matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-19 00:26:27 +03:00
Code Activity
2,712 Commits 59 Branches 22 Tags
15c2c740a790cf1eee90d7284e38a4df69a94152
Commit Graph

392 Commits

Author SHA1 Message Date
Quentin Gliech
3251c5896c Append additional parameters to the OAuth2 authorize endpoint 2024-03-01 14:36:37 +01:00
Quentin Gliech
1821136e3f Additional parameters from upstream OAuth2 providers in the data model 2024-03-01 14:36:37 +01:00
Quentin Gliech
183f7bad40 Test the addUser GraphQL mutation with the new behaviour 2024-02-29 11:21:24 +01:00
Quentin Gliech
35929d48fd Test the user registration form 2024-02-29 11:21:24 +01:00
Quentin Gliech
896ed3f024 Check for username availability upon registration 2024-02-29 11:21:24 +01:00
Quentin Gliech
4aeb446061 Make the HomeserverConnection available in handlers 2024-02-29 11:21:24 +01:00
Quentin Gliech
f3cbd3b315 Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
f171d76dc5 Record user agents on OAuth 2.0 and compat sessions (#2386) 
* Record user agents on OAuth 2.0 and compat sessions

* Add tests for recording user agent in sessions
 2024-02-22 10:01:32 +01:00
Quentin Gliech
ed5893eb20 Save which user session created a compat session 
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
 2024-02-21 11:55:58 +01:00
Quentin Gliech
1c000a1fed Make sure the locale fallback works as expected 
- Also makes sure that the fallback runs in the backend and is then
   picked up by the frontend
 - and explicitely fallback zh-CN to zh-Hans
 2024-02-19 11:43:36 +01:00
Quentin Gliech
aefcc3cae2 Move the cross signing reset UI in its own page 2024-02-17 09:48:53 +01:00
Quentin Gliech
e041f47dfe Replace Jotai with @tanstack/router (#2359) 
* Start replacing jotai with @tanstack/router

* Remove jotai completely

* Move the common layout & reimplement the ?action parameter

This also makes sure everything is properly loaded in the route loader,
and we use fragment where it makes sense

* Change the default error component

* GraphQL API: make the sessions fetchable through node(id: ID!)
 2024-02-15 17:19:05 +01:00
Quentin Gliech
0beb842195 Make the user agree to T&C during registration 2024-02-07 17:21:22 +01:00
Quentin Gliech
17e968f7cc Record the user agent and IP in the device code grant 2024-02-02 18:01:51 +01:00
Quentin Gliech
31936bcc00 Save whether the client supports the device code grant in the database 2024-02-02 18:01:51 +01:00
Quentin Gliech
1c62543220 Make the device code grants go through the policy engine 2024-02-02 18:01:51 +01:00
Quentin Gliech
efa6af3294 Run generated files updates, fix doc links & fmt 2024-02-02 18:01:51 +01:00
Quentin Gliech
7d9d97a006 Implement the device access token request 2024-02-02 18:01:51 +01:00
Quentin Gliech
67ab42155c Implement the device consent logic 2024-02-02 18:01:51 +01:00
Quentin Gliech
50654d2e40 Implement the device code authorisation request 2024-02-02 18:01:51 +01:00
Quentin Gliech
4301fd9378 Setup the device link form page 2024-02-02 18:01:51 +01:00
Quentin Gliech
83bf739538 Implement account management discovery as per MSC2965 2023-12-05 17:40:36 +01:00
Quentin Gliech
a0f5f3c642 Enable clippy lints on a workspace level 
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
 2023-12-05 17:20:42 +01:00
Quentin Gliech
df3ca5ae66 Upgrade clippy lints to 1.74.0 & fix warnings 2023-12-05 17:20:42 +01:00
Quentin Gliech
6f986e117a Fix the login template in case no human_name was set on the provider 2023-11-21 16:09:38 +01:00
Quentin Gliech
5126d36b2e Add upstream OAuth 2.0 providers name and branding 2023-11-20 17:23:02 +01:00
Quentin Gliech
7315dd9a7a Allow endpoints and discovery mode override for upstream oauth2 providers 
This time, at the configuration and database level
 2023-11-17 16:18:39 +01:00
Quentin Gliech
364093f12f Allow overriding usptream OAuth2 providers endpoints 
Also have a way to disable OIDC discovery when all the endpoints are known.
 2023-11-17 16:18:39 +01:00
Quentin Gliech
b2b88e11bf Bump clippy checks to 1.73.0 2023-11-14 11:10:40 +01:00
Quentin Gliech
89420a2cfc Refactor the upstream link provider template logic 
Also adds tests for new account registration through an upstream oauth2
provider
 2023-11-13 14:11:30 +01:00
Quentin Gliech
9c94e11e68 Check for existing users ahead of time on upstream OAuth2 registration 2023-11-13 14:11:30 +01:00
Quentin Gliech
6ded397977 Use minijinja templates to map OIDC claims to user attributes 2023-11-08 12:05:58 +01:00
Quentin Gliech
6d65bcae13 Make the upstream provider URL better display & fix test 2023-10-30 15:55:15 +01:00
Quentin Gliech
a404398c2c Polish all forms and add nice page headings to most screens 2023-10-30 15:55:15 +01:00
Quentin Gliech
8984cc703b Add instance privacy policy, TOS and imprint, and loads of design cleanups 2023-10-30 15:55:15 +01:00
Quentin Gliech
9b5c8fb44b Allow running the authentication service on a different base path 2023-10-06 14:07:55 +02:00
Quentin Gliech
f2f51d45a4 handlers: fix test after a translation update 2023-10-05 19:29:23 +02:00
Quentin Gliech
b2cd8d83f7 templates: translate a lot more stuff 2023-10-05 19:29:23 +02:00
Quentin Gliech
1feafc1d13 handlers/templates: infer the language from the Accept-Language browser header 2023-10-05 19:29:23 +02:00
Quentin Gliech
15ad89aa82 templates: add translations function 2023-10-05 19:29:23 +02:00
Quentin Gliech
995bdfc13b templates: replace tera with minijinja 2023-10-05 19:29:23 +02:00
Quentin Gliech
3303e74123 Add a way to discover the GraphQL endpoint in the .well-known/openid-configuration 
This adds a `org.matrix.matrix-authentication-service.graphql_endpoint` key to it
 2023-10-05 16:43:13 +02:00
Quentin Gliech
f20c8d8ef3 Infer client IP address from the peer address and the X-Forwarded-Proxy header 2023-09-20 20:24:30 +02:00
Quentin Gliech
894957934d Test the activity tracker on the introspection endpoint 2023-09-19 21:57:54 +02:00
Quentin Gliech
b85655b944 Save the session activity in the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
407c78a7be Record the user session activity for most routes 2023-09-19 21:57:54 +02:00
Quentin Gliech
cf5510a1a2 Add an ActivityTracker which tracks session activity and regularly flush them to the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
21406218aa fixup! Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
7887387568 Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
54071c4969 Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00