789040d22f
graphql: Fix the createOauth2Session mutation not persisting the changes to the database
2023-09-12 11:31:19 +02:00
9c97a0c37a
storage: make the access token expiration optional
2023-09-11 12:03:42 +02:00
e6b91c1ce4
data-model: make the access token expiration optional
2023-09-11 12:03:42 +02:00
83ca90ee3d
Add a GraphQL mutation to create arbitrary OAuth2 sessions.
2023-09-11 12:03:42 +02:00
20cb5dda8c
Have more granular errors on the refresh token grant
2023-09-08 15:19:43 +02:00
0bb34ed3e0
Add the Sentry event ID in error response headers
2023-09-08 15:19:43 +02:00
7bedb75976
build(deps): bump async-graphql from 6.0.5 to 6.0.6
...
Bumps [async-graphql](https://github.com/async-graphql/async-graphql ) from 6.0.5 to 6.0.6.
- [Release notes](https://github.com/async-graphql/async-graphql/releases )
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md )
- [Commits](https://github.com/async-graphql/async-graphql/commits )
---
updated-dependencies:
- dependency-name: async-graphql
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-08 13:44:27 +02:00
5a6e630c73
Test that a client_credentials token with the admin scope can add a user
2023-09-06 09:35:34 +02:00
d16b880267
policy: only require redirect_uris for the authorization_code and implicit grants
2023-09-06 09:35:34 +02:00
c85f5f2768
Only allow using the refresh token grant if it was asked during the client registration
2023-09-06 09:35:34 +02:00
b9edbda5e1
Advertise the client_credentials grant in the discovery document
2023-09-06 09:35:34 +02:00
542d0a6073
Implement the client credentials grant
2023-09-06 09:35:34 +02:00
00fe5f902b
storage: add a method to create an OAuth 2.0 session for a client credentials grant
2023-09-06 09:35:34 +02:00
7e247830c9
data-model: Make the user_id optional in the OAuth 2.0 sessions
2023-09-06 09:35:34 +02:00
d256bee1fd
build(deps): bump argon2 from 0.5.1 to 0.5.2
...
Bumps [argon2](https://github.com/RustCrypto/password-hashes ) from 0.5.1 to 0.5.2.
- [Commits](https://github.com/RustCrypto/password-hashes/compare/argon2-v0.5.1...argon2-v0.5.2 )
---
updated-dependencies:
- dependency-name: argon2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-06 09:34:17 +02:00
455f2a7725
build(deps): bump async-graphql from 6.0.4 to 6.0.5
...
Bumps [async-graphql](https://github.com/async-graphql/async-graphql ) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/async-graphql/async-graphql/releases )
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md )
- [Commits](https://github.com/async-graphql/async-graphql/commits )
---
updated-dependencies:
- dependency-name: async-graphql
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-04 09:37:26 +02:00
a46bd43dd2
build(deps): bump tower-http from 0.4.3 to 0.4.4
...
Bumps [tower-http](https://github.com/tower-rs/tower-http ) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases )
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4 )
---
updated-dependencies:
- dependency-name: tower-http
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-09-04 09:17:59 +02:00
bca3ab5eb6
Add CORS headers for /graphql
2023-09-01 17:30:33 +02:00
a01c53019f
Define common crates metadata on the workspace level
2023-09-01 16:27:22 +02:00
17f8dc4e00
Implement MSC2965 action parameter ( #1673 )
...
* redirect session_end action to session detail
* fix react key warning in oauth session detail
* move Route type to /routing
* test getRouteActionRedirection
* comment
* frontend: Split the routing-related stuff in multiple files under routing/
* frontend: Cover all the redirections defined by MSC2965
* frontend: fix test
* Make the backend keep query parameters through login to the /account/ interface
* Fix frontend tests & clippy lints
---------
Co-authored-by: Quentin Gliech <quenting@element.io >
2023-09-01 09:42:50 +00:00
bc04860afb
Make the access tokens TTL configurable
2023-08-31 18:05:00 +02:00
ae3213fe87
Make the email verification state more configurable on upstream OAuth 2.0 registration
...
This also marks the email as primary
2023-08-31 14:20:06 +02:00
23571e87ea
Run the registration policy on upstream OAuth registration
2023-08-30 19:39:39 +02:00
7fcd022eea
Make sure we validate passwords & emails by the policy at all stages
...
Also refactors the way we get the policy engines in requests
2023-08-30 19:39:39 +02:00
23151ef092
policies: split the email & password policies and add jsonschema validation of the input
2023-08-30 19:39:39 +02:00
5d3b8cd92f
Store the browser user-agent when starting a browser session
2023-08-29 17:38:01 +02:00
438a10332a
Add the user_id directly on oauth2_sessions and make the scope a text list
2023-08-29 12:52:24 +02:00
111c119732
build(deps): bump the sentry group with 1 update
...
Bumps the sentry group with 1 update: [sentry](https://github.com/getsentry/sentry-rust ).
- [Release notes](https://github.com/getsentry/sentry-rust/releases )
- [Changelog](https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-rust/compare/0.31.5...0.31.6 )
---
updated-dependencies:
- dependency-name: sentry
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: sentry
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-29 08:23:26 +02:00
07ca145174
Cache the upstream OAuth 2.0 provider metadata
2023-08-28 18:30:40 +02:00
17e28f56c1
Upgrade Rust to 1.72.0
...
Fixes new clippy errors and upgrade other tools
2023-08-28 18:05:56 +02:00
d9a12de8a3
Save the authentication method on each authorization
...
This will help us logging out of the upstream.
2023-08-28 17:14:59 +02:00
096386e9b9
Save the application_type and the contacts in the OAuth 2.0 clients
...
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
2023-08-28 14:41:49 +02:00
329bd401b3
build(deps): bump time from 0.3.27 to 0.3.28
...
Bumps [time](https://github.com/time-rs/time ) from 0.3.27 to 0.3.28.
- [Release notes](https://github.com/time-rs/time/releases )
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md )
- [Commits](https://github.com/time-rs/time/compare/v0.3.27...v0.3.28 )
---
updated-dependencies:
- dependency-name: time
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-27 19:11:35 +02:00
7ff9be99db
Add a basic login test to check session & CSRF cookies are correctly handled
2023-08-25 14:35:46 +02:00
a39f71c181
Handle cookies better by setting the right flags & expiration
2023-08-25 14:35:46 +02:00
ca3460b49e
Skip the "continue" screens on upstream IDP logins for new accounts
2023-08-25 10:56:10 +02:00
88b52a41ba
build(deps): bump time from 0.3.25 to 0.3.27
...
Bumps [time](https://github.com/time-rs/time ) from 0.3.25 to 0.3.27.
- [Release notes](https://github.com/time-rs/time/releases )
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md )
- [Commits](https://github.com/time-rs/time/compare/v0.3.25...v0.3.27 )
---
updated-dependencies:
- dependency-name: time
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-23 19:39:47 +02:00
6a2f1367d1
build(deps): bump serde_with from 3.2.0 to 3.3.0
...
Bumps [serde_with](https://github.com/jonasbb/serde_with ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases )
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.2.0...v3.3.0 )
---
updated-dependencies:
- dependency-name: serde_with
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-23 16:05:37 +02:00
34ed7e505d
build(deps): bump async-graphql from 6.0.1 to 6.0.4
...
Bumps [async-graphql](https://github.com/async-graphql/async-graphql ) from 6.0.1 to 6.0.4.
- [Release notes](https://github.com/async-graphql/async-graphql/releases )
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md )
- [Commits](https://github.com/async-graphql/async-graphql/commits )
---
updated-dependencies:
- dependency-name: async-graphql
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-23 12:04:08 +02:00
1ef1db2ae1
build(deps): bump tokio from 1.30.0 to 1.32.0
...
Bumps [tokio](https://github.com/tokio-rs/tokio ) from 1.30.0 to 1.32.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases )
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.30.0...tokio-1.32.0 )
---
updated-dependencies:
- dependency-name: tokio
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-23 12:02:56 +02:00
7c83dce66e
Move some common dependencies on the workspace level
...
Also deprecates the AWS SESv2 transport for emails
2023-08-14 13:00:01 +02:00
21964cbeab
Setup cargo-deny
...
Also try to remove a bunch of duplicate crates
2023-08-14 11:22:52 +02:00
699dfba55f
OpenTelemetry upgrade
2023-08-11 16:12:58 +02:00
6e8222c765
build(deps): bump the opentelemetry group with 7 updates
...
Bumps the opentelemetry group with 7 updates:
| Package | Update |
| --- | --- |
| [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry ) | 0.19.0 to 0.20.0 |
| [opentelemetry](https://github.com/open-telemetry/opentelemetry-rust ) | 0.19.0 to 0.20.0 |
| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-rust ) | 0.11.0 to 0.12.0 |
| [opentelemetry-jaeger](https://github.com/open-telemetry/opentelemetry-rust ) | 0.18.0 to 0.19.0 |
| [opentelemetry-otlp](https://github.com/open-telemetry/opentelemetry-rust ) | 0.12.0 to 0.13.0 |
| [opentelemetry-http](https://github.com/open-telemetry/opentelemetry-rust ) | 0.8.0 to 0.9.0 |
| [opentelemetry-prometheus](https://github.com/open-telemetry/opentelemetry-rust ) | 0.12.0 to 0.13.0 |
Updates `tracing-opentelemetry` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases )
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md )
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.19.0...v0.20.0 )
Updates `opentelemetry` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases )
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.19.0...v0.20.0 )
Updates `opentelemetry-semantic-conventions` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases )
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.11.0...v0.12.0 )
Updates `opentelemetry-jaeger` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases )
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.18.0...v0.19.0 )
Updates `opentelemetry-otlp` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases )
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.12.0...v0.13.0 )
Updates `opentelemetry-http` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-rust/blob/v0.9.0/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.8.0...v0.9.0 )
Updates `opentelemetry-prometheus` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases )
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.12.0...v0.13.0 )
---
updated-dependencies:
- dependency-name: tracing-opentelemetry
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: opentelemetry
- dependency-name: opentelemetry
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: opentelemetry
- dependency-name: opentelemetry-semantic-conventions
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: opentelemetry
- dependency-name: opentelemetry-jaeger
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: opentelemetry
- dependency-name: opentelemetry-otlp
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: opentelemetry
- dependency-name: opentelemetry-http
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: opentelemetry
- dependency-name: opentelemetry-prometheus
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: opentelemetry
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-11 16:12:58 +02:00
904722643f
Test the admin scope on the GraphQL API
2023-08-11 14:56:21 +02:00
1fcab9709f
Basic tests of the GraphQL API
2023-08-11 14:56:21 +02:00
4ef3bcf336
Make the GraphQL interface accessible for OAuth clients
2023-08-11 14:56:21 +02:00
f09f6b7c2f
build(deps): bump tokio from 1.29.1 to 1.30.0
...
Bumps [tokio](https://github.com/tokio-rs/tokio ) from 1.29.1 to 1.30.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases )
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.29.1...tokio-1.30.0 )
---
updated-dependencies:
- dependency-name: tokio
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-10 07:59:09 +02:00
3e6ea9a158
Add a 404 HTMl fallback
2023-08-09 16:56:11 +02:00
bbd0956f2d
Put code challenge methods in AuthorizationRequestData
...
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr >
2023-08-09 12:10:45 +02:00
