letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
2,714 Commits 2 Branches 1 Tag
9aedefee304be05fcd82554658da0abaeb7a8b2c
Commit Graph

123 Commits

Author SHA1 Message Date
reivilibre
a4891fa9ef Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech
041c74e7b2 Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
751d2e5dc2 Data model and repository for the user recovery flow 2024-06-28 15:59:21 +02:00
Quentin Gliech
545b014fd7 Actually verify the CAPTCHA during registration 2024-05-15 09:38:10 +02:00
Quentin Gliech
5e1e27f7ea hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
608daa9ac2 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
764069b6bc Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
3e450b50f0 Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
7998d30ba8 Allow more characters in device IDs 2024-05-03 16:56:56 +02:00
Quentin Gliech
a29da1f66f Update copyright headers 2024-04-30 13:33:47 +02:00
Quentin Gliech
10f7195cc0 Move the SiteConfig to the data-model crate 2024-04-30 13:33:47 +02:00
Quentin Gliech
75aeac9e0a Add a manage register-user utility to the CLI 2024-04-30 12:15:10 +02:00
Quentin Gliech
f82ad8c0e6 Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
6841bc112d Add a soft-deletion column on upstream OAuth 2.0 providers 2024-04-03 09:51:22 +02:00
Michael Telatynski
09cd3f90d6 Add Electron user-agent parsing for Element Desktop/Nightly (#2461) 2024-03-18 18:42:31 +01:00
Quentin Gliech
1627fc6945 Upgrade chrono and replace deprecated methods usage 2024-03-18 17:26:40 +01:00
Quentin Gliech
6b3b1e8109 Additional parameters from upstream OAuth2 providers in the data model 2024-03-01 14:36:37 +01:00
Quentin Gliech
a7dc41fdba Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech
82cb1365fd Record user agents on OAuth 2.0 and compat sessions (#2386) 
* Record user agents on OAuth 2.0 and compat sessions

* Add tests for recording user agent in sessions
 2024-02-22 10:01:32 +01:00
Quentin Gliech
d3c799b3ae Save which user session created a compat session 
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
 2024-02-21 11:55:58 +01:00
Quentin Gliech
17abb9a67e Record the user agent and IP in the device code grant 2024-02-02 18:01:51 +01:00
Quentin Gliech
45b7a6a931 Add a repository for device code grants 2024-02-02 18:01:51 +01:00
Quentin Gliech
1bbbe1fe3b Setup the data model for the device code grant 2024-02-02 18:01:51 +01:00
Quentin Gliech
a7ff6b00aa Enable clippy lints on a workspace level 
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
 2023-12-05 17:20:42 +01:00
Quentin Gliech
b7f509532e Add upstream OAuth 2.0 providers name and branding 2023-11-20 17:23:02 +01:00
Quentin Gliech
6942fc4570 Allow endpoints and discovery mode override for upstream oauth2 providers 
This time, at the configuration and database level
 2023-11-17 16:18:39 +01:00
Quentin Gliech
701e1c6814 Allow overriding usptream OAuth2 providers endpoints 
Also have a way to disable OIDC discovery when all the endpoints are known.
 2023-11-17 16:18:39 +01:00
Quentin Gliech
26f43e4766 Refactor the upstream link provider template logic 
Also adds tests for new account registration through an upstream oauth2
provider
 2023-11-13 14:11:30 +01:00
Quentin Gliech
097f314d8b Use minijinja templates to map OIDC claims to user attributes 2023-11-08 12:05:58 +01:00
Quentin Gliech
92d2a18afb "Can request admin" flag on user 2023-10-09 18:52:30 +02:00
Quentin Gliech
7d391ea58f Test the activity tracker on the introspection endpoint 2023-09-19 21:57:54 +02:00
Quentin Gliech
8e73092ad0 Make the last activity timestamp and IP available through the API 2023-09-19 21:57:54 +02:00
Quentin Gliech
bbbf833c97 Make the error on introspection failure more explicit in the logs 2023-09-13 18:24:52 +02:00
Quentin Gliech
37ae1420f3 data-model: make the access token expiration optional 2023-09-11 12:03:42 +02:00
Quentin Gliech
43aa2db3d5 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
Quentin Gliech
80b3398424 Make the email verification state more configurable on upstream OAuth 2.0 registration 
This also marks the email as primary
 2023-08-31 14:20:06 +02:00
Quentin Gliech
fb246508b2 Store the browser user-agent when starting a browser session 2023-08-29 17:38:01 +02:00
Quentin Gliech
e8b2ab8df1 Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
Quentin Gliech
ea7299a14a Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
4495a5eca8 Save the authentication method on each authorization 
This will help us logging out of the upstream.
 2023-08-28 17:14:59 +02:00
Quentin Gliech
d06061c14d Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
7f3aa06153 Add a way to lock users 2023-08-03 14:06:34 +02:00
Quentin Gliech
2b1d7d9d56 Remove the last authentication from the browser session model 2023-07-21 19:50:30 +02:00
Quentin Gliech
086c2c8a8e CLI tool to sync the upstream IDPs with the config 2023-06-26 17:24:56 +02:00
Quentin Gliech
6b9b699ed4 Pass the claims import preferences on the storage layer 2023-06-26 17:24:56 +02:00
Quentin Gliech
3c29d998fe Ground work to import upstream OIDC claims on registration. 2023-06-26 17:24:56 +02:00
Quentin Gliech
e5d5243c6d Add a admin flag to the compatibility session 
Also adds a CLI tool to issue a compatibility token.
 2023-06-16 15:24:38 +02:00
Quentin Gliech
2fbcb5377e Split the mutations and make them use an input object instead of different parameters 2023-04-25 16:39:15 +02:00
Quentin Gliech
fa101361a2 Fix Device to ScopeToken conversion and test it 2023-04-24 10:42:38 +02:00
Quentin Gliech
aea734d41b Provision and delete Matrix devices in OAuth sessions 2023-04-24 10:42:38 +02:00