matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity
2,912 Commits 59 Branches 22 Tags
main
Commit Graph

321 Commits

Author SHA1 Message Date
reivilibre
5d4a4a6fb8 Add rate-limiting for account recovery and registration (#3093) 
* Add rate-limiting for account recovery and registration

* Rename login ratelimiter `per_address` to `per_ip` for consistency

Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-08-07 17:57:36 +00:00
reivilibre
244f8f5e5e Add configuration for rate-limiting of logins, replacing hardcoded limits (#3090) 2024-08-07 18:36:02 +01:00
Quentin Gliech
1bdad262cd Disallow OAuth 2.0 use of the GraphQL API by default 2024-08-07 18:09:51 +02:00
dependabot[bot]
b63d3498fd build(deps): bump rustls-pki-types from 1.7.0 to 1.8.0 
Bumps [rustls-pki-types](https://github.com/rustls/pki-types) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/rustls/pki-types/releases)
- [Commits](https://github.com/rustls/pki-types/compare/v/1.7.0...v/1.8.0)

---
updated-dependencies:
- dependency-name: rustls-pki-types
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-07 15:21:47 +02:00
dependabot[bot]
e23baff996 build(deps): bump rustls-pemfile from 2.1.2 to 2.1.3 
Bumps [rustls-pemfile](https://github.com/rustls/pemfile) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/rustls/pemfile/releases)
- [Commits](https://github.com/rustls/pemfile/compare/v/2.1.2...v/2.1.3)

---
updated-dependencies:
- dependency-name: rustls-pemfile
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-04 23:12:58 +02:00
Quentin Gliech
49826c1aa4 Make the optional configuration sections really optional 2024-08-01 15:00:16 +02:00
Quentin Gliech
8b3451d66f Move the account-related options out of experimental 2024-08-01 14:50:21 +02:00
Quentin Gliech
76755610cb config: allow serving the admin API routes 2024-07-26 11:36:55 +02:00
dependabot[bot]
54b1b142df build(deps): bump serde_with from 3.8.3 to 3.9.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.3 to 3.9.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.3...v3.9.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-25 09:33:43 +02:00
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
dependabot[bot]
9486460aae build(deps): bump serde_with from 3.8.2 to 3.8.3 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.2 to 3.8.3.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.2...v3.8.3)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-05 10:29:10 +02:00
Christian Tramnitz
3ab733bf3a Fix RFC1918 network in default proxy configuration (#2908) 2024-07-05 08:22:39 +00:00
Quentin Gliech
eff66726d5 New config options to set the database certificates 2024-07-05 09:54:18 +02:00
dependabot[bot]
a9cf0c33c8 build(deps): bump serde_with from 3.8.1 to 3.8.2 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.1 to 3.8.2.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.1...v3.8.2)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 12:35:29 +02:00
Quentin Gliech
f9f2f4a3be Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Olivier 'reivilibre
37a10aea96 Use Reverse() helper instead of sorting then reversing 2024-05-16 16:39:57 +02:00
Quentin Gliech
d061d7f6b3 Move tokio to a workspace dependency 2024-05-15 14:54:34 +02:00
Quentin Gliech
0e270d5449 hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
f9ae7ae313 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
dependabot[bot]
036a778af6 build(deps): bump rustls-pki-types from 1.5.0 to 1.7.0 
Bumps [rustls-pki-types](https://github.com/rustls/pki-types) from 1.5.0 to 1.7.0.
- [Release notes](https://github.com/rustls/pki-types/releases)
- [Commits](https://github.com/rustls/pki-types/compare/v/1.5.0...v/1.7.0)

---
updated-dependencies:
- dependency-name: rustls-pki-types
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-10 10:20:28 +02:00
Quentin Gliech
3978acd94e Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
dependabot[bot]
8473dbd309 build(deps): bump rustls-pemfile from 2.1.1 to 2.1.2 
Bumps [rustls-pemfile](https://github.com/rustls/pemfile) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/rustls/pemfile/releases)
- [Commits](https://github.com/rustls/pemfile/compare/v/2.1.1...v/2.1.2)

---
updated-dependencies:
- dependency-name: rustls-pemfile
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 22:34:14 +02:00
dependabot[bot]
3d04495856 build(deps): bump rustls-pki-types from 1.3.1 to 1.5.0 
Bumps [rustls-pki-types](https://github.com/rustls/pki-types) from 1.3.1 to 1.5.0.
- [Release notes](https://github.com/rustls/pki-types/releases)
- [Commits](https://github.com/rustls/pki-types/compare/v/1.3.1...v/1.5.0)

---
updated-dependencies:
- dependency-name: rustls-pki-types
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 20:36:04 +02:00
dependabot[bot]
9fe842d254 build(deps): bump serde_with from 3.7.0 to 3.8.1 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.7.0 to 3.8.1.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.7.0...v3.8.1)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 18:12:31 +02:00
dependabot[bot]
43f4768ae6 build(deps): bump tokio from 1.36.0 to 1.37.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.36.0 to 1.37.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.36.0...tokio-1.37.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 18:11:14 +02:00
Quentin Gliech
90080235da Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
dependabot[bot]
e55171443a build(deps): bump indoc from 2.0.4 to 2.0.5 
Bumps [indoc](https://github.com/dtolnay/indoc) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/dtolnay/indoc/releases)
- [Commits](https://github.com/dtolnay/indoc/compare/2.0.4...2.0.5)

---
updated-dependencies:
- dependency-name: indoc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-08 23:26:09 +02:00
Quentin Gliech
cd0ec35d2f Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
58fd6ab4c1 Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
8e7bb26a51 Simplify ConfigurationSection trait & skip default values when serializing 
This removes the `test` and `generate` methods from the
`ConfigurationSection` trait, as they did not really had a reason to
exist in the trait itself.
 2024-03-22 13:33:09 +01:00
Quentin Gliech
fc7489c5f8 Flatten the upstream_oauth2 config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
aa6178abe6 Flatten the telemetry config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
809fe16d29 Flatten the secrets config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
156dc08280 Clean up the default policy config data 2024-03-22 13:33:09 +01:00
Quentin Gliech
f5b34b5b18 Flatten the passwords config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
8bc35f63d8 Flatten the http config 
Also properly remove the `spa` resource
 2024-03-22 13:33:09 +01:00
Quentin Gliech
6d77d0ed25 Flatten the email config 2024-03-22 13:33:09 +01:00
Quentin Gliech
bf50469da1 Flatten the database config 2024-03-22 13:33:09 +01:00
Quentin Gliech
cba431d20e Flatten the clients config 2024-03-22 13:33:09 +01:00
Quentin Gliech
48b6013c4f Move the sub-configuration path to an associated constant 2024-03-22 13:33:09 +01:00
Quentin Gliech
1cf283337b Load the configuration from a common Figment instance 
This should avoid loading the same files multiple times.
It should also make it easier to do post-processing on the
configuration, like validation.

This does deprecate one undocumented feature: the ability to override
some fields during the configuration generation using environment
variables.
 2024-03-22 13:33:09 +01:00
Quentin Gliech
d8f5fdaf5c Moved some dependencies in the workspace and upgrade some dependencies 2024-03-19 14:54:35 +01:00
dependabot[bot]
5dc8e73f7e build(deps): bump serde_with from 3.6.0 to 3.7.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.6.0...v3.7.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-19 10:40:19 +01:00
dependabot[bot]
880462560b build(deps): bump figment from 0.10.14 to 0.10.15 
Bumps [figment](https://github.com/SergioBenitez/Figment) from 0.10.14 to 0.10.15.
- [Commits](https://github.com/SergioBenitez/Figment/compare/v0.10.14...v0.10.15)

---
updated-dependencies:
- dependency-name: figment
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-19 07:34:37 +01:00
Quentin Gliech
eb950151af Upgrade OTEL and remove support for Jaeger and Zipkin exporters 2024-03-18 17:26:40 +01:00
Quentin Gliech
61a69f5af4 Upgrade chrono and replace deprecated methods usage 2024-03-18 17:26:40 +01:00
Quentin Gliech
c0a9d27e34 Automatically sync the configuration on server startup 2024-03-01 18:14:05 +01:00
Quentin Gliech
3251c5896c Append additional parameters to the OAuth2 authorize endpoint 2024-03-01 14:36:37 +01:00
Quentin Gliech
25fbbf96b9 Load the additional OAuth parameters from the config 2024-03-01 14:36:37 +01:00