matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-06 05:42:30 +03:00
Code Activity
1,675 Commits 59 Branches 22 Tags
b9edbda5e169b09e18ab8bb6b51ac15faed810a3
Commit Graph

1140 Commits

Author SHA1 Message Date
Quentin Gliech
b9edbda5e1 Advertise the client_credentials grant in the discovery document 2023-09-06 09:35:34 +02:00
Quentin Gliech
542d0a6073 Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
00fe5f902b storage: add a method to create an OAuth 2.0 session for a client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
8658a3400d policy: prepare for the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
7a9197f222 storage-pg: make the user_id in oauth2_sessions nullable 2023-09-06 09:35:34 +02:00
Quentin Gliech
7e247830c9 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
dependabot[bot]
d256bee1fd build(deps): bump argon2 from 0.5.1 to 0.5.2 
Bumps [argon2](https://github.com/RustCrypto/password-hashes) from 0.5.1 to 0.5.2.
- [Commits](https://github.com/RustCrypto/password-hashes/compare/argon2-v0.5.1...argon2-v0.5.2)

---
updated-dependencies:
- dependency-name: argon2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 09:34:17 +02:00
dependabot[bot]
ef388b9fdc build(deps): bump tera from 1.19.0 to 1.19.1 
Bumps [tera](https://github.com/Keats/tera) from 1.19.0 to 1.19.1.
- [Changelog](https://github.com/Keats/tera/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Keats/tera/commits)

---
updated-dependencies:
- dependency-name: tera
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 09:34:09 +02:00
Quentin Gliech
bc3f665739 graphql: expose the logo_uri in the OAuth 2.0 client 
Fixes #1705
 2023-09-06 09:28:47 +02:00
Quentin Gliech
0896292006 Fix Clippy warnings about enum size variants difference 2023-09-04 16:45:21 +02:00
dependabot[bot]
455f2a7725 build(deps): bump async-graphql from 6.0.4 to 6.0.5 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:37:26 +02:00
dependabot[bot]
650bb3cf1c build(deps): bump clap from 4.4.1 to 4.4.2 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.1...v4.4.2)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:25:21 +02:00
dependabot[bot]
a46bd43dd2 build(deps): bump tower-http from 0.4.3 to 0.4.4 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:17:59 +02:00
Hugh Nimmo-Smith
bca3ab5eb6 Add CORS headers for /graphql 2023-09-01 17:30:33 +02:00
Quentin Gliech
a01c53019f Define common crates metadata on the workspace level 2023-09-01 16:27:22 +02:00
Kerry
17f8dc4e00 Implement MSC2965 action parameter (#1673) 
* redirect session_end action to session detail

* fix react key warning in oauth session detail

* move Route type to /routing

* test getRouteActionRedirection

* comment

* frontend: Split the routing-related stuff in multiple files under routing/

* frontend: Cover all the redirections defined by MSC2965

* frontend: fix test

* Make the backend keep query parameters through login to the /account/ interface

* Fix frontend tests & clippy lints

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
 2023-09-01 09:42:50 +00:00
Quentin Gliech
be5b527403 graphql: admin API to add a user, lock them, and add emails without verification 2023-09-01 11:34:58 +02:00
Quentin Gliech
21d3d3a5d4 Rename the 'hack' configuration section to 'experimental' 2023-08-31 18:05:00 +02:00
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
8e5ebcd03f Simplify the URL displayed on compatibility SSO logins 
See #1638
 2023-08-31 10:54:29 +02:00
Quentin Gliech
23571e87ea Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
6589f06d79 tracing: set the parent context from the incoming request again 2023-08-29 18:50:54 +02:00
dependabot[bot]
a0373207a8 build(deps): bump the opentelemetry group with 1 update 
Bumps the opentelemetry group with 1 update: [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry).

- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases)
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: tracing-opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 18:50:54 +02:00
Quentin Gliech
a19f405e53 graphql: Expose the BrowserSession User-Agent 2023-08-29 17:38:01 +02:00
Quentin Gliech
5d3b8cd92f Store the browser user-agent when starting a browser session 2023-08-29 17:38:01 +02:00
Quentin Gliech
1849b86a7d graphql: Always make the associated SSO login available in compatibility sessions 2023-08-29 16:53:38 +02:00
Quentin Gliech
ba98b7c448 graphql: API to query client sessions out of a device_id and a user ID 2023-08-29 16:53:38 +02:00
Quentin Gliech
8402a75a7d storage: Look up compat sessions by device_id 2023-08-29 16:53:38 +02:00
Quentin Gliech
d7abdccc0a storage: Allow filtering oauth2 sessions by scope 2023-08-29 16:53:38 +02:00
Quentin Gliech
438a10332a Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
Quentin Gliech
85629820fd api: Add a finishedAt property to the BrowserSession and a state property to all 3 session types 2023-08-29 08:34:07 +02:00
Quentin Gliech
f295d2df77 Fix sentry transport post-upgrade 2023-08-29 08:23:26 +02:00
dependabot[bot]
111c119732 build(deps): bump the sentry group with 1 update 
Bumps the sentry group with 1 update: [sentry](https://github.com/getsentry/sentry-rust).

- [Release notes](https://github.com/getsentry/sentry-rust/releases)
- [Changelog](https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-rust/compare/0.31.5...0.31.6)

---
updated-dependencies:
- dependency-name: sentry
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:23:26 +02:00
dependabot[bot]
79d9d7c08b build(deps): bump schemars from 0.8.12 to 0.8.13 
Bumps [schemars](https://github.com/GREsau/schemars) from 0.8.12 to 0.8.13.
- [Release notes](https://github.com/GREsau/schemars/releases)
- [Changelog](https://github.com/GREsau/schemars/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GREsau/schemars/compare/v0.8.12...v0.8.13)

---
updated-dependencies:
- dependency-name: schemars
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:00:46 +02:00
dependabot[bot]
9f58be0bcb build(deps): bump rustls from 0.21.6 to 0.21.7 
Bumps [rustls](https://github.com/rustls/rustls) from 0.21.6 to 0.21.7.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Commits](https://github.com/rustls/rustls/compare/v/0.21.6...v/0.21.7)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:00:31 +02:00
dependabot[bot]
ab8ae09b7b build(deps): bump clap from 4.4.0 to 4.4.1 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.0 to 4.4.1.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.4.0...v4.4.1)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 00:10:05 +02:00
Quentin Gliech
07ca145174 Cache the upstream OAuth 2.0 provider metadata 2023-08-28 18:30:40 +02:00
Quentin Gliech
17e28f56c1 Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
d9a12de8a3 Save the authentication method on each authorization 
This will help us logging out of the upstream.
 2023-08-28 17:14:59 +02:00
Quentin Gliech
096386e9b9 Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
dependabot[bot]
23717d8a23 build(deps): bump sea-query from 0.30.0 to 0.30.1 
Bumps [sea-query](https://github.com/SeaQL/sea-query) from 0.30.0 to 0.30.1.
- [Release notes](https://github.com/SeaQL/sea-query/releases)
- [Changelog](https://github.com/SeaQL/sea-query/blob/master/CHANGELOG.md)
- [Commits](https://github.com/SeaQL/sea-query/compare/0.30.0...0.30.1)

---
updated-dependencies:
- dependency-name: sea-query
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-27 19:12:56 +02:00
dependabot[bot]
329bd401b3 build(deps): bump time from 0.3.27 to 0.3.28 
Bumps [time](https://github.com/time-rs/time) from 0.3.27 to 0.3.28.
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](https://github.com/time-rs/time/compare/v0.3.27...v0.3.28)

---
updated-dependencies:
- dependency-name: time
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-27 19:11:35 +02:00
dependabot[bot]
245a91b9ee build(deps): bump pin-project-lite from 0.2.12 to 0.2.13 
Bumps [pin-project-lite](https://github.com/taiki-e/pin-project-lite) from 0.2.12 to 0.2.13.
- [Release notes](https://github.com/taiki-e/pin-project-lite/releases)
- [Changelog](https://github.com/taiki-e/pin-project-lite/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/pin-project-lite/compare/v0.2.12...v0.2.13)

---
updated-dependencies:
- dependency-name: pin-project-lite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-27 17:42:03 +02:00
Quentin Gliech
9289922dfb Grab a database lock when syncing the config 
Fixes #1475
 2023-08-25 15:48:47 +02:00
Quentin Gliech
7ff9be99db Add a basic login test to check session & CSRF cookies are correctly handled 2023-08-25 14:35:46 +02:00
Quentin Gliech
a39f71c181 Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
dependabot[bot]
f1e716ef90 build(deps): bump clap from 4.3.24 to 4.4.0 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.24 to 4.4.0.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.24...clap_complete-v4.4.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-25 12:32:06 +02:00