matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity
2,125 Commits 59 Branches 22 Tags
ef23b062619701ee1fe9a901b35031448ee3d33b
Commit Graph

95 Commits

Author SHA1 Message Date
Quentin Gliech
20fa1d516e Make the claims_imports optional in the config 2023-11-22 15:13:28 +01:00
Quentin Gliech
5126d36b2e Add upstream OAuth 2.0 providers name and branding 2023-11-20 17:23:02 +01:00
Quentin Gliech
7315dd9a7a Allow endpoints and discovery mode override for upstream oauth2 providers 
This time, at the configuration and database level
 2023-11-17 16:18:39 +01:00
Quentin Gliech
6ded397977 Use minijinja templates to map OIDC claims to user attributes 2023-11-08 12:05:58 +01:00
Quentin Gliech
8984cc703b Add instance privacy policy, TOS and imprint, and loads of design cleanups 2023-10-30 15:55:15 +01:00
Quentin Gliech
9b5c8fb44b Allow running the authentication service on a different base path 2023-10-06 14:07:55 +02:00
Quentin Gliech
15ad89aa82 templates: add translations function 2023-10-05 19:29:23 +02:00
Quentin Gliech
f20c8d8ef3 Infer client IP address from the peer address and the X-Forwarded-Proxy header 2023-09-20 20:24:30 +02:00
Quentin Gliech
21d3d3a5d4 Rename the 'hack' configuration section to 'experimental' 2023-08-31 18:05:00 +02:00
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
ae3213fe87 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
a39f71c181 Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
Quentin Gliech
7c83dce66e Move some common dependencies on the workspace level 
Also deprecates the AWS SESv2 transport for emails
 2023-08-14 13:00:01 +02:00
Quentin Gliech
033479bc57 cli: always include all OTEL exporters 2023-08-03 17:13:37 +02:00
Quentin Gliech
7bf6777a90 ci: fix the dist build assets path 2023-07-28 17:13:07 +02:00
Quentin Gliech
76653f9638 Better frontend assets handling and move the react app to /account/ (#1324) 
This makes the Vite assets handling better, namely:

 - make it possible to include any vite assets in the templates
 - include the right `<link rel="preload">` tags for assets
 - include Subresource Integrity hashes
 - pre-compress assets and remove on-the-fly compression by the Rust server
 - build the CSS used by templates through Vite

It also moves the React app from /app/ to /account/, and remove some of the old SSR account screens.
 2023-07-06 15:30:26 +02:00
Quentin Gliech
125a6bdf11 Allow setting a different issuer from the public base URL 2023-06-27 12:53:15 +02:00
Quentin Gliech
8c42563e61 Split the full config with partial configs used by some sub-commands 2023-06-26 17:24:56 +02:00
Quentin Gliech
de13d3ef19 CLI tool to sync the upstream IDPs with the config 2023-06-26 17:24:56 +02:00
Quentin Gliech
4f1b201c74 Define upstream OAuth providers in the config 
And adds CLI tool to sync them with the database (WIP)
 2023-06-26 17:24:56 +02:00
Will Hunt
d285e5ac97 Fix homeserver config docs 2023-06-14 12:53:48 +02:00
Quentin Gliech
d2d68e9a27 Make password-based login optional 2023-05-23 17:02:02 +02:00
Quentin Gliech
8a2be43fe7 Proactively provision users on registration & sync threepids 2023-04-14 10:22:22 +02:00
Quentin Gliech
c602b29ffd Fix the default listener configuration 2023-03-14 12:14:06 +01:00
Quentin Gliech
875025467e Log more errors and setup Sentry integration 2023-01-30 18:04:44 +01:00
Quentin Gliech
a7883618be Better tracing spans 2023-01-04 16:30:38 +01:00
Quentin Gliech
ee42250660 Remove the dependency on sqlx in the config crate 2022-12-15 16:51:43 +01:00
Quentin Gliech
fbbb842255 Remove dependency on mas-email and lettre in mas-config 2022-12-15 16:51:43 +01:00
Quentin Gliech
533cabe005 Use the new password manager 2022-12-14 16:04:36 +01:00
Quentin Gliech
ff2f009b0e Password schemes configuration 2022-12-14 16:04:36 +01:00
Hugh Nimmo-Smith
1c735664aa Config schema is auto-generated 2022-12-09 23:27:13 +01:00
Quentin Gliech
bedcf44741 WIP: upstream OIDC provider support 2022-12-05 19:39:51 +01:00
Quentin Gliech
9c0ece7512 Do not embed the templates and static files in the binary 2022-11-18 22:37:55 +01:00
Quentin Gliech
834214bcac Do not embed the WASM-compiled policies in the binary 2022-11-18 22:37:55 +01:00
Quentin Gliech
a86798d2b3 Switch to camino's Utf8Path* instead of std::path::Path* 2022-11-18 19:02:26 +01:00
Quentin Gliech
933022850b Serve the SPA by the server 2022-11-18 13:43:01 +01:00
Quentin Gliech
c13b0478e6 Initial GraphQL API 2022-11-09 19:17:12 +01:00
Quentin Gliech
a414936484 Trace AWS operations & share TLS connector with mas-http 2022-11-03 18:08:20 +01:00
Quentin Gliech
b7c50b5403 Pass time and RNG in CSRF verification methods 2022-11-02 18:59:00 +01:00
Quentin Gliech
559181c2c3 Pass the rng and clock around 2022-11-02 18:59:00 +01:00
Quentin Gliech
e2142f9cd4 Database refactoring 2022-11-02 18:59:00 +01:00
Quentin Gliech
ee43f08cf7 Rewrite the listeners crate 
Now with a way better graceful shutdown! With proper handshakes!
 2022-10-17 11:39:45 +02:00
Quentin Gliech
485778beb3 Inject connection informations in the request extension 2022-10-17 11:39:45 +02:00
Quentin Gliech
f687ae4ac4 HAProxy's Proxy Protocol acceptor 2022-10-17 11:39:45 +02:00
Quentin Gliech
c548417752 Refactor listeners building 2022-10-17 11:39:45 +02:00
Quentin Gliech
014a8366ed Export Prometheus metrics on regular listeners 2022-10-17 11:39:45 +02:00
Quentin Gliech
84ac87f551 WIP: better listeners 
- listen on UNIX domain sockets
- handle TLS stuff
- allow mounting only some resources
 2022-10-17 11:39:45 +02:00
Quentin Gliech
7fbfb74a5e WIP: better HTTP listeners 2022-10-17 11:39:45 +02:00
Quentin Gliech
eeae943208 Drop the config schema generation subcommand & include it in the docs 2022-10-17 10:43:07 +02:00