matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-06 06:02:40 +03:00
Code Activity
2,901 Commits 59 Branches 22 Tags
quenting/dockerfile-warning
Commit Graph

155 Commits

Author SHA1 Message Date
reivilibre
244f8f5e5e Add configuration for rate-limiting of logins, replacing hardcoded limits (#3090) 2024-08-07 18:36:02 +01:00
Quentin Gliech
49826c1aa4 Make the optional configuration sections really optional 2024-08-01 15:00:16 +02:00
Quentin Gliech
8b3451d66f Move the account-related options out of experimental 2024-08-01 14:50:21 +02:00
Quentin Gliech
4a275fa4b9 Call retain_recent periodically on rate limiters 2024-07-26 13:56:45 +02:00
Quentin Gliech
e25c170403 Rate-limit password-based login attempts 2024-07-26 13:56:45 +02:00
Quentin Gliech
857b76bb04 Make mas-cli manage kill-sessions finish sessions in bulk 2024-07-16 14:13:11 +02:00
Quentin Gliech
0207495225 Add a way to reactivate users on the homeserver 2024-07-16 13:20:28 +02:00
Quentin Gliech
bf276289b6 Fully sync the devices with the homeserver 2024-07-16 09:32:07 +02:00
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
798ca90241 Fix mas-cli 
This does a few things:

 - move `bytes` to workspace dependencies
 - write an hyper-based transport for Sentry
 - ignore OTEL errors related to propagations
 - fix everything else in mas-cli
 2024-07-05 10:07:40 +02:00
Quentin Gliech
edb01f1e98 Box the CLI command futures to reduce the size of the try_main future 2024-07-05 09:54:18 +02:00
Quentin Gliech
c156a3891e Actually send emails for recovery 2024-06-28 15:59:21 +02:00
reivilibre
d76b54b13f Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
Olivier 'reivilibre
d20b0a04fe 'migration' -> 'database migration' in startup output 2024-05-16 16:39:57 +02:00
Olivier 'reivilibre
f8bfad37a1 Fix typos in doctor command output 2024-05-16 16:39:57 +02:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
3978acd94e Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
10d7ca95ae Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
e080932906 Make the SiteConfig available in the GraphQL context 2024-04-30 13:33:47 +02:00
Quentin Gliech
4d1b6aeded Prompt for all parameters interactively 2024-04-30 12:15:10 +02:00
Quentin Gliech
8c402a1f50 Prompt for username and confirm user creation 2024-04-30 12:15:10 +02:00
Quentin Gliech
1cb48b8026 Add a manage register-user utility to the CLI 2024-04-30 12:15:10 +02:00
Quentin Gliech
58fd6ab4c1 Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
1cf283337b Load the configuration from a common Figment instance 
This should avoid loading the same files multiple times.
It should also make it easier to do post-processing on the
configuration, like validation.

This does deprecate one undocumented feature: the ability to override
some fields during the configuration generation using environment
variables.
 2024-03-22 13:33:09 +01:00
Quentin Gliech
e4cf2cdaf5 Make the mas-cli manage verify-email mark the email as primary 2024-03-08 17:25:39 +01:00
Quentin Gliech
6eb6209bd8 Use rustls-platform-verifier for cert validation 
This simplifies by removing the mutually exclusive `native-roots` and
`webpki-roots` features with something that is suitable for all
platforms.
 2024-03-06 14:03:59 +01:00
Quentin Gliech
c0a9d27e34 Automatically sync the configuration on server startup 2024-03-01 18:14:05 +01:00
Quentin Gliech
25fbbf96b9 Load the additional OAuth parameters from the config 2024-03-01 14:36:37 +01:00
Quentin Gliech
1821136e3f Additional parameters from upstream OAuth2 providers in the data model 2024-03-01 14:36:37 +01:00
Quentin Gliech
4aeb446061 Make the HomeserverConnection available in handlers 2024-02-29 11:21:24 +01:00
Quentin Gliech
ed5893eb20 Save which user session created a compat session 
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
 2024-02-21 11:55:58 +01:00
Quentin Gliech
293150894b Introduce mas-cli doctor, a simple diagnostic tool 
This should help users to diagnose common issues with their setup.
 2024-02-08 15:28:43 +01:00
Quentin Gliech
0beb842195 Make the user agree to T&C during registration 2024-02-07 17:21:22 +01:00
Quentin Gliech
d3e5f1b101 Automatically run migrations on service startup 2024-02-07 16:31:36 +01:00
Dirk Klimpel
979062d40e allow config dump to file 2024-02-02 18:32:07 +01:00
Quentin Gliech
df3ca5ae66 Upgrade clippy lints to 1.74.0 & fix warnings 2023-12-05 17:20:42 +01:00
Quentin Gliech
cc10270ede Allow config generate to generate to a file directly instead of stdout 2023-11-24 11:52:31 +01:00
Quentin Gliech
5126d36b2e Add upstream OAuth 2.0 providers name and branding 2023-11-20 17:23:02 +01:00
Quentin Gliech
7315dd9a7a Allow endpoints and discovery mode override for upstream oauth2 providers 
This time, at the configuration and database level
 2023-11-17 16:18:39 +01:00
Quentin Gliech
6ded397977 Use minijinja templates to map OIDC claims to user attributes 2023-11-08 12:05:58 +01:00
Quentin Gliech
8984cc703b Add instance privacy policy, TOS and imprint, and loads of design cleanups 2023-10-30 15:55:15 +01:00
Quentin Gliech
9b5c8fb44b Allow running the authentication service on a different base path 2023-10-06 14:07:55 +02:00
Quentin Gliech
995bdfc13b templates: replace tera with minijinja 2023-10-05 19:29:23 +02:00
Quentin Gliech
f20c8d8ef3 Infer client IP address from the peer address and the X-Forwarded-Proxy header 2023-09-20 20:24:30 +02:00
Quentin Gliech
b85655b944 Save the session activity in the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
cf5510a1a2 Add an ActivityTracker which tracks session activity and regularly flush them to the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
54071c4969 Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00
Quentin Gliech
21d3d3a5d4 Rename the 'hack' configuration section to 'experimental' 2023-08-31 18:05:00 +02:00
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00