letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
3,414 Commits 2 Branches 1 Tag
90fb2f03691c514bfe66d5f6d22c9ef41bd48745
Commit Graph

214 Commits

Author SHA1 Message Date
Quentin Gliech
d58e13e2cf Data model and storage layer for storing user registrations 2025-01-14 16:30:43 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
b697a2dfb2 storage: new email authentication codes 2025-01-13 17:00:30 +01:00
Quentin Gliech
077a55fd5d Remove the primary email address concept 2025-01-13 17:00:30 +01:00
Mathieu Velten
33e1cdbf16 Allow response_mode to be null and if so do not add the query param (#3700) 2024-12-18 18:18:39 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
dependabot[bot]
58c10650aa build(deps): bump ruma-common from 0.14.1 to 0.15.0 
Bumps [ruma-common](https://github.com/ruma/ruma) from 0.14.1 to 0.15.0.
- [Release notes](https://github.com/ruma/ruma/releases)
- [Commits](https://github.com/ruma/ruma/compare/ruma-common-0.14.1...ruma-common-0.15.0)

---
updated-dependencies:
- dependency-name: ruma-common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-17 10:14:06 +01:00
Quentin Gliech
6bda8b91d0 Allow revoking refresh tokens 
This lets us track 'revoked' tokens separately from 'consumed' tokens.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
42bb83a628 Record when access tokens are first used 2024-12-11 14:15:01 +01:00
Quentin Gliech
b3756e4ae4 Record the next refresh token ID when refreshing 
This will help us determine whether we had a double-refresh happening
 2024-12-11 14:15:01 +01:00
Quentin Gliech
2903ff5e7a Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
f832666a86 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Quentin Gliech
05e2572258 Record extra query parameters during upstream callback 
And make them available in the templates.
This is useful to get the user display name for Sign-in with Apple
 2024-11-22 08:48:00 +01:00
Quentin Gliech
ec28c30e3c Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
dddd9fe998 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
dependabot[bot]
02cfc1d42e build(deps): bump ruma-common from 0.13.0 to 0.14.1 
Bumps [ruma-common](https://github.com/ruma/ruma) from 0.13.0 to 0.14.1.
- [Release notes](https://github.com/ruma/ruma/releases)
- [Commits](https://github.com/ruma/ruma/compare/ruma-common-0.13.0...ruma-common-0.14.1)

---
updated-dependencies:
- dependency-name: ruma-common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-18 15:42:58 +01:00
Tonkku
48d74e773e Remove mas-matrix dependency on mas-data-model 2024-11-18 11:42:43 +01:00
Tonkku
52edfa61f6 Allow use of chrono::Utc::now in the tests 
Clock cannot be used because of a circular dependency
 2024-11-18 11:42:43 +01:00
Tonkku
7a750e6dab More format 
For some reason my cargo disagrees with the use line
 2024-11-18 11:42:43 +01:00
Tonkku
b09e2faaaa clippy 📎 2024-11-18 11:42:43 +01:00
Tonkku
376200cf4b cargo fmt 2024-11-18 11:42:43 +01:00
Tonkku
846a4ee14a Implement login_hint 2024-11-18 11:42:43 +01:00
dependabot[bot]
179c64ff19 build(deps): bump regex from 1.11.0 to 1.11.1 
Bumps [regex](https://github.com/rust-lang/regex) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.11.0...1.11.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-29 12:58:41 +01:00
Quentin Gliech
0fde63594a Remove most doctests 2024-10-29 12:37:59 +01:00
dependabot[bot]
05c28ab318 build(deps): bump regex from 1.10.6 to 1.11.0 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.6 to 1.11.0.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.6...1.11.0)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-07 19:05:21 +02:00
Quentin Gliech
e6ddaf098b Output the registered client metadata in the registration endpoint 
Fixes #2848
 2024-09-20 20:39:04 +02:00
Quentin Gliech
03838bd909 Remove contacts from the data model 2024-09-20 20:39:04 +02:00
Quentin Gliech
9a946c19e7 Remove (C) 2024-09-10 14:28:55 +02:00
Quentin Gliech
9da19e2af0 License headers change 2024-09-05 13:25:42 +02:00
Quentin Gliech
163d7e8c93 admin: model definition for the OAuth 2.0 sessions 2024-08-07 17:41:18 +02:00
dependabot[bot]
1440e0456c build(deps): bump regex from 1.10.5 to 1.10.6 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.5 to 1.10.6.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.5...1.10.6)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-04 22:49:17 +02:00
reivilibre
a4891fa9ef Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
dependabot[bot]
5f90b0c6cb build(deps): bump regex from 1.10.4 to 1.10.5 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.4...1.10.5)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-29 05:41:05 +02:00
Quentin Gliech
041c74e7b2 Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
751d2e5dc2 Data model and repository for the user recovery flow 2024-06-28 15:59:21 +02:00
Quentin Gliech
545b014fd7 Actually verify the CAPTCHA during registration 2024-05-15 09:38:10 +02:00
Quentin Gliech
5e1e27f7ea hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
608daa9ac2 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
764069b6bc Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
3e450b50f0 Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
7998d30ba8 Allow more characters in device IDs 2024-05-03 16:56:56 +02:00
dependabot[bot]
9ec73ed8c8 build(deps): bump crc from 3.0.1 to 3.2.1 
Bumps [crc](https://github.com/mrhooray/crc-rs) from 3.0.1 to 3.2.1.
- [Release notes](https://github.com/mrhooray/crc-rs/releases)
- [Commits](https://github.com/mrhooray/crc-rs/compare/3.0.1...3.2.1)

---
updated-dependencies:
- dependency-name: crc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 22:34:40 +02:00
dependabot[bot]
c2ed92300a build(deps): bump regex from 1.10.3 to 1.10.4 
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.3 to 1.10.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.3...1.10.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-30 19:43:16 +02:00
Quentin Gliech
a29da1f66f Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
10f7195cc0 Move the SiteConfig to the data-model crate 2024-04-30 13:33:47 +02:00
Quentin Gliech
75aeac9e0a Add a manage register-user utility to the CLI 2024-04-30 12:15:10 +02:00
Quentin Gliech
f82ad8c0e6 Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
6841bc112d Add a soft-deletion column on upstream OAuth 2.0 providers 2024-04-03 09:51:22 +02:00
Michael Telatynski
09cd3f90d6 Add Electron user-agent parsing for Element Desktop/Nightly (#2461) 2024-03-18 18:42:31 +01:00