matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
1,802 Commits 59 Branches 22 Tags
b85655b9449b67b7c33ba6289873cd460ca6029e
Commit Graph

514 Commits

Author SHA1 Message Date
Quentin Gliech
b85655b944 Save the session activity in the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
407c78a7be Record the user session activity for most routes 2023-09-19 21:57:54 +02:00
Quentin Gliech
cf5510a1a2 Add an ActivityTracker which tracks session activity and regularly flush them to the database 2023-09-19 21:57:54 +02:00
dependabot[bot]
19c070cf5b build(deps): bump axum-extra from 0.7.7 to 0.8.0 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.7.7 to 0.8.0.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.7.7...axum-extra-v0.8.0)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-18 23:52:53 +02:00
Quentin Gliech
21406218aa fixup! Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
7887387568 Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
c9155ef0cf Rust dependencies housekeeping 
Including:
 - package upgrades
 - stop using the patched version of `ulid`
 - update cargo deny duplicate exception list
 2023-09-14 23:43:00 +02:00
Quentin Gliech
54071c4969 Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00
Quentin Gliech
9fcdad3142 Stop using deprecated chrono::DateTime::from_utc method 2023-09-13 18:28:41 +02:00
Quentin Gliech
9a77f67fbe Make the error on introspection failure more explicit in the logs 2023-09-13 18:24:52 +02:00
Quentin Gliech
789040d22f graphql: Fix the createOauth2Session mutation not persisting the changes to the database 2023-09-12 11:31:19 +02:00
Quentin Gliech
9c97a0c37a storage: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
e6b91c1ce4 data-model: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
83ca90ee3d Add a GraphQL mutation to create arbitrary OAuth2 sessions. 2023-09-11 12:03:42 +02:00
Quentin Gliech
20cb5dda8c Have more granular errors on the refresh token grant 2023-09-08 15:19:43 +02:00
Quentin Gliech
0bb34ed3e0 Add the Sentry event ID in error response headers 2023-09-08 15:19:43 +02:00
dependabot[bot]
7bedb75976 build(deps): bump async-graphql from 6.0.5 to 6.0.6 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.5 to 6.0.6.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-08 13:44:27 +02:00
Quentin Gliech
5a6e630c73 Test that a client_credentials token with the admin scope can add a user 2023-09-06 09:35:34 +02:00
Quentin Gliech
d16b880267 policy: only require redirect_uris for the authorization_code and implicit grants 2023-09-06 09:35:34 +02:00
Quentin Gliech
c85f5f2768 Only allow using the refresh token grant if it was asked during the client registration 2023-09-06 09:35:34 +02:00
Quentin Gliech
b9edbda5e1 Advertise the client_credentials grant in the discovery document 2023-09-06 09:35:34 +02:00
Quentin Gliech
542d0a6073 Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
00fe5f902b storage: add a method to create an OAuth 2.0 session for a client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
7e247830c9 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
dependabot[bot]
d256bee1fd build(deps): bump argon2 from 0.5.1 to 0.5.2 
Bumps [argon2](https://github.com/RustCrypto/password-hashes) from 0.5.1 to 0.5.2.
- [Commits](https://github.com/RustCrypto/password-hashes/compare/argon2-v0.5.1...argon2-v0.5.2)

---
updated-dependencies:
- dependency-name: argon2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 09:34:17 +02:00
dependabot[bot]
455f2a7725 build(deps): bump async-graphql from 6.0.4 to 6.0.5 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:37:26 +02:00
dependabot[bot]
a46bd43dd2 build(deps): bump tower-http from 0.4.3 to 0.4.4 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:17:59 +02:00
Hugh Nimmo-Smith
bca3ab5eb6 Add CORS headers for /graphql 2023-09-01 17:30:33 +02:00
Quentin Gliech
a01c53019f Define common crates metadata on the workspace level 2023-09-01 16:27:22 +02:00
Kerry
17f8dc4e00 Implement MSC2965 action parameter (#1673) 
* redirect session_end action to session detail

* fix react key warning in oauth session detail

* move Route type to /routing

* test getRouteActionRedirection

* comment

* frontend: Split the routing-related stuff in multiple files under routing/

* frontend: Cover all the redirections defined by MSC2965

* frontend: fix test

* Make the backend keep query parameters through login to the /account/ interface

* Fix frontend tests & clippy lints

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
 2023-09-01 09:42:50 +00:00
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
23571e87ea Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
5d3b8cd92f Store the browser user-agent when starting a browser session 2023-08-29 17:38:01 +02:00
Quentin Gliech
438a10332a Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
dependabot[bot]
111c119732 build(deps): bump the sentry group with 1 update 
Bumps the sentry group with 1 update: [sentry](https://github.com/getsentry/sentry-rust).

- [Release notes](https://github.com/getsentry/sentry-rust/releases)
- [Changelog](https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-rust/compare/0.31.5...0.31.6)

---
updated-dependencies:
- dependency-name: sentry
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:23:26 +02:00
Quentin Gliech
07ca145174 Cache the upstream OAuth 2.0 provider metadata 2023-08-28 18:30:40 +02:00
Quentin Gliech
17e28f56c1 Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
d9a12de8a3 Save the authentication method on each authorization 
This will help us logging out of the upstream.
 2023-08-28 17:14:59 +02:00
Quentin Gliech
096386e9b9 Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
dependabot[bot]
329bd401b3 build(deps): bump time from 0.3.27 to 0.3.28 
Bumps [time](https://github.com/time-rs/time) from 0.3.27 to 0.3.28.
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](https://github.com/time-rs/time/compare/v0.3.27...v0.3.28)

---
updated-dependencies:
- dependency-name: time
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-27 19:11:35 +02:00
Quentin Gliech
7ff9be99db Add a basic login test to check session & CSRF cookies are correctly handled 2023-08-25 14:35:46 +02:00
Quentin Gliech
a39f71c181 Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
Quentin Gliech
ca3460b49e Skip the "continue" screens on upstream IDP logins for new accounts 2023-08-25 10:56:10 +02:00
dependabot[bot]
88b52a41ba build(deps): bump time from 0.3.25 to 0.3.27 
Bumps [time](https://github.com/time-rs/time) from 0.3.25 to 0.3.27.
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](https://github.com/time-rs/time/compare/v0.3.25...v0.3.27)

---
updated-dependencies:
- dependency-name: time
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 19:39:47 +02:00
dependabot[bot]
6a2f1367d1 build(deps): bump serde_with from 3.2.0 to 3.3.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 16:05:37 +02:00
dependabot[bot]
34ed7e505d build(deps): bump async-graphql from 6.0.1 to 6.0.4 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.1 to 6.0.4.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 12:04:08 +02:00
dependabot[bot]
1ef1db2ae1 build(deps): bump tokio from 1.30.0 to 1.32.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.30.0 to 1.32.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.30.0...tokio-1.32.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 12:02:56 +02:00