letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
4,133 Commits 2 Branches 1 Tag
155c19e9495dccba4e33dbf76aca17ae9915707f
Commit Graph

73 Commits

Author SHA1 Message Date
Quentin Gliech
629a194c35 Require the user password to add or remove an email address 2025-03-06 17:37:54 +01:00
Quentin Gliech
2dce10d9b4 Only show the password change section if the user has a password 2025-02-24 14:28:06 +01:00
reivilibre
87009be7e6 Support compatibility sessions that do not have devices (#3801) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 14:50:31 +00:00
Quentin Gliech
7f1b3866ba Disclose that email is already in use after verification 2025-01-23 18:18:19 +01:00
Quentin Gliech
ea6b80c5ac Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech
a739a78602 GraphQL API to use the new email authentication codes 2025-01-14 15:47:36 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
c86f8800bd Polish the password recovery page 
This includes:

 - show an error message if the recovery link is expired, with a button
   to resend the email
 - show an error message if the recovery link has already been used
 - include an invisible username field in the form, so that password
   managers can save the new password
 2025-01-13 16:58:42 +01:00
Quentin Gliech
17430c21c5 Additional fields in the GraphQL API for upstream providers 2025-01-06 11:59:43 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Quentin Gliech
03838bd909 Remove contacts from the data model 2024-09-20 20:39:04 +02:00
Olivier 'reivilibre
9f66cb783f graphql: Expose CAPTCHA config and whether password registration is enabled 2024-07-26 13:02:58 +01:00
reivilibre
3c118e2b7a graphql: Add a SetPasswordByRecovery mutation to perform account recovery (#2986) 2024-07-24 16:19:14 +01:00
Quentin Gliech
35e81405e2 graphql: allow filtering of sessions by last activity 2024-07-19 13:40:27 +02:00
Quentin Gliech
9987a4e305 Show whether the user is deactivated on the homeserver in the GraphQL API 
Fix #2375
 2024-07-16 13:20:28 +02:00
Quentin Gliech
eb8688172d GraphQL API to unlock a user 
Fixes #2101
 2024-07-16 13:20:28 +02:00
reivilibre
a4891fa9ef Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
09ddf8de7c graphql: users query to list users with a few filters 2024-07-05 13:44:14 +02:00
Quentin Gliech
210d35b29b graphql: move the users queries to their own module 2024-07-05 13:44:14 +02:00
Quentin Gliech
6ec7469123 Update the schema 2024-07-05 10:07:40 +02:00
reivilibre
47f87b686b Add Self-service Password Change (#2863) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-06-25 13:25:33 +00:00
reivilibre
8b9e5f1fc8 GraphQL API: Add password_change_allowed to SiteConfig (#2857) 2024-06-20 15:16:50 +01:00
reivilibre
efa0057491 Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
Quentin Gliech
ff66d292f6 Hide the displayname edit button if disabled in the config 2024-04-30 13:33:47 +02:00
Quentin Gliech
460e3b19fe Expose the site config in the GraphQL API 2024-04-30 13:33:47 +02:00
Quentin Gliech
9b87147d8f graphql: check that the username is available when creating them 
This calls the HS to make sure the username isn't reserved.
This check can be bypassed using the `skipHomeserverCheck` flag on the
`addUser` mutation.
 2024-02-29 11:21:24 +01:00
Quentin Gliech
a7dc41fdba Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
d3c799b3ae Save which user session created a compat session 
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
 2024-02-21 11:55:58 +01:00
Quentin Gliech
76cdec56f0 Replace Jotai with @tanstack/router (#2359) 
* Start replacing jotai with @tanstack/router

* Remove jotai completely

* Move the common layout & reimplement the ?action parameter

This also makes sure everything is properly loaded in the route loader,
and we use fragment where it makes sense

* Change the default error component

* GraphQL API: make the sessions fetchable through node(id: ID!)
 2024-02-15 17:19:05 +01:00
Quentin Gliech
c11c7a0772 Add a GraphQL mutation to allow cross-signing reset 2023-12-05 17:47:36 +01:00
Quentin Gliech
92d2a18afb "Can request admin" flag on user 2023-10-09 18:52:30 +02:00
Quentin Gliech
90aaf395d8 graphql: allow filtering appsessions on device_id 2023-10-06 16:05:26 +02:00
Quentin Gliech
bec2cda552 Expose a unified session list in the GraphQL API 2023-09-20 20:27:08 +02:00
Quentin Gliech
8e73092ad0 Make the last activity timestamp and IP available through the API 2023-09-19 21:57:54 +02:00
Quentin Gliech
e8f17924c2 Add a GraphQL mutation to create arbitrary OAuth2 sessions. 2023-09-11 12:03:42 +02:00
Quentin Gliech
43aa2db3d5 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
Quentin Gliech
28e61de6e3 graphql: expose the logo_uri in the OAuth 2.0 client 
Fixes #1705
 2023-09-06 09:28:47 +02:00
Quentin Gliech
b43bac2f75 Update the graphql schema after the async-graphql update. 2023-09-04 09:37:26 +02:00
Quentin Gliech
19df3dd019 graphql: admin API to add a user, lock them, and add emails without verification 2023-09-01 11:34:58 +02:00
Quentin Gliech
86d40b0345 Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
4203d45a4e graphql: Expose the BrowserSession User-Agent 2023-08-29 17:38:01 +02:00
Quentin Gliech
e80aa8b311 graphql: API to query client sessions out of a device_id and a user ID 2023-08-29 16:53:38 +02:00
Quentin Gliech
e8b2ab8df1 Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
Quentin Gliech
d1c041cfad api: Add a finishedAt property to the BrowserSession and a state property to all 3 session types 2023-08-29 08:34:07 +02:00
Quentin Gliech
d06061c14d Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
1c9add3eb1 Update GraphQL schema 2023-08-11 14:56:21 +02:00
Quentin Gliech
ce3ad05c8d graphql: API to set the user displayname (#1412) 2023-08-03 14:45:59 +00:00
Quentin Gliech
d10ba8d226 frontend: show pagination total count in more lists 2023-07-21 19:50:30 +02:00
Quentin Gliech
ec1a87cfda Better upstream OAuth provider pagination and filtering 2023-07-21 19:50:30 +02:00
Quentin Gliech
60f1e3af8c Better OAuth 2.0 sessions pagination and filtering 2023-07-21 19:50:30 +02:00