letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
90fb2f03691c514bfe66d5f6d22c9ef41bd48745
Commit Graph

98 Commits

Author SHA1 Message Date
Quentin Gliech
90fb2f0369 Make the password registration create a user_registration 2025-01-14 16:30:44 +01:00
Quentin Gliech
d9a34327f9 Fix the post auth action being lost during the registration flow 2025-01-14 16:30:44 +01:00
Quentin Gliech
c2587e294c Move the registration-related views into a sub-module 2025-01-14 16:30:44 +01:00
Quentin Gliech
5aa5c9cb03 Job to send the new email authentication codes 2025-01-14 15:47:17 +01:00
Quentin Gliech
ce256684fe Remove the dedicated page to add an email address 2025-01-14 15:46:39 +01:00
Quentin Gliech
10bbcb0657 Username on the first registration page is optional 2025-01-07 11:49:01 +01:00
Quentin Gliech
3f842bc045 Split the base registration page with local password registration 2025-01-07 11:49:01 +01:00
Quentin Gliech
05e7220e02 Update the IDP brand icons from Figma 2025-01-07 11:49:01 +01:00
Quentin Gliech
841c812ffd Tweak the login page to match the design 2025-01-07 11:49:01 +01:00
Quentin Gliech
a51ab2fb5c Propagate more specific error messages from the policy on registration 
This makes some policy errors translatable
 2025-01-06 10:15:08 +01:00
Quentin Gliech
2903ff5e7a Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Quentin Gliech
ec883e15ef Avoid using SameSite=None by re-submitting incoming form data 2024-11-22 08:48:00 +01:00
Quentin Gliech
87da8b39ff Enable better minijinja compatibility with the Python implementation 2024-10-28 14:59:36 +01:00
Quentin Gliech
0d41cd8a0f Manual license edit of remaining files 2024-09-10 14:28:55 +02:00
reivilibre
ca05566e82 Add rate-limiting for account recovery and registration (#3093) 
* Add rate-limiting for account recovery and registration

* Rename login ratelimiter `per_address` to `per_ip` for consistency

Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-08-07 17:57:36 +00:00
Quentin Gliech
2a2f37725d Host a Swagger UI both in the static documentation and by the server 2024-08-01 15:17:14 +02:00
Quentin Gliech
0b55719b12 Rate-limit password-based login attempts 2024-07-26 13:56:45 +02:00
Quentin Gliech
bb5bcf0f40 Rework assets loading to fix splitting CSS chunks 2024-07-25 12:59:29 +02:00
Quentin Gliech
af40a9f815 Separate error page when the recovery link was already used 2024-06-28 15:59:21 +02:00
Quentin Gliech
44ebc8e683 Show a proper 'link expired' page 2024-06-28 15:59:21 +02:00
Quentin Gliech
041c74e7b2 Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
8d4e6719b1 Implement the password change form 2024-06-28 15:59:21 +02:00
Quentin Gliech
ee22699e57 Recovery progress page 2024-06-28 15:59:21 +02:00
Quentin Gliech
df89f570ac Actually send emails for recovery 2024-06-28 15:59:21 +02:00
Quentin Gliech
50742b4d2b Start recovery view 2024-06-28 15:59:21 +02:00
reivilibre
45b1e77108 Remove the old password change page (#2874) 2024-06-27 13:41:24 +01:00
reivilibre
f7366feb1f Improve errors when MAS contacts the Synapse homeserver (#2794) 
* Add some drive-by docstrings

* Change text rendering of catch_http_codes::HttpError

Using `#[source]` is unnatural here because it makes it look like
two distinct errors (one being a cause of the other),
when in reality it is just one error, with 2 parts.

Using `Display` formatting for that leads to a more natural error.

* Add constraints to `catch_http_code{,s}` methods

Not strictly required, but does two things:

- documents what kind of function is expected
- provides a small extra amount of type enforcement at the call site,
  rather than later on when you find the result doesn't implement Service

* Add a `catch_http_errors` shorthand

Nothing major, just a quality of life improvement so you don't have to
repetitively write out what a HTTP error is

* Unexpected error page: remove leading whitespace from preformatted 'details' section

The extra whitespace was probably unintentional and makes the error harder to read,
particularly when it wraps onto a new line unnecessarily

* Capture and log Matrix errors received from Synapse

* Drive-by clippy fix: use clamp instead of min().max()

* Convert `err(Display)` to `err(Debug)` for `anyhow::Error`s in matrix-synapse support module
 2024-06-07 11:14:04 +00:00
Quentin Gliech
5273820077 Place the CAPTCHA error at the end of the form 2024-05-15 09:38:10 +02:00
Quentin Gliech
6adb6dd453 Display a user-friendly error on CAPTCHA failures 2024-05-15 09:38:10 +02:00
Quentin Gliech
53c7b1efbf Disable hCaptcha compatibility with reCAPTCHA 2024-05-15 09:38:10 +02:00
Quentin Gliech
3ccb105453 Add a <noscript> fallback message 2024-05-15 09:38:10 +02:00
Quentin Gliech
5e1e27f7ea hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
608daa9ac2 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
764069b6bc Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
7182b8120b Make the consent screens (almost completely) translatable 
One exception is the wording for the privacy policy/TOS, because it's
annoying to do with the conditionals.
 2024-05-10 14:49:54 +02:00
Quentin Gliech
d37109c0be Skip the device code form when using the full verification URI 
This changes the form to use a GET method, as it is only really doing
a redirect.
 2024-05-07 12:19:10 +02:00
Quentin Gliech
a29da1f66f Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
0c711733c4 Load the branding from the API instead of hardcoding in the config 2024-04-30 13:33:47 +02:00
Quentin Gliech
2d9157986e Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Michael Telatynski
2ae7a5b8ef Update session details styles to closer match latest Figma (#2439) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-03-08 14:41:41 +00:00
Quentin Gliech
9f58e60e95 Share the device card between the frontend and the backend 2024-02-27 17:56:20 +01:00
Quentin Gliech
a7dc41fdba Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
dea6b040bf Upgrade compound and fix bad focus rings on inputs 2024-02-08 17:54:10 +01:00
Quentin Gliech
afc7f509d9 Make the user agree to T&C during registration 2024-02-07 17:21:22 +01:00
Quentin Gliech
17abb9a67e Record the user agent and IP in the device code grant 2024-02-02 18:01:51 +01:00
Quentin Gliech
191e7dff3e Show the device better in the device consent page 2024-02-02 18:01:51 +01:00
Quentin Gliech
34f3d446b3 Make the device code grants go through the policy engine 2024-02-02 18:01:51 +01:00
Quentin Gliech
f866310d7e Implement the device consent logic 2024-02-02 18:01:51 +01:00
Quentin Gliech
d7b2414792 Setup the device link form page 2024-02-02 18:01:51 +01:00
Quentin Gliech
373f4e8d3e Fix the login template in case no human_name was set on the provider 2023-11-21 16:09:38 +01:00