ff7dcf4ffb
build(deps): bump indexmap from 2.4.0 to 2.5.0
...
Bumps [indexmap](https://github.com/indexmap-rs/indexmap ) from 2.4.0 to 2.5.0.
- [Changelog](https://github.com/indexmap-rs/indexmap/blob/master/RELEASES.md )
- [Commits](https://github.com/indexmap-rs/indexmap/compare/2.4.0...2.5.0 )
---
updated-dependencies:
- dependency-name: indexmap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-09-03 17:47:58 +02:00
b43408bc8d
build(deps): bump indexmap from 2.3.0 to 2.4.0
...
Bumps [indexmap](https://github.com/indexmap-rs/indexmap ) from 2.3.0 to 2.4.0.
- [Changelog](https://github.com/indexmap-rs/indexmap/blob/master/RELEASES.md )
- [Commits](https://github.com/indexmap-rs/indexmap/compare/2.3.0...2.4.0 )
---
updated-dependencies:
- dependency-name: indexmap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-30 10:37:28 +02:00
29d6383c5d
admin: rename the can_request_admin field to admin
2024-08-07 20:13:43 +02:00
6189abe7b4
admin: set can_request_admin API
2024-08-07 20:13:43 +02:00
5d4a4a6fb8
Add rate-limiting for account recovery and registration ( #3093 )
...
* Add rate-limiting for account recovery and registration
* Rename login ratelimiter `per_address` to `per_ip` for consistency
Co-authored-by: Quentin Gliech <quenting@element.io >
2024-08-07 17:57:36 +00:00
244f8f5e5e
Add configuration for rate-limiting of logins, replacing hardcoded limits ( #3090 )
2024-08-07 18:36:02 +01:00
1bdad262cd
Disallow OAuth 2.0 use of the GraphQL API by default
2024-08-07 18:09:51 +02:00
b4eb93558d
admin: add simple snapshot test for the list oauth2 sessions endpoint
2024-08-07 17:41:18 +02:00
dd58fffdef
admin: add tests for the get OAuth session API
2024-08-07 17:41:18 +02:00
cf9f201337
admin: get OAuth 2.0 session API
2024-08-07 17:41:18 +02:00
4f52840bf3
admin: list OAuth 2.0 sessions API
2024-08-07 17:41:18 +02:00
83e4aa476f
admin: setup base for oauth2 sessions endpoints
2024-08-07 17:41:18 +02:00
19d485a68b
admin: model definition for the OAuth 2.0 sessions
2024-08-07 17:41:18 +02:00
c61a52a3a0
admin: better error when password auth is disabled
2024-08-07 15:10:19 +02:00
475a43df71
admin: check password complexity in password set API
2024-08-07 15:10:19 +02:00
8b5d576018
admin: set password API
2024-08-07 15:10:19 +02:00
9ea77a9562
admin: lock user API
2024-08-06 13:43:13 +02:00
2307c05c69
admin: user unlock API
2024-08-06 13:31:28 +02:00
117e124ddf
admin: user deactivation API
2024-08-06 11:48:19 +02:00
1ad4091a5c
build(deps): bump indexmap from 2.2.6 to 2.3.0
...
Bumps [indexmap](https://github.com/indexmap-rs/indexmap ) from 2.2.6 to 2.3.0.
- [Changelog](https://github.com/indexmap-rs/indexmap/blob/master/RELEASES.md )
- [Commits](https://github.com/indexmap-rs/indexmap/compare/2.2.6...2.3.0 )
---
updated-dependencies:
- dependency-name: indexmap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-02 00:19:27 +02:00
65f1c45095
admin: add operation ID on user add operation
2024-08-01 16:23:08 +02:00
5833f1a2af
handlers: tests for the add user admin API
2024-08-01 16:23:08 +02:00
015f6e2455
handlers: test utility to help request the admin API
2024-08-01 16:23:08 +02:00
94004ce18c
Rename the payload struct to appease clippy
2024-08-01 16:23:08 +02:00
221f227baa
admin: add API to create users
2024-08-01 16:23:08 +02:00
d03dd41345
admin: add operation IDs on user operations & other improvements
...
This also documents better the user list operation parameters
2024-08-01 15:17:14 +02:00
78e988b7cc
Tweak the schema generation and use a common definition for ULIDs
2024-08-01 15:17:14 +02:00
cdecac735e
Tweak the schema to use summary instead of description and add tags
2024-08-01 15:17:14 +02:00
3f947025e2
Host a Swagger UI both in the static documentation and by the server
2024-08-01 15:17:14 +02:00
5edeb59ef3
build(deps): bump zxcvbn from 3.0.1 to 3.1.0
...
Bumps [zxcvbn](https://github.com/shssoichiro/zxcvbn-rs ) from 3.0.1 to 3.1.0.
- [Changelog](https://github.com/shssoichiro/zxcvbn-rs/blob/master/CHANGELOG.md )
- [Commits](https://github.com/shssoichiro/zxcvbn-rs/compare/v3.0.1...v3.1.0 )
---
updated-dependencies:
- dependency-name: zxcvbn
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-07-30 11:51:20 +02:00
8737d6f89b
graphql: Expose CAPTCHA config and whether password registration is enabled
2024-07-26 13:02:58 +01:00
4a275fa4b9
Call retain_recent periodically on rate limiters
2024-07-26 13:56:45 +02:00
e25c170403
Rate-limit password-based login attempts
2024-07-26 13:56:45 +02:00
f5b4caf520
admin: add APIs to list and get users
2024-07-26 11:36:55 +02:00
c177233b33
Define common response types for the admin API
...
This adds a Single and a Paginated response type, which have links to the next, previous, first and last pages.
2024-07-26 11:36:55 +02:00
27ca7ec108
Add an extractor to check for credentails in the admin API
2024-07-26 11:36:55 +02:00
43ff6dc9d3
doc: auto-generate the API schema in the documentation
2024-07-26 11:36:55 +02:00
f4f61f0d51
handlers: bootstrap the admin API router
2024-07-26 11:36:55 +02:00
144de0deb2
storage: freeze the error type on BoxRepository
...
This avoids having to deal with traits bounds everywhere. It also moves
the `boxed()` method to the PgRepository, because it was unnecessary to
keep it on the `Repository` trait
2024-07-26 11:36:55 +02:00
48c4c34e88
Remove the server-side rendered account recovery 'finish' form
...
Replace with the React frontend form
2024-07-26 10:20:32 +01:00
c83e052e7f
graphql: use NoSuchRecoveryTicket when link is invalid
2024-07-26 10:20:32 +01:00
d1b9a4980c
Update opentelemetry to 0.24.0
2024-07-25 11:01:43 +02:00
7dcb476e92
build(deps): bump psl from 2.1.50 to 2.1.55
...
Bumps [psl](https://github.com/addr-rs/psl ) from 2.1.50 to 2.1.55.
- [Release notes](https://github.com/addr-rs/psl/releases )
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.50...v2.1.55 )
---
updated-dependencies:
- dependency-name: psl
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-07-25 09:34:05 +02:00
54b1b142df
build(deps): bump serde_with from 3.8.3 to 3.9.0
...
Bumps [serde_with](https://github.com/jonasbb/serde_with ) from 3.8.3 to 3.9.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases )
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.3...v3.9.0 )
---
updated-dependencies:
- dependency-name: serde_with
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-07-25 09:33:43 +02:00
8147016735
graphql: Add a SetPasswordByRecovery mutation to perform account recovery ( #2986 )
2024-07-24 16:19:14 +01:00
6f2ab4f738
graphql: allow filtering of sessions by last activity
2024-07-19 13:40:27 +02:00
1afd2a2906
Remove OPA-based password policy enforcement ( #2875 )
...
Co-authored-by: Quentin Gliech <quenting@element.io >
2024-07-16 14:33:04 +01:00
fa32387ca5
Show whether the user is deactivated on the homeserver in the GraphQL API
...
Fix #2375
2024-07-16 13:20:28 +02:00
bac2db9884
GraphQL API to unlock a user
...
Fixes #2101
2024-07-16 13:20:28 +02:00
3eab10672f
Add a lock during syncs of user devices
2024-07-16 09:32:07 +02:00
