matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity
2,901 Commits 59 Branches 22 Tags
quenting/dockerfile-warning
Commit Graph

700 Commits

Author SHA1 Message Date
Quentin Gliech
037cf996a8 Provision the devices synchronously 
This means Synapse won't have to provision them on the fly anymore
 2024-07-16 09:32:07 +02:00
Quentin Gliech
bf276289b6 Fully sync the devices with the homeserver 2024-07-16 09:32:07 +02:00
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
f849b487cf graphql: users query to list users with a few filters 2024-07-05 13:44:14 +02:00
Quentin Gliech
8a1ac9cc91 graphql: move the users queries to their own module 2024-07-05 13:44:14 +02:00
dependabot[bot]
9486460aae build(deps): bump serde_with from 3.8.2 to 3.8.3 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.2 to 3.8.3.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.2...v3.8.3)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-05 10:29:10 +02:00
Quentin Gliech
57c87071d1 Update some dependencies and the cargo-deny allowlist 2024-07-05 10:07:40 +02:00
Quentin Gliech
dafc781957 Move Sentry to the workspace dependencies and upgrade 2024-07-05 10:07:40 +02:00
Quentin Gliech
07c9989e63 Upgrade async-graphql, fix mas-handlers & mas-axum-utils tests 
This also replaces the init_tracing test helper with a general setup
test helper, so that it also initializes the rustls crypto backend.
 2024-07-05 10:07:40 +02:00
Quentin Gliech
e7f50a92d6 Move tower-http dep to the workspace and adapt mas-axum-utils 
We removed here the Timeout layer on the HTTP client service, because it
required the body to be Default, which isn't the case anymore. Not sure
what to do about it.
 2024-07-05 10:07:40 +02:00
Quentin Gliech
a7a9369469 Upgrade most HTTP/Hyper crates and make mas-listener work 2024-07-05 10:07:40 +02:00
dependabot[bot]
f73d8624b4 build(deps): bump zeroize from 1.7.0 to 1.8.1 
Bumps [zeroize](https://github.com/RustCrypto/utils) from 1.7.0 to 1.8.1.
- [Commits](https://github.com/RustCrypto/utils/compare/zeroize-v1.7.0...zeroize-v1.8.1)

---
updated-dependencies:
- dependency-name: zeroize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 13:40:43 +02:00
dependabot[bot]
790571fbb9 build(deps): bump psl from 2.1.48 to 2.1.49 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.48 to 2.1.49.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.48...v2.1.49)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 13:40:37 +02:00
dependabot[bot]
a9cf0c33c8 build(deps): bump serde_with from 3.8.1 to 3.8.2 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.1 to 3.8.2.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.1...v3.8.2)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 12:35:29 +02:00
dependabot[bot]
0aca818be2 build(deps): bump insta from 1.38.0 to 1.39.0 
Bumps [insta](https://github.com/mitsuhiko/insta) from 1.38.0 to 1.39.0.
- [Release notes](https://github.com/mitsuhiko/insta/releases)
- [Changelog](https://github.com/mitsuhiko/insta/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mitsuhiko/insta/compare/1.38.0...1.39.0)

---
updated-dependencies:
- dependency-name: insta
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 12:35:15 +02:00
Quentin Gliech
8e0bfa73f0 Make the b64decode filter try multiple base64 encoding variants 2024-06-28 17:10:13 +02:00
Quentin Gliech
756f2c01f8 Separate error page when the recovery link was already used 2024-06-28 15:59:21 +02:00
Quentin Gliech
96df94104e Show a proper 'link expired' page 2024-06-28 15:59:21 +02:00
Quentin Gliech
f9f2f4a3be Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
09fca9fd75 Implement the password change form 2024-06-28 15:59:21 +02:00
Quentin Gliech
d633d33ab2 Allow re-sending emails for a recovery session 2024-06-28 15:59:21 +02:00
Quentin Gliech
2e4d868385 Recovery progress page 2024-06-28 15:59:21 +02:00
Quentin Gliech
4a60f5d32f Job to generate codes for all emails in a recovery session 2024-06-28 15:59:21 +02:00
Quentin Gliech
319c43abc5 Start recovery view 2024-06-28 15:59:21 +02:00
dependabot[bot]
ec6cd4fe34 build(deps): bump psl from 2.1.37 to 2.1.48 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.37 to 2.1.48.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.37...v2.1.48)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-28 15:29:18 +02:00
reivilibre
7c67630c95 Remove the old password change page (#2874) 2024-06-27 13:41:24 +01:00
reivilibre
aaa7cf3fe9 Add Self-service Password Change (#2863) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-06-25 13:25:33 +00:00
reivilibre
121966ccce GraphQL API: Add password_change_allowed to SiteConfig (#2857) 2024-06-20 15:16:50 +01:00
Quentin Gliech
90fc8e842a Fix param name in error messages on the compatibility SSO login errors 2024-06-18 18:06:00 +02:00
Quentin Gliech
8a3b7f79f3 Inject custom Jinja2 environment when rendering the subject template 
This was missing when rendering the subject for upstream OAuth 2.0
callbacks.
 2024-06-18 18:05:43 +02:00
reivilibre
d76b54b13f Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
reivilibre
206d45bb31 Merge the mas_graphql crate into the mas_handlers crate (#2783) 2024-05-17 17:22:34 +01:00
Quentin Gliech
d061d7f6b3 Move tokio to a workspace dependency 2024-05-15 14:54:34 +02:00
Quentin Gliech
098f7fba03 Move async-graphql to workspace deps & disable apollo tracing 2024-05-15 14:54:34 +02:00
Quentin Gliech
c8e074c8e2 Don't panic when the repository fails on the introspection endpoint 2024-05-15 14:15:11 +02:00
Quentin Gliech
359da66b88 Display a user-friendly error on CAPTCHA failures 2024-05-15 09:38:10 +02:00
Quentin Gliech
e4d6bbee14 Disable hCaptcha compatibility with reCAPTCHA 2024-05-15 09:38:10 +02:00
Quentin Gliech
4d9d8a8ba3 Actually verify the CAPTCHA during registration 2024-05-15 09:38:10 +02:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
dependabot[bot]
ba7b029128 build(deps): bump psl from 2.1.36 to 2.1.37 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.36 to 2.1.37.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.36...v2.1.37)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-10 10:20:16 +02:00
Quentin Gliech
353815bc6f Skip the device code form when using the full verification URI 
This changes the form to use a GET method, as it is only really doing
a redirect.
 2024-05-07 12:19:10 +02:00
dependabot[bot]
736faf1738 build(deps): bump psl from 2.1.35 to 2.1.36 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.35...v2.1.36)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-07 07:32:38 +02:00
Quentin Gliech
3978acd94e Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
8e513ea3cc Update Cargo.lock and update cargo-deny exceptions 2024-05-02 14:32:05 +02:00
Quentin Gliech
a99427e942 Move lettre to a workspace dependency 2024-05-02 14:32:05 +02:00
Quentin Gliech
3567f7c445 Upgrade minijinja to 2.0.1 2024-05-02 14:04:14 +02:00
dependabot[bot]
ce617f624f build(deps): bump psl from 2.1.34 to 2.1.35 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.34 to 2.1.35.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.34...v2.1.35)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-02 09:35:10 +02:00
dependabot[bot]
efaf407f9d build(deps): bump insta from 1.36.1 to 1.38.0 
Bumps [insta](https://github.com/mitsuhiko/insta) from 1.36.1 to 1.38.0.
- [Release notes](https://github.com/mitsuhiko/insta/releases)
- [Changelog](https://github.com/mitsuhiko/insta/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mitsuhiko/insta/compare/1.36.1...1.38.0)

---
updated-dependencies:
- dependency-name: insta
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 19:13:29 +02:00
dependabot[bot]
fd985943d3 build(deps): bump psl from 2.1.28 to 2.1.34 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.28 to 2.1.34.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.28...v2.1.34)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 18:12:49 +02:00
dependabot[bot]
9fe842d254 build(deps): bump serde_with from 3.7.0 to 3.8.1 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.7.0 to 3.8.1.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.7.0...v3.8.1)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 18:12:31 +02:00