matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,166 Commits 59 Branches 22 Tags
7d9d97a006fd5104c4dc156b91cfe98d3f213b79
Commit Graph

325 Commits

Author SHA1 Message Date
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
23571e87ea Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
5d3b8cd92f Store the browser user-agent when starting a browser session 2023-08-29 17:38:01 +02:00
Quentin Gliech
438a10332a Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
Quentin Gliech
07ca145174 Cache the upstream OAuth 2.0 provider metadata 2023-08-28 18:30:40 +02:00
Quentin Gliech
17e28f56c1 Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
d9a12de8a3 Save the authentication method on each authorization 
This will help us logging out of the upstream.
 2023-08-28 17:14:59 +02:00
Quentin Gliech
096386e9b9 Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
7ff9be99db Add a basic login test to check session & CSRF cookies are correctly handled 2023-08-25 14:35:46 +02:00
Quentin Gliech
a39f71c181 Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
Quentin Gliech
ca3460b49e Skip the "continue" screens on upstream IDP logins for new accounts 2023-08-25 10:56:10 +02:00
Quentin Gliech
699dfba55f OpenTelemetry upgrade 2023-08-11 16:12:58 +02:00
Quentin Gliech
904722643f Test the admin scope on the GraphQL API 2023-08-11 14:56:21 +02:00
Quentin Gliech
1fcab9709f Basic tests of the GraphQL API 2023-08-11 14:56:21 +02:00
Quentin Gliech
4ef3bcf336 Make the GraphQL interface accessible for OAuth clients 2023-08-11 14:56:21 +02:00
Quentin Gliech
3e6ea9a158 Add a 404 HTMl fallback 2023-08-09 16:56:11 +02:00
Kévin Commaille
bbd0956f2d Put code challenge methods in AuthorizationRequestData 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille
ba4ba75f73 Merge data structs and use builder pattern 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille
c67a00ddd6 Add support for all authorization request parameters 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Quentin Gliech
dc711f8ecb Allow a trailing slash on the compat SSO route 2023-08-08 19:23:07 +02:00
Quentin Gliech
8456640b0d mas-matrix: fix clippy warnings 2023-08-03 15:06:45 +02:00
Quentin Gliech
cc2bce7b03 Show and log the policy violations better 2023-08-03 14:06:34 +02:00
Quentin Gliech
fcf6885916 Implement a mocked HomeserverConnection which keeps state around 2023-08-03 14:06:34 +02:00
Quentin Gliech
40b49cdd10 Add a way to lock users 2023-08-03 14:06:34 +02:00
Quentin Gliech
802cf142fd Remove the last authentication from the browser session model 2023-07-21 19:50:30 +02:00
Quentin Gliech
016c65c9f8 Add metric which tracks the maximum number of connections to the database. 2023-07-18 19:10:57 +02:00
Quentin Gliech
ba0f7ea62c Upgrade all Rust dependencies 
This includes breaking changes of sqlx 0.7.0
 2023-07-17 19:04:06 +02:00
Quentin Gliech
f5143c045e Track the database connection acquisition time and pool usage 2023-07-06 18:54:29 +02:00
Quentin Gliech
ca520dfd9a frontend: Show all compatibilities sessions, not just SSO logins 
Also cleans up a bunch of things in the frontend
 2023-07-06 18:12:34 +02:00
Quentin Gliech
76653f9638 Better frontend assets handling and move the react app to /account/ (#1324) 
This makes the Vite assets handling better, namely:

 - make it possible to include any vite assets in the templates
 - include the right `<link rel="preload">` tags for assets
 - include Subresource Integrity hashes
 - pre-compress assets and remove on-the-fly compression by the Rust server
 - build the CSS used by templates through Vite

It also moves the React app from /app/ to /account/, and remove some of the old SSR account screens.
 2023-07-06 15:30:26 +02:00
Quentin Gliech
4f8b87fbfe Apply cargo fmt following changes in nightly rustfmt 
rustfmt now formats `let … else { … }` expressions
 2023-07-03 14:50:59 +02:00
Quentin Gliech
e1a5471262 Fix the upstream oauth registration form 2023-06-30 11:24:26 +02:00
Quentin Gliech
125a6bdf11 Allow setting a different issuer from the public base URL 2023-06-27 12:53:15 +02:00
Quentin Gliech
4f1b201c74 Define upstream OAuth providers in the config 
And adds CLI tool to sync them with the database (WIP)
 2023-06-26 17:24:56 +02:00
Quentin Gliech
9d5c2a40a1 Pass the claims import preferences on the storage layer 2023-06-26 17:24:56 +02:00
Quentin Gliech
31788a95f2 Save the imported attributes 2023-06-26 17:24:56 +02:00
Quentin Gliech
c183830489 Ground work to import upstream OIDC claims on registration. 2023-06-26 17:24:56 +02:00
Quentin Gliech
4181cbc9d5 Refactor the matrix connection logic 
Also make the display name available through the graphql api
 2023-06-16 19:52:39 +02:00
Quentin Gliech
2a514cf452 Add a admin flag to the compatibility session 
Also adds a CLI tool to issue a compatibility token.
 2023-06-16 15:24:38 +02:00
Quentin Gliech
7e90564d16 Bump Rust dependencies 2023-06-14 12:02:16 +02:00
Quentin Gliech
56bbc31a89 Fix the compat SSO redirect URL generation 2023-06-07 15:09:04 +02:00
Quentin Gliech
d2d68e9a27 Make password-based login optional 2023-05-23 17:02:02 +02:00
Quentin Gliech
c2d8243586 Have a Requester in the GraphQL API, in preparation for accessing it with OAuth credentials 2023-04-25 16:39:15 +02:00
Quentin Gliech
be765fe04f Setup GraphQL mutations to add and verify email addresses 
This refactors a bit how the connection to the repository is done in the
graphql handler, so that we can properly commit transactions.
 2023-04-25 16:39:15 +02:00
Quentin Gliech
3979e9f46a Update Rust to 1.69.0 2023-04-24 11:42:01 +02:00
Quentin Gliech
77fc67c29b Silence clippy warning about a function being too long 2023-04-24 10:42:38 +02:00
Quentin Gliech
d34e01fc67 Provision and delete Matrix devices in OAuth sessions 2023-04-24 10:42:38 +02:00