19d485a68b
admin: model definition for the OAuth 2.0 sessions
2024-08-07 17:41:18 +02:00
5c72712391
build(deps): bump regex from 1.10.5 to 1.10.6
...
Bumps [regex](https://github.com/rust-lang/regex ) from 1.10.5 to 1.10.6.
- [Release notes](https://github.com/rust-lang/regex/releases )
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/regex/compare/1.10.5...1.10.6 )
---
updated-dependencies:
- dependency-name: regex
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-04 22:49:17 +02:00
fbc360d1a9
Backend work to support minimum password complexity ( #2965 )
...
* config: Add minimum password complexity option
* PasswordManager: add function for checking if complexity is sufficient
* Enforce password complexity on registration, change and recovery
* cli: Use exit code 1 for weak passwords
This seems preferable to exit code 0, but ideally we should choose one
and document it.
* Expose minimum password complexity score over GraphQL
2024-07-11 10:17:39 +01:00
78c8ff3916
build(deps): bump regex from 1.10.4 to 1.10.5
...
Bumps [regex](https://github.com/rust-lang/regex ) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/rust-lang/regex/releases )
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/regex/compare/1.10.4...1.10.5 )
---
updated-dependencies:
- dependency-name: regex
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-06-29 05:41:05 +02:00
f9f2f4a3be
Gate account recovery behing a configuration flag
2024-06-28 15:59:21 +02:00
43582e7eca
Data model and repository for the user recovery flow
2024-06-28 15:59:21 +02:00
4d9d8a8ba3
Actually verify the CAPTCHA during registration
2024-05-15 09:38:10 +02:00
0e270d5449
hCaptcha support
2024-05-15 09:38:10 +02:00
f9ae7ae313
Cloudflare Turnstile support
2024-05-15 09:38:10 +02:00
a3beeb2398
Render reCAPTCHA challenge on the registration form
2024-05-15 09:38:10 +02:00
3978acd94e
Fix recently added Clippy lints
...
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
2024-05-07 07:32:02 +02:00
6db50f098d
Allow more characters in device IDs
2024-05-03 16:56:56 +02:00
89adac0873
build(deps): bump crc from 3.0.1 to 3.2.1
...
Bumps [crc](https://github.com/mrhooray/crc-rs ) from 3.0.1 to 3.2.1.
- [Release notes](https://github.com/mrhooray/crc-rs/releases )
- [Commits](https://github.com/mrhooray/crc-rs/compare/3.0.1...3.2.1 )
---
updated-dependencies:
- dependency-name: crc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-04-30 22:34:40 +02:00
cd0d05cd49
build(deps): bump regex from 1.10.3 to 1.10.4
...
Bumps [regex](https://github.com/rust-lang/regex ) from 1.10.3 to 1.10.4.
- [Release notes](https://github.com/rust-lang/regex/releases )
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/regex/compare/1.10.3...1.10.4 )
---
updated-dependencies:
- dependency-name: regex
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-04-30 19:43:16 +02:00
10d7ca95ae
Update copyright headers
2024-04-30 13:33:47 +02:00
f0899f17bd
Move the SiteConfig to the data-model crate
2024-04-30 13:33:47 +02:00
1cb48b8026
Add a manage register-user utility to the CLI
2024-04-30 12:15:10 +02:00
cd0ec35d2f
Soft-delete upstream OAuth 2.0 providers on config sync
2024-04-03 09:51:22 +02:00
4e3823fe4f
Add a soft-deletion column on upstream OAuth 2.0 providers
2024-04-03 09:51:22 +02:00
70d688913f
Add Electron user-agent parsing for Element Desktop/Nightly ( #2461 )
2024-03-18 18:42:31 +01:00
61a69f5af4
Upgrade chrono and replace deprecated methods usage
2024-03-18 17:26:40 +01:00
1821136e3f
Additional parameters from upstream OAuth2 providers in the data model
2024-03-01 14:36:37 +01:00
f3cbd3b315
Parse User Agents on the backend side ( #2388 )
...
* Parse user agents on the server side
* Parse and expose user agents on the backend
* Use the parsed user agent in the device consent page
* Fix the device icon tests
* Fix clippy warnings
* Box stuff to avoid large enum variants
* Ignore a clippy warning
* Fix the requester boxing
2024-02-23 16:47:48 +01:00
f171d76dc5
Record user agents on OAuth 2.0 and compat sessions ( #2386 )
...
* Record user agents on OAuth 2.0 and compat sessions
* Add tests for recording user agent in sessions
2024-02-22 10:01:32 +01:00
ed5893eb20
Save which user session created a compat session
...
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
2024-02-21 11:55:58 +01:00
17e968f7cc
Record the user agent and IP in the device code grant
2024-02-02 18:01:51 +01:00
286fc57103
Add a repository for device code grants
2024-02-02 18:01:51 +01:00
ae05cbc1f1
Setup the data model for the device code grant
2024-02-02 18:01:51 +01:00
49963b26f8
Prepare workspace to publish OIDC crates
2023-12-07 16:02:55 +01:00
a0f5f3c642
Enable clippy lints on a workspace level
...
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
2023-12-05 17:20:42 +01:00
5126d36b2e
Add upstream OAuth 2.0 providers name and branding
2023-11-20 17:23:02 +01:00
7315dd9a7a
Allow endpoints and discovery mode override for upstream oauth2 providers
...
This time, at the configuration and database level
2023-11-17 16:18:39 +01:00
364093f12f
Allow overriding usptream OAuth2 providers endpoints
...
Also have a way to disable OIDC discovery when all the endpoints are known.
2023-11-17 16:18:39 +01:00
89420a2cfc
Refactor the upstream link provider template logic
...
Also adds tests for new account registration through an upstream oauth2
provider
2023-11-13 14:11:30 +01:00
6ded397977
Use minijinja templates to map OIDC claims to user attributes
2023-11-08 12:05:58 +01:00
3cb8a26d95
"Can request admin" flag on user
2023-10-09 18:52:30 +02:00
894957934d
Test the activity tracker on the introspection endpoint
2023-09-19 21:57:54 +02:00
50558a7319
Make the last activity timestamp and IP available through the API
2023-09-19 21:57:54 +02:00
c9155ef0cf
Rust dependencies housekeeping
...
Including:
- package upgrades
- stop using the patched version of `ulid`
- update cargo deny duplicate exception list
2023-09-14 23:43:00 +02:00
9a77f67fbe
Make the error on introspection failure more explicit in the logs
2023-09-13 18:24:52 +02:00
e6b91c1ce4
data-model: make the access token expiration optional
2023-09-11 12:03:42 +02:00
7e247830c9
data-model: Make the user_id optional in the OAuth 2.0 sessions
2023-09-06 09:35:34 +02:00
a01c53019f
Define common crates metadata on the workspace level
2023-09-01 16:27:22 +02:00
ae3213fe87
Make the email verification state more configurable on upstream OAuth 2.0 registration
...
This also marks the email as primary
2023-08-31 14:20:06 +02:00
5d3b8cd92f
Store the browser user-agent when starting a browser session
2023-08-29 17:38:01 +02:00
438a10332a
Add the user_id directly on oauth2_sessions and make the scope a text list
2023-08-29 12:52:24 +02:00
17e28f56c1
Upgrade Rust to 1.72.0
...
Fixes new clippy errors and upgrade other tools
2023-08-28 18:05:56 +02:00
d9a12de8a3
Save the authentication method on each authorization
...
This will help us logging out of the upstream.
2023-08-28 17:14:59 +02:00
096386e9b9
Save the application_type and the contacts in the OAuth 2.0 clients
...
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
2023-08-28 14:41:49 +02:00
7c83dce66e
Move some common dependencies on the workspace level
...
Also deprecates the AWS SESv2 transport for emails
2023-08-14 13:00:01 +02:00
