matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-06 06:02:40 +03:00
Code Activity
2,847 Commits 59 Branches 22 Tags
rei/rate_limiting_configuration
Commit Graph

469 Commits

Author SHA1 Message Date
Olivier 'reivilibre
11abd7a458 Add configuration for rate-limiting of logins, replacing hardcoded limits 2024-08-07 13:56:06 +01:00
Quentin Gliech
49826c1aa4 Make the optional configuration sections really optional 2024-08-01 15:00:16 +02:00
Quentin Gliech
8b3451d66f Move the account-related options out of experimental 2024-08-01 14:50:21 +02:00
Quentin Gliech
4a275fa4b9 Call retain_recent periodically on rate limiters 2024-07-26 13:56:45 +02:00
Quentin Gliech
e25c170403 Rate-limit password-based login attempts 2024-07-26 13:56:45 +02:00
Quentin Gliech
76755610cb config: allow serving the admin API routes 2024-07-26 11:36:55 +02:00
Quentin Gliech
144de0deb2 storage: freeze the error type on BoxRepository 
This avoids having to deal with traits bounds everywhere. It also moves
the `boxed()` method to the PgRepository, because it was unnecessary to
keep it on the `Repository` trait
 2024-07-26 11:36:55 +02:00
Quentin Gliech
ee9a01ef40 OTEL: remove custom Header{Injector,Extractor} implementations 2024-07-25 11:27:07 +02:00
Quentin Gliech
d1b9a4980c Update opentelemetry to 0.24.0 2024-07-25 11:01:43 +02:00
reivilibre
1afd2a2906 Remove OPA-based password policy enforcement (#2875) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-07-16 14:33:04 +01:00
Quentin Gliech
857b76bb04 Make mas-cli manage kill-sessions finish sessions in bulk 2024-07-16 14:13:11 +02:00
Quentin Gliech
0207495225 Add a way to reactivate users on the homeserver 2024-07-16 13:20:28 +02:00
Quentin Gliech
bf276289b6 Fully sync the devices with the homeserver 2024-07-16 09:32:07 +02:00
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
798ca90241 Fix mas-cli 
This does a few things:

 - move `bytes` to workspace dependencies
 - write an hyper-based transport for Sentry
 - ignore OTEL errors related to propagations
 - fix everything else in mas-cli
 2024-07-05 10:07:40 +02:00
Quentin Gliech
dafc781957 Move Sentry to the workspace dependencies and upgrade 2024-07-05 10:07:40 +02:00
Quentin Gliech
2e63e3da71 Write an adapter for opentelemetry-http 2024-07-05 10:07:40 +02:00
Quentin Gliech
e7f50a92d6 Move tower-http dep to the workspace and adapt mas-axum-utils 
We removed here the Timeout layer on the HTTP client service, because it
required the body to be Default, which isn't the case anymore. Not sure
what to do about it.
 2024-07-05 10:07:40 +02:00
Quentin Gliech
a7a9369469 Upgrade most HTTP/Hyper crates and make mas-listener work 2024-07-05 10:07:40 +02:00
Quentin Gliech
edb01f1e98 Box the CLI command futures to reduce the size of the try_main future 2024-07-05 09:54:18 +02:00
Quentin Gliech
eff66726d5 New config options to set the database certificates 2024-07-05 09:54:18 +02:00
dependabot[bot]
f73d8624b4 build(deps): bump zeroize from 1.7.0 to 1.8.1 
Bumps [zeroize](https://github.com/RustCrypto/utils) from 1.7.0 to 1.8.1.
- [Commits](https://github.com/RustCrypto/utils/compare/zeroize-v1.7.0...zeroize-v1.8.1)

---
updated-dependencies:
- dependency-name: zeroize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 13:40:43 +02:00
dependabot[bot]
fa1752e4be build(deps): bump itertools from 0.12.1 to 0.13.0 
Bumps [itertools](https://github.com/rust-itertools/itertools) from 0.12.1 to 0.13.0.
- [Changelog](https://github.com/rust-itertools/itertools/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-itertools/itertools/compare/v0.12.1...v0.13.0)

---
updated-dependencies:
- dependency-name: itertools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 12:46:21 +02:00
Quentin Gliech
c37fcfd786 Bump the other opentelemetry crates 2024-06-28 17:22:02 +02:00
dependabot[bot]
438ac63ce3 build(deps): bump the opentelemetry group with 5 updates 
Bumps the opentelemetry group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [opentelemetry-jaeger-propagator](https://github.com/open-telemetry/opentelemetry-rust) | `0.1.0` | `0.2.0` |
| [opentelemetry-otlp](https://github.com/open-telemetry/opentelemetry-rust) | `0.15.0` | `0.16.0` |
| [opentelemetry-prometheus](https://github.com/open-telemetry/opentelemetry-rust) | `0.15.0` | `0.16.0` |
| [opentelemetry-stdout](https://github.com/open-telemetry/opentelemetry-rust) | `0.3.0` | `0.4.0` |
| [opentelemetry_sdk](https://github.com/open-telemetry/opentelemetry-rust) | `0.22.1` | `0.23.0` |


Updates `opentelemetry-jaeger-propagator` from 0.1.0 to 0.2.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry-jaeger-propagator-0.1.0...opentelemetry-jaeger-propagator-0.2.0)

Updates `opentelemetry-otlp` from 0.15.0 to 0.16.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry-otlp-0.15.0...opentelemetry-otlp-0.16.0)

Updates `opentelemetry-prometheus` from 0.15.0 to 0.16.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry-prometheus-0.15.0...opentelemetry-prometheus-0.16.0)

Updates `opentelemetry-stdout` from 0.3.0 to 0.4.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry-stdout-0.3.0...opentelemetry-stdout-0.4.0)

Updates `opentelemetry_sdk` from 0.22.1 to 0.23.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.22.1...opentelemetry-0.23.0)

---
updated-dependencies:
- dependency-name: opentelemetry-jaeger-propagator
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-otlp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-prometheus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-stdout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry_sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-28 17:22:02 +02:00
Quentin Gliech
f9f2f4a3be Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
c156a3891e Actually send emails for recovery 2024-06-28 15:59:21 +02:00
reivilibre
d76b54b13f Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
reivilibre
206d45bb31 Merge the mas_graphql crate into the mas_handlers crate (#2783) 2024-05-17 17:22:34 +01:00
Olivier 'reivilibre
d20b0a04fe 'migration' -> 'database migration' in startup output 2024-05-16 16:39:57 +02:00
Olivier 'reivilibre
f8bfad37a1 Fix typos in doctor command output 2024-05-16 16:39:57 +02:00
Quentin Gliech
d061d7f6b3 Move tokio to a workspace dependency 2024-05-15 14:54:34 +02:00
Quentin Gliech
0e270d5449 hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
f9ae7ae313 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
dependabot[bot]
535985717b build(deps): bump prometheus from 0.13.3 to 0.13.4 
Bumps [prometheus](https://github.com/tikv/rust-prometheus) from 0.13.3 to 0.13.4.
- [Changelog](https://github.com/tikv/rust-prometheus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tikv/rust-prometheus/compare/v0.13.3...v0.13.4)

---
updated-dependencies:
- dependency-name: prometheus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-07 07:33:05 +02:00
Quentin Gliech
3978acd94e Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
9e2530861f Disable wasmtime cache, enable parallel compilation, add deny exception 2024-05-02 10:35:59 +02:00
dependabot[bot]
43f4768ae6 build(deps): bump tokio from 1.36.0 to 1.37.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.36.0 to 1.37.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.36.0...tokio-1.37.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 18:11:14 +02:00
dependabot[bot]
2832eb7b48 build(deps): bump serde_yaml from 0.9.33 to 0.9.34+deprecated 
Bumps [serde_yaml](https://github.com/dtolnay/serde-yaml) from 0.9.33 to 0.9.34+deprecated.
- [Release notes](https://github.com/dtolnay/serde-yaml/releases)
- [Commits](https://github.com/dtolnay/serde-yaml/compare/0.9.33...0.9.34)

---
updated-dependencies:
- dependency-name: serde_yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 15:10:36 +02:00
Quentin Gliech
10d7ca95ae Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
e080932906 Make the SiteConfig available in the GraphQL context 2024-04-30 13:33:47 +02:00
Quentin Gliech
aa2e2229bc Finish moving the site config 2024-04-30 13:33:47 +02:00
Quentin Gliech
f0899f17bd Move the SiteConfig to the data-model crate 2024-04-30 13:33:47 +02:00
Quentin Gliech
90080235da Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
Quentin Gliech
4d1b6aeded Prompt for all parameters interactively 2024-04-30 12:15:10 +02:00
Quentin Gliech
8c402a1f50 Prompt for username and confirm user creation 2024-04-30 12:15:10 +02:00
Quentin Gliech
1cb48b8026 Add a manage register-user utility to the CLI 2024-04-30 12:15:10 +02:00
Quentin Gliech
cd0ec35d2f Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
4e3823fe4f Add a soft-deletion column on upstream OAuth 2.0 providers 2024-04-03 09:51:22 +02:00