matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity
2,901 Commits 59 Branches 22 Tags
quenting/dockerfile-warning
Commit Graph

246 Commits

Author SHA1 Message Date
reivilibre
244f8f5e5e Add configuration for rate-limiting of logins, replacing hardcoded limits (#3090) 2024-08-07 18:36:02 +01:00
Quentin Gliech
1bdad262cd Disallow OAuth 2.0 use of the GraphQL API by default 2024-08-07 18:09:51 +02:00
Quentin Gliech
49826c1aa4 Make the optional configuration sections really optional 2024-08-01 15:00:16 +02:00
Quentin Gliech
8b3451d66f Move the account-related options out of experimental 2024-08-01 14:50:21 +02:00
Quentin Gliech
4a275fa4b9 Call retain_recent periodically on rate limiters 2024-07-26 13:56:45 +02:00
Quentin Gliech
e25c170403 Rate-limit password-based login attempts 2024-07-26 13:56:45 +02:00
Quentin Gliech
76755610cb config: allow serving the admin API routes 2024-07-26 11:36:55 +02:00
Quentin Gliech
144de0deb2 storage: freeze the error type on BoxRepository 
This avoids having to deal with traits bounds everywhere. It also moves
the `boxed()` method to the PgRepository, because it was unnecessary to
keep it on the `Repository` trait
 2024-07-26 11:36:55 +02:00
Quentin Gliech
ee9a01ef40 OTEL: remove custom Header{Injector,Extractor} implementations 2024-07-25 11:27:07 +02:00
Quentin Gliech
d1b9a4980c Update opentelemetry to 0.24.0 2024-07-25 11:01:43 +02:00
reivilibre
1afd2a2906 Remove OPA-based password policy enforcement (#2875) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-07-16 14:33:04 +01:00
Quentin Gliech
857b76bb04 Make mas-cli manage kill-sessions finish sessions in bulk 2024-07-16 14:13:11 +02:00
Quentin Gliech
0207495225 Add a way to reactivate users on the homeserver 2024-07-16 13:20:28 +02:00
Quentin Gliech
bf276289b6 Fully sync the devices with the homeserver 2024-07-16 09:32:07 +02:00
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
798ca90241 Fix mas-cli 
This does a few things:

 - move `bytes` to workspace dependencies
 - write an hyper-based transport for Sentry
 - ignore OTEL errors related to propagations
 - fix everything else in mas-cli
 2024-07-05 10:07:40 +02:00
Quentin Gliech
2e63e3da71 Write an adapter for opentelemetry-http 2024-07-05 10:07:40 +02:00
Quentin Gliech
edb01f1e98 Box the CLI command futures to reduce the size of the try_main future 2024-07-05 09:54:18 +02:00
Quentin Gliech
eff66726d5 New config options to set the database certificates 2024-07-05 09:54:18 +02:00
Quentin Gliech
c37fcfd786 Bump the other opentelemetry crates 2024-06-28 17:22:02 +02:00
Quentin Gliech
f9f2f4a3be Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
c156a3891e Actually send emails for recovery 2024-06-28 15:59:21 +02:00
reivilibre
d76b54b13f Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
reivilibre
206d45bb31 Merge the mas_graphql crate into the mas_handlers crate (#2783) 2024-05-17 17:22:34 +01:00
Olivier 'reivilibre
d20b0a04fe 'migration' -> 'database migration' in startup output 2024-05-16 16:39:57 +02:00
Olivier 'reivilibre
f8bfad37a1 Fix typos in doctor command output 2024-05-16 16:39:57 +02:00
Quentin Gliech
0e270d5449 hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
f9ae7ae313 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
3978acd94e Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
10d7ca95ae Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
e080932906 Make the SiteConfig available in the GraphQL context 2024-04-30 13:33:47 +02:00
Quentin Gliech
aa2e2229bc Finish moving the site config 2024-04-30 13:33:47 +02:00
Quentin Gliech
f0899f17bd Move the SiteConfig to the data-model crate 2024-04-30 13:33:47 +02:00
Quentin Gliech
90080235da Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
Quentin Gliech
4d1b6aeded Prompt for all parameters interactively 2024-04-30 12:15:10 +02:00
Quentin Gliech
8c402a1f50 Prompt for username and confirm user creation 2024-04-30 12:15:10 +02:00
Quentin Gliech
1cb48b8026 Add a manage register-user utility to the CLI 2024-04-30 12:15:10 +02:00
Quentin Gliech
cd0ec35d2f Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
4e3823fe4f Add a soft-deletion column on upstream OAuth 2.0 providers 2024-04-03 09:51:22 +02:00
Quentin Gliech
58fd6ab4c1 Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
fc7489c5f8 Flatten the upstream_oauth2 config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
aa6178abe6 Flatten the telemetry config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
156dc08280 Clean up the default policy config data 2024-03-22 13:33:09 +01:00
Quentin Gliech
f5b34b5b18 Flatten the passwords config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
8bc35f63d8 Flatten the http config 
Also properly remove the `spa` resource
 2024-03-22 13:33:09 +01:00
Quentin Gliech
6d77d0ed25 Flatten the email config 2024-03-22 13:33:09 +01:00
Quentin Gliech
bf50469da1 Flatten the database config 2024-03-22 13:33:09 +01:00
Quentin Gliech
cba431d20e Flatten the clients config 2024-03-22 13:33:09 +01:00
Quentin Gliech
1cf283337b Load the configuration from a common Figment instance 
This should avoid loading the same files multiple times.
It should also make it easier to do post-processing on the
configuration, like validation.

This does deprecate one undocumented feature: the ability to override
some fields during the configuration generation using environment
variables.
 2024-03-22 13:33:09 +01:00