Aaron L
e38d4652d5
Bump version
2018-12-16 22:52:27 -08:00
Aaron L
f70bdd5eeb
Add EventAuthHijack to work around ordering issue
...
Lock/Confirm and possibly other authentication preemption mechanisms
hook into 'Before(EventAuth)', but the ordering of these rejection
mechanisms mixed with the 2fa acceptance response could result in a
dual response.
2018-12-16 22:50:26 -08:00
Aaron L
019073081f
Fix same hook like bug but for failures
2018-12-13 23:10:16 -08:00
Aaron L
0e85072885
Fix bug where After Auth hooks could fail
...
- User was not being set in the Context for 2fa success paths meaning
things like lock and remember event handlers would fail.
2018-12-13 23:04:28 -08:00
Aaron L
6f3e7ca54a
Add more flexibility to authboss.Middleware
...
- Add requirements and responses for the authboss middleware. This lets
us later add new types that don't break the API instead of a list of
bools.
2018-12-10 23:00:27 -08:00
Aaron L
adaf5a9192
Fix session persistence security hole in totp/sms
...
- Reorder the lookups to ensure CurrentUser is always looked up before
any temporary pending PIDs.
- See changelog for more details
2018-12-10 22:23:37 -08:00
Aaron L
7518918b47
Fix test regex to accept all base64 characters
2018-12-10 20:13:44 -08:00
Aaron L
003476b6d5
Revert "Make removal of 2fa require e-mail verification"
...
This reverts commit 5b876d21c3
.
2018-12-10 20:12:34 -08:00
Aaron L
d08fd7a196
Merge branch 'jmhodges/patch-2' into dev
2018-12-09 23:56:59 -08:00
Aaron L
aa6187d73b
Merge branch 'jmhodges/patch-1' into dev
2018-12-09 23:55:43 -08:00
Aaron L
9254c094cf
Remove L from two factor recovery codes
...
- This is a difficult letter to tell apart from the number 1 depending
on the font. 0 and o should be okay since all letters are lowercase.
2018-12-09 20:27:59 -08:00
Jeff Hodges
028e8bd137
link to godoc in relevant places in the README.md
2018-12-08 19:55:34 -08:00
Jeff Hodges
ddab48d8da
correct defaults package link in README.md
2018-12-08 19:49:22 -08:00
Aaron L
90eb33a4b1
Fix panic in JSON renderer on empty body
2018-12-07 09:32:45 -08:00
Aaron L
5b876d21c3
Make removal of 2fa require e-mail verification
...
- Fix a bug in a test regex that would fail occaisonally
2018-12-04 23:41:45 -08:00
Aaron L
1c254ce6ce
Update changelog
2018-11-14 18:31:17 -08:00
Aaron L
4eafb62a8f
Merge branch 'rarguelloF/fix-rules-lowercase' into dev
2018-11-14 18:30:27 -08:00
Rodrigo Argüello Flores
63e9512667
Fix default.Rules lowercase condition
2018-11-10 19:36:44 +09:00
Aaron L
87b06f40ed
Document 2fa e-mail verification
...
- Move TOC underneath important info in readme
2018-11-04 23:23:00 -08:00
Aaron L
b5103a916f
Update changelog
2018-11-04 23:00:14 -08:00
Aaron L
cf24e257d8
Merge branch 'rarguelloF/fix-login-get' into dev
2018-11-04 22:59:03 -08:00
Aaron L
6c663762e4
Fix couple bugs with remember and 2fa
...
- Fix bug where setup paths were not mountpathed so twofactor_verify
would redirect to a 404.
- Fix bug in remember where a user would be remembered even if logged in
depending on the middleware order (if something had previously called
LoadCurrentUser/LoadCurrentUserID it was fine, if not, the user was
half-authed even if he was cleared of half-auth previously).
2018-11-04 22:49:43 -08:00
Aaron L
9f965c8531
Fix bug in sms email validation
2018-11-04 21:17:54 -08:00
Aaron L
931ccfba1f
Add twofactor setup e-mail validation options
2018-11-01 22:49:25 -07:00
Rodrigo Argüello Flores
af3f34f140
Fix login get endpoint when no FormValueRedirect is given
2018-11-01 14:44:54 +09:00
Aaron L
97b72a4816
Bump version
2018-10-28 23:29:25 -07:00
Aaron L
5a62b6c20c
Fix some broken tests
2018-10-28 23:28:04 -07:00
Aaron L
25eda89076
Ensure important events are firing for 2fa modules
2018-10-28 23:17:10 -07:00
Aaron L
3944d57c9d
Make the default json renderer write a status
2018-10-28 22:58:00 -07:00
Aaron L
d84ea6fac5
Fix default responder's content-type check
...
- Fix #189
2018-09-27 22:06:56 -07:00
Aaron L
dc5a3def97
Fix bug in LoadCurrentUser error handling
2018-09-17 20:42:03 -07:00
Aaron L
8213e87e83
Rewrite docs to 80 cols
...
- Fix #183
2018-09-15 15:39:26 -07:00
Aaron L
2eeaf342f9
Add control over confirm http method
2018-09-12 19:58:56 -07:00
Aaron L
79d1893bdc
Add ability to override mail root
...
- Add config option for MailRoot
- Make confirm and recover use MailRoot if present, otherwise assemble
URL like normal.
2018-09-12 19:49:48 -07:00
Aaron L
13e6714c87
Change redirector to do more API-like things
...
- Add an option to coerce HTTP 307/308 -> 200 for API redirects
- Change the status message to always show up during a redirect.
2018-09-12 17:11:23 -07:00
Aaron L
98147bc020
Fix several lint errors
2018-09-03 16:34:10 -07:00
Aaron L
462a784cd2
Merge branch 'v2'
2018-09-03 16:05:02 -07:00
Aaron L
97a8f0fe04
Update changelog
2018-09-03 14:11:11 -07:00
Aaron L
6fe647f404
Touch up documentation for v2
2018-09-03 13:03:41 -07:00
Aaron L
167d5a0903
Add context to the sms sender interface
2018-09-03 11:58:24 -07:00
Aaron L
4420666f2b
Split 2fa pages apart
...
- Add a config option to control the authboss.Middleware redirecting
2018-09-03 11:57:25 -07:00
Aaron L
5af4d392ab
Fix redirects for otp
2018-08-31 15:19:03 -07:00
Aaron L
8249d714d0
Fix redirects using Middleware
2018-08-31 14:57:22 -07:00
Aaron L
ff72602e76
Merge branch 'otp-twofactor' into v2
2018-08-31 11:44:00 -07:00
Aaron L
0c5db70af2
Update changelog
2018-08-31 11:41:32 -07:00
Aaron L
b44e38177f
Add tests for sms2fa
2018-08-31 11:38:53 -07:00
Aaron L
e9cd8acc06
Refactor the duplication out of tests
2018-08-31 09:38:48 -07:00
Aaron L
dc6c655e10
Add tests for totp2fa
2018-08-31 01:15:05 -07:00
Aaron L
52d9b33730
Add tests for twofactor package
2018-08-26 16:49:16 -07:00
Aaron L
3daf5c988e
Add totp recovery code login
2018-08-26 15:48:53 -07:00