letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
96fd597fef3e9dd514b44d8dcebffcdb00a6ffc0
Commit Graph

530 Commits

Author SHA1 Message Date
Quentin Gliech
fd4481713b Allow running the authentication service on a different base path 2023-10-06 14:07:55 +02:00
dependabot[bot]
62dc8d83e8 build(deps): bump insta from 1.32.0 to 1.33.0 
Bumps [insta](https://github.com/mitsuhiko/insta) from 1.32.0 to 1.33.0.
- [Changelog](https://github.com/mitsuhiko/insta/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mitsuhiko/insta/compare/1.32.0...1.33.0)

---
updated-dependencies:
- dependency-name: insta
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-05 20:13:41 +02:00
dependabot[bot]
023178157c build(deps): bump sqlx from 0.7.1 to 0.7.2 
Bumps [sqlx](https://github.com/launchbadge/sqlx) from 0.7.1 to 0.7.2.
- [Changelog](https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/launchbadge/sqlx/commits)

---
updated-dependencies:
- dependency-name: sqlx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-05 19:36:48 +02:00
Quentin Gliech
266a8e53ff handlers: fix test after a translation update 2023-10-05 19:29:23 +02:00
Quentin Gliech
0d69e42021 templates: translate a lot more stuff 2023-10-05 19:29:23 +02:00
Quentin Gliech
4ea29eb6b0 handlers/templates: infer the language from the Accept-Language browser header 2023-10-05 19:29:23 +02:00
Quentin Gliech
ad8cc6be9e templates: add translations function 2023-10-05 19:29:23 +02:00
Quentin Gliech
8960d1702f templates: replace tera with minijinja 2023-10-05 19:29:23 +02:00
Quentin Gliech
701a349b9e i18n-scan: utility to scan translatable strings in templates 2023-10-05 19:29:23 +02:00
Quentin Gliech
76f63838a3 i18n: translator structure, to hold translations 2023-10-05 19:29:23 +02:00
Quentin Gliech
20d7770011 Add a way to discover the GraphQL endpoint in the .well-known/openid-configuration 
This adds a `org.matrix.matrix-authentication-service.graphql_endpoint` key to it
 2023-10-05 16:43:13 +02:00
dependabot[bot]
38a4de1ef0 build(deps): bump time from 0.3.28 to 0.3.29 
Bumps [time](https://github.com/time-rs/time) from 0.3.28 to 0.3.29.
- [Release notes](https://github.com/time-rs/time/releases)
- [Changelog](https://github.com/time-rs/time/blob/main/CHANGELOG.md)
- [Commits](https://github.com/time-rs/time/compare/v0.3.28...v0.3.29)

---
updated-dependencies:
- dependency-name: time
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-26 14:48:05 +02:00
dependabot[bot]
f5dceef2e7 build(deps): bump async-graphql from 6.0.6 to 6.0.7 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.6 to 6.0.7.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-26 14:37:54 +02:00
dependabot[bot]
f6473083c2 build(deps): bump insta from 1.31.0 to 1.32.0 
Bumps [insta](https://github.com/mitsuhiko/insta) from 1.31.0 to 1.32.0.
- [Changelog](https://github.com/mitsuhiko/insta/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mitsuhiko/insta/compare/1.31.0...1.32.0)

---
updated-dependencies:
- dependency-name: insta
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-22 22:30:40 +02:00
Quentin Gliech
baaa725fcd Infer client IP address from the peer address and the X-Forwarded-Proxy header 2023-09-20 20:24:30 +02:00
Quentin Gliech
7d391ea58f Test the activity tracker on the introspection endpoint 2023-09-19 21:57:54 +02:00
Quentin Gliech
0042129878 Save the session activity in the database 2023-09-19 21:57:54 +02:00
Quentin Gliech
6925bf1384 Record the user session activity for most routes 2023-09-19 21:57:54 +02:00
Quentin Gliech
0cd4ef4887 Add an ActivityTracker which tracks session activity and regularly flush them to the database 2023-09-19 21:57:54 +02:00
dependabot[bot]
45c0fa5557 build(deps): bump axum-extra from 0.7.7 to 0.8.0 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.7.7 to 0.8.0.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.7.7...axum-extra-v0.8.0)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-18 23:52:53 +02:00
Quentin Gliech
862924c52c fixup! Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
9548df563d Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
921f491a00 Rust dependencies housekeeping 
Including:
 - package upgrades
 - stop using the patched version of `ulid`
 - update cargo deny duplicate exception list
 2023-09-14 23:43:00 +02:00
Quentin Gliech
44fe2afafc Make the HTTP client factory reuse the underlying client 
This avoids duplicating clients, and makes it so that they all share the same connection pool.
 2023-09-14 16:52:01 +02:00
Quentin Gliech
68c6a15e13 Stop using deprecated chrono::DateTime::from_utc method 2023-09-13 18:28:41 +02:00
Quentin Gliech
bbbf833c97 Make the error on introspection failure more explicit in the logs 2023-09-13 18:24:52 +02:00
Quentin Gliech
0c4f3c4982 graphql: Fix the createOauth2Session mutation not persisting the changes to the database 2023-09-12 11:31:19 +02:00
Quentin Gliech
bfcd2fb967 storage: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
37ae1420f3 data-model: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
e8f17924c2 Add a GraphQL mutation to create arbitrary OAuth2 sessions. 2023-09-11 12:03:42 +02:00
Quentin Gliech
aba103021c Have more granular errors on the refresh token grant 2023-09-08 15:19:43 +02:00
Quentin Gliech
90f18bc59d Add the Sentry event ID in error response headers 2023-09-08 15:19:43 +02:00
dependabot[bot]
6630fd9ca8 build(deps): bump async-graphql from 6.0.5 to 6.0.6 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.5 to 6.0.6.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-08 13:44:27 +02:00
Quentin Gliech
2d27ca978d Test that a client_credentials token with the admin scope can add a user 2023-09-06 09:35:34 +02:00
Quentin Gliech
b0c9e02b26 policy: only require redirect_uris for the authorization_code and implicit grants 2023-09-06 09:35:34 +02:00
Quentin Gliech
28b408878b Only allow using the refresh token grant if it was asked during the client registration 2023-09-06 09:35:34 +02:00
Quentin Gliech
53c6e8a871 Advertise the client_credentials grant in the discovery document 2023-09-06 09:35:34 +02:00
Quentin Gliech
a53040b94b Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
07d895e33a storage: add a method to create an OAuth 2.0 session for a client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
43aa2db3d5 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
dependabot[bot]
1c12314855 build(deps): bump argon2 from 0.5.1 to 0.5.2 
Bumps [argon2](https://github.com/RustCrypto/password-hashes) from 0.5.1 to 0.5.2.
- [Commits](https://github.com/RustCrypto/password-hashes/compare/argon2-v0.5.1...argon2-v0.5.2)

---
updated-dependencies:
- dependency-name: argon2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 09:34:17 +02:00
dependabot[bot]
03dabb49f9 build(deps): bump async-graphql from 6.0.4 to 6.0.5 
Bumps [async-graphql](https://github.com/async-graphql/async-graphql) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/async-graphql/async-graphql/releases)
- [Changelog](https://github.com/async-graphql/async-graphql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/async-graphql/async-graphql/commits)

---
updated-dependencies:
- dependency-name: async-graphql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:37:26 +02:00
dependabot[bot]
f3e610acba build(deps): bump tower-http from 0.4.3 to 0.4.4 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 09:17:59 +02:00
Hugh Nimmo-Smith
2d21ebdcd5 Add CORS headers for /graphql 2023-09-01 17:30:33 +02:00
Quentin Gliech
d39daf48c5 Define common crates metadata on the workspace level 2023-09-01 16:27:22 +02:00
Kerry
5a8f05e518 Implement MSC2965 action parameter (#1673) 
* redirect session_end action to session detail

* fix react key warning in oauth session detail

* move Route type to /routing

* test getRouteActionRedirection

* comment

* frontend: Split the routing-related stuff in multiple files under routing/

* frontend: Cover all the redirections defined by MSC2965

* frontend: fix test

* Make the backend keep query parameters through login to the /account/ interface

* Fix frontend tests & clippy lints

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
 2023-09-01 09:42:50 +00:00
Quentin Gliech
8d0cf9fdbf Make the access tokens TTL configurable 2023-08-31 18:05:00 +02:00
Quentin Gliech
80b3398424 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
38eacbebc1 Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
86d40b0345 Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00