colin
/
ATLAS
forked from Nixius/authelia
1
0
Fork 0
Code Pull Requests Activity

Fix security settings links and enable 2FA for customer stacks 

- Update dashboard buttons to use correct Authelia paths:
  /settings/two-factor-authentication and /settings/security
- Change customer stack ACL from one_factor to two_factor so Authelia
  enables the 2FA registration UI (passkeys, TOTP)

Made-with: Cursor
This commit is contained in:
Leopere 2026-03-03 18:26:20 -05:00
parent 8f55b9802b
commit ab11e62c04
Signed by: colin
SSH Key Fingerprint: SHA256:nRPCQTeMFLdGytxRQmPVK9VXY3/ePKQ5lGRyJhT5DY8
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docker/ss-atlas/templates/pages/dashboard.html
View File

@ -245,9 +245,8 @@
best way to ensure your account is never compromised and used without your knowledge.
</div>
<div class="actions">
<a href="{{.AutheliaURL}}/#/settings" class="btn btn-outline btn-sm">Set Up Passkey</a>
<a href="{{.AutheliaURL}}/#/settings" class="btn btn-outline btn-sm">Set Up TOTP App</a>
<a href="{{.AutheliaURL}}/#/settings" class="btn btn-outline btn-sm">Change Password</a>
<a href="{{.AutheliaURL}}/settings/two-factor-authentication" class="btn btn-outline btn-sm">Set Up Passkey / TOTP</a>
<a href="{{.AutheliaURL}}/settings/security" class="btn btn-outline btn-sm">Change Password</a>
</div>
</div>
{{else}}

2
stack.yml
View File

@ -77,7 +77,7 @@ services:
echo "$${CLIENT_SECRET_HEADADMIN}" > /run/secrets/CLIENT_SECRET_HEADADMIN
echo "$${CLIENT_SECRET_PORTAINER}" > /run/secrets/CLIENT_SECRET_PORTAINER
echo "$${CLIENT_SECRET_GITEA}" > /run/secrets/CLIENT_SECRET_GITEA
{ echo 'access_control:'; echo ' default_policy: deny'; echo ' rules:'; echo ' - domain: login.bc.a250.ca'; echo ' policy: bypass'; echo ' - domain: app.bc.a250.ca'; echo ' policy: bypass'; echo ' resources:'; echo " - '^/$$'"; echo " - '^/subscribe$$'"; echo " - '^/success(\\?.*)?$$'"; echo " - '^/webhook/stripe$$'"; echo " - '^/resend-reset$$'"; echo " - '^/health$$'"; echo " - '^/version$$'"; echo ' - domain: app.bc.a250.ca'; echo ' policy: one_factor'; echo ' resources:'; echo " - '^/dashboard$$'"; echo " - '^/activate$$'"; echo " - '^/portal$$'"; echo " - '^/resubscribe$$'"; echo " - '^/stack-manage$$'"; echo ' - domain:'; echo ' - lldap.bc.a250.ca'; echo ' - whoami.bc.a250.ca'; echo ' policy: bypass'; echo ' - domain: "{user}.bc.a250.ca"'; echo ' policy: one_factor'; echo ' - domain: "*.bc.a250.ca"'; echo ' policy: deny'; } > /config/configuration.acl.yml
{ echo 'access_control:'; echo ' default_policy: deny'; echo ' rules:'; echo ' - domain: login.bc.a250.ca'; echo ' policy: bypass'; echo ' - domain: app.bc.a250.ca'; echo ' policy: bypass'; echo ' resources:'; echo " - '^/$$'"; echo " - '^/subscribe$$'"; echo " - '^/success(\\?.*)?$$'"; echo " - '^/webhook/stripe$$'"; echo " - '^/resend-reset$$'"; echo " - '^/health$$'"; echo " - '^/version$$'"; echo ' - domain: app.bc.a250.ca'; echo ' policy: one_factor'; echo ' resources:'; echo " - '^/dashboard$$'"; echo " - '^/activate$$'"; echo " - '^/portal$$'"; echo " - '^/resubscribe$$'"; echo " - '^/stack-manage$$'"; echo ' - domain:'; echo ' - lldap.bc.a250.ca'; echo ' - whoami.bc.a250.ca'; echo ' policy: bypass'; echo ' - domain: "{user}.bc.a250.ca"'; echo ' policy: two_factor'; echo ' - domain: "*.bc.a250.ca"'; echo ' policy: deny'; } > /config/configuration.acl.yml
exec authelia --config=/config/configuration.server.yml --config=/config/configuration.ldap.yml --config=/config/configuration.acl.yml --config=/config/configuration.notifier.yml --config=/config/configuration.identity.providers.yml --config=/config/configuration.oidc.clients.yml
environment:
X_AUTHELIA_EMAIL: authelia@a250.ca