letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
2,101 Commits 2 Branches 1 Tag
033affc792adf773c4b6609f144cb858369ae2c8
Commit Graph

382 Commits

Author SHA1 Message Date
dependabot[bot]
25f26e15a7 build(deps): bump the tracing group with 2 updates 
Bumps the tracing group with 2 updates: [tracing-subscriber](https://github.com/tokio-rs/tracing) and [tracing-appender](https://github.com/tokio-rs/tracing).


Updates `tracing-subscriber` from 0.3.17 to 0.3.18
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.17...tracing-subscriber-0.3.18)

Updates `tracing-appender` from 0.2.2 to 0.2.3
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-appender-0.2.2...tracing-appender-0.2.3)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
- dependency-name: tracing-appender
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tracing
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-14 15:14:43 +01:00
dependabot[bot]
88463399b8 build(deps): bump the opentelemetry group with 1 update 
Bumps the opentelemetry group with 1 update: [opentelemetry-prometheus](https://github.com/open-telemetry/opentelemetry-rust).

- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/commits)

---
updated-dependencies:
- dependency-name: opentelemetry-prometheus
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-14 15:14:12 +01:00
dependabot[bot]
34fc43af13 build(deps): bump the sentry group with 1 update 
Bumps the sentry group with 1 update: [sentry](https://github.com/getsentry/sentry-rust).

- [Release notes](https://github.com/getsentry/sentry-rust/releases)
- [Changelog](https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-rust/compare/0.31.7...0.31.8)

---
updated-dependencies:
- dependency-name: sentry
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-14 14:30:30 +01:00
dependabot[bot]
f68892f25c build(deps): bump tokio from 1.33.0 to 1.34.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.33.0 to 1.34.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.33.0...tokio-1.34.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-14 13:51:15 +01:00
Quentin Gliech
097f314d8b Use minijinja templates to map OIDC claims to user attributes 2023-11-08 12:05:58 +01:00
Quentin Gliech
a1a96e0e6e Upgrade opentelemetry to 0.21.0 2023-11-08 11:49:03 +01:00
dependabot[bot]
5f7faba2ac build(deps): bump the opentelemetry group with 8 updates 
Bumps the opentelemetry group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry) | `0.21.0` | `0.22.0` |
| [opentelemetry-http](https://github.com/open-telemetry/opentelemetry-rust) | `0.9.0` | `0.10.0` |
| [opentelemetry-jaeger](https://github.com/open-telemetry/opentelemetry-rust) | `0.19.0` | `0.20.0` |
| [opentelemetry-otlp](https://github.com/open-telemetry/opentelemetry-rust) | `0.13.0` | `0.14.0` |
| [opentelemetry-prometheus](https://github.com/open-telemetry/opentelemetry-rust) | `0.13.0` | `0.14.0` |
| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-rust) | `0.12.0` | `0.13.0` |
| [opentelemetry-stdout](https://github.com/open-telemetry/opentelemetry-rust) | `0.1.0` | `0.2.0` |
| [opentelemetry-zipkin](https://github.com/open-telemetry/opentelemetry-rust) | `0.18.0` | `0.19.0` |


Updates `tracing-opentelemetry` from 0.21.0 to 0.22.0
- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases)
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.21.0...v0.22.0)

Updates `opentelemetry-http` from 0.9.0 to 0.10.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.9.0...v0.10.0)

Updates `opentelemetry-jaeger` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.19.0...v0.20.0)

Updates `opentelemetry-otlp` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.13.0...v0.14.0)

Updates `opentelemetry-prometheus` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.13.0...v0.14.0)

Updates `opentelemetry-semantic-conventions` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.12.0...v0.13.0)

Updates `opentelemetry-stdout` from 0.1.0 to 0.2.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-rust/blob/v0.2.0/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/commits/v0.2.0)

Updates `opentelemetry-zipkin` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: tracing-opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-http
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-jaeger
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-otlp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-prometheus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-semantic-conventions
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-stdout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-zipkin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-08 11:49:03 +01:00
dependabot[bot]
672aeff96c build(deps): bump rustls from 0.21.7 to 0.21.8 
Bumps [rustls](https://github.com/rustls/rustls) from 0.21.7 to 0.21.8.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Commits](https://github.com/rustls/rustls/compare/v/0.21.7...v/0.21.8)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-03 16:14:44 +01:00
Quentin Gliech
b96d95792d Add instance privacy policy, TOS and imprint, and loads of design cleanups 2023-10-30 15:55:15 +01:00
dependabot[bot]
f2a2ceeafc build(deps): bump tokio from 1.32.0 to 1.33.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.32.0 to 1.33.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.32.0...tokio-1.33.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-09 16:11:09 +02:00
Quentin Gliech
fd4481713b Allow running the authentication service on a different base path 2023-10-06 14:07:55 +02:00
dependabot[bot]
023178157c build(deps): bump sqlx from 0.7.1 to 0.7.2 
Bumps [sqlx](https://github.com/launchbadge/sqlx) from 0.7.1 to 0.7.2.
- [Changelog](https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/launchbadge/sqlx/commits)

---
updated-dependencies:
- dependency-name: sqlx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-05 19:36:48 +02:00
Quentin Gliech
4ea29eb6b0 handlers/templates: infer the language from the Accept-Language browser header 2023-10-05 19:29:23 +02:00
Quentin Gliech
ad8cc6be9e templates: add translations function 2023-10-05 19:29:23 +02:00
Quentin Gliech
8960d1702f templates: replace tera with minijinja 2023-10-05 19:29:23 +02:00
Quentin Gliech
701a349b9e i18n-scan: utility to scan translatable strings in templates 2023-10-05 19:29:23 +02:00
Quentin Gliech
76f63838a3 i18n: translator structure, to hold translations 2023-10-05 19:29:23 +02:00
Quentin Gliech
baaa725fcd Infer client IP address from the peer address and the X-Forwarded-Proxy header 2023-09-20 20:24:30 +02:00
Quentin Gliech
0042129878 Save the session activity in the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
0cd4ef4887 Add an ActivityTracker which tracks session activity and regularly flush them to the database 2023-09-19 21:57:54 +02:00
dependabot[bot]
82b233405a build(deps): bump clap from 4.4.3 to 4.4.4 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.3 to 4.4.4.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.3...v4.4.4)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-18 23:55:04 +02:00
Quentin Gliech
921f491a00 Rust dependencies housekeeping 
Including:
 - package upgrades
 - stop using the patched version of `ulid`
 - update cargo deny duplicate exception list
 2023-09-14 23:43:00 +02:00
Quentin Gliech
44fe2afafc Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00
Quentin Gliech
380868c052 Always initialize a metric reader to avoid crashes 
Fix #1552
 2023-09-14 16:52:01 +02:00
dependabot[bot]
f1fdf14342 build(deps): bump clap from 4.4.2 to 4.4.3 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.2 to 4.4.3.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.2...v4.4.3)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-13 18:28:48 +02:00
dependabot[bot]
d94c501a4d build(deps): bump clap from 4.4.1 to 4.4.2 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.4.1...v4.4.2)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:25:21 +02:00
dependabot[bot]
f3e610acba build(deps): bump tower-http from 0.4.3 to 0.4.4 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:17:59 +02:00
Quentin Gliech
d39daf48c5 Define common crates metadata on the workspace level 2023-09-01 16:27:22 +02:00
Quentin Gliech
00a4508d87 Rename the 'hack' configuration section to 'experimental' 2023-08-31 18:05:00 +02:00
Quentin Gliech
8d0cf9fdbf Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
80b3398424 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
86d40b0345 Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
3c33923d2c policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
b783b5457e tracing: set the parent context from the incoming request again 2023-08-29 18:50:54 +02:00
dependabot[bot]
d06064219c build(deps): bump the opentelemetry group with 1 update 
Bumps the opentelemetry group with 1 update: [tracing-opentelemetry](https://github.com/tokio-rs/tracing-opentelemetry).

- [Release notes](https://github.com/tokio-rs/tracing-opentelemetry/releases)
- [Changelog](https://github.com/tokio-rs/tracing-opentelemetry/blob/v0.1.x/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/tracing-opentelemetry/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: tracing-opentelemetry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 18:50:54 +02:00
Quentin Gliech
6c6f121146 Fix sentry transport post-upgrade 2023-08-29 08:23:26 +02:00
dependabot[bot]
08b8401b99 build(deps): bump the sentry group with 1 update 
Bumps the sentry group with 1 update: [sentry](https://github.com/getsentry/sentry-rust).

- [Release notes](https://github.com/getsentry/sentry-rust/releases)
- [Changelog](https://github.com/getsentry/sentry-rust/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-rust/compare/0.31.5...0.31.6)

---
updated-dependencies:
- dependency-name: sentry
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:23:26 +02:00
dependabot[bot]
81fa7e0750 build(deps): bump rustls from 0.21.6 to 0.21.7 
Bumps [rustls](https://github.com/rustls/rustls) from 0.21.6 to 0.21.7.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Commits](https://github.com/rustls/rustls/compare/v/0.21.6...v/0.21.7)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 08:00:31 +02:00
dependabot[bot]
282847a119 build(deps): bump clap from 4.4.0 to 4.4.1 
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.0 to 4.4.1.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.4.0...v4.4.1)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-29 00:10:05 +02:00
Quentin Gliech
1283e78f18 Cache the upstream OAuth 2.0 provider metadata 2023-08-28 18:30:40 +02:00
Quentin Gliech
ea7299a14a Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
d06061c14d Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
c840e3ec55 Grab a database lock when syncing the config 
Fixes #1475
 2023-08-25 15:48:47 +02:00
Quentin Gliech
d054d72fee Handle cookies better by setting the right flags & expiration 2023-08-25 14:35:46 +02:00
dependabot[bot]
eece803306 build(deps): bump clap from 4.3.24 to 4.4.0 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.24 to 4.4.0.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.24...clap_complete-v4.4.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-25 12:32:06 +02:00
dependabot[bot]
e9ab64c345 build(deps): bump clap from 4.3.23 to 4.3.24 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.23 to 4.3.24.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.23...v4.3.24)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 19:39:31 +02:00
dependabot[bot]
7eb15a57dc build(deps): bump clap from 4.3.21 to 4.3.23 
Bumps [clap](https://github.com/clap-rs/clap) from 4.3.21 to 4.3.23.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v4.3.21...v4.3.23)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 16:08:45 +02:00
dependabot[bot]
47e1afdaeb build(deps): bump httpdate from 1.0.2 to 1.0.3 
Bumps [httpdate](https://github.com/pyfisch/httpdate) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/pyfisch/httpdate/releases)
- [Commits](https://github.com/pyfisch/httpdate/compare/v1.0.2...v1.0.3)

---
updated-dependencies:
- dependency-name: httpdate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 12:03:22 +02:00
dependabot[bot]
2cc53ef3ec build(deps): bump tokio from 1.30.0 to 1.32.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.30.0 to 1.32.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.30.0...tokio-1.32.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-23 12:02:56 +02:00
Quentin Gliech
a6dc094f09 Move some common dependencies on the workspace level 
Also deprecates the AWS SESv2 transport for emails
 2023-08-14 13:00:01 +02:00