several lint errors 2018-09-03 16:34:10 -07:00
Aaron L
462a784cd2 Merge branch 'v2' 2018-09-03 16:05:02 -07:00
Aaron L
97a8f0fe04 Update changelog 2018-09-03 14:11:11 -07:00
Aaron L
6fe647f404 Touch up documentation for v2 2018-09-03 13:03:41 -07:00
Aaron L
167d5a0903 Add context to the sms sender interface 2018-09-03 11:58:24 -07:00
Aaron L
4420666f2b Split 2fa pages apart
- Add a config option to control the authboss.Middleware redirecting
2018-09-03 11:57:25 -07:00
Aaron L
5af4d392ab Fix redirects for otp 2018-08-31 15:19:03 -07:00
Aaron L
8249d714d0 Fix redirects using Middleware 2018-08-31 14:57:22 -07:00
Aaron L
ff72602e76 Merge branch 'otp-twofactor' into v2 2018-08-31 11:44:00 -07:00
Aaron L
0c5db70af2 Update changelog 2018-08-31 11:41:32 -07:00
Aaron L
b44e38177f Add tests for sms2fa 2018-08-31 11:38:53 -07:00
Aaron L
e9cd8acc06 Refactor the duplication out of tests 2018-08-31 09:38:48 -07:00
Aaron L
dc6c655e10 Add tests for totp2fa 2018-08-31 01:15:05 -07:00
Aaron L
52d9b33730 Add tests for twofactor package 2018-08-26 16:49:16 -07:00
Aaron L
3daf5c988e Add totp recovery code login 2018-08-26 15:48:53 -07:00