Fix addDevice

This releases fixes the Add Device template that was previously returning a server error.

CVE-2020-26160

• Address CVE-2020-26160
• Upgrade to Go 1.16

0.8.7-pre

Merge pull request #13 from m-barthelemy/fix/ci

Update CI stuff

OTP fixes

• Fix OTP validation
• Restrict requests methods: all requests sending data are now POST only; with existing Samesite Cookie policy, this further improves security by preventing potential cross site requests forgery.
• Make request body size limit global

Log requests from unknown VPN identities

0.8.4

Clearly log VPN check requests from unknown identities

OTP Registration fixes

Ensure OTP secret is valid before validation registration
Fix HTML bug preventing OTP form submission
Improve UX on new device when no MFA method is available except OTC from already registered device.

Add automated release builds

Ship precompiled binaries with every release.

Fix OTC formatting

• Ensure OTC to add new device is always six digits by adding leading zeroes if necessary.
• Fix issue with automated redirects when the user wants to add a new device using OTC

Azure OAuth2 and Logout

• Support for Azure OAuth2. Some environment variables starting with GOOGLE have been renamed to OAUTH2 in order to make them generic.
• The UI will always redirect to the start page (“”Login with …) if the user has no session
• The UI will always redirect to the “Success” page if the user has a valid session. This is to improve the user experience.
• Added Logout button deleting both the web session token and the VPN session.

SSE Notifications Fallback

When a browser doesn't support Web Push notifications (Safari...), fallback to SSE stream and notify user that they need to keep the page open.