matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-06 05:42:30 +03:00
Code Activity
1,305 Commits 59 Branches 22 Tags
e3b51c09faac79d6c900b947029c68defb53056c
Commit Graph

220 Commits

Author SHA1 Message Date
Quentin Gliech
ba90ee2614 Bump dependencies 2022-07-04 18:27:18 +02:00
dependabot[bot]
52a400eb9e Bump serde_json from 1.0.81 to 1.0.82 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.81 to 1.0.82.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.81...v1.0.82)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 19:12:20 +02:00
dependabot[bot]
2b0d021590 Bump password-hash from 0.4.1 to 0.4.2 
Bumps [password-hash](https://github.com/RustCrypto/traits) from 0.4.1 to 0.4.2.
- [Release notes](https://github.com/RustCrypto/traits/releases)
- [Commits](https://github.com/RustCrypto/traits/compare/password-hash-v0.4.1...password-hash-v0.4.2)

---
updated-dependencies:
- dependency-name: password-hash
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-29 09:36:29 +02:00
Quentin Gliech
821182acd1 Bump dependencies and bumps MSRV to 1.60 2022-06-27 23:37:21 +02:00
Quentin Gliech
fee9d46dfc Bump sqlx from 0.5.13 to 0.6.0 2022-06-27 11:11:29 +02:00
dependabot[bot]
2ed22a618a Bump anyhow from 1.0.57 to 1.0.58 
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.57 to 1.0.58.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.57...1.0.58)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-23 18:33:39 +02:00
dependabot[bot]
3f9863e7d3 Bump tracing from 0.1.34 to 0.1.35 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.34 to 0.1.35.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.34...tracing-0.1.35)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-09 11:40:21 +02:00
dependabot[bot]
274739b537 Bump tokio from 1.19.0 to 1.19.2 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.19.0 to 1.19.2.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/commits)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 14:05:45 +02:00
dependabot[bot]
b94983ca41 Bump tokio from 1.18.2 to 1.19.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.18.2...tokio-1.19.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-04 15:52:31 +02:00
Quentin Gliech
e0c4b39482 Add an email field in the registration form 2022-06-02 16:18:55 +02:00
Quentin Gliech
f88ff5517d Update sqlx-data.json 2022-06-02 16:18:55 +02:00
Quentin Gliech
89597dbf81 Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Quentin Gliech
bfc20b6faa Have a better error on registration if the username is already taken 2022-05-23 14:36:38 +02:00
Quentin Gliech
af4f01b769 Check timings when validating an SSO login 
- exchanging a token twice should not work
 - exchanging a token more than 30s after its fullfillment should not
   work
 - exchanging a pending token should not work
 - fullfilling a login more than 30min after its creation should not
   work
 - also have better errors in some cases
 2022-05-23 10:42:25 +02:00
Quentin Gliech
033d60eb73 Legacy login via m.login.sso 2022-05-23 10:42:25 +02:00
Quentin Gliech
0fcecfa7fb Handle legacy /refresh 2022-05-19 10:17:49 +02:00
Quentin Gliech
309c89fc4f Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
c4fa87e457 Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
33204b7cf8 Prepare the storage layer for legacy refresh tkoens 2022-05-19 10:17:49 +02:00
Quentin Gliech
660b2d5232 Handle legacy /logout 2022-05-19 10:17:49 +02:00
Quentin Gliech
1aff98bdb3 Working legacy login endpoint 2022-05-19 10:17:49 +02:00
Quentin Gliech
185562c866 Form error state overhaul 
This adds a new FormState structure here to hold the state of an errored
from, including retaining field value and better error codes.

It also adds error recovery for the registration form, and properly
loads the post_login_action context in case of errors.
 2022-05-12 13:35:58 +02:00
dependabot[bot]
0ac4fddee4 Bump tokio from 1.18.1 to 1.18.2 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.18.1 to 1.18.2.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.18.1...tokio-1.18.2)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-09 22:10:17 +02:00
Quentin Gliech
436c0dcb19 Rewrite the authorization grant logic 2022-05-06 17:12:39 +02:00
dependabot[bot]
a132d76ae4 Bump serde_json from 1.0.80 to 1.0.81 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.80 to 1.0.81.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.80...v1.0.81)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-05 11:06:20 +02:00
dependabot[bot]
77ea84d371 Bump tokio from 1.18.0 to 1.18.1 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.18.0...tokio-1.18.1)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-03 09:32:51 +02:00
dependabot[bot]
44d9000299 Bump serde from 1.0.136 to 1.0.137 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.136 to 1.0.137.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.136...v1.0.137)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-02 14:59:21 +02:00
dependabot[bot]
4ed0551c9b Bump serde_json from 1.0.79 to 1.0.80 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.79 to 1.0.80.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.79...v1.0.80)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-02 13:18:03 +02:00
dependabot[bot]
f0c19a17b2 Bump thiserror from 1.0.30 to 1.0.31 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.30 to 1.0.31.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.30...1.0.31)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-02 12:42:20 +02:00
Quentin Gliech
b3509cf8e2 Update sqlx-data.json 2022-04-29 12:36:25 +02:00
Quentin Gliech
28ff912029 Simple consent screen and storage 2022-04-29 12:16:39 +02:00
Quentin Gliech
bfb00e281d Fix formatting 2022-04-28 18:53:33 +02:00
Quentin Gliech
ead7e4804a Make the client_id a foreign key 2022-04-28 18:39:45 +02:00
Quentin Gliech
8a256596d7 Serve static files live from disk in dev mode 2022-04-28 16:08:50 +02:00
dependabot[bot]
2e32559878 Bump anyhow from 1.0.56 to 1.0.57 
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.56 to 1.0.57.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.56...1.0.57)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-23 16:57:50 +02:00
dependabot[bot]
3885aff6cb Bump password-hash from 0.4.0 to 0.4.1 
Bumps [password-hash](https://github.com/RustCrypto/traits) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/RustCrypto/traits/releases)
- [Commits](https://github.com/RustCrypto/traits/compare/password-hash-v0.4.0...password-hash-v0.4.1)

---
updated-dependencies:
- dependency-name: password-hash
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-23 16:22:31 +02:00
Quentin Gliech
ee05543944 Check some metadata on client registration 2022-04-21 13:34:07 +02:00
Quentin Gliech
25193ebaa5 Support signed userinfo responses 2022-04-21 11:49:49 +02:00
Quentin Gliech
0c8656f464 Update sqlx query data 2022-04-19 12:30:12 +02:00
Quentin Gliech
5c14611b96 Simple dynamic client registration 2022-04-19 12:23:19 +02:00
dependabot[bot]
433ee5a73a Bump tracing from 0.1.33 to 0.1.34 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.33 to 0.1.34.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.33...tracing-0.1.34)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-18 15:02:47 +02:00
dependabot[bot]
3756f0da4a Bump sqlx from 0.5.11 to 0.5.13 
Bumps [sqlx](https://github.com/launchbadge/sqlx) from 0.5.11 to 0.5.13.
- [Release notes](https://github.com/launchbadge/sqlx/releases)
- [Changelog](https://github.com/launchbadge/sqlx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/launchbadge/sqlx/compare/v0.5.11...v0.5.13)

---
updated-dependencies:
- dependency-name: sqlx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-17 09:23:41 +02:00
dependabot[bot]
bf4fb726bc Bump tracing from 0.1.32 to 0.1.33 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.32 to 0.1.33.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.32...tracing-0.1.33)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-11 23:12:39 +02:00
Quentin Gliech
9bbb60bcdd Bump Rust dependencies 2022-04-06 19:47:12 +02:00
Quentin Gliech
4e31fc6c84 Get rid of warp 2022-04-06 17:35:29 +02:00
Quentin Gliech
9dad21475e Axum migration: /oauth2/userinfo & UserAuthorization util 2022-04-06 17:35:29 +02:00
dependabot[bot]
c71800a8d1 Bump tracing from 0.1.31 to 0.1.32 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.31 to 0.1.32.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.31...tracing-0.1.32)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-11 11:41:04 +01:00
dependabot[bot]
d0807e9b3c Bump anyhow from 1.0.55 to 1.0.56 
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.55 to 1.0.56.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.55...1.0.56)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-11 10:34:26 +01:00
Quentin Gliech
62f633a716 Move clients to the database 2022-03-08 19:07:46 +01:00
Quentin Gliech
cad6d54ddb Reply with proper errors on the OAuth token endpoint 2022-02-25 11:28:23 +01:00