matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-21 23:00:50 +03:00
Code Activity
2,676 Commits 59 Branches 22 Tags
d4cbbd97d812e8a5f6ea20cd40a26daf79f11b9d
Commit Graph

452 Commits

Author SHA1 Message Date
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
6589f06d79 tracing: set the parent context from the incoming request again 2023-08-29 18:50:54 +02:00
dependabot[bot]
a0373207a8 build(deps): bump the opentelemetry group with 1 update 
Bumps the opentelemetry group with 1 update: [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry).

- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases)
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: tracing-opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 18:50:54 +02:00
Quentin Gliech
f295d2df77 Fix sentry transport post-upgrade 2023-08-29 08:23:26 +02:00
dependabot[bot]
111c119732 build(deps): bump the sentry group with 1 update 
Bumps the sentry group with 1 update: [sentry](https://github.com/getsentry/sentry-rust).

- [Release notes](https://github.com/getsentry/sentry-rust/releases)
- [Changelog](https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-rust/compare/0.31.5...0.31.6)

---
updated-dependencies:
- dependency-name: sentry
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:23:26 +02:00
dependabot[bot]
9f58be0bcb build(deps): bump rustls from 0.21.6 to 0.21.7 
Bumps [rustls](https://github.com/rustls/rustls) from 0.21.6 to 0.21.7.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Commits](https://github.com/rustls/rustls/compare/v/0.21.6...v/0.21.7)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:00:31 +02:00
dependabot[bot]
ab8ae09b7b build(deps): bump clap from 4.4.0 to 4.4.1 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.0 to 4.4.1.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.4.0...v4.4.1)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 00:10:05 +02:00
Quentin Gliech
07ca145174 Cache the upstream OAuth 2.0 provider metadata 2023-08-28 18:30:40 +02:00
Quentin Gliech
17e28f56c1 Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
096386e9b9 Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
9289922dfb Grab a database lock when syncing the config 
Fixes #1475
 2023-08-25 15:48:47 +02:00
Quentin Gliech
a39f71c181 Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
dependabot[bot]
f1e716ef90 build(deps): bump clap from 4.3.24 to 4.4.0 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.24 to 4.4.0.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.24...clap_complete-v4.4.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-25 12:32:06 +02:00
dependabot[bot]
f8f3875f0a build(deps): bump clap from 4.3.23 to 4.3.24 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.23 to 4.3.24.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.23...v4.3.24)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 19:39:31 +02:00
dependabot[bot]
2b2c0d0466 build(deps): bump clap from 4.3.21 to 4.3.23 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.21 to 4.3.23.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.21...v4.3.23)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 16:08:45 +02:00
dependabot[bot]
3aa7a26628 build(deps): bump httpdate from 1.0.2 to 1.0.3 
Bumps [httpdate](https://github.com/pyfisch/httpdate) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/pyfisch/httpdate/releases)
- [Commits](https://github.com/pyfisch/httpdate/compare/v1.0.2...v1.0.3)

---
updated-dependencies:
- dependency-name: httpdate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 12:03:22 +02:00
dependabot[bot]
1ef1db2ae1 build(deps): bump tokio from 1.30.0 to 1.32.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.30.0 to 1.32.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.30.0...tokio-1.32.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 12:02:56 +02:00
Quentin Gliech
7c83dce66e Move some common dependencies on the workspace level 
Also deprecates the AWS SESv2 transport for emails
 2023-08-14 13:00:01 +02:00
Quentin Gliech
21964cbeab Setup cargo-deny 
Also try to remove a bunch of duplicate crates
 2023-08-14 11:22:52 +02:00
Quentin Gliech
699dfba55f OpenTelemetry upgrade 2023-08-11 16:12:58 +02:00
dependabot[bot]
6e8222c765 build(deps): bump the opentelemetry group with 7 updates 
Bumps the opentelemetry group with 7 updates:

| Package | Update |
| --- | --- |
| [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry) | 0.19.0 to 0.20.0 |
| [opentelemetry](https://github.com/open-telemetry/opentelemetry-rust) | 0.19.0 to 0.20.0 |
| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-rust) | 0.11.0 to 0.12.0 |
| [opentelemetry-jaeger](https://github.com/open-telemetry/opentelemetry-rust) | 0.18.0 to 0.19.0 |
| [opentelemetry-otlp](https://github.com/open-telemetry/opentelemetry-rust) | 0.12.0 to 0.13.0 |
| [opentelemetry-http](https://github.com/open-telemetry/opentelemetry-rust) | 0.8.0 to 0.9.0 |
| [opentelemetry-prometheus](https://github.com/open-telemetry/opentelemetry-rust) | 0.12.0 to 0.13.0 |


Updates `tracing-opentelemetry` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases)
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.19.0...v0.20.0)

Updates `opentelemetry` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.19.0...v0.20.0)

Updates `opentelemetry-semantic-conventions` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.11.0...v0.12.0)

Updates `opentelemetry-jaeger` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.18.0...v0.19.0)

Updates `opentelemetry-otlp` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.12.0...v0.13.0)

Updates `opentelemetry-http` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-rust/blob/v0.9.0/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.8.0...v0.9.0)

Updates `opentelemetry-prometheus` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: tracing-opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-semantic-conventions
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-jaeger
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-otlp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-http
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-prometheus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-11 16:12:58 +02:00
dependabot[bot]
f09f6b7c2f build(deps): bump tokio from 1.29.1 to 1.30.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.29.1 to 1.30.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.29.1...tokio-1.30.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-10 07:59:09 +02:00
Quentin Gliech
3e6ea9a158 Add a 404 HTMl fallback 2023-08-09 16:56:11 +02:00
dependabot[bot]
b153316cf6 build(deps): bump rustls from 0.21.5 to 0.21.6 
Bumps [rustls](https://github.com/rustls/rustls) from 0.21.5 to 0.21.6.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Commits](https://github.com/rustls/rustls/compare/v/0.21.5...v/0.21.6)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-09 12:01:08 +02:00
dependabot[bot]
72aa800ebb build(deps): bump clap from 4.3.19 to 4.3.21 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.19 to 4.3.21.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.19...v4.3.21)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-09 11:34:06 +02:00
dependabot[bot]
79ad2dbc65 build(deps): bump axum from 0.6.19 to 0.6.20 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.6.19 to 0.6.20.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.6.19...axum-v0.6.20)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-08 19:21:47 +02:00
dependabot[bot]
91c6b1eaf1 build(deps): bump apalis-core from 0.4.3 to 0.4.4 
Bumps apalis-core from 0.4.3 to 0.4.4.

---
updated-dependencies:
- dependency-name: apalis-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-04 22:53:07 +02:00
Quentin Gliech
033479bc57 cli: always include all OTEL exporters 2023-08-03 17:13:37 +02:00
Quentin Gliech
8142cad3d6 Call the homeserver for user deactivation 2023-08-03 14:06:34 +02:00
Quentin Gliech
40b49cdd10 Add a way to lock users 2023-08-03 14:06:34 +02:00
Quentin Gliech
7bf6777a90 ci: fix the dist build assets path 2023-07-28 17:13:07 +02:00
Quentin Gliech
e79da4a949 Bump Rust dependencies and remove unused ones 2023-07-27 17:23:08 +02:00
dependabot[bot]
3a3e8bc285 build(deps): bump tower-http from 0.4.1 to 0.4.3 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.1 to 0.4.3.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.1...tower-http-0.4.3)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-21 23:39:20 +02:00
dependabot[bot]
adcd76a64a build(deps): bump clap from 4.3.15 to 4.3.18 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.15 to 4.3.18.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.15...v4.3.18)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-21 23:37:10 +02:00
dependabot[bot]
6d601ea164 build(deps): bump serde_yaml from 0.9.24 to 0.9.25 
Bumps [serde_yaml](https://github.com/dtolnay/serde-yaml) from 0.9.24 to 0.9.25.
- [Release notes](https://github.com/dtolnay/serde-yaml/releases)
- [Commits](https://github.com/dtolnay/serde-yaml/compare/0.9.24...0.9.25)

---
updated-dependencies:
- dependency-name: serde_yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-21 23:36:54 +02:00
dependabot[bot]
a32a26cf75 build(deps): bump clap from 4.3.14 to 4.3.15 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.14 to 4.3.15.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.14...v4.3.15)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-19 09:42:52 +02:00
dependabot[bot]
bb24a39c9a build(deps): bump serde_yaml from 0.9.23 to 0.9.24 
Bumps [serde_yaml](https://github.com/dtolnay/serde-yaml) from 0.9.23 to 0.9.24.
- [Release notes](https://github.com/dtolnay/serde-yaml/releases)
- [Commits](https://github.com/dtolnay/serde-yaml/compare/0.9.23...0.9.24)

---
updated-dependencies:
- dependency-name: serde_yaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-19 09:42:31 +02:00
Quentin Gliech
ba0f7ea62c Upgrade all Rust dependencies 
This includes breaking changes of sqlx 0.7.0
 2023-07-17 19:04:06 +02:00
Quentin Gliech
68db56c2a2 Reimplementation of a postgres-backed storage with a shared PG listener 2023-07-17 19:04:06 +02:00
Quentin Gliech
f5143c045e Track the database connection acquisition time and pool usage 2023-07-06 18:54:29 +02:00
Quentin Gliech
76653f9638 Better frontend assets handling and move the react app to /account/ (#1324) 
This makes the Vite assets handling better, namely:

 - make it possible to include any vite assets in the templates
 - include the right `<link rel="preload">` tags for assets
 - include Subresource Integrity hashes
 - pre-compress assets and remove on-the-fly compression by the Rust server
 - build the CSS used by templates through Vite

It also moves the React app from /app/ to /account/, and remove some of the old SSR account screens.
 2023-07-06 15:30:26 +02:00
dependabot[bot]
bd9483ec74 build(deps): bump serde_json from 1.0.99 to 1.0.100 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.99 to 1.0.100.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.99...v1.0.100)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-05 22:55:03 +02:00
dependabot[bot]
ef2c095327 build(deps): bump clap from 4.3.10 to 4.3.11 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.10 to 4.3.11.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.10...v4.3.11)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-05 22:24:07 +02:00
dependabot[bot]
eeea3d98fa build(deps): bump rustls from 0.21.2 to 0.21.3 
Bumps [rustls](https://github.com/rustls/rustls) from 0.21.2 to 0.21.3.
- [Changelog](https://github.com/rustls/rustls/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/rustls/rustls/commits)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-05 22:16:58 +02:00
dependabot[bot]
40429fcc9e build(deps): bump indoc from 2.0.1 to 2.0.2 
Bumps [indoc](https://github.com/dtolnay/indoc) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/dtolnay/indoc/releases)
- [Commits](https://github.com/dtolnay/indoc/compare/2.0.1...2.0.2)

---
updated-dependencies:
- dependency-name: indoc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-04 09:07:05 +02:00
dependabot[bot]
a5c9ada5d6 build(deps): bump clap from 4.3.9 to 4.3.10 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.9 to 4.3.10.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.9...v4.3.10)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-02 11:31:52 +02:00
dependabot[bot]
1a70c3a387 build(deps): bump tokio from 1.29.0 to 1.29.1 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.29.0 to 1.29.1.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.29.0...tokio-1.29.1)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-02 11:30:27 +02:00
Quentin Gliech
297dbbb6ab Add a CLI tool to kill all sessions of a user 2023-06-30 15:54:06 +02:00