letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
main
Commit Graph

88 Commits

Author SHA1 Message Date
Andrew Ferrazzutti
8bacf44c68 Revert GraphQL's unlock to also reactivate 
Unlike the CLI and admin API, leave the behaviour of the GraphQL's
unlock handler unchanged from before, so as to not break internal
tooling that depends on it.

Also update its documentation description to make note of the fact that
it reactivates in addition to unlocks.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
49540693ab Decouple (un)locking from (re/de)activation 
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
 2025-07-16 14:17:01 -04:00
Quentin Gliech
642c8ba508 Support for experimental plan management tab in UI (#4549) 2025-06-10 14:14:24 +02:00
Hugh Nimmo-Smith
211a124ee2 Schema update 2025-06-06 14:40:45 +01:00
Hugh Nimmo-Smith
0551b93cae Update schemas 2025-06-06 10:45:23 +01:00
Quentin Gliech
82913763b6 Update generated GraphQL schema 2025-06-03 16:26:18 +02:00
Hugh Nimmo-Smith
aad2d8afb3 Merge branch 'main' into hughns/plan-management 2025-05-09 10:33:39 +01:00
Quentin Gliech
cf9d4599f9 graphql: add mutation to update device name 2025-04-25 16:55:30 +02:00
Quentin Gliech
79868c3ca3 graphql: expose the humanName field on OAuth 2.0 sessions 2025-04-25 16:55:30 +02:00
Quentin Gliech
badaf35fcf frontend: expose the compat session humanName 2025-04-25 12:55:11 +02:00
Hugh Nimmo-Smith
57cc89a0c8 WIP support for experimental plan management tab in UI 2025-04-22 13:17:29 +01:00
mcalinghee
2fe4752aa4 add login by email + feature flag 2025-04-10 17:57:58 +02:00
Quentin Gliech
8d721c14b1 Explain what the 'hsErase' parameter does 2025-03-13 11:36:53 +01:00
Quentin Gliech
1846229f34 GraphQL mutation to deactivate a user 2025-03-12 15:58:54 +01:00
Quentin Gliech
a6992b718c Config option to allow account self-deactivation 2025-03-12 15:58:54 +01:00
Quentin Gliech
629a194c35 Require the user password to add or remove an email address 2025-03-06 17:37:54 +01:00
Quentin Gliech
2dce10d9b4 Only show the password change section if the user has a password 2025-02-24 14:28:06 +01:00
reivilibre
87009be7e6 Support compatibility sessions that do not have devices (#3801) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 14:50:31 +00:00
Quentin Gliech
7f1b3866ba Disclose that email is already in use after verification 2025-01-23 18:18:19 +01:00
Quentin Gliech
ea6b80c5ac Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech
a739a78602 GraphQL API to use the new email authentication codes 2025-01-14 15:47:36 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
c86f8800bd Polish the password recovery page 
This includes:

 - show an error message if the recovery link is expired, with a button
   to resend the email
 - show an error message if the recovery link has already been used
 - include an invisible username field in the form, so that password
   managers can save the new password
 2025-01-13 16:58:42 +01:00
Quentin Gliech
17430c21c5 Additional fields in the GraphQL API for upstream providers 2025-01-06 11:59:43 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Quentin Gliech
03838bd909 Remove contacts from the data model 2024-09-20 20:39:04 +02:00
Olivier 'reivilibre
9f66cb783f graphql: Expose CAPTCHA config and whether password registration is enabled 2024-07-26 13:02:58 +01:00
reivilibre
3c118e2b7a graphql: Add a SetPasswordByRecovery mutation to perform account recovery (#2986) 2024-07-24 16:19:14 +01:00
Quentin Gliech
35e81405e2 graphql: allow filtering of sessions by last activity 2024-07-19 13:40:27 +02:00
Quentin Gliech
9987a4e305 Show whether the user is deactivated on the homeserver in the GraphQL API 
Fix #2375
 2024-07-16 13:20:28 +02:00
Quentin Gliech
eb8688172d GraphQL API to unlock a user 
Fixes #2101
 2024-07-16 13:20:28 +02:00
reivilibre
a4891fa9ef Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
09ddf8de7c graphql: users query to list users with a few filters 2024-07-05 13:44:14 +02:00
Quentin Gliech
210d35b29b graphql: move the users queries to their own module 2024-07-05 13:44:14 +02:00
Quentin Gliech
6ec7469123 Update the schema 2024-07-05 10:07:40 +02:00
reivilibre
47f87b686b Add Self-service Password Change (#2863) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-06-25 13:25:33 +00:00
reivilibre
8b9e5f1fc8 GraphQL API: Add password_change_allowed to SiteConfig (#2857) 2024-06-20 15:16:50 +01:00
reivilibre
efa0057491 Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
Quentin Gliech
ff66d292f6 Hide the displayname edit button if disabled in the config 2024-04-30 13:33:47 +02:00
Quentin Gliech
460e3b19fe Expose the site config in the GraphQL API 2024-04-30 13:33:47 +02:00
Quentin Gliech
9b87147d8f graphql: check that the username is available when creating them 
This calls the HS to make sure the username isn't reserved.
This check can be bypassed using the `skipHomeserverCheck` flag on the
`addUser` mutation.
 2024-02-29 11:21:24 +01:00
Quentin Gliech
a7dc41fdba Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
d3c799b3ae Save which user session created a compat session 
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
 2024-02-21 11:55:58 +01:00
Quentin Gliech
76cdec56f0 Replace Jotai with @tanstack/router (#2359) 
* Start replacing jotai with @tanstack/router

* Remove jotai completely

* Move the common layout & reimplement the ?action parameter

This also makes sure everything is properly loaded in the route loader,
and we use fragment where it makes sense

* Change the default error component

* GraphQL API: make the sessions fetchable through node(id: ID!)
 2024-02-15 17:19:05 +01:00
Quentin Gliech
c11c7a0772 Add a GraphQL mutation to allow cross-signing reset 2023-12-05 17:47:36 +01:00
Quentin Gliech
92d2a18afb "Can request admin" flag on user 2023-10-09 18:52:30 +02:00
Quentin Gliech
90aaf395d8 graphql: allow filtering appsessions on device_id 2023-10-06 16:05:26 +02:00
Quentin Gliech
bec2cda552 Expose a unified session list in the GraphQL API 2023-09-20 20:27:08 +02:00
Quentin Gliech
8e73092ad0 Make the last activity timestamp and IP available through the API 2023-09-19 21:57:54 +02:00
Quentin Gliech
e8f17924c2 Add a GraphQL mutation to create arbitrary OAuth2 sessions. 2023-09-11 12:03:42 +02:00