Quentin Gliech
b9edbda5e1
Advertise the client_credentials grant in the discovery document
2023-09-06 09:35:34 +02:00
Quentin Gliech
542d0a6073
Implement the client credentials grant
2023-09-06 09:35:34 +02:00
Quentin Gliech
00fe5f902b
storage: add a method to create an OAuth 2.0 session for a client credentials grant
2023-09-06 09:35:34 +02:00
Quentin Gliech
7e247830c9
data-model: Make the user_id optional in the OAuth 2.0 sessions
2023-09-06 09:35:34 +02:00
Quentin Gliech
bc04860afb
Make the access tokens TTL configurable
2023-08-31 18:05:00 +02:00
Quentin Gliech
7fcd022eea
Make sure we validate passwords & emails by the policy at all stages
...
Also refactors the way we get the policy engines in requests
2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092
policies: split the email & password policies and add jsonschema validation of the input
2023-08-30 19:39:39 +02:00
Quentin Gliech
5d3b8cd92f
Store the browser user-agent when starting a browser session
2023-08-29 17:38:01 +02:00
Quentin Gliech
438a10332a
Add the user_id directly on oauth2_sessions and make the scope a text list
2023-08-29 12:52:24 +02:00
Quentin Gliech
17e28f56c1
Upgrade Rust to 1.72.0
...
Fixes new clippy errors and upgrade other tools
2023-08-28 18:05:56 +02:00
Quentin Gliech
096386e9b9
Save the application_type and the contacts in the OAuth 2.0 clients
...
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
2023-08-28 14:41:49 +02:00
Quentin Gliech
a39f71c181
Handle cookies better by setting the right flags & expiration
2023-08-25 14:35:46 +02:00
Quentin Gliech
cc2bce7b03
Show and log the policy violations better
2023-08-03 14:06:34 +02:00
Quentin Gliech
40b49cdd10
Add a way to lock users
2023-08-03 14:06:34 +02:00
Quentin Gliech
802cf142fd
Remove the last authentication from the browser session model
2023-07-21 19:50:30 +02:00
Quentin Gliech
4f1b201c74
Define upstream OAuth providers in the config
...
And adds CLI tool to sync them with the database (WIP)
2023-06-26 17:24:56 +02:00
Quentin Gliech
2a514cf452
Add a admin flag to the compatibility session
...
Also adds a CLI tool to issue a compatibility token.
2023-06-16 15:24:38 +02:00
Quentin Gliech
77fc67c29b
Silence clippy warning about a function being too long
2023-04-24 10:42:38 +02:00
Quentin Gliech
d34e01fc67
Provision and delete Matrix devices in OAuth sessions
2023-04-24 10:42:38 +02:00
Quentin Gliech
a79b4060d4
Check that an OAuth session is valid before revoking it
2023-03-02 16:31:36 +01:00
Quentin Gliech
67753c0e26
handlers: add tests for introspection endpoint
2023-02-24 17:45:50 +01:00
Quentin Gliech
17471c651e
handlers: add tests for the token endpoint
...
This also simplifies the way we issue tokens in tests
2023-02-22 19:38:01 +01:00
Quentin Gliech
03583d2936
handlers: add a test for OIDC discovery
2023-02-22 16:38:48 +01:00
Quentin Gliech
1e9ce8d6d6
handlers: add tests for client registration
2023-02-22 14:29:53 +01:00
Quentin Gliech
64ce271d08
Add test helpers for handlers and use them
...
Also expands the test coverage of the revoke handler.
2023-02-21 12:06:30 +01:00
Quentin Gliech
a6cd4412c1
Write tests for the token revocation endpoint
2023-02-21 12:06:30 +01:00
Quentin Gliech
543b4b229f
Support for token revocation
2023-02-21 12:06:30 +01:00
Quentin Gliech
792d3c793b
Convert many match/if expressions to let-else
2023-02-01 10:37:04 +01:00
Quentin Gliech
39c126318f
Fix the authorization grant template
...
It previously relied on the client being in the authorization grant,
which is not the case anymore. This commit also adds a test to ensure
we're not breaking this template in the future.
2023-01-31 16:50:48 +01:00
Quentin Gliech
87914cbcb3
Capture better errors in Sentry
2023-01-31 16:25:15 +01:00
Quentin Gliech
875025467e
Log more errors and setup Sentry integration
2023-01-30 18:04:44 +01:00
Quentin Gliech
6a8c79c497
storage: impl Repository for Box<impl Repository + ?Sized>
2023-01-24 09:51:49 +01:00
Quentin Gliech
a9facab131
Box the repository everywhere
2023-01-20 17:53:04 +01:00
Quentin Gliech
f4c64c2171
storage: ensure the repository trait can be boxed
...
and define some wrappers to map the errors
2023-01-19 19:10:35 +01:00
Quentin Gliech
876bc9fcb3
handlers: extract the PgRepository from the request
...
Also fix a bunch of clippy errors & doctests
2023-01-18 18:22:13 +01:00
Quentin Gliech
9005931e2a
handlers: box the rng and clock, and extract it from the state
2023-01-18 17:49:59 +01:00
Quentin Gliech
142fdbd45a
storage: make the Clock a trait
2023-01-18 12:20:30 +01:00
Quentin Gliech
73a921cc30
Split the storage trait from the implementation
2023-01-18 10:38:22 +01:00
Quentin Gliech
195203823a
storage: wrap the postgres repository in a struct
2023-01-13 18:03:37 +01:00
Quentin Gliech
488a666a8d
storage: remaining oauth2 repositories
...
- authorization grants
- access tokens
- refresh tokens
2023-01-12 18:26:04 +01:00
Quentin Gliech
36396c0b45
storage: repository pattern for the compat layer
2023-01-12 15:41:26 +01:00
Quentin Gliech
9f0c9f1466
storage: cleanup access/refresh token lookups
2023-01-11 12:14:52 +01:00
Quentin Gliech
920869b583
storage: do less joins in compat sessions
2023-01-10 18:49:35 +01:00
Quentin Gliech
39cd9a2578
data-model: don't embed the client in the auth grant
2023-01-09 10:49:51 +01:00
Quentin Gliech
fb7c6f4dd1
storage: do less joins on authorization grants and refresh tokens
2023-01-05 16:49:19 +01:00
Quentin Gliech
603a26eabd
storage: oauth2 session repository
2023-01-05 16:44:56 +01:00
Quentin Gliech
e26f75246d
storage: Load with less joins
...
This is done to simplify some queries, to avoid loading more data than
necessary, and in preparation of a proper cache layer
2023-01-04 18:06:17 +01:00
Quentin Gliech
09a567ab17
storage: OAuth2 client repository
2023-01-04 16:30:32 +01:00
Quentin Gliech
13a9d03647
storage: user and user email repository
2023-01-02 15:28:44 +01:00
Quentin Gliech
3bca5ab9be
Add the standard API scope to the compat token introspection
2022-12-28 11:33:53 +01:00
