letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
main
Commit Graph

1204 Commits

Author SHA1 Message Date
Letro Bot
2ff0e890ec Validate postnumbers on the register route 2026-04-08 17:58:54 +03:30
Letro Bot
def6fa6539 Integrate postnumber resolver across MAS flows 2026-04-08 17:58:30 +03:30
Letro Bot
fee3f90124 Merge pull request #2 from p-num/fix/rebranding 
Fix/rebranding
 2026-04-06 19:14:06 +03:30
Letro Bot
2a363aefdd fixed failed tests with corrected error strings 2026-04-04 15:50:28 +03:30
Eric Eastwood
f3d04eedac Merge branch 'main' into rei/violations_are_tagged 2026-03-24 16:42:47 -05:00
Quentin Gliech
47133d8777 Do not check for the registration policy in case of an upstream OAuth 2.0 login that merges into an existing account (#5535) 2026-03-17 15:17:48 +01:00
Quentin Gliech
46afe7b230 Use recaptcha.net domain for Google reCAPTCHA (#5552) 2026-03-17 15:16:17 +01:00
Olivier 'reivilibre
fe5284a3ee Add support for locking to the mock homeserver and use in tests 2026-03-17 11:44:14 +00:00
Olivier 'reivilibre
add9650e10 Convert ViolationCode into ViolationVariant to allow adding fields on each variant 2026-03-16 17:28:24 +00:00
Olivier 'reivilibre
c33880d54f Schedule ProvisionUserJob after locking/unlocking user 2026-03-16 13:44:34 +00:00
Olivier 'reivilibre
e12eed8f33 Update ProvisionRequest with locked flag 2026-03-16 13:44:34 +00:00
shingyu
879b096164 feat(recaptcha): change recaptcha endpoint 2026-03-15 18:18:14 +08:00
Jason Robinson
69cd88e919 Move upstream OAuth2 link policy check 
This moves the username policy check lower in the flow to fix
linking of locally existing user accounts with upstream accounts,
when on_conflict allows this, even if the registration policy
would disallow the user.
 2026-03-03 21:57:08 +02:00
Tonkku
4b8c5ca156 Apply suggestion from @sandhose 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2026-03-03 17:11:22 +02:00
Tonkku
14c0c91035 Support MSC4198 login_hint in account management uri 2026-02-23 13:06:59 +02:00
Olivier 'reivilibre
9018f52d61 Fix compat token refresh giving back a consumed token 2026-02-13 15:16:43 +00:00
Olivier 'reivilibre
1341400325 Add compat token refresh regression test 2026-02-13 15:16:43 +00:00
matrixbot
35b2081f28 Automatic merge back to main (#5483) 2026-02-06 12:10:46 +01:00
Quentin Gliech
3ca4f70c2e Use #[serde(other)] for unknown values instead of serde_with::DefaultOnError 2026-02-06 11:31:39 +01:00
Quentin Gliech
c6e8580511 Make the compat login SSO redirect query parameters ignore invalid values 2026-02-06 09:42:56 +01:00
Quentin Gliech
08ea243bd4 Add a few tests for the cleanup jobs 2026-02-04 14:28:18 +01:00
Quentin Gliech
f8e87ec2c4 Use the user_session_id on upstream authorisations for filtering instead 
of authentications

This makes it one less table to read
 2026-01-21 14:49:07 +01:00
Quentin Gliech
63f02c4dea Track user session authenticated through upstream auth sessions 
This will help us avoid clearing upstream authorization sessions that
might still be useful to keep around for OIDC Backchannel Logouts
 2026-01-21 12:19:05 +01:00
Quentin Gliech
eb76e8d3ae Consume upstream authorization sessions later in the user registration 
flow

The main goal of this is to allow tracking user sessions authed by an
upstream authorization session, but this also has the nice side effect
of allowing 'going back' in browser history within the registration flow
 2026-01-21 12:15:09 +01:00
Quentin Gliech
b9441ba975 Add support for the unstable prefix of MSC3824 (#5434) 2026-01-20 16:32:43 +01:00
olivierdelcroix
244ab94e5e add unstable prefix for MSC3824 2026-01-20 15:34:47 +01:00
Quentin Gliech
be00483fb4 Handle deleted and invalid post-auth actions 2026-01-20 14:42:02 +01:00
Quentin Gliech
186a887125 Hard delete expired, revoked and consumed OAuth 2.0 tokens after some time (#5409) 2026-01-13 17:23:16 +01:00
Olivier 'reivilibre
74f4e13c61 Support for stable MSC4191 account management actions (#5312) 2026-01-12 12:14:16 +00:00
Olivier 'reivilibre
bb6b5cee93 Support for stable MSC3824 (OAuth 2.0 API aware clients) values (#5321) 2026-01-12 12:08:23 +00:00
Quentin Gliech
6915878bc6 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-12 11:57:42 +01:00
Quentin Gliech
7aad841e04 Handle garbage-collected access tokens in the refresh token logic 
We check if the access token was used when a double-refresh happened,
but can't do that reliably as we started garbage-collecting expired
access tokens
 2026-01-09 18:09:05 +01:00
Quentin Gliech
889545fed4 Simplify compat login SSO redirect URI building 2026-01-05 14:44:03 +01:00
Quentin Gliech
6ab4c189be Add more context to serialization errors 2026-01-05 13:49:11 +01:00
Quentin Gliech
f587c17bcd Fix the 'invalid type' error during compat SSO login with urlencoded parameters 
Fixes #5384
 2026-01-05 13:41:44 +01:00
Hugh Nimmo-Smith
28b0f77543 Support for stable MSC3824 names 2025-12-19 18:13:01 +00:00
Quentin Gliech
56ce9ccd1c Simplify the consent screen (#5310) 2025-12-03 14:22:14 +01:00
Quentin Gliech
c7bb887c65 Apply minor suggestions from Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-03 13:39:34 +01:00
Hugh Nimmo-Smith
0521f44756 Lint 2025-12-03 11:50:52 +00:00
Hugh Nimmo-Smith
a51ba7d07b Stabilisation of supported MSC4191 account management actions 
- Support the stable names and the unstable names
- Advertise both the stable names and the unstable names

This means that MAS supports either names. We can remove the unstable names once the is enough client adoption of the stable names.

n.b. this does not change the oauth2-types crate as not used by MAS.
 2025-12-03 10:43:39 +00:00
Quentin Gliech
7c3e6701c1 Add a test for the new skip_confirmation option 2025-12-03 11:00:32 +01:00
Quentin Gliech
5efd963707 Merge remote-tracking branch 'origin/main' into quenting/upstream-oauth/skip-interactive 2025-12-03 10:48:31 +01:00
Quentin Gliech
1b77b5ce4b Add more options to deal with localpart conflicts on upstream OAuth 2.0 logins (#5295) 2025-12-03 10:39:05 +01:00
Quentin Gliech
8a615fd8ba Merge remote-tracking branch 'origin/main' into quenting/simpler-consent-screen 2025-12-02 19:42:57 +01:00
Quentin Gliech
f9008f3184 Add the Matrix user display name in the compat SSO login context 2025-12-02 18:09:47 +01:00
Quentin Gliech
ff6b25061e Get the display name of the Matrix user on the consent screens 2025-12-02 17:51:23 +01:00
Olivier 'reivilibre
eeb0692b8e Add experimental and preliminary policy-driven session limiting when logging in compatibility sessions. (#5287) 2025-12-02 15:50:04 +00:00
Olivier 'reivilibre
a59d38fc0b Comment on why we special-case 'only violation is too-many-sessions' 2025-12-01 11:47:59 +00:00
Olivier 'reivilibre
65b7cdc409 Expose Violations directly to the compat policy violation template 2025-12-01 11:47:59 +00:00
Olivier 'reivilibre
70f3efc0b8 Remove is_interactive and carry on with login types 2025-12-01 11:47:59 +00:00