matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,449 Commits 59 Branches 22 Tags
4d3efeb25b85b8e211c19d434be89233b71837cf
Commit Graph

356 Commits

Author SHA1 Message Date
Quentin Gliech
10d7ca95ae Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
db0f007afd Prevent password changes if disabled 2024-04-30 13:33:47 +02:00
Quentin Gliech
d342b2cd5b Prevent email changes if disabled 2024-04-30 13:33:47 +02:00
Quentin Gliech
e080932906 Make the SiteConfig available in the GraphQL context 2024-04-30 13:33:47 +02:00
Quentin Gliech
aa2e2229bc Finish moving the site config 2024-04-30 13:33:47 +02:00
Quentin Gliech
f0899f17bd Move the SiteConfig to the data-model crate 2024-04-30 13:33:47 +02:00
Quentin Gliech
90080235da Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
Quentin Gliech
4e3823fe4f Add a soft-deletion column on upstream OAuth 2.0 providers 2024-04-03 09:51:22 +02:00
Quentin Gliech
58fd6ab4c1 Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
f5b34b5b18 Flatten the passwords config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
dde907758e Use OTEL semantic conventions constants for most attributes 2024-03-19 17:15:14 +01:00
Quentin Gliech
7e30daf83e Replace parse-display with manual Display/FromStr impls 2024-03-19 16:38:46 +01:00
Quentin Gliech
61a69f5af4 Upgrade chrono and replace deprecated methods usage 2024-03-18 17:26:40 +01:00
Quentin Gliech
6eb6209bd8 Use rustls-platform-verifier for cert validation 
This simplifies by removing the mutually exclusive `native-roots` and
`webpki-roots` features with something that is suitable for all
platforms.
 2024-03-06 14:03:59 +01:00
Quentin Gliech
3251c5896c Append additional parameters to the OAuth2 authorize endpoint 2024-03-01 14:36:37 +01:00
Quentin Gliech
1821136e3f Additional parameters from upstream OAuth2 providers in the data model 2024-03-01 14:36:37 +01:00
Quentin Gliech
183f7bad40 Test the addUser GraphQL mutation with the new behaviour 2024-02-29 11:21:24 +01:00
Quentin Gliech
35929d48fd Test the user registration form 2024-02-29 11:21:24 +01:00
Quentin Gliech
896ed3f024 Check for username availability upon registration 2024-02-29 11:21:24 +01:00
Quentin Gliech
4aeb446061 Make the HomeserverConnection available in handlers 2024-02-29 11:21:24 +01:00
Quentin Gliech
f3cbd3b315 Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
f171d76dc5 Record user agents on OAuth 2.0 and compat sessions (#2386) 
* Record user agents on OAuth 2.0 and compat sessions

* Add tests for recording user agent in sessions
 2024-02-22 10:01:32 +01:00
Quentin Gliech
ed5893eb20 Save which user session created a compat session 
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
 2024-02-21 11:55:58 +01:00
Quentin Gliech
1c000a1fed Make sure the locale fallback works as expected 
- Also makes sure that the fallback runs in the backend and is then
   picked up by the frontend
 - and explicitely fallback zh-CN to zh-Hans
 2024-02-19 11:43:36 +01:00
Quentin Gliech
aefcc3cae2 Move the cross signing reset UI in its own page 2024-02-17 09:48:53 +01:00
Quentin Gliech
e041f47dfe Replace Jotai with @tanstack/router (#2359) 
* Start replacing jotai with @tanstack/router

* Remove jotai completely

* Move the common layout & reimplement the ?action parameter

This also makes sure everything is properly loaded in the route loader,
and we use fragment where it makes sense

* Change the default error component

* GraphQL API: make the sessions fetchable through node(id: ID!)
 2024-02-15 17:19:05 +01:00
Quentin Gliech
0beb842195 Make the user agree to T&C during registration 2024-02-07 17:21:22 +01:00
Quentin Gliech
17e968f7cc Record the user agent and IP in the device code grant 2024-02-02 18:01:51 +01:00
Quentin Gliech
31936bcc00 Save whether the client supports the device code grant in the database 2024-02-02 18:01:51 +01:00
Quentin Gliech
1c62543220 Make the device code grants go through the policy engine 2024-02-02 18:01:51 +01:00
Quentin Gliech
efa6af3294 Run generated files updates, fix doc links & fmt 2024-02-02 18:01:51 +01:00
Quentin Gliech
7d9d97a006 Implement the device access token request 2024-02-02 18:01:51 +01:00
Quentin Gliech
67ab42155c Implement the device consent logic 2024-02-02 18:01:51 +01:00
Quentin Gliech
50654d2e40 Implement the device code authorisation request 2024-02-02 18:01:51 +01:00
Quentin Gliech
4301fd9378 Setup the device link form page 2024-02-02 18:01:51 +01:00
Quentin Gliech
83bf739538 Implement account management discovery as per MSC2965 2023-12-05 17:40:36 +01:00
Quentin Gliech
a0f5f3c642 Enable clippy lints on a workspace level 
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
 2023-12-05 17:20:42 +01:00
Quentin Gliech
df3ca5ae66 Upgrade clippy lints to 1.74.0 & fix warnings 2023-12-05 17:20:42 +01:00
Quentin Gliech
6f986e117a Fix the login template in case no human_name was set on the provider 2023-11-21 16:09:38 +01:00
Quentin Gliech
5126d36b2e Add upstream OAuth 2.0 providers name and branding 2023-11-20 17:23:02 +01:00
Quentin Gliech
7315dd9a7a Allow endpoints and discovery mode override for upstream oauth2 providers 
This time, at the configuration and database level
 2023-11-17 16:18:39 +01:00
Quentin Gliech
364093f12f Allow overriding usptream OAuth2 providers endpoints 
Also have a way to disable OIDC discovery when all the endpoints are known.
 2023-11-17 16:18:39 +01:00
Quentin Gliech
b2b88e11bf Bump clippy checks to 1.73.0 2023-11-14 11:10:40 +01:00
Quentin Gliech
89420a2cfc Refactor the upstream link provider template logic 
Also adds tests for new account registration through an upstream oauth2
provider
 2023-11-13 14:11:30 +01:00
Quentin Gliech
9c94e11e68 Check for existing users ahead of time on upstream OAuth2 registration 2023-11-13 14:11:30 +01:00
Quentin Gliech
6ded397977 Use minijinja templates to map OIDC claims to user attributes 2023-11-08 12:05:58 +01:00
Quentin Gliech
6d65bcae13 Make the upstream provider URL better display & fix test 2023-10-30 15:55:15 +01:00
Quentin Gliech
a404398c2c Polish all forms and add nice page headings to most screens 2023-10-30 15:55:15 +01:00
Quentin Gliech
8984cc703b Add instance privacy policy, TOS and imprint, and loads of design cleanups 2023-10-30 15:55:15 +01:00
Quentin Gliech
9b5c8fb44b Allow running the authentication service on a different base path 2023-10-06 14:07:55 +02:00