matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-06 06:02:40 +03:00
Code Activity
2,847 Commits 59 Branches 22 Tags
rei/rate_limiting_configuration
Commit Graph

469 Commits

Author SHA1 Message Date
Quentin Gliech
15ad89aa82 templates: add translations function 2023-10-05 19:29:23 +02:00
Quentin Gliech
995bdfc13b templates: replace tera with minijinja 2023-10-05 19:29:23 +02:00
Quentin Gliech
f666da79b3 i18n-scan: utility to scan translatable strings in templates 2023-10-05 19:29:23 +02:00
Quentin Gliech
5f8411e88c i18n: translator structure, to hold translations 2023-10-05 19:29:23 +02:00
Quentin Gliech
f20c8d8ef3 Infer client IP address from the peer address and the X-Forwarded-Proxy header 2023-09-20 20:24:30 +02:00
Quentin Gliech
b85655b944 Save the session activity in the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
cf5510a1a2 Add an ActivityTracker which tracks session activity and regularly flush them to the database 2023-09-19 21:57:54 +02:00
dependabot[bot]
3f3e7daeeb build(deps): bump clap from 4.4.3 to 4.4.4 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.3 to 4.4.4.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.3...v4.4.4)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-18 23:55:04 +02:00
Quentin Gliech
c9155ef0cf Rust dependencies housekeeping 
Including:
 - package upgrades
 - stop using the patched version of `ulid`
 - update cargo deny duplicate exception list
 2023-09-14 23:43:00 +02:00
Quentin Gliech
54071c4969 Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00
Quentin Gliech
f29e4adcfa Always initialize a metric reader to avoid crashes 
Fix #1552
 2023-09-14 16:52:01 +02:00
dependabot[bot]
a016b30b08 build(deps): bump clap from 4.4.2 to 4.4.3 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.2 to 4.4.3.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.2...v4.4.3)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-13 18:28:48 +02:00
dependabot[bot]
650bb3cf1c build(deps): bump clap from 4.4.1 to 4.4.2 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.1...v4.4.2)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:25:21 +02:00
dependabot[bot]
a46bd43dd2 build(deps): bump tower-http from 0.4.3 to 0.4.4 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:17:59 +02:00
Quentin Gliech
a01c53019f Define common crates metadata on the workspace level 2023-09-01 16:27:22 +02:00
Quentin Gliech
21d3d3a5d4 Rename the 'hack' configuration section to 'experimental' 2023-08-31 18:05:00 +02:00
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
6589f06d79 tracing: set the parent context from the incoming request again 2023-08-29 18:50:54 +02:00
dependabot[bot]
a0373207a8 build(deps): bump the opentelemetry group with 1 update 
Bumps the opentelemetry group with 1 update: [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry).

- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases)
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: tracing-opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 18:50:54 +02:00
Quentin Gliech
f295d2df77 Fix sentry transport post-upgrade 2023-08-29 08:23:26 +02:00
dependabot[bot]
111c119732 build(deps): bump the sentry group with 1 update 
Bumps the sentry group with 1 update: [sentry](https://github.com/getsentry/sentry-rust).

- [Release notes](https://github.com/getsentry/sentry-rust/releases)
- [Changelog](https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-rust/compare/0.31.5...0.31.6)

---
updated-dependencies:
- dependency-name: sentry
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:23:26 +02:00
dependabot[bot]
9f58be0bcb build(deps): bump rustls from 0.21.6 to 0.21.7 
Bumps [rustls](https://github.com/rustls/rustls) from 0.21.6 to 0.21.7.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Commits](https://github.com/rustls/rustls/compare/v/0.21.6...v/0.21.7)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:00:31 +02:00
dependabot[bot]
ab8ae09b7b build(deps): bump clap from 4.4.0 to 4.4.1 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.0 to 4.4.1.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.4.0...v4.4.1)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 00:10:05 +02:00
Quentin Gliech
07ca145174 Cache the upstream OAuth 2.0 provider metadata 2023-08-28 18:30:40 +02:00
Quentin Gliech
17e28f56c1 Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
096386e9b9 Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
9289922dfb Grab a database lock when syncing the config 
Fixes #1475
 2023-08-25 15:48:47 +02:00
Quentin Gliech
a39f71c181 Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
dependabot[bot]
f1e716ef90 build(deps): bump clap from 4.3.24 to 4.4.0 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.24 to 4.4.0.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.24...clap_complete-v4.4.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-25 12:32:06 +02:00
dependabot[bot]
f8f3875f0a build(deps): bump clap from 4.3.23 to 4.3.24 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.23 to 4.3.24.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.23...v4.3.24)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 19:39:31 +02:00
dependabot[bot]
2b2c0d0466 build(deps): bump clap from 4.3.21 to 4.3.23 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.21 to 4.3.23.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.21...v4.3.23)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 16:08:45 +02:00
dependabot[bot]
3aa7a26628 build(deps): bump httpdate from 1.0.2 to 1.0.3 
Bumps [httpdate](https://github.com/pyfisch/httpdate) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/pyfisch/httpdate/releases)
- [Commits](https://github.com/pyfisch/httpdate/compare/v1.0.2...v1.0.3)

---
updated-dependencies:
- dependency-name: httpdate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 12:03:22 +02:00
dependabot[bot]
1ef1db2ae1 build(deps): bump tokio from 1.30.0 to 1.32.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.30.0 to 1.32.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.30.0...tokio-1.32.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 12:02:56 +02:00
Quentin Gliech
7c83dce66e Move some common dependencies on the workspace level 
Also deprecates the AWS SESv2 transport for emails
 2023-08-14 13:00:01 +02:00
Quentin Gliech
21964cbeab Setup cargo-deny 
Also try to remove a bunch of duplicate crates
 2023-08-14 11:22:52 +02:00
Quentin Gliech
699dfba55f OpenTelemetry upgrade 2023-08-11 16:12:58 +02:00
dependabot[bot]
6e8222c765 build(deps): bump the opentelemetry group with 7 updates 
Bumps the opentelemetry group with 7 updates:

| Package | Update |
| --- | --- |
| [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry) | 0.19.0 to 0.20.0 |
| [opentelemetry](https://github.com/open-telemetry/opentelemetry-rust) | 0.19.0 to 0.20.0 |
| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-rust) | 0.11.0 to 0.12.0 |
| [opentelemetry-jaeger](https://github.com/open-telemetry/opentelemetry-rust) | 0.18.0 to 0.19.0 |
| [opentelemetry-otlp](https://github.com/open-telemetry/opentelemetry-rust) | 0.12.0 to 0.13.0 |
| [opentelemetry-http](https://github.com/open-telemetry/opentelemetry-rust) | 0.8.0 to 0.9.0 |
| [opentelemetry-prometheus](https://github.com/open-telemetry/opentelemetry-rust) | 0.12.0 to 0.13.0 |


Updates `tracing-opentelemetry` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases)
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.19.0...v0.20.0)

Updates `opentelemetry` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.19.0...v0.20.0)

Updates `opentelemetry-semantic-conventions` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.11.0...v0.12.0)

Updates `opentelemetry-jaeger` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.18.0...v0.19.0)

Updates `opentelemetry-otlp` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.12.0...v0.13.0)

Updates `opentelemetry-http` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-rust/blob/v0.9.0/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.8.0...v0.9.0)

Updates `opentelemetry-prometheus` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: tracing-opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-semantic-conventions
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-jaeger
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-otlp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-http
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-prometheus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-11 16:12:58 +02:00
dependabot[bot]
f09f6b7c2f build(deps): bump tokio from 1.29.1 to 1.30.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.29.1 to 1.30.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.29.1...tokio-1.30.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-10 07:59:09 +02:00
Quentin Gliech
3e6ea9a158 Add a 404 HTMl fallback 2023-08-09 16:56:11 +02:00
dependabot[bot]
b153316cf6 build(deps): bump rustls from 0.21.5 to 0.21.6 
Bumps [rustls](https://github.com/rustls/rustls) from 0.21.5 to 0.21.6.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Commits](https://github.com/rustls/rustls/compare/v/0.21.5...v/0.21.6)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-09 12:01:08 +02:00
dependabot[bot]
72aa800ebb build(deps): bump clap from 4.3.19 to 4.3.21 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.19 to 4.3.21.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.19...v4.3.21)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-09 11:34:06 +02:00
dependabot[bot]
79ad2dbc65 build(deps): bump axum from 0.6.19 to 0.6.20 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.6.19 to 0.6.20.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.6.19...axum-v0.6.20)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-08 19:21:47 +02:00
dependabot[bot]
91c6b1eaf1 build(deps): bump apalis-core from 0.4.3 to 0.4.4 
Bumps apalis-core from 0.4.3 to 0.4.4.

---
updated-dependencies:
- dependency-name: apalis-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-04 22:53:07 +02:00
Quentin Gliech
033479bc57 cli: always include all OTEL exporters 2023-08-03 17:13:37 +02:00
Quentin Gliech
8142cad3d6 Call the homeserver for user deactivation 2023-08-03 14:06:34 +02:00
Quentin Gliech
40b49cdd10 Add a way to lock users 2023-08-03 14:06:34 +02:00
Quentin Gliech
7bf6777a90 ci: fix the dist build assets path 2023-07-28 17:13:07 +02:00