letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
6,625 Commits 2 Branches 1 Tag
02c8a7a92be1bf75463b8bb2ae76c19eb1278f22
Commit Graph

67 Commits

Author SHA1 Message Date
Olivier 'reivilibre
65b7cdc409 Expose Violations directly to the compat policy violation template 2025-12-01 11:47:59 +00:00
Olivier 'reivilibre
70f3efc0b8 Remove is_interactive and carry on with login types 2025-12-01 11:47:59 +00:00
Olivier 'reivilibre
f450d0449c Make policy depend on whether the login is interactive or not 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
6fdb63b361 Don't apply a session limit when genuinely replacing a session 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
985ea0b30a Enforce policy on compat login 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
2c95c0a9a0 Expose the compat login policy from the policy engine 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
069b57758b Introduce compat login policy 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
236de8f071 Merge branch 'main' into rei/policy_driven_session_limit 2025-11-13 15:54:48 +00:00
Quentin Gliech
7d2f85c891 Remove the nullable transform from the policies schemas 2025-11-07 11:11:41 +01:00
Quentin Gliech
56911f25c1 Merge remote-tracking branch 'origin/main' into quenting/schemars-0.9 2025-11-06 17:34:43 +01:00
Olivier 'reivilibre
24152a47cb Make explicit the data...base 2025-11-06 15:02:04 +00:00
Olivier 'reivilibre
ea2506d2c7 Add TooManySessions violation code 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
cb5ea26792 Add session counts to policy input 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
7ee32e796a Add session limit config to policy data 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
1c056bfdad Add SessionCounts struct for use in policy 2025-11-06 10:12:14 +00:00
Quentin Gliech
eded025ff4 Fix a few clippy lints, mostly in doc comments 2025-08-18 10:34:28 +02:00
Quentin Gliech
b8d23be313 Fix many clippy warnings 
This is because the tracing-attributes update made clippy look at those
again. I've removed the `too_many_lines` lint, as it's not really useful
and we ignore it most of the time anyway.
 2025-07-30 14:49:38 +02:00
Quentin Gliech
3949ef4852 Use Path::display() instead of the debug representation 2025-07-16 19:23:06 +02:00
Quentin Gliech
e54664ad6f Upgrade schemars to 0.9 2025-06-12 15:48:24 +02:00
Quentin Gliech
52b0a9b2ba Update license headers to match the actual license 2025-06-12 10:32:16 +02:00
Quentin Gliech
8f5094ed19 Remove optional features from the mas-policy crate 2025-06-10 14:25:38 +02:00
Quentin Gliech
3a8d4a1e8a Replace most remaining #[instrument(err)] annotations 2025-04-18 09:59:29 +02:00
Quentin Gliech
d8dcef0303 Merge branch 'main' into quenting/dynamic-policy-data 2025-03-03 14:25:05 +01:00
Quentin Gliech
f66e82adc5 Show proper error messages when registering with a banned/not-allowed username 2025-03-03 10:45:30 +01:00
Quentin Gliech
fe789884ab policy: allow dynamically setting policy data 2025-02-25 16:21:54 +01:00
Quentin Gliech
56d9c7e63b Upgrade to Rust 1.85 and edition 2024 2025-02-21 16:15:02 +01:00
Quentin Gliech
a4bece6a77 Add translatable errors for the email policy constraints 2025-02-17 15:53:57 +01:00
Quentin Gliech
3a4aba049c Expose the user agent string to the policy execution context 2025-02-17 11:51:26 +01:00
Quentin Gliech
b1b7bf5725 Allow banning registrations by IP address 2025-02-17 10:18:11 +01:00
Quentin Gliech
fa85d60652 Remove the unused password input schema 2025-02-17 10:17:30 +01:00
Quentin Gliech
72384b8e03 Pass an input object to the policy evaluation instead of multiple arguments 2025-02-14 17:15:26 +01:00
Quentin Gliech
a51ab2fb5c Propagate more specific error messages from the policy on registration 
This makes some policy errors translatable
 2025-01-06 10:15:08 +01:00
Quentin Gliech
1e3d838c99 Allow longer & shorter usernames, complying with the MXID length spec 2025-01-06 10:15:08 +01:00
Quentin Gliech
e6ddaf098b Output the registered client metadata in the registration endpoint 
Fixes #2848
 2024-09-20 20:39:04 +02:00
Quentin Gliech
9a946c19e7 Remove (C) 2024-09-10 14:28:55 +02:00
Quentin Gliech
9da19e2af0 License headers change 2024-09-05 13:25:42 +02:00
reivilibre
fbd57ad51a Remove OPA-based password policy enforcement (#2875) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-07-16 14:33:04 +01:00
Quentin Gliech
6ba00ee363 Use re-exported wasmtime to avoid dependencies conflicts 2024-07-01 10:20:33 +02:00
Quentin Gliech
dbdb72226a Disable wasmtime cache, enable parallel compilation, add deny exception 2024-05-02 10:35:59 +02:00
Quentin Gliech
34f3d446b3 Make the device code grants go through the policy engine 2024-02-02 18:01:51 +01:00
Quentin Gliech
a7ff6b00aa Enable clippy lints on a workspace level 
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
 2023-12-05 17:20:42 +01:00
Quentin Gliech
a53040b94b Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
03a4d56415 policy: prepare for the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
38eacbebc1 Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
86d40b0345 Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
3c33923d2c policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
99e05b4a4f Fix the authorization grant template 
It previously relied on the client being in the authorization grant,
which is not the case anymore. This commit also adds a test to ensure
we're not breaking this template in the future.
 2023-01-31 16:50:48 +01:00
Quentin Gliech
9d8eee12f8 Better tracing spans 2023-01-04 16:30:38 +01:00
Quentin Gliech
626a4dd1db policy: define custom errors and ditch anyhow 2022-12-08 15:29:15 +01:00
Quentin Gliech
1f967deb57 data-model: simplify the authorization grants and sessions 2022-12-08 15:29:15 +01:00