matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity
2,867 Commits 59 Branches 22 Tags
quenting/admin/user-can-request-admin
Commit Graph

189 Commits

Author SHA1 Message Date
Quentin Gliech
144de0deb2 storage: freeze the error type on BoxRepository 
This avoids having to deal with traits bounds everywhere. It also moves
the `boxed()` method to the PgRepository, because it was unnecessary to
keep it on the `Repository` trait
 2024-07-26 11:36:55 +02:00
Quentin Gliech
cef4645286 storage: add a filter by last active time on app sessions 2024-07-19 13:40:27 +02:00
Quentin Gliech
62c2af5e6a storage: add a filter by last active time on OAuth 2.0 sessions 2024-07-19 13:40:27 +02:00
Quentin Gliech
8bc1ef151f storage: add a filter by last active time on compatibility sessions 2024-07-19 13:40:27 +02:00
Quentin Gliech
c6b759c56d storage: add a filter by last active time on browser sessions 2024-07-19 13:40:27 +02:00
Quentin Gliech
12d2f1f827 Add new filters on the OAuth and compat sessions 2024-07-16 18:23:23 +02:00
Quentin Gliech
dcaf65e6e7 Batch finish browser sessions 2024-07-16 14:13:11 +02:00
Quentin Gliech
04b96b87b8 Batch finish OAuth 2.0 sessions 2024-07-16 14:13:11 +02:00
Quentin Gliech
f8d12cc305 Batch finish compatibility sessions 2024-07-16 14:13:11 +02:00
Quentin Gliech
0207495225 Add a way to reactivate users on the homeserver 2024-07-16 13:20:28 +02:00
Quentin Gliech
3eab10672f Add a lock during syncs of user devices 2024-07-16 09:32:07 +02:00
Quentin Gliech
35c06ac27b Deprecate the ProvisionDeviceJob and DeleteDeviceJob jobs 2024-07-16 09:32:07 +02:00
Quentin Gliech
bf276289b6 Fully sync the devices with the homeserver 2024-07-16 09:32:07 +02:00
Quentin Gliech
e75df0752d storage: methods to list and count users with filters and pagination 2024-07-05 13:44:14 +02:00
Quentin Gliech
c156a3891e Actually send emails for recovery 2024-06-28 15:59:21 +02:00
Quentin Gliech
4a60f5d32f Job to generate codes for all emails in a recovery session 2024-06-28 15:59:21 +02:00
Quentin Gliech
b2ee5de050 storage: Add an email filter on the user email list 2024-06-28 15:59:21 +02:00
Quentin Gliech
43582e7eca Data model and repository for the user recovery flow 2024-06-28 15:59:21 +02:00
Quentin Gliech
cd0ec35d2f Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
4e3823fe4f Add a soft-deletion column on upstream OAuth 2.0 providers 2024-04-03 09:51:22 +02:00
Quentin Gliech
61a69f5af4 Upgrade chrono and replace deprecated methods usage 2024-03-18 17:26:40 +01:00
Quentin Gliech
1821136e3f Additional parameters from upstream OAuth2 providers in the data model 2024-03-01 14:36:37 +01:00
Quentin Gliech
f3cbd3b315 Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
f171d76dc5 Record user agents on OAuth 2.0 and compat sessions (#2386) 
* Record user agents on OAuth 2.0 and compat sessions

* Add tests for recording user agent in sessions
 2024-02-22 10:01:32 +01:00
Quentin Gliech
ed5893eb20 Save which user session created a compat session 
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
 2024-02-21 11:55:58 +01:00
Quentin Gliech
03b6ad7138 Remove the unique constraint on device IDs on compatibility sessions 
In OAuth 2.0 sessions, we can have multiple sessions for the same device
anyway, so this constraint doesn't exactly make sense.

Fixes #2033
Fixes #2312
 2024-02-20 15:50:20 +01:00
Quentin Gliech
0beb842195 Make the user agree to T&C during registration 2024-02-07 17:21:22 +01:00
Quentin Gliech
90c386847a Setup a repository to track user terms agreements 2024-02-07 17:21:22 +01:00
Quentin Gliech
17e968f7cc Record the user agent and IP in the device code grant 2024-02-02 18:01:51 +01:00
Quentin Gliech
efa6af3294 Run generated files updates, fix doc links & fmt 2024-02-02 18:01:51 +01:00
Quentin Gliech
286fc57103 Add a repository for device code grants 2024-02-02 18:01:51 +01:00
Quentin Gliech
a0f5f3c642 Enable clippy lints on a workspace level 
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
 2023-12-05 17:20:42 +01:00
Quentin Gliech
5126d36b2e Add upstream OAuth 2.0 providers name and branding 2023-11-20 17:23:02 +01:00
Quentin Gliech
7315dd9a7a Allow endpoints and discovery mode override for upstream oauth2 providers 
This time, at the configuration and database level
 2023-11-17 16:18:39 +01:00
Quentin Gliech
3cb8a26d95 "Can request admin" flag on user 2023-10-09 18:52:30 +02:00
Quentin Gliech
2a100ab927 graphql: allow filtering appsessions on device_id 2023-10-06 16:05:26 +02:00
Quentin Gliech
b2cd8d83f7 templates: translate a lot more stuff 2023-10-05 19:29:23 +02:00
Quentin Gliech
f1d420f381 Storage layer for a unified session list 2023-09-20 20:27:08 +02:00
Quentin Gliech
41dadcfd74 Fix broken doc links 2023-09-19 21:57:54 +02:00
Quentin Gliech
b85655b944 Save the session activity in the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
9c97a0c37a storage: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
83ca90ee3d Add a GraphQL mutation to create arbitrary OAuth2 sessions. 2023-09-11 12:03:42 +02:00
Quentin Gliech
00fe5f902b storage: add a method to create an OAuth 2.0 session for a client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
5d3b8cd92f Store the browser user-agent when starting a browser session 2023-08-29 17:38:01 +02:00
Quentin Gliech
1849b86a7d graphql: Always make the associated SSO login available in compatibility sessions 2023-08-29 16:53:38 +02:00
Quentin Gliech
8402a75a7d storage: Look up compat sessions by device_id 2023-08-29 16:53:38 +02:00
Quentin Gliech
d7abdccc0a storage: Allow filtering oauth2 sessions by scope 2023-08-29 16:53:38 +02:00
Quentin Gliech
d9a12de8a3 Save the authentication method on each authorization 
This will help us logging out of the upstream.
 2023-08-28 17:14:59 +02:00
Quentin Gliech
096386e9b9 Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
8142cad3d6 Call the homeserver for user deactivation 2023-08-03 14:06:34 +02:00