letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
90fb2f03691c514bfe66d5f6d22c9ef41bd48745
Commit Graph

1739 Commits

Author SHA1 Message Date
Quentin Gliech
90fb2f0369 Make the password registration create a user_registration 2025-01-14 16:30:44 +01:00
Quentin Gliech
c2587e294c Move the registration-related views into a sub-module 2025-01-14 16:30:44 +01:00
Quentin Gliech
d58e13e2cf Data model and storage layer for storing user registrations 2025-01-14 16:30:43 +01:00
Quentin Gliech
a739a78602 GraphQL API to use the new email authentication codes 2025-01-14 15:47:36 +01:00
Quentin Gliech
5aa5c9cb03 Job to send the new email authentication codes 2025-01-14 15:47:17 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
ce256684fe Remove the dedicated page to add an email address 2025-01-14 15:46:39 +01:00
Quentin Gliech
b697a2dfb2 storage: new email authentication codes 2025-01-13 17:00:30 +01:00
Quentin Gliech
077a55fd5d Remove the primary email address concept 2025-01-13 17:00:30 +01:00
Quentin Gliech
c86f8800bd Polish the password recovery page 
This includes:

 - show an error message if the recovery link is expired, with a button
   to resend the email
 - show an error message if the recovery link has already been used
 - include an invisible username field in the form, so that password
   managers can save the new password
 2025-01-13 16:58:42 +01:00
Quentin Gliech
28480e40af Make the rate limiter available to the GraphQL API handlers 2025-01-13 16:58:42 +01:00
Quentin Gliech
3f842bc045 Split the base registration page with local password registration 2025-01-07 11:49:01 +01:00
dependabot[bot]
a0b73fa222 build(deps): bump pin-project-lite from 0.2.15 to 0.2.16 
Bumps [pin-project-lite](https://github.com/taiki-e/pin-project-lite) from 0.2.15 to 0.2.16.
- [Release notes](https://github.com/taiki-e/pin-project-lite/releases)
- [Changelog](https://github.com/taiki-e/pin-project-lite/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/pin-project-lite/compare/v0.2.15...v0.2.16)

---
updated-dependencies:
- dependency-name: pin-project-lite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-07 10:30:51 +01:00
Quentin Gliech
6756c6ebaf Document the new usptream OAuth 2.0 configuration options 2025-01-06 11:59:53 +01:00
Quentin Gliech
17430c21c5 Additional fields in the GraphQL API for upstream providers 2025-01-06 11:59:43 +01:00
dependabot[bot]
35287967bd build(deps): bump psl from 2.1.72 to 2.1.73 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.72 to 2.1.73.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.72...v2.1.73)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-06 11:57:29 +01:00
dependabot[bot]
41118e3e3d build(deps): bump serde_with from 3.11.0 to 3.12.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.11.0 to 3.12.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.11.0...v3.12.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-06 10:53:57 +01:00
Quentin Gliech
38c074d253 Change the test from a username too short to a username too long 2025-01-06 10:15:08 +01:00
Quentin Gliech
a51ab2fb5c Propagate more specific error messages from the policy on registration 
This makes some policy errors translatable
 2025-01-06 10:15:08 +01:00
Quentin Gliech
7f843b8bdc Fix registration test in mas-handlers 2025-01-06 10:15:08 +01:00
Quentin Gliech
1e3d838c99 Allow longer & shorter usernames, complying with the MXID length spec 2025-01-06 10:15:08 +01:00
dependabot[bot]
28b0d768c1 build(deps): bump console from 0.15.8 to 0.15.10 
Bumps [console](https://github.com/console-rs/console) from 0.15.8 to 0.15.10.
- [Release notes](https://github.com/console-rs/console/releases)
- [Changelog](https://github.com/console-rs/console/blob/main/CHANGELOG.md)
- [Commits](https://github.com/console-rs/console/compare/0.15.8...0.15.10)

---
updated-dependencies:
- dependency-name: console
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-06 09:08:48 +01:00
dependabot[bot]
03be3e7da1 build(deps): bump libc from 0.2.168 to 0.2.169 
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.168 to 0.2.169.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.169/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.168...0.2.169)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-06 08:57:17 +01:00
dependabot[bot]
5373dc0758 build(deps): bump psl from 2.1.70 to 2.1.72 (#3710) 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.70 to 2.1.72.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.70...v2.1.72)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-18 18:40:15 +01:00
Mathieu Velten
33e1cdbf16 Allow response_mode to be null and if so do not add the query param (#3700) 2024-12-18 18:18:39 +01:00
dependabot[bot]
fbf22b991e build(deps): bump pest_derive from 2.7.14 to 2.7.15 
Bumps [pest_derive](https://github.com/pest-parser/pest) from 2.7.14 to 2.7.15.
- [Release notes](https://github.com/pest-parser/pest/releases)
- [Commits](https://github.com/pest-parser/pest/compare/v2.7.14...v2.7.15)

---
updated-dependencies:
- dependency-name: pest_derive
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-17 18:40:29 +01:00
dependabot[bot]
c3378d1dff build(deps): bump libc from 0.2.167 to 0.2.168 
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.167 to 0.2.168.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.168/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.167...0.2.168)

---
updated-dependencies:
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-17 18:37:06 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
dependabot[bot]
58c10650aa build(deps): bump ruma-common from 0.14.1 to 0.15.0 
Bumps [ruma-common](https://github.com/ruma/ruma) from 0.14.1 to 0.15.0.
- [Release notes](https://github.com/ruma/ruma/releases)
- [Commits](https://github.com/ruma/ruma/compare/ruma-common-0.14.1...ruma-common-0.15.0)

---
updated-dependencies:
- dependency-name: ruma-common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-17 10:14:06 +01:00
Quentin Gliech
1c6a8000f0 Shutdown the server if any of the tasks crashes (#3672) 2024-12-17 09:11:08 +00:00
dependabot[bot]
dfbb9729f2 build(deps): bump psl from 2.1.65 to 2.1.70 
Bumps [psl](https://github.com/addr-rs/psl) from 2.1.65 to 2.1.70.
- [Release notes](https://github.com/addr-rs/psl/releases)
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.65...v2.1.70)

---
updated-dependencies:
- dependency-name: psl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-17 10:09:28 +01:00
dependabot[bot]
cf24c17d0e build(deps): bump rustls-pki-types from 1.10.0 to 1.10.1 
Bumps [rustls-pki-types](https://github.com/rustls/pki-types) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/rustls/pki-types/releases)
- [Commits](https://github.com/rustls/pki-types/compare/v/1.10.0...v/1.10.1)

---
updated-dependencies:
- dependency-name: rustls-pki-types
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-17 10:08:34 +01:00
Quentin Gliech
6d197e14dd Better error message when a translation file fails to load 2024-12-16 17:39:21 +01:00
Quentin Gliech
2dbfbfb03f Add metrics to the job queue 
This adds:

 - a histogram of the time it takes to process a job for each queue,
   with the status of the job (success, failure, etc.)
 - a histogram which records the time it takes to do a "tick", fetch jobs
 - a counter of the number of jobs currently in-flight for each queue
 - a counter which tracks the reasons why the worker got worken up
 2024-12-16 14:57:17 +01:00
dependabot[bot]
88c2be7117 build(deps): bump socket2 from 0.5.7 to 0.5.8 
Bumps [socket2](https://github.com/rust-lang/socket2) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/rust-lang/socket2/releases)
- [Changelog](https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/socket2/commits)

---
updated-dependencies:
- dependency-name: socket2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-13 16:33:44 +01:00
dependabot[bot]
8a7a3de71a build(deps): bump pest from 2.7.14 to 2.7.15 
Bumps [pest](https://github.com/pest-parser/pest) from 2.7.14 to 2.7.15.
- [Release notes](https://github.com/pest-parser/pest/releases)
- [Commits](https://github.com/pest-parser/pest/compare/v2.7.14...v2.7.15)

---
updated-dependencies:
- dependency-name: pest
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-13 11:31:38 +01:00
Quentin Gliech
f4a3a8bf64 Report version from git describe in metrics & CLI 2024-12-12 17:59:35 +01:00
Quentin Gliech
0435fa848d Move all the OTEL meters to crate-level statics 2024-12-12 16:04:48 +01:00
Quentin Gliech
d8bb96511a Move all the OTEL dependencies to the workspace 2024-12-12 16:04:48 +01:00
Quentin Gliech
8c358efd88 Update the rest of the OTEL deps and use the new APIs 2024-12-12 16:04:48 +01:00
dependabot[bot]
a56940ad16 build(deps): bump the opentelemetry group across 1 directory with 6 updates 
Bumps the opentelemetry group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [opentelemetry-jaeger-propagator](https://github.com/open-telemetry/opentelemetry-rust) | `0.3.0` | `0.27.0` |
| [opentelemetry-otlp](https://github.com/open-telemetry/opentelemetry-rust) | `0.17.0` | `0.27.0` |
| [opentelemetry-prometheus](https://github.com/open-telemetry/opentelemetry-rust) | `0.17.0` | `0.27.0` |
| [opentelemetry-resource-detectors](https://github.com/open-telemetry/opentelemetry-rust-contrib) | `0.3.0` | `0.6.0` |
| [opentelemetry-stdout](https://github.com/open-telemetry/opentelemetry-rust) | `0.5.0` | `0.27.0` |
| [opentelemetry_sdk](https://github.com/open-telemetry/opentelemetry-rust) | `0.24.1` | `0.27.1` |



Updates `opentelemetry-jaeger-propagator` from 0.3.0 to 0.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry-jaeger-propagator-0.3.0...opentelemetry-jaeger-propagator-0.27.0)

Updates `opentelemetry-otlp` from 0.17.0 to 0.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry-otlp-0.17.0...opentelemetry-otlp-0.27.0)

Updates `opentelemetry-prometheus` from 0.17.0 to 0.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry-prometheus-0.17.0...opentelemetry-prometheus-0.27.0)

Updates `opentelemetry-resource-detectors` from 0.3.0 to 0.6.0
- [Commits](https://github.com/open-telemetry/opentelemetry-rust-contrib/compare/opentelemetry-resource-detectors-0.3.0...opentelemetry-resource-detectors-0.6.0)

Updates `opentelemetry-stdout` from 0.5.0 to 0.27.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry-stdout-0.5.0...opentelemetry-stdout-0.27.0)

Updates `opentelemetry_sdk` from 0.24.1 to 0.27.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-rust/compare/opentelemetry_sdk-0.24.1...opentelemetry_sdk-0.27.1)

---
updated-dependencies:
- dependency-name: opentelemetry-jaeger-propagator
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-otlp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-prometheus
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-resource-detectors
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry-stdout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: opentelemetry_sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-12 16:04:48 +01:00
dependabot[bot]
f98dc0e693 build(deps): bump indexmap from 2.6.0 to 2.7.0 
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.6.0 to 2.7.0.
- [Changelog](https://github.com/indexmap-rs/indexmap/blob/master/RELEASES.md)
- [Commits](https://github.com/indexmap-rs/indexmap/compare/2.6.0...2.7.0)

---
updated-dependencies:
- dependency-name: indexmap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-12 10:32:40 +01:00
Quentin Gliech
d216514fe4 Make sure to consume the device grant to avoid replays 2024-12-11 16:23:20 +01:00
Quentin Gliech
3de5a761b6 Apply suggestions from code review 
Co-authored-by: reivilibre <oliverw@element.io>
 2024-12-11 14:15:01 +01:00
Quentin Gliech
e68e8e7c52 Make sure the refresh token is idempotent 
This allows using a refresh token multiple times, as long as the new
pair of tokens were not used in the meantime.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
6b1b3abfe9 Mark access token as used when calling the userinfo endpoint 2024-12-11 14:15:01 +01:00
Quentin Gliech
6bda8b91d0 Allow revoking refresh tokens 
This lets us track 'revoked' tokens separately from 'consumed' tokens.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
a26bc6c843 Cleanup revoked tokens instead of expired ones 
If we continue deleting expired tokens, we might not record whether the
token was used or not, and not know what to do in case of
a double-refresh.

Revoked tokens are safe to delete.

This also reduces the frequency of the cleanup job to once an hour.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
42bb83a628 Record when access tokens are first used 2024-12-11 14:15:01 +01:00