letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
aad2d8afb35ea2fb9d0ba0cb4a32e5b3b6d43f72
Commit Graph

94 Commits

Author SHA1 Message Date
Hugh Nimmo-Smith
aad2d8afb3 Merge branch 'main' into hughns/plan-management 2025-05-09 10:33:39 +01:00
Quentin Gliech
4d0bce9382 Make the default scope on upstream providers config openid 2025-05-07 15:34:30 +02:00
Doug
a826b99319 Update the login schema docs. 2025-05-07 10:21:40 +01:00
Doug
b16492a62c Generate the schema (which fixes a typo amongst other things 🤦‍♂️) 2025-05-06 18:03:53 +01:00
Doug
7f91c8948b Add a configuration for forwarding the login hint to the upstream provider. 2025-05-06 17:50:33 +01:00
Quentin Gliech
aba9ca38e6 Insert client_name when upserting statically registered clients (#4417) 2025-04-30 11:50:49 +02:00
Hugh Nimmo-Smith
57cc89a0c8 WIP support for experimental plan management tab in UI 2025-04-22 13:17:29 +01:00
Quentin Gliech
0792171f91 Move the synapse_idp_id field to the top of the provider section 
This means that when serializing those, it will be at a more obvious place.
 2025-04-18 18:25:46 +02:00
Quentin Gliech
a061db35d7 Make a few password-related options public in the config crate 
It also adds docs to a few of those options
 2025-04-18 18:24:35 +02:00
Adis Veletanlic
e495b66ad1 Run ./misc/update.sh 2025-04-16 13:16:43 +02:00
Adis Veletanlic
1611bb652a Format project and run misc/update.sh 2025-04-14 13:41:43 +02:00
Adis Veletanlic
05ab1ec3a9 Add private_key_file option for apple sso and edit docs 2025-04-14 12:21:00 +02:00
mcalinghee
2fe4752aa4 add login by email + feature flag 2025-04-10 17:57:58 +02:00
Quentin Gliech
4f3dcc3a4b Expose more Sentry configuration (#4352) 2025-04-07 08:50:27 +02:00
hummingbard
204b7c54b5 Added Discord to default upstream oauth2 providers, regenerated config schema 2025-04-06 23:21:12 +06:00
Quentin Gliech
d5017bb623 Allow setting the OTLP tracing sample rate 2025-04-05 23:19:50 +02:00
Quentin Gliech
05b7d2d1ec Allow setting the Sentry environment & sample rates 
Also record the version in the Sentry release field.
 2025-04-05 23:19:16 +02:00
Quentin Gliech
25fd400ffb Change the default value of account_deactivation_allowed to true. 2025-03-13 12:04:57 +01:00
Quentin Gliech
a6992b718c Config option to allow account self-deactivation 2025-03-12 15:58:54 +01:00
Quentin Gliech
588a04b0ba Allow configuring the connection to the homeserver to be read-only. 2025-03-03 17:24:15 +01:00
Quentin Gliech
2a202cc6b0 Upgrade OpenTelemetry to 0.28 2025-02-24 10:44:08 +01:00
Quentin Gliech
b40fcdd712 Experimental feature to timeout inactive sessions 2025-02-12 17:31:21 +01:00
reivilibre
163b9e8849 Add pre-migration checks to syn2mas (#3805) 
This matches or exceeds `advisor.mts` from the old tool.

Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 18:01:46 +00:00
Quentin Gliech
ea6b80c5ac Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
Quentin Gliech
2903ff5e7a Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
f832666a86 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Quentin Gliech
ec28c30e3c Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
dddd9fe998 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
reivilibre
ca05566e82 Add rate-limiting for account recovery and registration (#3093) 
* Add rate-limiting for account recovery and registration

* Rename login ratelimiter `per_address` to `per_ip` for consistency

Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-08-07 17:57:36 +00:00
reivilibre
8f0d7800ff Add configuration for rate-limiting of logins, replacing hardcoded limits (#3090) 2024-08-07 18:36:02 +01:00
Quentin Gliech
58b673d54d Disallow OAuth 2.0 use of the GraphQL API by default 2024-08-07 18:09:51 +02:00
Quentin Gliech
a8cf8c519a Move the account-related options out of experimental 2024-08-01 14:50:21 +02:00
Quentin Gliech
c8b4a17a55 config: allow serving the admin API routes 2024-07-26 11:36:55 +02:00
reivilibre
a4891fa9ef Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Christian Tramnitz
b52342cee5 Fix RFC1918 network in default proxy configuration (#2908) 2024-07-05 08:22:39 +00:00
Quentin Gliech
65c416ff2e New config options to set the database certificates 2024-07-05 09:54:18 +02:00
Quentin Gliech
041c74e7b2 Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
5e1e27f7ea hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
608daa9ac2 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
764069b6bc Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
3e450b50f0 Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
9c22a39c0e Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
Quentin Gliech
f82ad8c0e6 Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
2d9157986e Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
4674db94f4 Simplify ConfigurationSection trait & skip default values when serializing 
This removes the `test` and `generate` methods from the
`ConfigurationSection` trait, as they did not really had a reason to
exist in the trait itself.
 2024-03-22 13:33:09 +01:00
Quentin Gliech
ff1267eefd Flatten the upstream_oauth2 config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
5eadd1ffbd Flatten the telemetry config section 2024-03-22 13:33:09 +01:00