matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,571 Commits 59 Branches 22 Tags
d76b54b13f0f115bca38a7bfb80b554debc187a4
Commit Graph

620 Commits

Author SHA1 Message Date
Hugh Nimmo-Smith
3215e86eaa Use unstable prefixes for scope names (#337) 2022-08-05 17:58:22 +00:00
dependabot[bot]
2568720106 Bump chrono from 0.4.19 to 0.4.20 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.19 to 0.4.20.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.19...v0.4.20)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-05 09:48:09 +02:00
Quentin Gliech
2e2c3d54a6 Test HTTP handlers 2022-08-05 09:48:02 +02:00
dependabot[bot]
3cfd0f1553 Bump serde from 1.0.141 to 1.0.142 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.141 to 1.0.142.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.141...v1.0.142)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 11:30:39 +02:00
dependabot[bot]
25a7d6cba5 Bump serde_json from 1.0.82 to 1.0.83 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.82 to 1.0.83.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.82...v1.0.83)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 10:43:50 +02:00
dependabot[bot]
2e8f180675 Bump sqlx from 0.6.0 to 0.6.1 
Bumps [sqlx](https://github.com/launchbadge/sqlx) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/launchbadge/sqlx/releases)
- [Changelog](https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/launchbadge/sqlx/commits)

---
updated-dependencies:
- dependency-name: sqlx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 10:03:39 +02:00
dependabot[bot]
3b56287c99 Bump thiserror from 1.0.31 to 1.0.32 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.31 to 1.0.32.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.31...1.0.32)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 09:21:37 +02:00
dependabot[bot]
b3486cc373 Bump elliptic-curve from 0.12.2 to 0.12.3 
Bumps [elliptic-curve](https://github.com/RustCrypto/traits) from 0.12.2 to 0.12.3.
- [Release notes](https://github.com/RustCrypto/traits/releases)
- [Commits](https://github.com/RustCrypto/traits/compare/elliptic-curve-v0.12.2...elliptic-curve-v0.12.3)

---
updated-dependencies:
- dependency-name: elliptic-curve
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-03 19:08:56 +02:00
dependabot[bot]
20f2b5db74 Bump indoc from 1.0.6 to 1.0.7 
Bumps [indoc](https://github.com/dtolnay/indoc) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/dtolnay/indoc/releases)
- [Commits](https://github.com/dtolnay/indoc/compare/1.0.6...1.0.7)

---
updated-dependencies:
- dependency-name: indoc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-03 16:29:39 +02:00
Quentin Gliech
649e5cd645 Move the PKCE validation logic to oauth2-types 2022-08-03 13:57:31 +02:00
Quentin Gliech
372b32a780 Make PKCE implementation compliant with RFC7636 
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.

Fixes #316
 2022-08-03 13:57:31 +02:00
Quentin Gliech
e3e659b701 Switch back rsa crate to a published pre-version 2022-08-01 19:41:38 +02:00
Quentin Gliech
44b2708f7a Bump serde_with 2022-08-01 19:38:22 +02:00
Quentin Gliech
d4c718ef4b Bump Rust dependencies 2022-08-01 17:50:33 +02:00
Quentin Gliech
ba6a382f2c Authorization grant policy (#288) 
Co-authored-by: Hugh Nimmo-Smith <hughns@matrix.org>
 2022-07-21 16:18:59 +00:00
Quentin Gliech
a263330ea5 Stop generating the device ID automatically (#285) 2022-07-21 16:34:55 +01:00
Hugh Nimmo-Smith
0e21f00d17 Return reason for invalid_client_metadata in HTTP response (#298) 2022-07-08 21:11:54 +00:00
Quentin Gliech
ba90ee2614 Bump dependencies 2022-07-04 18:27:18 +02:00
dependabot[bot]
be3662d7dc Bump lettre from 0.10.0-rc.7 to 0.10.0 
Bumps [lettre](https://github.com/lettre/lettre) from 0.10.0-rc.7 to 0.10.0.
- [Release notes](https://github.com/lettre/lettre/releases)
- [Changelog](https://github.com/lettre/lettre/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lettre/lettre/compare/v0.10.0-rc.7...v0.10.0)

---
updated-dependencies:
- dependency-name: lettre
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-04 18:17:07 +02:00
Quentin Gliech
4870d1e899 Fix some false-positive clippy lints 
Those were introduced in clippy 1.62 (under clippy::pedantic) and are in
proc-macro generated code
 2022-07-01 16:36:35 +02:00
dependabot[bot]
52a400eb9e Bump serde_json from 1.0.81 to 1.0.82 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.81 to 1.0.82.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.81...v1.0.82)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 19:12:20 +02:00
dependabot[bot]
43f0336b92 Bump axum from 0.5.9 to 0.5.10 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.9 to 0.5.10.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.9...axum-v0.5.10)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-29 09:35:58 +02:00
Quentin Gliech
821182acd1 Bump dependencies and bumps MSRV to 1.60 2022-06-27 23:37:21 +02:00
Quentin Gliech
27fa4fef4f Bump dependencies 2022-06-27 11:33:21 +02:00
Quentin Gliech
fee9d46dfc Bump sqlx from 0.5.13 to 0.6.0 2022-06-27 11:11:29 +02:00
dependabot[bot]
2ed22a618a Bump anyhow from 1.0.57 to 1.0.58 
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.57 to 1.0.58.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.57...1.0.58)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-23 18:33:39 +02:00
Hugh Nimmo-Smith
50af460e22 Use unstable prefix for MSC3824 (#251) 2022-06-19 18:37:50 +00:00
Hugh Nimmo-Smith
9e3f43f1f0 Move from MSC3824 actions to org.matrix.msc3824.delegated_oidc_compatibility flag (#250) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-15 15:49:03 +00:00
Hugh Nimmo-Smith
5632f6ba99 feat: support for MSC3824 action param on SSO redirect (#248) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-14 11:34:56 +00:00
dependabot[bot]
482bfeecc2 Bump axum-extra from 0.3.3 to 0.3.4 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.3.3 to 0.3.4.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.3.3...axum-extra-v0.3.4)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-09 12:39:21 +02:00
dependabot[bot]
3f9863e7d3 Bump tracing from 0.1.34 to 0.1.35 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.34 to 0.1.35.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.34...tracing-0.1.35)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-09 11:40:21 +02:00
dependabot[bot]
b1a17194b7 Bump axum from 0.5.6 to 0.5.7 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.6 to 0.5.7.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.6...axum-v0.5.7)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-09 11:40:05 +02:00
dependabot[bot]
a0573feedb Bump tower-http from 0.3.3 to 0.3.4 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.3.3 to 0.3.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.3.3...tower-http-0.3.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 14:05:50 +02:00
dependabot[bot]
274739b537 Bump tokio from 1.19.0 to 1.19.2 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.19.0 to 1.19.2.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/commits)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 14:05:45 +02:00
dependabot[bot]
13e78e3caf Bump lettre from 0.10.0-rc.6 to 0.10.0-rc.7 
Bumps [lettre](https://github.com/lettre/lettre) from 0.10.0-rc.6 to 0.10.0-rc.7.
- [Release notes](https://github.com/lettre/lettre/releases)
- [Changelog](https://github.com/lettre/lettre/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lettre/lettre/compare/v0.10.0-rc.6...v0.10.0-rc.7)

---
updated-dependencies:
- dependency-name: lettre
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 14:05:39 +02:00
dependabot[bot]
b94983ca41 Bump tokio from 1.18.2 to 1.19.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.18.2...tokio-1.19.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-04 15:52:31 +02:00
Quentin Gliech
e694932daf Handle password strength verification through OPA 2022-06-03 16:14:26 +02:00
Quentin Gliech
7c8893e596 Switch the policies to a violation list based approach 
This allows policies to give proper feedback on form fields
 2022-06-03 13:37:20 +02:00
Quentin Gliech
071055ad18 Embed the default policy in the binary 2022-06-03 13:37:20 +02:00
Quentin Gliech
a2b53f0395 Run OPA policies during registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
aab1f49374 Support for applying OPA policies during client registration 2022-06-03 13:37:20 +02:00
dependabot[bot]
959466a5ba Bump serde_with from 1.13.0 to 1.14.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:41 +02:00
dependabot[bot]
7cba5f7e67 Bump hyper from 0.14.18 to 0.14.19 
Bumps [hyper](https://github.com/hyperium/hyper) from 0.14.18 to 0.14.19.
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19)

---
updated-dependencies:
- dependency-name: hyper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:30 +02:00
Quentin Gliech
e0c4b39482 Add an email field in the registration form 2022-06-02 16:18:55 +02:00
Quentin Gliech
125afd61c0 Make email verification mandatory 2022-06-02 16:18:55 +02:00
Quentin Gliech
89597dbf81 Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Hugh Nimmo-Smith
35fa7c732a Implementation of MSC3824 actions for compat (#221) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-05-31 09:49:52 +00:00
Quentin Gliech
bfc20b6faa Have a better error on registration if the username is already taken 2022-05-23 14:36:38 +02:00
Quentin Gliech
f05bd80e14 Advertise m.login.token as compat login method 2022-05-23 10:42:25 +02:00
Quentin Gliech
99ac59bc5d Make the sign out buttons keep the current action context 2022-05-23 10:42:25 +02:00