colin
/
ATLAS
forked from Nixius/authelia
1
0
Fork 0
Code Pull Requests Activity
159 Commits 1 Branch 4 Tags 618 KiB
Commit Graph

159 Commits

Author SHA1 Message Date
Leopere ab11e62c04
Fix security settings links and enable 2FA for customer stacks 
- Update dashboard buttons to use correct Authelia paths:
  /settings/two-factor-authentication and /settings/security
- Change customer stack ACL from one_factor to two_factor so Authelia
  enables the 2FA registration UI (passkeys, TOTP)

Made-with: Cursor
 2026-03-03 18:26:20 -05:00
Leopere 8f55b9802b
Add Account Security card with direct links to Authelia settings 
Replaces the generic "Account Settings" button with a dedicated card
containing passkey, TOTP, and password links plus a warning about
enabling 2FA to prevent account compromise.

Made-with: Cursor
 2026-03-03 18:21:50 -05:00
Leopere bd84b0a578
Include remaining template and route changes 
Made-with: Cursor
 2026-03-03 18:11:38 -05:00
Leopere bbc828fa35
Fall back to LDAP group check when Authelia session is stale 
The Remote-Groups header reflects groups at login time. If a user was
added to 'customers' after logging in (via /activate), the dashboard
would show "No Active Subscription". Now checks LDAP directly as
fallback.

Made-with: Cursor
 2026-03-03 18:11:31 -05:00
Leopere 1f8f50d50b
Redirect paid-but-not-activated users from landing to /activate 
If a logged-in user has a Stripe customer ID but isn't in the customers
group yet, they've paid but haven't activated. Send them to /activate
instead of showing "No Active Subscription".

Made-with: Cursor
 2026-03-03 18:07:57 -05:00
Leopere 91c0411b90
Add /resend-reset endpoint so set-password button sends email directly 
The welcome page button was linking to Authelia's reset page which
requires an active login session. Now it POSTs to /resend-reset which
calls the Authelia API server-side and sends the email immediately.
Button text updated from "Reset Password" to "Set Password".

Made-with: Cursor
 2026-03-03 17:30:38 -05:00
Leopere aa1201560d
Show welcome page for any user not yet in customers group 
Previously, users already in LDAP but not yet activated (e.g. webhook
created the user, or lapsed sub) were redirected to the auth-gated
dashboard. Now only active customers (in 'customers' group) skip the
welcome page — everyone else sees onboarding with password reset.

Made-with: Cursor
 2026-03-03 17:20:21 -05:00
Leopere c7d19ed20d
Fix success page skipped due to webhook race condition 
The webhook was provisioning the user before the success page loaded,
causing IsNew=false and skipping the welcome/onboarding page entirely.

Now:
- Webhook only ensures user+stripe ID as a backstop (no password email)
- Success page is the sole owner of password reset + welcome flow
- Uses group membership (not IsNew) to distinguish new vs returning:
  if already in 'customers' group -> dashboard, otherwise -> welcome

Made-with: Cursor
 2026-03-03 17:16:48 -05:00
Leopere 677bef195f
Trigger Authelia password reset email on new user checkout 
The triggerPasswordReset function existed but was never called.
New users now receive a set-password email immediately after their
Stripe checkout completes.

Made-with: Cursor
 2026-03-03 17:13:37 -05:00
Leopere c68edc70d1
Switch customer stack to Gitea + PostgreSQL two-service pattern 
- web: Gitea (self-hosted Git), exposed via Traefik behind Authelia
- db: PostgreSQL 16, internal backend network only, never exposed
- Establishes the canonical web+db template structure for future products

Made-with: Cursor
 2026-03-03 17:02:49 -05:00
Leopere 463483f769
Unify stack action button behaviour via single event listener 
Replace per-form onsubmit handlers with a single script that handles
all data-stack-action forms identically: confirm if needed, then
disable the button and show a contextual loading label.

Made-with: Cursor
 2026-03-03 17:00:58 -05:00
Leopere 239d2c07e1
Disable stack action buttons on submit to prevent spam 
Made-with: Cursor
 2026-03-03 16:58:56 -05:00
Leopere 084548fcd7
Fix dashboard stack state UI after Destroy 
- Inverted condition was showing 'being provisioned' when stack not deployed
- Actions block was gated on StackDeployed so no Start button after destroy
- Start button now always shown when not running
- Destroy button only shown when stack is deployed
- 'Being provisioned' message replaced with accurate 'stopped' message

Made-with: Cursor
 2026-03-03 16:56:48 -05:00
Leopere 6356cbb1da
Fix Destroy being immediately undone by dashboard auto-redeploy 
Dashboard was auto-deploying any missing stack on every page load.
This stomped on the Destroy action. Stack creation only happens at
activation and via explicit Start — not on dashboard render.

Made-with: Cursor
 2026-03-03 16:52:31 -05:00
Leopere e71831cf9d
Switch customer stack product to Uptime Kuma 
Each customer now receives a dedicated Uptime Kuma monitoring instance
at their subdomain. Drops the unused Redis sidecar from the template.

Made-with: Cursor
 2026-03-03 16:49:50 -05:00
Leopere a92cbe9b72
Add header to stack-template, force-update images on deploy 
- stack-template.yml: prominent comment explaining this is the product
  being sold and how to swap in the real application image
- deploy-stack-dev.sh: force-update locally-built images after stack
  deploy so swarm always runs the freshly built container

Made-with: Cursor
 2026-03-03 16:48:03 -05:00
Leopere 74a24ffe2a
Fix subscription status not showing Expiring for cancel_at_period_end subs 
- Also check sub.CancelAt > 0 (handles explicit cancel_at date, not just period-end)
- Fall back to item CurrentPeriodEnd for the display date since current_period_end
  moved off the top-level Subscription object in stripe-go v84

Made-with: Cursor
 2026-03-03 16:00:24 -05:00
Leopere 159a0b4455
Remove Rebuild button from dashboard UI 
Made-with: Cursor
 2026-03-03 15:55:21 -05:00
Leopere b66dfa053e
Force auth on all customer stacks, migrate to swarm stack.yml 
- Remove public/private toggle — all customer stacks now always deploy
  behind authelia-auth middleware, no exceptions
- Remove ALLOW_CUSTOMER_STACK_AUTH_TOGGLE and CUSTOMER_STACK_REQUIRE_AUTH_DEFAULT
  config, env vars, routes, and UI
- Replace docker-compose.dev.yml + docker-compose.swarm-dev.yml with
  unified stack.yml for swarm deployment
- Various handler, ldap, stripe, swarm, and template additions from
  prior work sessions

Made-with: Cursor
 2026-03-03 15:51:25 -05:00
Leopere 6fcdd1262d
Bake git commit into Go binary for version traceability 
- Add internal/version package with ldflags-injected Commit/BuildTime
- Dockerfile accepts BUILD_COMMIT/BUILD_TIME args, passes via -ldflags
- Log version on startup, expose GET /version endpoint
- Show commit hash badge in bottom-right of landing + dashboard pages
- Deploy scripts gate on clean git tree and pass commit to build
- Remove staging files, misc config updates

Made-with: Cursor
 2026-03-03 12:51:12 -05:00
Leopere c3097bd8fe
Deploy: prune old images after deploy, document full rebuild/redeploy 
Made-with: Cursor
 2026-03-03 11:35:07 -05:00
Leopere ac24f6d1dc
Add ss-atlas service, config updates, ignore IDE cruft 
Made-with: Cursor
 2026-03-03 11:21:03 -05:00
colin 9bbec9a8d2 Clean up WebAuthn config: remove duplicate user_verification setting 
- Removed duplicate user_verification from top-level webauthn config
- user_verification is now properly configured only under selection_criteria
- Passkey authentication remains enabled and properly configured
 2025-06-20 15:57:20 -04:00
colin 32e966e2f5 Remove OIDC config files from Authelia startup command - Prevents template engine from processing commented OIDC configurations - Should fix startup issues with missing OIDC secrets - Authelia will run with basic auth only 2025-06-11 16:30:12 -04:00
colin a01930a6a6 Fix CI deployment script to remove OIDC secrets from required variables - Remove IDENTITY_PROVIDERS_OIDC_* and CLIENT_SECRET_* from required env vars - Remove them from secrets management list - This fixes deployment script failure when OIDC is disabled 2025-06-11 16:18:23 -04:00
colin 4ae5e0a956 fixup 2025-06-11 16:14:22 -04:00
colin b3e748477d Completely disable OIDC provider temporarily - Comment out all OIDC configuration in identity providers and clients - Remove OIDC secrets from stack to eliminate template processing issues - This should get Authelia running with basic auth only 2025-06-11 16:13:51 -04:00
colin f062eeb40d Completely remove Gitea OAuth client configuration - Template engine was processing commented CLIENT_SECRET_GITEA references - Complete removal should fix Authelia startup issue 2025-06-11 16:10:58 -04:00
colin 426bb996ac Remove OAuth client secrets from CI build process - CLIENT_SECRET_PORTAINER/HEADSCALE/HEADADMIN not needed during build - These secrets are handled by Docker Swarm at runtime - Fixes Authelia container startup issues 2025-06-11 15:53:55 -04:00
colin 56d258d992 Add CLIENT_SECRET_PORTAINER to CI environment variables - Fixes build process that was missing Portainer OAuth secret - Required for Authelia container to start properly 2025-06-11 15:49:30 -04:00
colin 5ff5cb783a Temporarily disable Gitea OAuth client to fix Authelia startup - Comment out Gitea OIDC client and remove CLIENT_SECRET_GITEA from stack.production.yml 2025-06-11 15:43:08 -04:00
colin faecff6de3 fixup 2025-06-11 15:29:56 -04:00
colin fdb8ee6ae8 fixup 2025-06-11 15:26:00 -04:00
colin fac504117c fixup 2025-06-11 14:34:40 -04:00
Your Name 507378655a Add two-factor authentication for sensitive admin services 2025-06-06 11:44:10 -04:00
Your Name e70fed6ad8 Enable passkey login and improve WebAuthn configuration 2025-06-06 10:15:12 -04:00
Your Name 78cea66d39 fixing deploy step 2025-06-05 12:28:29 -04:00
Your Name fc81495f2d fixing deploy step 2025-06-05 12:20:49 -04:00
Your Name bb890c17d4 fixing deploy step 2025-06-05 12:12:49 -04:00
Your Name ff3d077282 fixing deploy step 2025-06-05 11:58:43 -04:00
Your Name 40fe535bdd fixing deploy step 2025-06-05 11:46:01 -04:00
Your Name 42ff73a18d fixing deploy step 2025-06-05 11:36:59 -04:00
Your Name 1f207cb0d2 fixing deploy step 2025-06-05 11:26:05 -04:00
Your Name 03b209140d fixing deploy step 2025-06-05 09:36:23 -04:00
Your Name 4e1e5f21cf fixing deploy step 2025-06-05 09:27:46 -04:00
Your Name 7b19860ccc fixing deploy step 2025-06-05 09:20:23 -04:00
Your Name 2cb6159eea fix: explicitly use bash to run deployment script - CI environment was using /bin/sh instead of /bin/bash - Our script uses bash-specific features like arrays - This ensures proper execution in CI environment 2025-06-05 09:17:14 -04:00
Your Name 993b32af46 optimize: speed up deployment while ensuring latest images and better diagnostics - Force pull latest images with hash verification before deployment - Reduce timeouts: deployment 3min, health check 90s, stack removal 60s - Check every 2s instead of 5s for faster feedback - Exit early on clear failures to avoid waiting - Comprehensive container-level diagnostics on failure - Show task status, container logs, and service inspection - Verify deployed image matches pulled image hash - Minimal 10s initialization wait instead of 30s - Better error messages with image hash tracking 2025-06-05 09:15:00 -04:00
Your Name bf09520c1d enhance: add comprehensive resilience to CI deployment script - Concurrent execution prevention with lock files - Retry logic for transient failures (3 attempts) - Extensive pre-flight checks (disk space, env vars, Docker health) - Configurable timeouts (5min deployment, 2min health checks) - Enhanced health checking with multiple validation methods - Automatic cleanup on script exit - Detailed debugging information on failure - Environment variable validation for all 10 secrets - Rollback preparation and improved logging 2025-06-05 09:11:37 -04:00
Your Name 9645631496 fixing deploy step 2025-06-05 09:06:59 -04:00