letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
513 Commits 2 Branches 1 Tag
91aa836f7e6deddf5dda15da0f2a85becf035d4b
Commit Graph

513 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
91aa836f7e Bump tokio from 1.19.0 to 1.19.2 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.19.0 to 1.19.2.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/commits)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 14:05:45 +02:00
dependabot[bot]
2f35c38d82 Bump lettre from 0.10.0-rc.6 to 0.10.0-rc.7 
Bumps [lettre](https://github.com/lettre/lettre) from 0.10.0-rc.6 to 0.10.0-rc.7.
- [Release notes](https://github.com/lettre/lettre/releases)
- [Changelog](https://github.com/lettre/lettre/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lettre/lettre/compare/v0.10.0-rc.6...v0.10.0-rc.7)

---
updated-dependencies:
- dependency-name: lettre
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 14:05:39 +02:00
Hugh Nimmo-Smith
1c05e43685 Clean up github workflows (#233) 2022-06-07 07:26:49 +00:00
Hugh Nimmo-Smith
b239e9573e Build and publish docker image from main branch (#227) 2022-06-06 18:02:46 +00:00
Hugh Nimmo-Smith
90388b66c2 Implementation of MSC3824 actions for compat (#226) 
* Implementation of MSC3824 actions for compat

* Update crates/handlers/src/compat/login.rs

Co-authored-by: Quentin Gliech <quenting@element.io>

* Linting

* More linting

* Don't return actions for m.login.token

Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-06-06 18:24:24 +01:00
dependabot[bot]
601d3bf55e Bump async-trait from 0.1.53 to 0.1.56 
Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.53 to 0.1.56.
- [Release notes](https://github.com/dtolnay/async-trait/releases)
- [Commits](https://github.com/dtolnay/async-trait/compare/0.1.53...0.1.56)

---
updated-dependencies:
- dependency-name: async-trait
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-04 16:43:35 +02:00
dependabot[bot]
cc1431eb10 Bump tokio from 1.18.2 to 1.19.0 
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.18.2...tokio-1.19.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-04 15:52:31 +02:00
Quentin Gliech
ee62a6ebfb Fix policy test 2022-06-04 12:47:36 +02:00
Quentin Gliech
ec4e776c10 Fix policies test 2022-06-03 17:03:25 +02:00
Quentin Gliech
0ef22ea443 Handle password strength verification through OPA 2022-06-03 16:14:26 +02:00
Quentin Gliech
7b0e642356 Remove the login policy (since it is not implemented yet) 2022-06-03 13:37:20 +02:00
Quentin Gliech
acfec5beac Switch the policies to a violation list based approach 
This allows policies to give proper feedback on form fields
 2022-06-03 13:37:20 +02:00
Quentin Gliech
b17715473a Compile and check OPA policies in CI 2022-06-03 13:37:20 +02:00
Quentin Gliech
9afec75dc8 Embed the default policy in the binary 2022-06-03 13:37:20 +02:00
Quentin Gliech
173351cb75 Build WASM policies in the Docker image 2022-06-03 13:37:20 +02:00
Quentin Gliech
29c819c6ba Bump MSRV to 1.59 2022-06-03 13:37:20 +02:00
Quentin Gliech
bfbdb9efe4 Run OPA policies during registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
25a1285e98 Generate spans for policy evaluations 2022-06-03 13:37:20 +02:00
Quentin Gliech
e5cac2dcac opa fmt 2022-06-03 13:37:20 +02:00
Quentin Gliech
420647ae65 Add OPA policies tests 2022-06-03 13:37:20 +02:00
Quentin Gliech
0625384042 Support for applying OPA policies during client registration 2022-06-03 13:37:20 +02:00
dependabot[bot]
37e8037edb Bump serde_with from 1.13.0 to 1.14.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:41 +02:00
dependabot[bot]
4bb24a6405 Bump hyper from 0.14.18 to 0.14.19 
Bumps [hyper](https://github.com/hyperium/hyper) from 0.14.18 to 0.14.19.
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19)

---
updated-dependencies:
- dependency-name: hyper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:30 +02:00
dependabot[bot]
5aec3e3f90 Bump cssnano from 5.1.9 to 5.1.10 in /crates/static-files 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.1.9 to 5.1.10.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.1.9...cssnano@5.1.10)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:19 +02:00
dependabot[bot]
026281e8e4 Bump actions/cache from 3.0.2 to 3.0.3 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:10 +02:00
Quentin Gliech
966d2ecff5 Add an email field in the registration form 2022-06-02 16:18:55 +02:00
Quentin Gliech
d6ccab96df Update sqlx-data.json 2022-06-02 16:18:55 +02:00
Quentin Gliech
f3f96058b8 Make email verification mandatory 2022-06-02 16:18:55 +02:00
Quentin Gliech
4459c04f6d Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Hugh Nimmo-Smith
e53d899e99 Implementation of MSC3824 actions for compat (#221) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-05-31 09:49:52 +00:00
dependabot[bot]
b8970ad976 Bump once_cell from 1.11.0 to 1.12.0 
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 22:46:53 +02:00
dependabot[bot]
444311b0d5 Bump http-body from 0.4.4 to 0.4.5 
Bumps [http-body](https://github.com/hyperium/http-body) from 0.4.4 to 0.4.5.
- [Release notes](https://github.com/hyperium/http-body/releases)
- [Changelog](https://github.com/hyperium/http-body/blob/v0.4.5/CHANGELOG.md)
- [Commits](https://github.com/hyperium/http-body/compare/v0.4.4...v0.4.5)

---
updated-dependencies:
- dependency-name: http-body
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 22:01:21 +02:00
dependabot[bot]
10ad400dbb Bump cssnano from 5.1.8 to 5.1.9 in /crates/static-files 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.1.8 to 5.1.9.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.1.8...cssnano@5.1.9)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 21:43:05 +02:00
Quentin Gliech
bca382ffdf Have a better error on registration if the username is already taken 2022-05-23 14:36:38 +02:00
dependabot[bot]
d5d9e73100 Bump once_cell from 1.10.0 to 1.11.0 
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 10:42:52 +02:00
Quentin Gliech
8c1762bc20 Advertise m.login.token as compat login method 2022-05-23 10:42:25 +02:00
Quentin Gliech
15913d46c5 Make the sign out buttons keep the current action context 2022-05-23 10:42:25 +02:00
Quentin Gliech
10e85306b7 Check timings when validating an SSO login 
- exchanging a token twice should not work
 - exchanging a token more than 30s after its fullfillment should not
   work
 - exchanging a pending token should not work
 - fullfilling a login more than 30min after its creation should not
   work
 - also have better errors in some cases
 2022-05-23 10:42:25 +02:00
Quentin Gliech
3ac7633140 Perform some checks on the redirectUrl 2022-05-23 10:42:25 +02:00
Quentin Gliech
eb08e3f1b6 Have a consent screen before continuing the SSO login 2022-05-23 10:42:25 +02:00
Quentin Gliech
9a989edd79 Legacy login via m.login.sso 2022-05-23 10:42:25 +02:00
Quentin Gliech
27724591f4 Upgrade AWS crates 2022-05-19 10:23:40 +02:00
dependabot[bot]
8b8ba082d7 Bump axum-extra from 0.3.2 to 0.3.3 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.3.2 to 0.3.3.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.3.2...axum-extra-v0.3.3)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 10:22:57 +02:00
Quentin Gliech
3b2eca9e39 Handle legacy /refresh 2022-05-19 10:17:49 +02:00
Quentin Gliech
e7e8212ffc Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
ac95e35a7a Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
8cbaee399a Prepare the storage layer for legacy refresh tkoens 2022-05-19 10:17:49 +02:00
Quentin Gliech
ee89ed8de2 Split compat and api routers 2022-05-19 10:17:49 +02:00
Quentin Gliech
85b05f5ede Appease cargo fmt 2022-05-19 10:17:49 +02:00
Quentin Gliech
fb051eb2f4 Handle legacy /logout 2022-05-19 10:17:49 +02:00