letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
3,099 Commits 2 Branches 1 Tag
25cf5800bda473bc4bad4d64d18feaccb3c9f708
Commit Graph

86 Commits

Author SHA1 Message Date
Quentin Gliech
87da8b39ff Enable better minijinja compatibility with the Python implementation 2024-10-28 14:59:36 +01:00
Quentin Gliech
0d41cd8a0f Manual license edit of remaining files 2024-09-10 14:28:55 +02:00
reivilibre
ca05566e82 Add rate-limiting for account recovery and registration (#3093) 
* Add rate-limiting for account recovery and registration

* Rename login ratelimiter `per_address` to `per_ip` for consistency

Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-08-07 17:57:36 +00:00
Quentin Gliech
2a2f37725d Host a Swagger UI both in the static documentation and by the server 2024-08-01 15:17:14 +02:00
Quentin Gliech
0b55719b12 Rate-limit password-based login attempts 2024-07-26 13:56:45 +02:00
Quentin Gliech
bb5bcf0f40 Rework assets loading to fix splitting CSS chunks 2024-07-25 12:59:29 +02:00
Quentin Gliech
af40a9f815 Separate error page when the recovery link was already used 2024-06-28 15:59:21 +02:00
Quentin Gliech
44ebc8e683 Show a proper 'link expired' page 2024-06-28 15:59:21 +02:00
Quentin Gliech
041c74e7b2 Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
8d4e6719b1 Implement the password change form 2024-06-28 15:59:21 +02:00
Quentin Gliech
ee22699e57 Recovery progress page 2024-06-28 15:59:21 +02:00
Quentin Gliech
df89f570ac Actually send emails for recovery 2024-06-28 15:59:21 +02:00
Quentin Gliech
50742b4d2b Start recovery view 2024-06-28 15:59:21 +02:00
reivilibre
45b1e77108 Remove the old password change page (#2874) 2024-06-27 13:41:24 +01:00
reivilibre
f7366feb1f Improve errors when MAS contacts the Synapse homeserver (#2794) 
* Add some drive-by docstrings

* Change text rendering of catch_http_codes::HttpError

Using `#[source]` is unnatural here because it makes it look like
two distinct errors (one being a cause of the other),
when in reality it is just one error, with 2 parts.

Using `Display` formatting for that leads to a more natural error.

* Add constraints to `catch_http_code{,s}` methods

Not strictly required, but does two things:

- documents what kind of function is expected
- provides a small extra amount of type enforcement at the call site,
  rather than later on when you find the result doesn't implement Service

* Add a `catch_http_errors` shorthand

Nothing major, just a quality of life improvement so you don't have to
repetitively write out what a HTTP error is

* Unexpected error page: remove leading whitespace from preformatted 'details' section

The extra whitespace was probably unintentional and makes the error harder to read,
particularly when it wraps onto a new line unnecessarily

* Capture and log Matrix errors received from Synapse

* Drive-by clippy fix: use clamp instead of min().max()

* Convert `err(Display)` to `err(Debug)` for `anyhow::Error`s in matrix-synapse support module
 2024-06-07 11:14:04 +00:00
Quentin Gliech
5273820077 Place the CAPTCHA error at the end of the form 2024-05-15 09:38:10 +02:00
Quentin Gliech
6adb6dd453 Display a user-friendly error on CAPTCHA failures 2024-05-15 09:38:10 +02:00
Quentin Gliech
53c7b1efbf Disable hCaptcha compatibility with reCAPTCHA 2024-05-15 09:38:10 +02:00
Quentin Gliech
3ccb105453 Add a <noscript> fallback message 2024-05-15 09:38:10 +02:00
Quentin Gliech
5e1e27f7ea hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
608daa9ac2 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
764069b6bc Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
7182b8120b Make the consent screens (almost completely) translatable 
One exception is the wording for the privacy policy/TOS, because it's
annoying to do with the conditionals.
 2024-05-10 14:49:54 +02:00
Quentin Gliech
d37109c0be Skip the device code form when using the full verification URI 
This changes the form to use a GET method, as it is only really doing
a redirect.
 2024-05-07 12:19:10 +02:00
Quentin Gliech
a29da1f66f Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
0c711733c4 Load the branding from the API instead of hardcoding in the config 2024-04-30 13:33:47 +02:00
Quentin Gliech
2d9157986e Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Michael Telatynski
2ae7a5b8ef Update session details styles to closer match latest Figma (#2439) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-03-08 14:41:41 +00:00
Quentin Gliech
9f58e60e95 Share the device card between the frontend and the backend 2024-02-27 17:56:20 +01:00
Quentin Gliech
a7dc41fdba Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
dea6b040bf Upgrade compound and fix bad focus rings on inputs 2024-02-08 17:54:10 +01:00
Quentin Gliech
afc7f509d9 Make the user agree to T&C during registration 2024-02-07 17:21:22 +01:00
Quentin Gliech
17abb9a67e Record the user agent and IP in the device code grant 2024-02-02 18:01:51 +01:00
Quentin Gliech
191e7dff3e Show the device better in the device consent page 2024-02-02 18:01:51 +01:00
Quentin Gliech
34f3d446b3 Make the device code grants go through the policy engine 2024-02-02 18:01:51 +01:00
Quentin Gliech
f866310d7e Implement the device consent logic 2024-02-02 18:01:51 +01:00
Quentin Gliech
d7b2414792 Setup the device link form page 2024-02-02 18:01:51 +01:00
Quentin Gliech
373f4e8d3e Fix the login template in case no human_name was set on the provider 2023-11-21 16:09:38 +01:00
Quentin Gliech
b7f509532e Add upstream OAuth 2.0 providers name and branding 2023-11-20 17:23:02 +01:00
Quentin Gliech
6aabc7db54 Check for existing users ahead of time on upstream OAuth2 registration 2023-11-13 14:11:30 +01:00
Quentin Gliech
a9ee9a7925 Fix the login template not rendering on policy error 2023-11-03 18:24:21 +01:00
Quentin Gliech
d2404cb847 Make the upstream provider URL better display & fix test 2023-10-30 15:55:15 +01:00
Quentin Gliech
8d00b34074 Polish all forms and add nice page headings to most screens 2023-10-30 15:55:15 +01:00
Quentin Gliech
b96d95792d Add instance privacy policy, TOS and imprint, and loads of design cleanups 2023-10-30 15:55:15 +01:00
Quentin Gliech
7f0acb350f frontend: integrate storybook with i18next & cleanup (#1970) 2023-10-19 15:37:29 +00:00
Quentin Gliech
fd4481713b Allow running the authentication service on a different base path 2023-10-06 14:07:55 +02:00
Quentin Gliech
13f88aae5e templates: fix the error.html template when missing the locale 2023-10-05 19:29:23 +02:00
Quentin Gliech
0d69e42021 templates: translate a lot more stuff 2023-10-05 19:29:23 +02:00
Quentin Gliech
c2c35673fd templates: fix the _ function not working in macros 2023-10-05 19:29:23 +02:00
Quentin Gliech
a7c5874c59 templates: more translations 2023-10-05 19:29:23 +02:00