matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity

Small documentation fixes

Browse Source 
- Removes mentions of the `mas-cli templates save` command
 - Removes the old `experimental` flags
 - Removes the old `policy.data.passwords` configs
 - Document the `policy.data.client_registration` flags
 - Remove references to the pre-built macOS binaries
 - Explains how to get syn2mas
 - State that you need to prepare the database before importing data
 - Clean up the reverse proxy documentation
 - Clarify that you don't need to provede templates/policy/assets
   manually when running the docker image
This commit is contained in:
Quentin Gliech
2024-08-16 12:36:00 +02:00
parent c8afc48e46
commit 194f6d71a1
7 changed files with 152 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/reference/cli/templates.md
View File

@@ -1,37 +1,15 @@
# `templates`
Helps customizing templates.
## `templates check`
## `templates save <path>`
Save the builtin template in the specified folder.
```console
$ mas-cli templates save ./templates
INFO mas_core::templates: Wrote template path="./templates/login.html"
INFO mas_core::templates: Wrote template path="./templates/register.html"
INFO mas_core::templates: Wrote template path="./templates/index.html"
INFO mas_core::templates: Wrote template path="./templates/reauth.html"
INFO mas_core::templates: Wrote template path="./templates/form_post.html"
INFO mas_core::templates: Wrote template path="./templates/error.html"
INFO mas_core::templates: Wrote template path="./templates/base.html"
```
By default this command won't overwrite existing files, but this behavior can be changed by adding the `--overwrite` flag.
## `templates check <path>`
Check the validity of the templates in the specified folder.
Check the validity of the templates loaded by the config.
It compiles the templates and then renders them with different contexts.
```console
$ mas-cli templates check ./templates
INFO mas_core::templates: Loading builtin templates
$ mas-cli templates check
INFO mas_core::templates: Loading templates from filesystem path=./templates/**/*.{html,txt}
INFO mas_core::templates::check: Rendering template name="login.html" context={"csrf_token":"fake_csrf_token","form":{"fields_errors":{},"form_errors":[],"has_errors":false}}
INFO mas_core::templates::check: Rendering template name="register.html" context={"__UNUSED":null,"csrf_token":"fake_csrf_token"}
INFO mas_core::templates::check: Rendering template name="index.html" context={"csrf_token":"fake_csrf_token","current_session":{"active":true,"created_at":"2021-09-24T13:26:52.962135085Z","id":1,"last_authd_at":"2021-09-24T13:26:52.962135316Z","user_id":2,"username":"john"},"discovery_url":"https://example.com/.well-known/openid-configuration"}
...
```
Builtin templates are still loaded by default when running this command, but this can be skipped by adding the `--skip-builtin` flag.

36
docs/reference/configuration.md
View File

@@ -253,6 +253,11 @@ passwords:
# If disabled, users will only be able to log in using upstream OIDC providers
enabled: true
# Minimum complexity required for passwords, estimated by the zxcvbn algorithm
# Must be between 0 and 4, default is 3
# See https://github.com/dropbox/zxcvbn#usage for more information
minimum_complexity: 3
# List of password hashing schemes being used
# /!\ Only change this if you know what you're doing
# TODO: document this section better
@@ -345,20 +350,13 @@ policy:
# Dynamic Client Registration
client_registration:
# don't require URIs to be on the same host. default: false
allow_host_mismatch: true
allow_host_mismatch: false
# allow non-SSL and localhost URIs. default: false
allow_insecure_uris: true
# Registration using passwords
passwords:
# minimum length of a password. default: 0
min_length: 8
# require at least one lowercase character in a password. default: false
require_lowercase: true
# require at least one uppercase character in a password. default: false
require_uppercase: true
# require at least one number in a password. default: false
require_number: true
allow_insecure_uris: false
# don't require clients to provide a client_uri. default: false
allow_missing_client_uri: false
# don't require clients to provide a contacts field. default: false
allow_missing_contacts: false
```
## `rate_limiting`
@@ -638,16 +636,4 @@ experimental:
# Time-to-live of compatibility access tokens in seconds, when refresh tokens are supported. Defaults to 300, 5 minutes.
#compat_token_ttl: 300
# Whether to enable self-service password registration. Defaults to `true` if password authentication is enabled.
#password_registration_enabled: false
# Whether users are allowed to change their email addresses. Defaults to `true`.
#email_change_allowed: false
# Whether users are allowed to change their display names. Defaults to `true`.
#displayname_change_allowed: false
# Whether users are allowed to change their passwords. Defaults to `true`.
#password_change_allowed: false
```