letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
1,938 Commits 2 Branches 1 Tag
96fd597fef3e9dd514b44d8dcebffcdb00a6ffc0
Commit Graph

93 Commits

Author SHA1 Message Date
Quentin Gliech
7d391ea58f Test the activity tracker on the introspection endpoint 2023-09-19 21:57:54 +02:00
Quentin Gliech
8e73092ad0 Make the last activity timestamp and IP available through the API 2023-09-19 21:57:54 +02:00
Quentin Gliech
bbbf833c97 Make the error on introspection failure more explicit in the logs 2023-09-13 18:24:52 +02:00
Quentin Gliech
37ae1420f3 data-model: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
43aa2db3d5 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
Quentin Gliech
80b3398424 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
fb246508b2 Store the browser user-agent when starting a browser session 2023-08-29 17:38:01 +02:00
Quentin Gliech
e8b2ab8df1 Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
Quentin Gliech
ea7299a14a Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
4495a5eca8 Save the authentication method on each authorization 
This will help us logging out of the upstream.
 2023-08-28 17:14:59 +02:00
Quentin Gliech
d06061c14d Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
7f3aa06153 Add a way to lock users 2023-08-03 14:06:34 +02:00
Quentin Gliech
2b1d7d9d56 Remove the last authentication from the browser session model 2023-07-21 19:50:30 +02:00
Quentin Gliech
086c2c8a8e CLI tool to sync the upstream IDPs with the config 2023-06-26 17:24:56 +02:00
Quentin Gliech
6b9b699ed4 Pass the claims import preferences on the storage layer 2023-06-26 17:24:56 +02:00
Quentin Gliech
3c29d998fe Ground work to import upstream OIDC claims on registration. 2023-06-26 17:24:56 +02:00
Quentin Gliech
e5d5243c6d Add a admin flag to the compatibility session 
Also adds a CLI tool to issue a compatibility token.
 2023-06-16 15:24:38 +02:00
Quentin Gliech
2fbcb5377e Split the mutations and make them use an input object instead of different parameters 2023-04-25 16:39:15 +02:00
Quentin Gliech
fa101361a2 Fix Device to ScopeToken conversion and test it 2023-04-24 10:42:38 +02:00
Quentin Gliech
aea734d41b Provision and delete Matrix devices in OAuth sessions 2023-04-24 10:42:38 +02:00
Kévin Commaille
08556a7f50 Allow redirect URIs with any port for loopback interfaces 2023-04-14 10:22:49 +02:00
Hugh Nimmo-Smith
4a6b4ee169 Lint 2023-04-06 16:24:18 +02:00
Hugh Nimmo-Smith
f74ad36aa3 Handle imported Synapse access/refresh tokens 2023-04-06 16:24:18 +02:00
Quentin Gliech
b5ba81e260 Fix clippy errors 2023-03-14 10:47:35 +01:00
Quentin Gliech
75e5f6836b handlers: Add test for the compatibility login API 2023-02-24 15:52:21 +01:00
Quentin Gliech
99e05b4a4f Fix the authorization grant template 
It previously relied on the client being in the authorization grant,
which is not the case anymore. This commit also adds a test to ensure
we're not breaking this template in the future.
 2023-01-31 16:50:48 +01:00
Quentin Gliech
6f6572ddda storage-pg: write tests for the OAuth2 repositories 2023-01-25 17:24:34 +01:00
Quentin Gliech
59ce524586 storage: split the repository trait 2023-01-24 16:05:14 +01:00
Quentin Gliech
34136a2a97 handlers: extract the PgRepository from the request 
Also fix a bunch of clippy errors & doctests
 2023-01-18 18:22:13 +01:00
Quentin Gliech
2265327bac handlers: box the rng and clock, and extract it from the state 2023-01-18 17:49:59 +01:00
Quentin Gliech
7099a8df20 Fix rustdoc lints 2023-01-18 12:25:49 +01:00
Quentin Gliech
8e5b3e46ea storage: remaining oauth2 repositories 
- authorization grants
 - access tokens
 - refresh tokens
 2023-01-12 18:26:04 +01:00
Quentin Gliech
af267657c5 storage: repository pattern for the compat layer 2023-01-12 15:41:26 +01:00
Quentin Gliech
3a1fc8982c storage: cleanup access/refresh token lookups 2023-01-11 12:14:52 +01:00
Quentin Gliech
f0a44fcd5e storage: do less joins in compat sessions 2023-01-10 18:49:35 +01:00
Quentin Gliech
2b2f452d96 data-model: have more structs use a state machine 2023-01-09 18:02:32 +01:00
Quentin Gliech
31779f5222 data-model: don't embed the client in the auth grant 2023-01-09 10:49:51 +01:00
Quentin Gliech
8b8b21329e storage: do less joins on authorization grants and refresh tokens 2023-01-05 16:49:19 +01:00
Quentin Gliech
644eb61dd4 storage: oauth2 session repository 2023-01-05 16:44:56 +01:00
Quentin Gliech
6053e24d73 storage: Load with less joins 
This is done to simplify some queries, to avoid loading more data than
necessary, and in preparation of a proper cache layer
 2023-01-04 18:06:17 +01:00
Quentin Gliech
f77923599b strorage: browser session and user password repositories 2023-01-03 15:58:01 +01:00
Quentin Gliech
bd7f949300 storage: user and user email repository 2023-01-02 15:28:44 +01:00
Quentin Gliech
79d72b9123 ci: Update clippy to 1.66 and fix new warnings 2022-12-16 18:16:18 +01:00
Quentin Gliech
6c00f677a2 Use the new password manager 2022-12-14 16:04:36 +01:00
Quentin Gliech
1f967deb57 data-model: simplify the authorization grants and sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
584fba6ec7 data-model: simplify the oauth2 clients 2022-12-08 15:29:15 +01:00
Quentin Gliech
97b5f153a2 data-model: simplify the compat sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
2c32ff4917 data-model: simplify users and sessions 2022-12-08 15:29:15 +01:00
Quentin Gliech
b19dd4f77e data-model: simplify tokens 2022-12-08 15:29:15 +01:00
Quentin Gliech
4dd6379d24 GraphQL API 2022-12-05 19:39:51 +01:00