diff --git a/README.md b/README.md index a758dbe..5cf21a8 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ It aims to ease you perform your 2FA authentication steps whatever the device yo - Edit accounts, even the imported ones - Generate TOTP and HOTP security codes -**Shipped version:** 3.0.2~ynh2 +**Shipped version:** 3.1.0~ynh1 **Demo:** https://demo.2fauth.app/login diff --git a/README_fr.md b/README_fr.md index b18d2ea..d23d9a2 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,7 +23,7 @@ It aims to ease you perform your 2FA authentication steps whatever the device yo - Edit accounts, even the imported ones - Generate TOTP and HOTP security codes -**Version incluse :** 3.0.2~ynh2 +**Version incluse :** 3.1.0~ynh1 **Démo :** https://demo.2fauth.app/login diff --git a/conf/.env.example b/conf/.env.example index dd0a5c4..d083f7a 100644 --- a/conf/.env.example +++ b/conf/.env.example @@ -54,7 +54,14 @@ LOG_CHANNEL=daily APP_LOG_LEVEL=notice -# Database config & credentials +# If you're looking for performance improvements, you could install memcached. + +CACHE_DRIVER=file +SESSION_DRIVER=file +FILESYSTEM_DRIVER=local + + +#### Database config & credentials #### # DB_CONNECTION=sqlite # DB_DATABASE="path/to/your/database.sqlite" @@ -69,12 +76,7 @@ DB_USERNAME=__DB_USER__ DB_PASSWORD=__DB_PWD__ -# If you're looking for performance improvements, you could install memcached. -CACHE_DRIVER=file -SESSION_DRIVER=file - - -# Mail settings +#### Mail settings #### # Refer your email provider documentation to configure your mail settings # Set a value for every available setting to avoid issue @@ -90,6 +92,71 @@ MAIL_FROM_NAME=null MAIL_FROM_ADDRESS=null +#### Authentication settings #### + +# The default authentication guard +# +# Supported: +# 'web-guard' : The Laravel built-in auth system (default if nulled) +# 'reverse-proxy-guard' : When 2FAuth is deployed behind a reverse-proxy that handle authentication +# +# WARNING +# When using 'reverse-proxy-guard' 2FAuth only look for the dedicated headers and skip all other built-in +# authentication checks. That means your proxy is fully responsible of the authentication process, 2FAuth will +# trust him as long as headers are presents. + +AUTHENTICATION_GUARD=web-guard + +# Name of the HTTP headers sent by the reverse proxy that identifies the authenticated user at proxy level. +# Check your proxy documentation to find out how these headers are named (i.e 'REMOTE_USER', 'REMOTE_EMAIL', etc...) +# (only relevant when AUTHENTICATION_GUARD is set to 'reverse-proxy-guard') + +AUTH_PROXY_HEADER_FOR_USER= +AUTH_PROXY_HEADER_FOR_EMAIL= + +# Custom logout URL to open when using an auth proxy. + +PROXY_LOGOUT_URL=null + + +#### WebAuthn settings #### + +# Relying Party name, aka the name of the application. If null, defaults to APP_NAME + +WEBAUTHN_NAME= + +# Relying Party ID. If null, the device will fill it internally. +# See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#how-to-determine-the-relying-party-id + +WEBAUTHN_ID= + +# Optional image data in BASE64 (128 bytes maximum) or an image url +# See https://webauthn-doc.spomky-labs.com/pre-requisites/the-relying-party#relying-party-icon + +WEBAUTHN_ICON= + +# Use this setting to control how user verification behave during the +# WebAuthn authentication flow. +# +# Most authenticators and smartphones will ask the user to actively verify +# themselves for log in. For example, through a touch plus pin code, +# password entry, or biometric recognition (e.g., presenting a fingerprint). +# The intent is to distinguish one user from any other. +# +# Supported: +# 'required': Will ALWAYS ask for user verification +# 'preferred' (default) : Will ask for user verification IF POSSIBLE +# 'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow) + +WEBAUTHN_USER_VERIFICATION= + +# Use this setting to declare trusted proxied. +# Supported: +# '*': to trust any proxy +# A comma separated IP list: The list of proxies IP to trust + +TRUSTED_PROXIES= + # Leave the following configuration vars as is. # Unless you like to tinker and know what you're doing. diff --git a/conf/app.src b/conf/app.src index f0b7889..77c748f 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/Bubka/2FAuth/archive/refs/tags/v3.0.2.tar.gz -SOURCE_SUM=608ff18abbdd8a71643fd9a4b7d152a06c749dd8156b8f62162fd4b42e9f8cec +SOURCE_URL=https://github.com/Bubka/2FAuth/archive/refs/tags/v3.1.0.tar.gz +SOURCE_SUM=98dbabc102b046f41e63c2a4afcbd506f9a19bbfe7ef993a0710ffa990d84d7e SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index c38e727..e6bf55c 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "self-hosted alternative to One Time Passcode", "fr": "Alternative auto-hébergée a One Time Passcode" }, - "version": "3.0.2~ynh2", + "version": "3.1.0~ynh1", "url": "https://github.com/Bubka/2FAuth", "upstream": { "license": "AGPL-3.0",