matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,760 Commits 59 Branches 22 Tags
ee9a01ef4037e8170a19fd149b453ae9bbfb8e91
Commit Graph

395 Commits

Author SHA1 Message Date
Quentin Gliech
21406218aa fixup! Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
7887387568 Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
54071c4969 Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00
Quentin Gliech
9fcdad3142 Stop using deprecated chrono::DateTime::from_utc method 2023-09-13 18:28:41 +02:00
Quentin Gliech
9a77f67fbe Make the error on introspection failure more explicit in the logs 2023-09-13 18:24:52 +02:00
Quentin Gliech
789040d22f graphql: Fix the createOauth2Session mutation not persisting the changes to the database 2023-09-12 11:31:19 +02:00
Quentin Gliech
9c97a0c37a storage: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
e6b91c1ce4 data-model: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
83ca90ee3d Add a GraphQL mutation to create arbitrary OAuth2 sessions. 2023-09-11 12:03:42 +02:00
Quentin Gliech
20cb5dda8c Have more granular errors on the refresh token grant 2023-09-08 15:19:43 +02:00
Quentin Gliech
0bb34ed3e0 Add the Sentry event ID in error response headers 2023-09-08 15:19:43 +02:00
Quentin Gliech
5a6e630c73 Test that a client_credentials token with the admin scope can add a user 2023-09-06 09:35:34 +02:00
Quentin Gliech
d16b880267 policy: only require redirect_uris for the authorization_code and implicit grants 2023-09-06 09:35:34 +02:00
Quentin Gliech
c85f5f2768 Only allow using the refresh token grant if it was asked during the client registration 2023-09-06 09:35:34 +02:00
Quentin Gliech
b9edbda5e1 Advertise the client_credentials grant in the discovery document 2023-09-06 09:35:34 +02:00
Quentin Gliech
542d0a6073 Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
00fe5f902b storage: add a method to create an OAuth 2.0 session for a client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
7e247830c9 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
Hugh Nimmo-Smith
bca3ab5eb6 Add CORS headers for /graphql 2023-09-01 17:30:33 +02:00
Kerry
17f8dc4e00 Implement MSC2965 action parameter (#1673) 
* redirect session_end action to session detail

* fix react key warning in oauth session detail

* move Route type to /routing

* test getRouteActionRedirection

* comment

* frontend: Split the routing-related stuff in multiple files under routing/

* frontend: Cover all the redirections defined by MSC2965

* frontend: fix test

* Make the backend keep query parameters through login to the /account/ interface

* Fix frontend tests & clippy lints

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
 2023-09-01 09:42:50 +00:00
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
23571e87ea Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
5d3b8cd92f Store the browser user-agent when starting a browser session 2023-08-29 17:38:01 +02:00
Quentin Gliech
438a10332a Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
Quentin Gliech
07ca145174 Cache the upstream OAuth 2.0 provider metadata 2023-08-28 18:30:40 +02:00
Quentin Gliech
17e28f56c1 Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
d9a12de8a3 Save the authentication method on each authorization 
This will help us logging out of the upstream.
 2023-08-28 17:14:59 +02:00
Quentin Gliech
096386e9b9 Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
7ff9be99db Add a basic login test to check session & CSRF cookies are correctly handled 2023-08-25 14:35:46 +02:00
Quentin Gliech
a39f71c181 Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
Quentin Gliech
ca3460b49e Skip the "continue" screens on upstream IDP logins for new accounts 2023-08-25 10:56:10 +02:00
Quentin Gliech
699dfba55f OpenTelemetry upgrade 2023-08-11 16:12:58 +02:00
Quentin Gliech
904722643f Test the admin scope on the GraphQL API 2023-08-11 14:56:21 +02:00
Quentin Gliech
1fcab9709f Basic tests of the GraphQL API 2023-08-11 14:56:21 +02:00
Quentin Gliech
4ef3bcf336 Make the GraphQL interface accessible for OAuth clients 2023-08-11 14:56:21 +02:00
Quentin Gliech
3e6ea9a158 Add a 404 HTMl fallback 2023-08-09 16:56:11 +02:00
Kévin Commaille
bbd0956f2d Put code challenge methods in AuthorizationRequestData 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille
ba4ba75f73 Merge data structs and use builder pattern 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Kévin Commaille
c67a00ddd6 Add support for all authorization request parameters 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
 2023-08-09 12:10:45 +02:00
Quentin Gliech
dc711f8ecb Allow a trailing slash on the compat SSO route 2023-08-08 19:23:07 +02:00
Quentin Gliech
8456640b0d mas-matrix: fix clippy warnings 2023-08-03 15:06:45 +02:00
Quentin Gliech
cc2bce7b03 Show and log the policy violations better 2023-08-03 14:06:34 +02:00
Quentin Gliech
fcf6885916 Implement a mocked HomeserverConnection which keeps state around 2023-08-03 14:06:34 +02:00
Quentin Gliech
40b49cdd10 Add a way to lock users 2023-08-03 14:06:34 +02:00
Quentin Gliech
802cf142fd Remove the last authentication from the browser session model 2023-07-21 19:50:30 +02:00
Quentin Gliech
016c65c9f8 Add metric which tracks the maximum number of connections to the database. 2023-07-18 19:10:57 +02:00
Quentin Gliech
ba0f7ea62c Upgrade all Rust dependencies 
This includes breaking changes of sqlx 0.7.0
 2023-07-17 19:04:06 +02:00