matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-10 15:23:07 +03:00
Code Activity
2,694 Commits 59 Branches 22 Tags
fbc360d1a94ef2ebf63d979bb403228a700f43c8
Commit Graph

44 Commits

Author SHA1 Message Date
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
07c9989e63 Upgrade async-graphql, fix mas-handlers & mas-axum-utils tests 
This also replaces the init_tracing test helper with a general setup
test helper, so that it also initializes the rustls crypto backend.
 2024-07-05 10:07:40 +02:00
Quentin Gliech
f9f2f4a3be Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
reivilibre
d76b54b13f Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
reivilibre
206d45bb31 Merge the mas_graphql crate into the mas_handlers crate (#2783) 2024-05-17 17:22:34 +01:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
10d7ca95ae Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
e080932906 Make the SiteConfig available in the GraphQL context 2024-04-30 13:33:47 +02:00
Quentin Gliech
aa2e2229bc Finish moving the site config 2024-04-30 13:33:47 +02:00
Quentin Gliech
f0899f17bd Move the SiteConfig to the data-model crate 2024-04-30 13:33:47 +02:00
Quentin Gliech
90080235da Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
Quentin Gliech
58fd6ab4c1 Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
6eb6209bd8 Use rustls-platform-verifier for cert validation 
This simplifies by removing the mutually exclusive `native-roots` and
`webpki-roots` features with something that is suitable for all
platforms.
 2024-03-06 14:03:59 +01:00
Quentin Gliech
4aeb446061 Make the HomeserverConnection available in handlers 2024-02-29 11:21:24 +01:00
Quentin Gliech
0beb842195 Make the user agree to T&C during registration 2024-02-07 17:21:22 +01:00
Quentin Gliech
89420a2cfc Refactor the upstream link provider template logic 
Also adds tests for new account registration through an upstream oauth2
provider
 2023-11-13 14:11:30 +01:00
Quentin Gliech
8984cc703b Add instance privacy policy, TOS and imprint, and loads of design cleanups 2023-10-30 15:55:15 +01:00
Quentin Gliech
1feafc1d13 handlers/templates: infer the language from the Accept-Language browser header 2023-10-05 19:29:23 +02:00
Quentin Gliech
15ad89aa82 templates: add translations function 2023-10-05 19:29:23 +02:00
Quentin Gliech
f20c8d8ef3 Infer client IP address from the peer address and the X-Forwarded-Proxy header 2023-09-20 20:24:30 +02:00
Quentin Gliech
cf5510a1a2 Add an ActivityTracker which tracks session activity and regularly flush them to the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
54071c4969 Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00
Quentin Gliech
542d0a6073 Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
bc04860afb Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
07ca145174 Cache the upstream OAuth 2.0 provider metadata 2023-08-28 18:30:40 +02:00
Quentin Gliech
7ff9be99db Add a basic login test to check session & CSRF cookies are correctly handled 2023-08-25 14:35:46 +02:00
Quentin Gliech
a39f71c181 Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
Quentin Gliech
1fcab9709f Basic tests of the GraphQL API 2023-08-11 14:56:21 +02:00
Quentin Gliech
8456640b0d mas-matrix: fix clippy warnings 2023-08-03 15:06:45 +02:00
Quentin Gliech
fcf6885916 Implement a mocked HomeserverConnection which keeps state around 2023-08-03 14:06:34 +02:00
Quentin Gliech
76653f9638 Better frontend assets handling and move the react app to /account/ (#1324) 
This makes the Vite assets handling better, namely:

 - make it possible to include any vite assets in the templates
 - include the right `<link rel="preload">` tags for assets
 - include Subresource Integrity hashes
 - pre-compress assets and remove on-the-fly compression by the Rust server
 - build the CSS used by templates through Vite

It also moves the React app from /app/ to /account/, and remove some of the old SSR account screens.
 2023-07-06 15:30:26 +02:00
Quentin Gliech
125a6bdf11 Allow setting a different issuer from the public base URL 2023-06-27 12:53:15 +02:00
Quentin Gliech
4181cbc9d5 Refactor the matrix connection logic 
Also make the display name available through the graphql api
 2023-06-16 19:52:39 +02:00
Quentin Gliech
c2d8243586 Have a Requester in the GraphQL API, in preparation for accessing it with OAuth credentials 2023-04-25 16:39:15 +02:00
Quentin Gliech
3979e9f46a Update Rust to 1.69.0 2023-04-24 11:42:01 +02:00
Quentin Gliech
1f748f7d1e Schedule jobs through the repository 2023-04-14 10:22:22 +02:00
Quentin Gliech
cdd535ddc4 WIP: use apalis to schedule jobs 2023-04-14 10:22:22 +02:00
Quentin Gliech
67753c0e26 handlers: add tests for introspection endpoint 2023-02-24 17:45:50 +01:00
Quentin Gliech
17471c651e handlers: add tests for the token endpoint 
This also simplifies the way we issue tokens in tests
 2023-02-22 19:38:01 +01:00
Quentin Gliech
03583d2936 handlers: add a test for OIDC discovery 2023-02-22 16:38:48 +01:00
Quentin Gliech
1e9ce8d6d6 handlers: add tests for client registration 2023-02-22 14:29:53 +01:00
Quentin Gliech
64ce271d08 Add test helpers for handlers and use them 
Also expands the test coverage of the revoke handler.
 2023-02-21 12:06:30 +01:00