matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-09-14 11:29:26 +03:00
Code Activity
2,881 Commits 59 Branches 22 Tags
quenting/sqlx-0.8.1
Commit Graph

67 Commits

Author SHA1 Message Date
reivilibre
5d4a4a6fb8 Add rate-limiting for account recovery and registration (#3093) 
* Add rate-limiting for account recovery and registration

* Rename login ratelimiter `per_address` to `per_ip` for consistency

Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-08-07 17:57:36 +00:00
Quentin Gliech
756f2c01f8 Separate error page when the recovery link was already used 2024-06-28 15:59:21 +02:00
Quentin Gliech
96df94104e Show a proper 'link expired' page 2024-06-28 15:59:21 +02:00
Quentin Gliech
f9f2f4a3be Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
09fca9fd75 Implement the password change form 2024-06-28 15:59:21 +02:00
Quentin Gliech
2e4d868385 Recovery progress page 2024-06-28 15:59:21 +02:00
Quentin Gliech
319c43abc5 Start recovery view 2024-06-28 15:59:21 +02:00
reivilibre
7c67630c95 Remove the old password change page (#2874) 2024-06-27 13:41:24 +01:00
reivilibre
49e8fe57f4 Improve errors when MAS contacts the Synapse homeserver (#2794) 
* Add some drive-by docstrings

* Change text rendering of catch_http_codes::HttpError

Using `#[source]` is unnatural here because it makes it look like
two distinct errors (one being a cause of the other),
when in reality it is just one error, with 2 parts.

Using `Display` formatting for that leads to a more natural error.

* Add constraints to `catch_http_code{,s}` methods

Not strictly required, but does two things:

- documents what kind of function is expected
- provides a small extra amount of type enforcement at the call site,
  rather than later on when you find the result doesn't implement Service

* Add a `catch_http_errors` shorthand

Nothing major, just a quality of life improvement so you don't have to
repetitively write out what a HTTP error is

* Unexpected error page: remove leading whitespace from preformatted 'details' section

The extra whitespace was probably unintentional and makes the error harder to read,
particularly when it wraps onto a new line unnecessarily

* Capture and log Matrix errors received from Synapse

* Drive-by clippy fix: use clamp instead of min().max()

* Convert `err(Display)` to `err(Debug)` for `anyhow::Error`s in matrix-synapse support module
 2024-06-07 11:14:04 +00:00
Quentin Gliech
5ef6fa4109 Place the CAPTCHA error at the end of the form 2024-05-15 09:38:10 +02:00
Quentin Gliech
f9ae7ae313 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
1b4898aa3a Make the consent screens (almost completely) translatable 
One exception is the wording for the privacy policy/TOS, because it's
annoying to do with the conditionals.
 2024-05-10 14:49:54 +02:00
Quentin Gliech
353815bc6f Skip the device code form when using the full verification URI 
This changes the form to use a GET method, as it is only really doing
a redirect.
 2024-05-07 12:19:10 +02:00
Quentin Gliech
58fd6ab4c1 Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
4e682793b1 Share the device card between the frontend and the backend 2024-02-27 17:56:20 +01:00
Quentin Gliech
f3cbd3b315 Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
52f8c83e42 Upgrade compound and fix bad focus rings on inputs 2024-02-08 17:54:10 +01:00
Quentin Gliech
0beb842195 Make the user agree to T&C during registration 2024-02-07 17:21:22 +01:00
Quentin Gliech
17e968f7cc Record the user agent and IP in the device code grant 2024-02-02 18:01:51 +01:00
Quentin Gliech
d39a1d29df Show the device better in the device consent page 2024-02-02 18:01:51 +01:00
Quentin Gliech
1c62543220 Make the device code grants go through the policy engine 2024-02-02 18:01:51 +01:00
Quentin Gliech
67ab42155c Implement the device consent logic 2024-02-02 18:01:51 +01:00
Quentin Gliech
4301fd9378 Setup the device link form page 2024-02-02 18:01:51 +01:00
Quentin Gliech
6f986e117a Fix the login template in case no human_name was set on the provider 2023-11-21 16:09:38 +01:00
Quentin Gliech
5126d36b2e Add upstream OAuth 2.0 providers name and branding 2023-11-20 17:23:02 +01:00
Quentin Gliech
9c94e11e68 Check for existing users ahead of time on upstream OAuth2 registration 2023-11-13 14:11:30 +01:00
Quentin Gliech
18259a6412 Fix the login template not rendering on policy error 2023-11-03 18:24:21 +01:00
Quentin Gliech
6d65bcae13 Make the upstream provider URL better display & fix test 2023-10-30 15:55:15 +01:00
Quentin Gliech
a404398c2c Polish all forms and add nice page headings to most screens 2023-10-30 15:55:15 +01:00
Quentin Gliech
8984cc703b Add instance privacy policy, TOS and imprint, and loads of design cleanups 2023-10-30 15:55:15 +01:00
Quentin Gliech
9b5c8fb44b Allow running the authentication service on a different base path 2023-10-06 14:07:55 +02:00
Quentin Gliech
3ff217690d templates: fix the error.html template when missing the locale 2023-10-05 19:29:23 +02:00
Quentin Gliech
b2cd8d83f7 templates: translate a lot more stuff 2023-10-05 19:29:23 +02:00
Quentin Gliech
ebdb8eb30e templates: more translations 2023-10-05 19:29:23 +02:00
Quentin Gliech
2d52ba7fb3 i18n: include context when looking for translation keys 2023-10-05 19:29:23 +02:00
Quentin Gliech
15ad89aa82 templates: add translations function 2023-10-05 19:29:23 +02:00
Quentin Gliech
995bdfc13b templates: replace tera with minijinja 2023-10-05 19:29:23 +02:00
Quentin Gliech
f5f56682e4 Display the client logo with a referrerpolicy set to "no-referrer" 
Fixes #1768
 2023-09-20 18:01:58 +02:00
Quentin Gliech
1cdc017384 frontend: have better margins everywhere 2023-09-15 18:41:39 +02:00
Quentin Gliech
b0fb3281b0 Compoundify the consent screens 2023-09-06 15:58:54 +02:00
Quentin Gliech
0ede219a7f Fix a grammar mistake on the consent page template 2023-09-06 09:29:36 +02:00
Quentin Gliech
809893accf Compoundify the inputs 2023-09-01 15:57:13 +02:00
Quentin Gliech
7a9a873271 Compoundify the templates 2023-09-01 15:57:13 +02:00
Hugh Nimmo-Smith
f3d6f3c89e Nor does it have extrabold 2023-09-01 15:22:42 +02:00
Hugh Nimmo-Smith
2f9f7bd32c Compound doesn't have a value for bold so use semibold instead 2023-09-01 15:22:42 +02:00
Hugh Nimmo-Smith
86d53c969f Standardise consent screens (#1674) 2023-09-01 13:19:33 +01:00
Quentin Gliech
8e5ebcd03f Simplify the URL displayed on compatibility SSO logins 
See #1638
 2023-08-31 10:54:29 +02:00
Quentin Gliech
23571e87ea Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
ca3460b49e Skip the "continue" screens on upstream IDP logins for new accounts 2023-08-25 10:56:10 +02:00