matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity
2,847 Commits 59 Branches 22 Tags
rei/rate_limiting_configuration
Commit Graph

1563 Commits

Author SHA1 Message Date
dependabot[bot]
db88d46945 build(deps): bump wasmtime from 12.0.1 to 12.0.2 
Bumps [wasmtime](https://github.com/bytecodealliance/wasmtime) from 12.0.1 to 12.0.2.
- [Release notes](https://github.com/bytecodealliance/wasmtime/releases)
- [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md)
- [Commits](https://github.com/bytecodealliance/wasmtime/compare/v12.0.1...v12.0.2)

---
updated-dependencies:
- dependency-name: wasmtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-16 12:05:41 +02:00
Quentin Gliech
c9155ef0cf Rust dependencies housekeeping 
Including:
 - package upgrades
 - stop using the patched version of `ulid`
 - update cargo deny duplicate exception list
 2023-09-14 23:43:00 +02:00
Quentin Gliech
386de570c7 Enable HTTP keepalive correctly 2023-09-14 17:03:17 +02:00
Quentin Gliech
54071c4969 Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00
Quentin Gliech
f29e4adcfa Always initialize a metric reader to avoid crashes 
Fix #1552
 2023-09-14 16:52:01 +02:00
dependabot[bot]
e7497d8cd2 build(deps): bump libc from 0.2.147 to 0.2.148 
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.147 to 0.2.148.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.147...0.2.148)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-14 14:38:17 +02:00
dependabot[bot]
a016b30b08 build(deps): bump clap from 4.4.2 to 4.4.3 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.2 to 4.4.3.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.2...v4.4.3)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-13 18:28:48 +02:00
Quentin Gliech
9fcdad3142 Stop using deprecated chrono::DateTime::from_utc method 2023-09-13 18:28:41 +02:00
Quentin Gliech
9a77f67fbe Make the error on introspection failure more explicit in the logs 2023-09-13 18:24:52 +02:00
dependabot[bot]
fdca016e38 build(deps): bump event-listener from 2.5.3 to 3.0.0 
Bumps [event-listener](https://github.com/smol-rs/event-listener) from 2.5.3 to 3.0.0.
- [Release notes](https://github.com/smol-rs/event-listener/releases)
- [Changelog](https://github.com/smol-rs/event-listener/blob/master/CHANGELOG.md)
- [Commits](https://github.com/smol-rs/event-listener/compare/v2.5.3...v3.0.0)

---
updated-dependencies:
- dependency-name: event-listener
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-12 15:31:20 +02:00
Quentin Gliech
789040d22f graphql: Fix the createOauth2Session mutation not persisting the changes to the database 2023-09-12 11:31:19 +02:00
Quentin Gliech
9c97a0c37a storage: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
e6b91c1ce4 data-model: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
83ca90ee3d Add a GraphQL mutation to create arbitrary OAuth2 sessions. 2023-09-11 12:03:42 +02:00
Quentin Gliech
20cb5dda8c Have more granular errors on the refresh token grant 2023-09-08 15:19:43 +02:00
Quentin Gliech
0bb34ed3e0 Add the Sentry event ID in error response headers 2023-09-08 15:19:43 +02:00
dependabot[bot]
18734fee0d build(deps): bump bytes from 1.4.0 to 1.5.0 
Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-08 13:44:34 +02:00
dependabot[bot]
7bedb75976 build(deps): bump async-graphql from 6.0.5 to 6.0.6 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.5 to 6.0.6.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-08 13:44:27 +02:00
Quentin Gliech
b0fb3281b0 Compoundify the consent screens 2023-09-06 15:58:54 +02:00
Quentin Gliech
5a6e630c73 Test that a client_credentials token with the admin scope can add a user 2023-09-06 09:35:34 +02:00
Quentin Gliech
d16b880267 policy: only require redirect_uris for the authorization_code and implicit grants 2023-09-06 09:35:34 +02:00
Quentin Gliech
c85f5f2768 Only allow using the refresh token grant if it was asked during the client registration 2023-09-06 09:35:34 +02:00
Quentin Gliech
aeb379eee9 oauth2-types: Only require redirect_uris & change the default response type for the auth code grant and implicit grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
b9edbda5e1 Advertise the client_credentials grant in the discovery document 2023-09-06 09:35:34 +02:00
Quentin Gliech
542d0a6073 Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
00fe5f902b storage: add a method to create an OAuth 2.0 session for a client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
8658a3400d policy: prepare for the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
7a9197f222 storage-pg: make the user_id in oauth2_sessions nullable 2023-09-06 09:35:34 +02:00
Quentin Gliech
7e247830c9 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
dependabot[bot]
d256bee1fd build(deps): bump argon2 from 0.5.1 to 0.5.2 
Bumps [argon2](https://github.com/RustCrypto/password-hashes) from 0.5.1 to 0.5.2.
- [Commits](https://github.com/RustCrypto/password-hashes/compare/argon2-v0.5.1...argon2-v0.5.2)

---
updated-dependencies:
- dependency-name: argon2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 09:34:17 +02:00
dependabot[bot]
ef388b9fdc build(deps): bump tera from 1.19.0 to 1.19.1 
Bumps [tera](https://github.com/Keats/tera) from 1.19.0 to 1.19.1.
- [Changelog](https://github.com/Keats/tera/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Keats/tera/commits)

---
updated-dependencies:
- dependency-name: tera
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 09:34:09 +02:00
Quentin Gliech
bc3f665739 graphql: expose the logo_uri in the OAuth 2.0 client 
Fixes #1705
 2023-09-06 09:28:47 +02:00
Quentin Gliech
0896292006 Fix Clippy warnings about enum size variants difference 2023-09-04 16:45:21 +02:00
dependabot[bot]
455f2a7725 build(deps): bump async-graphql from 6.0.4 to 6.0.5 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:37:26 +02:00
dependabot[bot]
650bb3cf1c build(deps): bump clap from 4.4.1 to 4.4.2 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.1...v4.4.2)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:25:21 +02:00
dependabot[bot]
a46bd43dd2 build(deps): bump tower-http from 0.4.3 to 0.4.4 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:17:59 +02:00
Hugh Nimmo-Smith
bca3ab5eb6 Add CORS headers for /graphql 2023-09-01 17:30:33 +02:00
Quentin Gliech
a01c53019f Define common crates metadata on the workspace level 2023-09-01 16:27:22 +02:00
Kerry
17f8dc4e00 Implement MSC2965 action parameter (#1673) 
* redirect session_end action to session detail

* fix react key warning in oauth session detail

* move Route type to /routing

* test getRouteActionRedirection

* comment

* frontend: Split the routing-related stuff in multiple files under routing/

* frontend: Cover all the redirections defined by MSC2965

* frontend: fix test

* Make the backend keep query parameters through login to the /account/ interface

* Fix frontend tests & clippy lints

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
 2023-09-01 09:42:50 +00:00
Quentin Gliech
be5b527403 graphql: admin API to add a user, lock them, and add emails without verification 2023-09-01 11:34:58 +02:00
Quentin Gliech
21d3d3a5d4 Rename the 'hack' configuration section to 'experimental' 2023-08-31 18:05:00 +02:00
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
8e5ebcd03f Simplify the URL displayed on compatibility SSO logins 
See #1638
 2023-08-31 10:54:29 +02:00
Quentin Gliech
23571e87ea Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
6589f06d79 tracing: set the parent context from the incoming request again 2023-08-29 18:50:54 +02:00
dependabot[bot]
a0373207a8 build(deps): bump the opentelemetry group with 1 update 
Bumps the opentelemetry group with 1 update: [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry).

- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases)
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: tracing-opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 18:50:54 +02:00
Quentin Gliech
a19f405e53 graphql: Expose the BrowserSession User-Agent 2023-08-29 17:38:01 +02:00