matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-19 00:26:27 +03:00
Code Activity
2,712 Commits 59 Branches 22 Tags
15c2c740a790cf1eee90d7284e38a4df69a94152
Commit Graph

392 Commits

Author SHA1 Message Date
reivilibre
1afd2a2906 Remove OPA-based password policy enforcement (#2875) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-07-16 14:33:04 +01:00
Quentin Gliech
fa32387ca5 Show whether the user is deactivated on the homeserver in the GraphQL API 
Fix #2375
 2024-07-16 13:20:28 +02:00
Quentin Gliech
bac2db9884 GraphQL API to unlock a user 
Fixes #2101
 2024-07-16 13:20:28 +02:00
Quentin Gliech
3eab10672f Add a lock during syncs of user devices 2024-07-16 09:32:07 +02:00
Quentin Gliech
695228ade4 Provision users on the fake homeserver in tests 
Because we now provision devices synchronously, we need to update the
tests so that the users exist on the fake homeserver.
 2024-07-16 09:32:07 +02:00
Quentin Gliech
037cf996a8 Provision the devices synchronously 
This means Synapse won't have to provision them on the fly anymore
 2024-07-16 09:32:07 +02:00
Quentin Gliech
bf276289b6 Fully sync the devices with the homeserver 2024-07-16 09:32:07 +02:00
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
f849b487cf graphql: users query to list users with a few filters 2024-07-05 13:44:14 +02:00
Quentin Gliech
8a1ac9cc91 graphql: move the users queries to their own module 2024-07-05 13:44:14 +02:00
Quentin Gliech
07c9989e63 Upgrade async-graphql, fix mas-handlers & mas-axum-utils tests 
This also replaces the init_tracing test helper with a general setup
test helper, so that it also initializes the rustls crypto backend.
 2024-07-05 10:07:40 +02:00
Quentin Gliech
8e0bfa73f0 Make the b64decode filter try multiple base64 encoding variants 2024-06-28 17:10:13 +02:00
Quentin Gliech
756f2c01f8 Separate error page when the recovery link was already used 2024-06-28 15:59:21 +02:00
Quentin Gliech
96df94104e Show a proper 'link expired' page 2024-06-28 15:59:21 +02:00
Quentin Gliech
f9f2f4a3be Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
09fca9fd75 Implement the password change form 2024-06-28 15:59:21 +02:00
Quentin Gliech
d633d33ab2 Allow re-sending emails for a recovery session 2024-06-28 15:59:21 +02:00
Quentin Gliech
2e4d868385 Recovery progress page 2024-06-28 15:59:21 +02:00
Quentin Gliech
4a60f5d32f Job to generate codes for all emails in a recovery session 2024-06-28 15:59:21 +02:00
Quentin Gliech
319c43abc5 Start recovery view 2024-06-28 15:59:21 +02:00
reivilibre
7c67630c95 Remove the old password change page (#2874) 2024-06-27 13:41:24 +01:00
reivilibre
aaa7cf3fe9 Add Self-service Password Change (#2863) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-06-25 13:25:33 +00:00
reivilibre
121966ccce GraphQL API: Add password_change_allowed to SiteConfig (#2857) 2024-06-20 15:16:50 +01:00
Quentin Gliech
90fc8e842a Fix param name in error messages on the compatibility SSO login errors 2024-06-18 18:06:00 +02:00
Quentin Gliech
8a3b7f79f3 Inject custom Jinja2 environment when rendering the subject template 
This was missing when rendering the subject for upstream OAuth 2.0
callbacks.
 2024-06-18 18:05:43 +02:00
reivilibre
d76b54b13f Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
reivilibre
206d45bb31 Merge the mas_graphql crate into the mas_handlers crate (#2783) 2024-05-17 17:22:34 +01:00
Quentin Gliech
098f7fba03 Move async-graphql to workspace deps & disable apollo tracing 2024-05-15 14:54:34 +02:00
Quentin Gliech
c8e074c8e2 Don't panic when the repository fails on the introspection endpoint 2024-05-15 14:15:11 +02:00
Quentin Gliech
359da66b88 Display a user-friendly error on CAPTCHA failures 2024-05-15 09:38:10 +02:00
Quentin Gliech
e4d6bbee14 Disable hCaptcha compatibility with reCAPTCHA 2024-05-15 09:38:10 +02:00
Quentin Gliech
4d9d8a8ba3 Actually verify the CAPTCHA during registration 2024-05-15 09:38:10 +02:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
353815bc6f Skip the device code form when using the full verification URI 
This changes the form to use a GET method, as it is only really doing
a redirect.
 2024-05-07 12:19:10 +02:00
Quentin Gliech
3978acd94e Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
3567f7c445 Upgrade minijinja to 2.0.1 2024-05-02 14:04:14 +02:00
Quentin Gliech
10d7ca95ae Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
db0f007afd Prevent password changes if disabled 2024-04-30 13:33:47 +02:00
Quentin Gliech
d342b2cd5b Prevent email changes if disabled 2024-04-30 13:33:47 +02:00
Quentin Gliech
e080932906 Make the SiteConfig available in the GraphQL context 2024-04-30 13:33:47 +02:00
Quentin Gliech
aa2e2229bc Finish moving the site config 2024-04-30 13:33:47 +02:00
Quentin Gliech
f0899f17bd Move the SiteConfig to the data-model crate 2024-04-30 13:33:47 +02:00
Quentin Gliech
90080235da Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
Quentin Gliech
4e3823fe4f Add a soft-deletion column on upstream OAuth 2.0 providers 2024-04-03 09:51:22 +02:00
Quentin Gliech
58fd6ab4c1 Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
f5b34b5b18 Flatten the passwords config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
dde907758e Use OTEL semantic conventions constants for most attributes 2024-03-19 17:15:14 +01:00
Quentin Gliech
7e30daf83e Replace parse-display with manual Display/FromStr impls 2024-03-19 16:38:46 +01:00
Quentin Gliech
61a69f5af4 Upgrade chrono and replace deprecated methods usage 2024-03-18 17:26:40 +01:00
Quentin Gliech
6eb6209bd8 Use rustls-platform-verifier for cert validation 
This simplifies by removing the mutually exclusive `native-roots` and
`webpki-roots` features with something that is suitable for all
platforms.
 2024-03-06 14:03:59 +01:00