matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
1,308 Commits 59 Branches 22 Tags
859c4486bbcb35e5ffb10a9c1cf7a338409d24e6
Commit Graph

240 Commits

Author SHA1 Message Date
Hugh Nimmo-Smith
50af460e22 Use unstable prefix for MSC3824 (#251) 2022-06-19 18:37:50 +00:00
Hugh Nimmo-Smith
9e3f43f1f0 Move from MSC3824 actions to org.matrix.msc3824.delegated_oidc_compatibility flag (#250) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-15 15:49:03 +00:00
Hugh Nimmo-Smith
5632f6ba99 feat: support for MSC3824 action param on SSO redirect (#248) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-14 11:34:56 +00:00
Quentin Gliech
e694932daf Handle password strength verification through OPA 2022-06-03 16:14:26 +02:00
Quentin Gliech
7c8893e596 Switch the policies to a violation list based approach 
This allows policies to give proper feedback on form fields
 2022-06-03 13:37:20 +02:00
Quentin Gliech
071055ad18 Embed the default policy in the binary 2022-06-03 13:37:20 +02:00
Quentin Gliech
a2b53f0395 Run OPA policies during registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
aab1f49374 Support for applying OPA policies during client registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
e0c4b39482 Add an email field in the registration form 2022-06-02 16:18:55 +02:00
Quentin Gliech
125afd61c0 Make email verification mandatory 2022-06-02 16:18:55 +02:00
Quentin Gliech
89597dbf81 Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Hugh Nimmo-Smith
35fa7c732a Implementation of MSC3824 actions for compat (#221) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-05-31 09:49:52 +00:00
Quentin Gliech
bfc20b6faa Have a better error on registration if the username is already taken 2022-05-23 14:36:38 +02:00
Quentin Gliech
f05bd80e14 Advertise m.login.token as compat login method 2022-05-23 10:42:25 +02:00
Quentin Gliech
99ac59bc5d Make the sign out buttons keep the current action context 2022-05-23 10:42:25 +02:00
Quentin Gliech
af4f01b769 Check timings when validating an SSO login 
- exchanging a token twice should not work
 - exchanging a token more than 30s after its fullfillment should not
   work
 - exchanging a pending token should not work
 - fullfilling a login more than 30min after its creation should not
   work
 - also have better errors in some cases
 2022-05-23 10:42:25 +02:00
Quentin Gliech
7ce0d894f7 Perform some checks on the redirectUrl 2022-05-23 10:42:25 +02:00
Quentin Gliech
1d61a94da4 Have a consent screen before continuing the SSO login 2022-05-23 10:42:25 +02:00
Quentin Gliech
033d60eb73 Legacy login via m.login.sso 2022-05-23 10:42:25 +02:00
Quentin Gliech
0fcecfa7fb Handle legacy /refresh 2022-05-19 10:17:49 +02:00
Quentin Gliech
309c89fc4f Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
c4fa87e457 Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
076d4b8d13 Split compat and api routers 2022-05-19 10:17:49 +02:00
Quentin Gliech
01cdb9a02a Appease cargo fmt 2022-05-19 10:17:49 +02:00
Quentin Gliech
660b2d5232 Handle legacy /logout 2022-05-19 10:17:49 +02:00
Quentin Gliech
1aff98bdb3 Working legacy login endpoint 2022-05-19 10:17:49 +02:00
Quentin Gliech
1ebdd0b731 WIP: Handle /login 2022-05-19 10:17:49 +02:00
Quentin Gliech
bf1d96fc23 Add password change discovery 
See https://web.dev/change-password-url/
 2022-05-12 15:06:37 +02:00
Quentin Gliech
185562c866 Form error state overhaul 
This adds a new FormState structure here to hold the state of an errored
from, including retaining field value and better error codes.

It also adds error recovery for the registration form, and properly
loads the post_login_action context in case of errors.
 2022-05-12 13:35:58 +02:00
Quentin Gliech
ca7b26cf18 Simplify error handling in user-facing routes 2022-05-10 17:47:38 +02:00
Jonas Platte
0e1b2ea6b1 Remove implied StatusCode::OK 2022-05-10 11:01:24 +02:00
Quentin Gliech
f4353b660e Have a unified URL builder/router 2022-05-10 09:52:48 +02:00
Quentin Gliech
436c0dcb19 Rewrite the authorization grant logic 2022-05-06 17:12:39 +02:00
Quentin Gliech
7a4dbd2910 Rewrite authorization code grant callback logic 2022-05-04 16:36:59 +02:00
Quentin Gliech
3a83c5b3bf Use axum-extra's PrivateCookieJar 2022-04-29 14:56:06 +02:00
Quentin Gliech
9681948aa8 Show consent page on prompt=consent 2022-04-29 14:10:45 +02:00
Quentin Gliech
28ff912029 Simple consent screen and storage 2022-04-29 12:16:39 +02:00
Quentin Gliech
8a256596d7 Serve static files live from disk in dev mode 2022-04-28 16:08:50 +02:00
Quentin Gliech
687c2a97b8 Allow more safe headers on CORS-protected resources 2022-04-22 15:14:14 +02:00
Quentin Gliech
ee05543944 Check some metadata on client registration 2022-04-21 13:34:07 +02:00
Quentin Gliech
25193ebaa5 Support signed userinfo responses 2022-04-21 11:49:49 +02:00
Quentin Gliech
5c14611b96 Simple dynamic client registration 2022-04-19 12:23:19 +02:00
Quentin Gliech
d43a8f1a00 Basic Webfinger support 2022-04-08 10:43:48 +02:00
Quentin Gliech
bc24e30867 Add CORS headers to API-like routes 2022-04-07 16:25:42 +02:00
Quentin Gliech
9a76139bb4 Return proper errors on the OAuth token endpoint 2022-04-06 17:35:29 +02:00
Quentin Gliech
31bc8504c9 Upgrade axum to 0.5 2022-04-06 17:35:29 +02:00
Quentin Gliech
4e31fc6c84 Get rid of warp 2022-04-06 17:35:29 +02:00
Quentin Gliech
51160faf48 Axum migration: /oauth2/authorize 2022-04-06 17:35:29 +02:00
Quentin Gliech
35310849c7 Axum migration: /oauth2/token 2022-04-06 17:35:29 +02:00
Quentin Gliech
0f7484beee Axum migration: /oauth2/introspection 2022-04-06 17:35:29 +02:00