letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
502 Commits 2 Branches 1 Tag
acfec5beac40e62df8ba47cdf5a400a40983f162
Commit Graph

502 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Quentin Gliech
acfec5beac Switch the policies to a violation list based approach 
This allows policies to give proper feedback on form fields
 2022-06-03 13:37:20 +02:00
Quentin Gliech
b17715473a Compile and check OPA policies in CI 2022-06-03 13:37:20 +02:00
Quentin Gliech
9afec75dc8 Embed the default policy in the binary 2022-06-03 13:37:20 +02:00
Quentin Gliech
173351cb75 Build WASM policies in the Docker image 2022-06-03 13:37:20 +02:00
Quentin Gliech
29c819c6ba Bump MSRV to 1.59 2022-06-03 13:37:20 +02:00
Quentin Gliech
bfbdb9efe4 Run OPA policies during registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
25a1285e98 Generate spans for policy evaluations 2022-06-03 13:37:20 +02:00
Quentin Gliech
e5cac2dcac opa fmt 2022-06-03 13:37:20 +02:00
Quentin Gliech
420647ae65 Add OPA policies tests 2022-06-03 13:37:20 +02:00
Quentin Gliech
0625384042 Support for applying OPA policies during client registration 2022-06-03 13:37:20 +02:00
dependabot[bot]
37e8037edb Bump serde_with from 1.13.0 to 1.14.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:41 +02:00
dependabot[bot]
4bb24a6405 Bump hyper from 0.14.18 to 0.14.19 
Bumps [hyper](https://github.com/hyperium/hyper) from 0.14.18 to 0.14.19.
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19)

---
updated-dependencies:
- dependency-name: hyper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:30 +02:00
dependabot[bot]
5aec3e3f90 Bump cssnano from 5.1.9 to 5.1.10 in /crates/static-files 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.1.9 to 5.1.10.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.1.9...cssnano@5.1.10)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:19 +02:00
dependabot[bot]
026281e8e4 Bump actions/cache from 3.0.2 to 3.0.3 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:10 +02:00
Quentin Gliech
966d2ecff5 Add an email field in the registration form 2022-06-02 16:18:55 +02:00
Quentin Gliech
d6ccab96df Update sqlx-data.json 2022-06-02 16:18:55 +02:00
Quentin Gliech
f3f96058b8 Make email verification mandatory 2022-06-02 16:18:55 +02:00
Quentin Gliech
4459c04f6d Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Hugh Nimmo-Smith
e53d899e99 Implementation of MSC3824 actions for compat (#221) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-05-31 09:49:52 +00:00
dependabot[bot]
b8970ad976 Bump once_cell from 1.11.0 to 1.12.0 
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 22:46:53 +02:00
dependabot[bot]
444311b0d5 Bump http-body from 0.4.4 to 0.4.5 
Bumps [http-body](https://github.com/hyperium/http-body) from 0.4.4 to 0.4.5.
- [Release notes](https://github.com/hyperium/http-body/releases)
- [Changelog](https://github.com/hyperium/http-body/blob/v0.4.5/CHANGELOG.md)
- [Commits](https://github.com/hyperium/http-body/compare/v0.4.4...v0.4.5)

---
updated-dependencies:
- dependency-name: http-body
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 22:01:21 +02:00
dependabot[bot]
10ad400dbb Bump cssnano from 5.1.8 to 5.1.9 in /crates/static-files 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.1.8 to 5.1.9.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.1.8...cssnano@5.1.9)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 21:43:05 +02:00
Quentin Gliech
bca382ffdf Have a better error on registration if the username is already taken 2022-05-23 14:36:38 +02:00
dependabot[bot]
d5d9e73100 Bump once_cell from 1.10.0 to 1.11.0 
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 10:42:52 +02:00
Quentin Gliech
8c1762bc20 Advertise m.login.token as compat login method 2022-05-23 10:42:25 +02:00
Quentin Gliech
15913d46c5 Make the sign out buttons keep the current action context 2022-05-23 10:42:25 +02:00
Quentin Gliech
10e85306b7 Check timings when validating an SSO login 
- exchanging a token twice should not work
 - exchanging a token more than 30s after its fullfillment should not
   work
 - exchanging a pending token should not work
 - fullfilling a login more than 30min after its creation should not
   work
 - also have better errors in some cases
 2022-05-23 10:42:25 +02:00
Quentin Gliech
3ac7633140 Perform some checks on the redirectUrl 2022-05-23 10:42:25 +02:00
Quentin Gliech
eb08e3f1b6 Have a consent screen before continuing the SSO login 2022-05-23 10:42:25 +02:00
Quentin Gliech
9a989edd79 Legacy login via m.login.sso 2022-05-23 10:42:25 +02:00
Quentin Gliech
27724591f4 Upgrade AWS crates 2022-05-19 10:23:40 +02:00
dependabot[bot]
8b8ba082d7 Bump axum-extra from 0.3.2 to 0.3.3 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.3.2 to 0.3.3.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.3.2...axum-extra-v0.3.3)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 10:22:57 +02:00
Quentin Gliech
3b2eca9e39 Handle legacy /refresh 2022-05-19 10:17:49 +02:00
Quentin Gliech
e7e8212ffc Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
ac95e35a7a Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
8cbaee399a Prepare the storage layer for legacy refresh tkoens 2022-05-19 10:17:49 +02:00
Quentin Gliech
ee89ed8de2 Split compat and api routers 2022-05-19 10:17:49 +02:00
Quentin Gliech
85b05f5ede Appease cargo fmt 2022-05-19 10:17:49 +02:00
Quentin Gliech
fb051eb2f4 Handle legacy /logout 2022-05-19 10:17:49 +02:00
Quentin Gliech
a4ee085664 Working legacy login endpoint 2022-05-19 10:17:49 +02:00
Quentin Gliech
f27954375a WIP: Handle /login 2022-05-19 10:17:49 +02:00
dependabot[bot]
3214c673ae Bump postcss from 8.4.13 to 8.4.14 in /crates/static-files 
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.13 to 8.4.14.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.13...8.4.14)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 09:42:53 +02:00
dependabot[bot]
91add3d133 Bump @tailwindcss/forms from 0.5.1 to 0.5.2 in /crates/static-files 
Bumps [@tailwindcss/forms](https://github.com/tailwindlabs/tailwindcss-forms) from 0.5.1 to 0.5.2.
- [Release notes](https://github.com/tailwindlabs/tailwindcss-forms/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss-forms/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss-forms/compare/v0.5.1...v0.5.2)

---
updated-dependencies:
- dependency-name: "@tailwindcss/forms"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 09:02:53 +02:00
dependabot[bot]
a553f72d19 Bump rustls from 0.20.5 to 0.20.6 
Bumps [rustls](https://github.com/rustls/rustls) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.20.5...v/0.20.6)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 09:02:46 +02:00
dependabot[bot]
7b91a88a0b Bump axum-macros from 0.2.1 to 0.2.2 
Bumps [axum-macros](https://github.com/tokio-rs/axum) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.2.1...axum-macros-v0.2.2)

---
updated-dependencies:
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 09:02:17 +02:00
dependabot[bot]
347eed27da Bump rustls from 0.20.4 to 0.20.5 
Bumps [rustls](https://github.com/rustls/rustls) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.20.4...v/0.20.5)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-18 09:47:05 +02:00
dependabot[bot]
5af84d7c6d Bump schemars from 0.8.9 to 0.8.10 
Bumps [schemars](https://github.com/GREsau/schemars) from 0.8.9 to 0.8.10.
- [Release notes](https://github.com/GREsau/schemars/releases)
- [Changelog](https://github.com/GREsau/schemars/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GREsau/schemars/compare/v0.8.9...v0.8.10)

---
updated-dependencies:
- dependency-name: schemars
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-18 09:46:58 +02:00
dependabot[bot]
0127d18d7a Bump cssnano from 5.1.7 to 5.1.8 in /crates/static-files 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.1.7 to 5.1.8.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.1.7...cssnano@5.1.8)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-18 09:46:22 +02:00
dependabot[bot]
1f9439e264 Bump schemars from 0.8.8 to 0.8.9 
Bumps [schemars](https://github.com/GREsau/schemars) from 0.8.8 to 0.8.9.
- [Release notes](https://github.com/GREsau/schemars/releases)
- [Changelog](https://github.com/GREsau/schemars/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GREsau/schemars/compare/v0.8.8...v0.8.9)

---
updated-dependencies:
- dependency-name: schemars
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-17 17:45:04 +02:00
dependabot[bot]
b6cfd41949 Bump axum from 0.5.5 to 0.5.6 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.5...axum-v0.5.6)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-17 17:42:34 +02:00