matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-09-11 22:30:47 +03:00
Code Activity
2,856 Commits 59 Branches 22 Tags
quenting/graphql/deprecate-external-use
Commit Graph

123 Commits

Author SHA1 Message Date
Kévin Commaille
ccc9884726 Allow redirect URIs with any port for loopback interfaces 2023-04-14 10:22:49 +02:00
Hugh Nimmo-Smith
43bcaf5308 Lint 2023-04-06 16:24:18 +02:00
Hugh Nimmo-Smith
f53369aeae Handle imported Synapse access/refresh tokens 2023-04-06 16:24:18 +02:00
Quentin Gliech
83cb9158a0 Fix clippy errors 2023-03-14 10:47:35 +01:00
Quentin Gliech
97635375cc handlers: Add test for the compatibility login API 2023-02-24 15:52:21 +01:00
Quentin Gliech
39c126318f Fix the authorization grant template 
It previously relied on the client being in the authorization grant,
which is not the case anymore. This commit also adds a test to ensure
we're not breaking this template in the future.
 2023-01-31 16:50:48 +01:00
Quentin Gliech
3f4ad789bf storage-pg: write tests for the OAuth2 repositories 2023-01-25 17:24:34 +01:00
Quentin Gliech
d14ca156ad storage: split the repository trait 2023-01-24 16:05:14 +01:00
Quentin Gliech
876bc9fcb3 handlers: extract the PgRepository from the request 
Also fix a bunch of clippy errors & doctests
 2023-01-18 18:22:13 +01:00
Quentin Gliech
9005931e2a handlers: box the rng and clock, and extract it from the state 2023-01-18 17:49:59 +01:00
Quentin Gliech
3798f25f7d Fix rustdoc lints 2023-01-18 12:25:49 +01:00
Quentin Gliech
488a666a8d storage: remaining oauth2 repositories 
- authorization grants
 - access tokens
 - refresh tokens
 2023-01-12 18:26:04 +01:00
Quentin Gliech
36396c0b45 storage: repository pattern for the compat layer 2023-01-12 15:41:26 +01:00
Quentin Gliech
9f0c9f1466 storage: cleanup access/refresh token lookups 2023-01-11 12:14:52 +01:00
Quentin Gliech
920869b583 storage: do less joins in compat sessions 2023-01-10 18:49:35 +01:00
Quentin Gliech
35787aa072 data-model: have more structs use a state machine 2023-01-09 18:02:32 +01:00
Quentin Gliech
39cd9a2578 data-model: don't embed the client in the auth grant 2023-01-09 10:49:51 +01:00
Quentin Gliech
fb7c6f4dd1 storage: do less joins on authorization grants and refresh tokens 2023-01-05 16:49:19 +01:00
Quentin Gliech
603a26eabd storage: oauth2 session repository 2023-01-05 16:44:56 +01:00
Quentin Gliech
e26f75246d storage: Load with less joins 
This is done to simplify some queries, to avoid loading more data than
necessary, and in preparation of a proper cache layer
 2023-01-04 18:06:17 +01:00
Quentin Gliech
53172d6a3f strorage: browser session and user password repositories 2023-01-03 15:58:01 +01:00
Quentin Gliech
13a9d03647 storage: user and user email repository 2023-01-02 15:28:44 +01:00
Quentin Gliech
ca112d45e1 ci: Update clippy to 1.66 and fix new warnings 2022-12-16 18:16:18 +01:00
Quentin Gliech
533cabe005 Use the new password manager 2022-12-14 16:04:36 +01:00
Quentin Gliech
12ce2a3d04 data-model: simplify the authorization grants and sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
92d6f5b087 data-model: simplify the oauth2 clients 2022-12-08 15:29:15 +01:00
Quentin Gliech
479e009931 data-model: simplify the compat sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
feebbd0e97 data-model: simplify users and sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
dff2f98167 data-model: simplify tokens 2022-12-08 15:29:15 +01:00
Quentin Gliech
2e7112ef13 GraphQL API 2022-12-05 19:39:51 +01:00
Quentin Gliech
28bfce7e45 Save the ID token during an upstream authorization 2022-12-05 19:39:51 +01:00
Quentin Gliech
bf432a31e1 OIDC account linking and login 2022-12-05 19:39:51 +01:00
Quentin Gliech
cde9187adc Lookup and save upstream links 2022-12-05 19:39:51 +01:00
Quentin Gliech
bedcf44741 WIP: upstream OIDC provider support 2022-12-05 19:39:51 +01:00
Quentin Gliech
2d2127dcdb More cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
368a9282a1 Cleanups 2022-11-02 18:59:00 +01:00
Quentin Gliech
f0d95a7613 Stop using Utc::now in templates samples 2022-11-02 18:59:00 +01:00
Quentin Gliech
559181c2c3 Pass the rng and clock around 2022-11-02 18:59:00 +01:00
Quentin Gliech
e2142f9cd4 Database refactoring 2022-11-02 18:59:00 +01:00
Quentin Gliech
29f1b134ae Make the JWK generic over the parameters 2022-09-02 15:37:46 +02:00
Quentin Gliech
495285162b Remove support for the token response type 2022-09-02 13:59:10 +02:00
Kévin Commaille
5c8b442747 Fix new clippy 0.1.63 warnings 2022-08-12 11:05:21 +02:00
Quentin Gliech
c1ed726dc8 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
3215e86eaa Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
Quentin Gliech
649e5cd645 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
f7361f871e Fix PKCE characters verification rules & add tests 2022-08-03 13:57:31 +02:00
Quentin Gliech
51848bf89d Update crates/data-model/src/oauth2/authorization_grant.rs 
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
 2022-08-03 13:57:31 +02:00
Quentin Gliech
372b32a780 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
4870d1e899 Fix some false-positive clippy lints 
Those were introduced in clippy 1.62 (under clippy::pedantic) and are in
proc-macro generated code
 2022-07-01 16:36:35 +02:00
Quentin Gliech
89597dbf81 Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00