letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
1,646 Commits 2 Branches 1 Tag
2d21ebdcd5c5e3dc22d5eeebcdbbaa916e4bb381
Commit Graph

88 Commits

Author SHA1 Message Date
Quentin Gliech
80b3398424 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
fb246508b2 Store the browser user-agent when starting a browser session 2023-08-29 17:38:01 +02:00
Quentin Gliech
e8b2ab8df1 Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
Quentin Gliech
ea7299a14a Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
4495a5eca8 Save the authentication method on each authorization 
This will help us logging out of the upstream.
 2023-08-28 17:14:59 +02:00
Quentin Gliech
d06061c14d Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
7f3aa06153 Add a way to lock users 2023-08-03 14:06:34 +02:00
Quentin Gliech
2b1d7d9d56 Remove the last authentication from the browser session model 2023-07-21 19:50:30 +02:00
Quentin Gliech
086c2c8a8e CLI tool to sync the upstream IDPs with the config 2023-06-26 17:24:56 +02:00
Quentin Gliech
6b9b699ed4 Pass the claims import preferences on the storage layer 2023-06-26 17:24:56 +02:00
Quentin Gliech
3c29d998fe Ground work to import upstream OIDC claims on registration. 2023-06-26 17:24:56 +02:00
Quentin Gliech
e5d5243c6d Add a admin flag to the compatibility session 
Also adds a CLI tool to issue a compatibility token.
 2023-06-16 15:24:38 +02:00
Quentin Gliech
2fbcb5377e Split the mutations and make them use an input object instead of different parameters 2023-04-25 16:39:15 +02:00
Quentin Gliech
fa101361a2 Fix Device to ScopeToken conversion and test it 2023-04-24 10:42:38 +02:00
Quentin Gliech
aea734d41b Provision and delete Matrix devices in OAuth sessions 2023-04-24 10:42:38 +02:00
Kévin Commaille
08556a7f50 Allow redirect URIs with any port for loopback interfaces 2023-04-14 10:22:49 +02:00
Hugh Nimmo-Smith
4a6b4ee169 Lint 2023-04-06 16:24:18 +02:00
Hugh Nimmo-Smith
f74ad36aa3 Handle imported Synapse access/refresh tokens 2023-04-06 16:24:18 +02:00
Quentin Gliech
b5ba81e260 Fix clippy errors 2023-03-14 10:47:35 +01:00
Quentin Gliech
75e5f6836b handlers: Add test for the compatibility login API 2023-02-24 15:52:21 +01:00
Quentin Gliech
99e05b4a4f Fix the authorization grant template 
It previously relied on the client being in the authorization grant,
which is not the case anymore. This commit also adds a test to ensure
we're not breaking this template in the future.
 2023-01-31 16:50:48 +01:00
Quentin Gliech
6f6572ddda storage-pg: write tests for the OAuth2 repositories 2023-01-25 17:24:34 +01:00
Quentin Gliech
59ce524586 storage: split the repository trait 2023-01-24 16:05:14 +01:00
Quentin Gliech
34136a2a97 handlers: extract the PgRepository from the request 
Also fix a bunch of clippy errors & doctests
 2023-01-18 18:22:13 +01:00
Quentin Gliech
2265327bac handlers: box the rng and clock, and extract it from the state 2023-01-18 17:49:59 +01:00
Quentin Gliech
7099a8df20 Fix rustdoc lints 2023-01-18 12:25:49 +01:00
Quentin Gliech
8e5b3e46ea storage: remaining oauth2 repositories 
- authorization grants
 - access tokens
 - refresh tokens
 2023-01-12 18:26:04 +01:00
Quentin Gliech
af267657c5 storage: repository pattern for the compat layer 2023-01-12 15:41:26 +01:00
Quentin Gliech
3a1fc8982c storage: cleanup access/refresh token lookups 2023-01-11 12:14:52 +01:00
Quentin Gliech
f0a44fcd5e storage: do less joins in compat sessions 2023-01-10 18:49:35 +01:00
Quentin Gliech
2b2f452d96 data-model: have more structs use a state machine 2023-01-09 18:02:32 +01:00
Quentin Gliech
31779f5222 data-model: don't embed the client in the auth grant 2023-01-09 10:49:51 +01:00
Quentin Gliech
8b8b21329e storage: do less joins on authorization grants and refresh tokens 2023-01-05 16:49:19 +01:00
Quentin Gliech
644eb61dd4 storage: oauth2 session repository 2023-01-05 16:44:56 +01:00
Quentin Gliech
6053e24d73 storage: Load with less joins 
This is done to simplify some queries, to avoid loading more data than
necessary, and in preparation of a proper cache layer
 2023-01-04 18:06:17 +01:00
Quentin Gliech
f77923599b strorage: browser session and user password repositories 2023-01-03 15:58:01 +01:00
Quentin Gliech
bd7f949300 storage: user and user email repository 2023-01-02 15:28:44 +01:00
Quentin Gliech
79d72b9123 ci: Update clippy to 1.66 and fix new warnings 2022-12-16 18:16:18 +01:00
Quentin Gliech
6c00f677a2 Use the new password manager 2022-12-14 16:04:36 +01:00
Quentin Gliech
1f967deb57 data-model: simplify the authorization grants and sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
584fba6ec7 data-model: simplify the oauth2 clients 2022-12-08 15:29:15 +01:00
Quentin Gliech
97b5f153a2 data-model: simplify the compat sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
2c32ff4917 data-model: simplify users and sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
b19dd4f77e data-model: simplify tokens 2022-12-08 15:29:15 +01:00
Quentin Gliech
4dd6379d24 GraphQL API 2022-12-05 19:39:51 +01:00
Quentin Gliech
b9eda7c9e8 Save the ID token during an upstream authorization 2022-12-05 19:39:51 +01:00
Quentin Gliech
6aca90e4d9 OIDC account linking and login 2022-12-05 19:39:51 +01:00
Quentin Gliech
ae532a05f9 Lookup and save upstream links 2022-12-05 19:39:51 +01:00
Quentin Gliech
28704ab473 WIP: upstream OIDC provider support 2022-12-05 19:39:51 +01:00
Quentin Gliech
625f238eee More cleanups 2022-11-02 18:59:00 +01:00