matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,166 Commits 59 Branches 22 Tags
7d9d97a006fd5104c4dc156b91cfe98d3f213b79
Commit Graph

325 Commits

Author SHA1 Message Date
Quentin Gliech
af4f01b769 Check timings when validating an SSO login 
- exchanging a token twice should not work
 - exchanging a token more than 30s after its fullfillment should not
   work
 - exchanging a pending token should not work
 - fullfilling a login more than 30min after its creation should not
   work
 - also have better errors in some cases
 2022-05-23 10:42:25 +02:00
Quentin Gliech
7ce0d894f7 Perform some checks on the redirectUrl 2022-05-23 10:42:25 +02:00
Quentin Gliech
1d61a94da4 Have a consent screen before continuing the SSO login 2022-05-23 10:42:25 +02:00
Quentin Gliech
033d60eb73 Legacy login via m.login.sso 2022-05-23 10:42:25 +02:00
Quentin Gliech
0fcecfa7fb Handle legacy /refresh 2022-05-19 10:17:49 +02:00
Quentin Gliech
309c89fc4f Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
c4fa87e457 Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
076d4b8d13 Split compat and api routers 2022-05-19 10:17:49 +02:00
Quentin Gliech
01cdb9a02a Appease cargo fmt 2022-05-19 10:17:49 +02:00
Quentin Gliech
660b2d5232 Handle legacy /logout 2022-05-19 10:17:49 +02:00
Quentin Gliech
1aff98bdb3 Working legacy login endpoint 2022-05-19 10:17:49 +02:00
Quentin Gliech
1ebdd0b731 WIP: Handle /login 2022-05-19 10:17:49 +02:00
Quentin Gliech
bf1d96fc23 Add password change discovery 
See https://web.dev/change-password-url/
 2022-05-12 15:06:37 +02:00
Quentin Gliech
185562c866 Form error state overhaul 
This adds a new FormState structure here to hold the state of an errored
from, including retaining field value and better error codes.

It also adds error recovery for the registration form, and properly
loads the post_login_action context in case of errors.
 2022-05-12 13:35:58 +02:00
Quentin Gliech
ca7b26cf18 Simplify error handling in user-facing routes 2022-05-10 17:47:38 +02:00
Jonas Platte
0e1b2ea6b1 Remove implied StatusCode::OK 2022-05-10 11:01:24 +02:00
Quentin Gliech
f4353b660e Have a unified URL builder/router 2022-05-10 09:52:48 +02:00
Quentin Gliech
436c0dcb19 Rewrite the authorization grant logic 2022-05-06 17:12:39 +02:00
Quentin Gliech
7a4dbd2910 Rewrite authorization code grant callback logic 2022-05-04 16:36:59 +02:00
Quentin Gliech
3a83c5b3bf Use axum-extra's PrivateCookieJar 2022-04-29 14:56:06 +02:00
Quentin Gliech
9681948aa8 Show consent page on prompt=consent 2022-04-29 14:10:45 +02:00
Quentin Gliech
28ff912029 Simple consent screen and storage 2022-04-29 12:16:39 +02:00
Quentin Gliech
8a256596d7 Serve static files live from disk in dev mode 2022-04-28 16:08:50 +02:00
Quentin Gliech
687c2a97b8 Allow more safe headers on CORS-protected resources 2022-04-22 15:14:14 +02:00
Quentin Gliech
ee05543944 Check some metadata on client registration 2022-04-21 13:34:07 +02:00
Quentin Gliech
25193ebaa5 Support signed userinfo responses 2022-04-21 11:49:49 +02:00
Quentin Gliech
5c14611b96 Simple dynamic client registration 2022-04-19 12:23:19 +02:00
Quentin Gliech
d43a8f1a00 Basic Webfinger support 2022-04-08 10:43:48 +02:00
Quentin Gliech
bc24e30867 Add CORS headers to API-like routes 2022-04-07 16:25:42 +02:00
Quentin Gliech
9a76139bb4 Return proper errors on the OAuth token endpoint 2022-04-06 17:35:29 +02:00
Quentin Gliech
31bc8504c9 Upgrade axum to 0.5 2022-04-06 17:35:29 +02:00
Quentin Gliech
4e31fc6c84 Get rid of warp 2022-04-06 17:35:29 +02:00
Quentin Gliech
51160faf48 Axum migration: /oauth2/authorize 2022-04-06 17:35:29 +02:00
Quentin Gliech
35310849c7 Axum migration: /oauth2/token 2022-04-06 17:35:29 +02:00
Quentin Gliech
0f7484beee Axum migration: /oauth2/introspection 2022-04-06 17:35:29 +02:00
Quentin Gliech
9dad21475e Axum migration: /oauth2/userinfo & UserAuthorization util 2022-04-06 17:35:29 +02:00
Quentin Gliech
64900ef1d9 Axum migration: /oauth2/keys.json and /.well-known/openid-configuration 2022-04-06 17:35:29 +02:00
Quentin Gliech
9cb5650167 Axum migration: /account/* routes 2022-04-06 17:35:29 +02:00
Quentin Gliech
b4d0906e75 Axum migration: /verify route 2022-04-06 17:35:29 +02:00
Quentin Gliech
6fb4d27046 Axum migration: /register route 2022-04-06 17:35:29 +02:00
Quentin Gliech
b4dc2b38d0 Axum migration: /reauth route 2022-04-06 17:35:29 +02:00
Quentin Gliech
6e7d0a6cfd Axum migration: logout route 2022-04-06 17:35:29 +02:00
Quentin Gliech
5e95c705d4 Axum migration: CSRF token and login page 2022-04-06 17:35:29 +02:00
Quentin Gliech
5d3b4aa182 Migrate /health 2022-04-06 17:35:29 +02:00
Quentin Gliech
7c8f8722cd Axum migration: signed cookies, errors, CSRF tokens, sessions 2022-04-06 17:35:29 +02:00
Quentin Gliech
797257cce7 Start migrating to Axum 
Now with the homepage and the static files
 2022-04-06 17:35:29 +02:00
Quentin Gliech
8e9bda654f Support prompt=create 
Allows RPs to ask for account creation

See https://openid.net/specs/openid-connect-prompt-create-1_0.html
 2022-03-14 16:34:10 +01:00
Hugh Nimmo-Smith
3d3b14093c fix: allow authorization in Access-Control-Request-Headers (#88) 
* fix: allow authorization in Access-Control-Request-Headers

* chore: fix clippy style

* style: use constant version of Authorization header

* chore: fix code style with cargo fmt

Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-03-11 11:44:23 +00:00
Quentin Gliech
62f633a716 Move clients to the database 2022-03-08 19:07:46 +01:00
Quentin Gliech
8c97c98206 Fix compilation on older rust version 2022-02-28 10:07:32 +01:00