matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-06 06:02:40 +03:00
Code Activity
2,847 Commits 59 Branches 22 Tags
rei/rate_limiting_configuration
Commit Graph

686 Commits

Author SHA1 Message Date
Olivier 'reivilibre
11abd7a458 Add configuration for rate-limiting of logins, replacing hardcoded limits 2024-08-07 13:56:06 +01:00
Quentin Gliech
9ea77a9562 admin: lock user API 2024-08-06 13:43:13 +02:00
Quentin Gliech
2307c05c69 admin: user unlock API 2024-08-06 13:31:28 +02:00
Quentin Gliech
117e124ddf admin: user deactivation API 2024-08-06 11:48:19 +02:00
dependabot[bot]
1ad4091a5c build(deps): bump indexmap from 2.2.6 to 2.3.0 
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.2.6 to 2.3.0.
- [Changelog](https://github.com/indexmap-rs/indexmap/blob/master/RELEASES.md)
- [Commits](https://github.com/indexmap-rs/indexmap/compare/2.2.6...2.3.0)

---
updated-dependencies:
- dependency-name: indexmap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-02 00:19:27 +02:00
Quentin Gliech
65f1c45095 admin: add operation ID on user add operation 2024-08-01 16:23:08 +02:00
Quentin Gliech
5833f1a2af handlers: tests for the add user admin API 2024-08-01 16:23:08 +02:00
Quentin Gliech
015f6e2455 handlers: test utility to help request the admin API 2024-08-01 16:23:08 +02:00
Quentin Gliech
94004ce18c Rename the payload struct to appease clippy 2024-08-01 16:23:08 +02:00
Quentin Gliech
221f227baa admin: add API to create users 2024-08-01 16:23:08 +02:00
Quentin Gliech
d03dd41345 admin: add operation IDs on user operations & other improvements 
This also documents better the user list operation parameters
 2024-08-01 15:17:14 +02:00
Quentin Gliech
78e988b7cc Tweak the schema generation and use a common definition for ULIDs 2024-08-01 15:17:14 +02:00
Quentin Gliech
cdecac735e Tweak the schema to use summary instead of description and add tags 2024-08-01 15:17:14 +02:00
Quentin Gliech
3f947025e2 Host a Swagger UI both in the static documentation and by the server 2024-08-01 15:17:14 +02:00
dependabot[bot]
5edeb59ef3 build(deps): bump zxcvbn from 3.0.1 to 3.1.0 
Bumps [zxcvbn](https://github.com/shssoichiro/zxcvbn-rs) from 3.0.1 to 3.1.0.
- [Changelog](https://github.com/shssoichiro/zxcvbn-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/shssoichiro/zxcvbn-rs/compare/v3.0.1...v3.1.0)

---
updated-dependencies:
- dependency-name: zxcvbn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-30 11:51:20 +02:00
Olivier 'reivilibre
8737d6f89b graphql: Expose CAPTCHA config and whether password registration is enabled 2024-07-26 13:02:58 +01:00
Quentin Gliech
4a275fa4b9 Call retain_recent periodically on rate limiters 2024-07-26 13:56:45 +02:00
Quentin Gliech
e25c170403 Rate-limit password-based login attempts 2024-07-26 13:56:45 +02:00
Quentin Gliech
f5b4caf520 admin: add APIs to list and get users 2024-07-26 11:36:55 +02:00
Quentin Gliech
c177233b33 Define common response types for the admin API 
This adds a Single and a Paginated response type, which have links to the next, previous, first and last pages.
 2024-07-26 11:36:55 +02:00
Quentin Gliech
27ca7ec108 Add an extractor to check for credentails in the admin API 2024-07-26 11:36:55 +02:00
Quentin Gliech
43ff6dc9d3 doc: auto-generate the API schema in the documentation 2024-07-26 11:36:55 +02:00
Quentin Gliech
f4f61f0d51 handlers: bootstrap the admin API router 2024-07-26 11:36:55 +02:00
Quentin Gliech
144de0deb2 storage: freeze the error type on BoxRepository 
This avoids having to deal with traits bounds everywhere. It also moves
the `boxed()` method to the PgRepository, because it was unnecessary to
keep it on the `Repository` trait
 2024-07-26 11:36:55 +02:00
Olivier 'reivilibre
48c4c34e88 Remove the server-side rendered account recovery 'finish' form 
Replace with the React frontend form
 2024-07-26 10:20:32 +01:00
Olivier 'reivilibre
c83e052e7f graphql: use NoSuchRecoveryTicket when link is invalid 2024-07-26 10:20:32 +01:00
Quentin Gliech
d1b9a4980c Update opentelemetry to 0.24.0 2024-07-25 11:01:43 +02:00
dependabot[bot]
7dcb476e92 build(deps): bump psl from 2.1.50 to 2.1.55 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.50 to 2.1.55.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.50...v2.1.55)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-25 09:34:05 +02:00
dependabot[bot]
54b1b142df build(deps): bump serde_with from 3.8.3 to 3.9.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.3 to 3.9.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.3...v3.9.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-25 09:33:43 +02:00
reivilibre
8147016735 graphql: Add a SetPasswordByRecovery mutation to perform account recovery (#2986) 2024-07-24 16:19:14 +01:00
Quentin Gliech
6f2ab4f738 graphql: allow filtering of sessions by last activity 2024-07-19 13:40:27 +02:00
reivilibre
1afd2a2906 Remove OPA-based password policy enforcement (#2875) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-07-16 14:33:04 +01:00
Quentin Gliech
fa32387ca5 Show whether the user is deactivated on the homeserver in the GraphQL API 
Fix #2375
 2024-07-16 13:20:28 +02:00
Quentin Gliech
bac2db9884 GraphQL API to unlock a user 
Fixes #2101
 2024-07-16 13:20:28 +02:00
Quentin Gliech
3eab10672f Add a lock during syncs of user devices 2024-07-16 09:32:07 +02:00
Quentin Gliech
695228ade4 Provision users on the fake homeserver in tests 
Because we now provision devices synchronously, we need to update the
tests so that the users exist on the fake homeserver.
 2024-07-16 09:32:07 +02:00
Quentin Gliech
037cf996a8 Provision the devices synchronously 
This means Synapse won't have to provision them on the fly anymore
 2024-07-16 09:32:07 +02:00
Quentin Gliech
bf276289b6 Fully sync the devices with the homeserver 2024-07-16 09:32:07 +02:00
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
f849b487cf graphql: users query to list users with a few filters 2024-07-05 13:44:14 +02:00
Quentin Gliech
8a1ac9cc91 graphql: move the users queries to their own module 2024-07-05 13:44:14 +02:00
dependabot[bot]
9486460aae build(deps): bump serde_with from 3.8.2 to 3.8.3 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.2 to 3.8.3.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.2...v3.8.3)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-05 10:29:10 +02:00
Quentin Gliech
57c87071d1 Update some dependencies and the cargo-deny allowlist 2024-07-05 10:07:40 +02:00
Quentin Gliech
dafc781957 Move Sentry to the workspace dependencies and upgrade 2024-07-05 10:07:40 +02:00
Quentin Gliech
07c9989e63 Upgrade async-graphql, fix mas-handlers & mas-axum-utils tests 
This also replaces the init_tracing test helper with a general setup
test helper, so that it also initializes the rustls crypto backend.
 2024-07-05 10:07:40 +02:00
Quentin Gliech
e7f50a92d6 Move tower-http dep to the workspace and adapt mas-axum-utils 
We removed here the Timeout layer on the HTTP client service, because it
required the body to be Default, which isn't the case anymore. Not sure
what to do about it.
 2024-07-05 10:07:40 +02:00
Quentin Gliech
a7a9369469 Upgrade most HTTP/Hyper crates and make mas-listener work 2024-07-05 10:07:40 +02:00
dependabot[bot]
f73d8624b4 build(deps): bump zeroize from 1.7.0 to 1.8.1 
Bumps [zeroize](https://github.com/RustCrypto/utils) from 1.7.0 to 1.8.1.
- [Commits](https://github.com/RustCrypto/utils/compare/zeroize-v1.7.0...zeroize-v1.8.1)

---
updated-dependencies:
- dependency-name: zeroize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 13:40:43 +02:00
dependabot[bot]
790571fbb9 build(deps): bump psl from 2.1.48 to 2.1.49 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.48 to 2.1.49.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.48...v2.1.49)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 13:40:37 +02:00
dependabot[bot]
a9cf0c33c8 build(deps): bump serde_with from 3.8.1 to 3.8.2 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.1 to 3.8.2.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.1...v3.8.2)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-01 12:35:29 +02:00