authentication-service

mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-06 05:42:30 +03:00

Author	SHA1	Message	Date
dependabot[bot]	25a7d6cba5	Bump serde_json from 1.0.82 to 1.0.83 Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.82 to 1.0.83. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.82...v1.0.83) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-04 10:43:50 +02:00
dependabot[bot]	2e8f180675	Bump sqlx from 0.6.0 to 0.6.1 Bumps [sqlx](https://github.com/launchbadge/sqlx) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/launchbadge/sqlx/releases) - [Changelog](https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md) - [Commits](https://github.com/launchbadge/sqlx/commits) --- updated-dependencies: - dependency-name: sqlx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-04 10:03:39 +02:00
dependabot[bot]	3b56287c99	Bump thiserror from 1.0.31 to 1.0.32 Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.31 to 1.0.32. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.31...1.0.32) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-04 09:21:37 +02:00
dependabot[bot]	b3486cc373	Bump elliptic-curve from 0.12.2 to 0.12.3 Bumps [elliptic-curve](https://github.com/RustCrypto/traits) from 0.12.2 to 0.12.3. - [Release notes](https://github.com/RustCrypto/traits/releases) - [Commits](https://github.com/RustCrypto/traits/compare/elliptic-curve-v0.12.2...elliptic-curve-v0.12.3) --- updated-dependencies: - dependency-name: elliptic-curve dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-03 19:08:56 +02:00
dependabot[bot]	20f2b5db74	Bump indoc from 1.0.6 to 1.0.7 Bumps [indoc](https://github.com/dtolnay/indoc) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/dtolnay/indoc/releases) - [Commits](https://github.com/dtolnay/indoc/compare/1.0.6...1.0.7) --- updated-dependencies: - dependency-name: indoc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-03 16:29:39 +02:00
Quentin Gliech	649e5cd645	Move the PKCE validation logic to oauth2-types	2022-08-03 13:57:31 +02:00
Quentin Gliech	372b32a780	Make PKCE implementation compliant with RFC7636 This checks for the PKCE code_verifier length as well as the characters used. It also give better errors when the PKCE verifier is invalid. Fixes #316	2022-08-03 13:57:31 +02:00
Quentin Gliech	e3e659b701	Switch back rsa crate to a published pre-version	2022-08-01 19:41:38 +02:00
Quentin Gliech	44b2708f7a	Bump serde_with	2022-08-01 19:38:22 +02:00
Quentin Gliech	d4c718ef4b	Bump Rust dependencies	2022-08-01 17:50:33 +02:00
Quentin Gliech	ba6a382f2c	Authorization grant policy (#288 ) Co-authored-by: Hugh Nimmo-Smith <hughns@matrix.org>	2022-07-21 16:18:59 +00:00
Quentin Gliech	a263330ea5	Stop generating the device ID automatically (#285 )	2022-07-21 16:34:55 +01:00
Hugh Nimmo-Smith	0e21f00d17	Return reason for invalid_client_metadata in HTTP response (#298 )	2022-07-08 21:11:54 +00:00
Quentin Gliech	ba90ee2614	Bump dependencies	2022-07-04 18:27:18 +02:00
dependabot[bot]	be3662d7dc	Bump lettre from 0.10.0-rc.7 to 0.10.0 Bumps [lettre](https://github.com/lettre/lettre) from 0.10.0-rc.7 to 0.10.0. - [Release notes](https://github.com/lettre/lettre/releases) - [Changelog](https://github.com/lettre/lettre/blob/master/CHANGELOG.md) - [Commits](https://github.com/lettre/lettre/compare/v0.10.0-rc.7...v0.10.0) --- updated-dependencies: - dependency-name: lettre dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-07-04 18:17:07 +02:00
Quentin Gliech	4870d1e899	Fix some false-positive clippy lints Those were introduced in clippy 1.62 (under clippy::pedantic) and are in proc-macro generated code	2022-07-01 16:36:35 +02:00
dependabot[bot]	52a400eb9e	Bump serde_json from 1.0.81 to 1.0.82 Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.81 to 1.0.82. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](https://github.com/serde-rs/json/compare/v1.0.81...v1.0.82) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-30 19:12:20 +02:00
dependabot[bot]	43f0336b92	Bump axum from 0.5.9 to 0.5.10 Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.9 to 0.5.10. - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.9...axum-v0.5.10) --- updated-dependencies: - dependency-name: axum dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-29 09:35:58 +02:00
Quentin Gliech	821182acd1	Bump dependencies and bumps MSRV to 1.60	2022-06-27 23:37:21 +02:00
Quentin Gliech	27fa4fef4f	Bump dependencies	2022-06-27 11:33:21 +02:00
Quentin Gliech	fee9d46dfc	Bump sqlx from 0.5.13 to 0.6.0	2022-06-27 11:11:29 +02:00
dependabot[bot]	2ed22a618a	Bump anyhow from 1.0.57 to 1.0.58 Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.57 to 1.0.58. - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.57...1.0.58) --- updated-dependencies: - dependency-name: anyhow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-23 18:33:39 +02:00
Hugh Nimmo-Smith	50af460e22	Use unstable prefix for MSC3824 (#251 )	2022-06-19 18:37:50 +00:00
Hugh Nimmo-Smith	9e3f43f1f0	Move from MSC3824 actions to org.matrix.msc3824.delegated_oidc_compatibility flag (#250 ) Co-authored-by: Quentin Gliech <quenting@element.io>	2022-06-15 15:49:03 +00:00
Hugh Nimmo-Smith	5632f6ba99	feat: support for MSC3824 action param on SSO redirect (#248 ) Co-authored-by: Quentin Gliech <quenting@element.io>	2022-06-14 11:34:56 +00:00
dependabot[bot]	482bfeecc2	Bump axum-extra from 0.3.3 to 0.3.4 Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.3.3 to 0.3.4. - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.3.3...axum-extra-v0.3.4) --- updated-dependencies: - dependency-name: axum-extra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-09 12:39:21 +02:00
dependabot[bot]	3f9863e7d3	Bump tracing from 0.1.34 to 0.1.35 Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.34 to 0.1.35. - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.34...tracing-0.1.35) --- updated-dependencies: - dependency-name: tracing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-09 11:40:21 +02:00
dependabot[bot]	b1a17194b7	Bump axum from 0.5.6 to 0.5.7 Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.6 to 0.5.7. - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.6...axum-v0.5.7) --- updated-dependencies: - dependency-name: axum dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-09 11:40:05 +02:00
dependabot[bot]	a0573feedb	Bump tower-http from 0.3.3 to 0.3.4 Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.3.3 to 0.3.4. - [Release notes](https://github.com/tower-rs/tower-http/releases) - [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.3.3...tower-http-0.3.4) --- updated-dependencies: - dependency-name: tower-http dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-07 14:05:50 +02:00
dependabot[bot]	274739b537	Bump tokio from 1.19.0 to 1.19.2 Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.19.0 to 1.19.2. - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/commits) --- updated-dependencies: - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-07 14:05:45 +02:00
dependabot[bot]	13e78e3caf	Bump lettre from 0.10.0-rc.6 to 0.10.0-rc.7 Bumps [lettre](https://github.com/lettre/lettre) from 0.10.0-rc.6 to 0.10.0-rc.7. - [Release notes](https://github.com/lettre/lettre/releases) - [Changelog](https://github.com/lettre/lettre/blob/master/CHANGELOG.md) - [Commits](https://github.com/lettre/lettre/compare/v0.10.0-rc.6...v0.10.0-rc.7) --- updated-dependencies: - dependency-name: lettre dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-07 14:05:39 +02:00
dependabot[bot]	b94983ca41	Bump tokio from 1.18.2 to 1.19.0 Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.18.2 to 1.19.0. - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.18.2...tokio-1.19.0) --- updated-dependencies: - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-04 15:52:31 +02:00
Quentin Gliech	e694932daf	Handle password strength verification through OPA	2022-06-03 16:14:26 +02:00
Quentin Gliech	7c8893e596	Switch the policies to a violation list based approach This allows policies to give proper feedback on form fields	2022-06-03 13:37:20 +02:00
Quentin Gliech	071055ad18	Embed the default policy in the binary	2022-06-03 13:37:20 +02:00
Quentin Gliech	a2b53f0395	Run OPA policies during registration	2022-06-03 13:37:20 +02:00
Quentin Gliech	aab1f49374	Support for applying OPA policies during client registration	2022-06-03 13:37:20 +02:00
dependabot[bot]	959466a5ba	Bump serde_with from 1.13.0 to 1.14.0 Bumps [serde_with](https://github.com/jonasbb/serde_with) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/jonasbb/serde_with/releases) - [Commits](https://github.com/jonasbb/serde_with/compare/v1.13.0...v1.14.0) --- updated-dependencies: - dependency-name: serde_with dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-02 16:29:41 +02:00
dependabot[bot]	7cba5f7e67	Bump hyper from 0.14.18 to 0.14.19 Bumps [hyper](https://github.com/hyperium/hyper) from 0.14.18 to 0.14.19. - [Release notes](https://github.com/hyperium/hyper/releases) - [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md) - [Commits](https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19) --- updated-dependencies: - dependency-name: hyper dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-06-02 16:29:30 +02:00
Quentin Gliech	e0c4b39482	Add an email field in the registration form	2022-06-02 16:18:55 +02:00
Quentin Gliech	125afd61c0	Make email verification mandatory	2022-06-02 16:18:55 +02:00
Quentin Gliech	89597dbf81	Switch email verification to a code-based flow	2022-06-02 16:18:55 +02:00
Hugh Nimmo-Smith	35fa7c732a	Implementation of MSC3824 actions for compat (#221 ) Co-authored-by: Quentin Gliech <quenting@element.io>	2022-05-31 09:49:52 +00:00
Quentin Gliech	bfc20b6faa	Have a better error on registration if the username is already taken	2022-05-23 14:36:38 +02:00
Quentin Gliech	f05bd80e14	Advertise m.login.token as compat login method	2022-05-23 10:42:25 +02:00
Quentin Gliech	99ac59bc5d	Make the sign out buttons keep the current action context	2022-05-23 10:42:25 +02:00
Quentin Gliech	af4f01b769	Check timings when validating an SSO login - exchanging a token twice should not work - exchanging a token more than 30s after its fullfillment should not work - exchanging a pending token should not work - fullfilling a login more than 30min after its creation should not work - also have better errors in some cases	2022-05-23 10:42:25 +02:00
Quentin Gliech	7ce0d894f7	Perform some checks on the redirectUrl	2022-05-23 10:42:25 +02:00
Quentin Gliech	1d61a94da4	Have a consent screen before continuing the SSO login	2022-05-23 10:42:25 +02:00
Quentin Gliech	033d60eb73	Legacy login via m.login.sso	2022-05-23 10:42:25 +02:00

... 4 5 6 7 8 ...

416 Commits