letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
b1b7bf5725a0274b768b64f5c58673afef03fdff
Commit Graph

44 Commits

Author SHA1 Message Date
Quentin Gliech
b1b7bf5725 Allow banning registrations by IP address 2025-02-17 10:18:11 +01:00
Quentin Gliech
72384b8e03 Pass an input object to the policy evaluation instead of multiple arguments 2025-02-14 17:15:26 +01:00
Quentin Gliech
e6ddaf098b Output the registered client metadata in the registration endpoint 
Fixes #2848
 2024-09-20 20:39:04 +02:00
Quentin Gliech
03838bd909 Remove contacts from the data model 2024-09-20 20:39:04 +02:00
Quentin Gliech
9a946c19e7 Remove (C) 2024-09-10 14:28:55 +02:00
Quentin Gliech
9da19e2af0 License headers change 2024-09-05 13:25:42 +02:00
Quentin Gliech
4eed3b1efd Upgrade async-graphql, fix mas-handlers & mas-axum-utils tests 
This also replaces the init_tracing test helper with a general setup
test helper, so that it also initializes the rustls crypto backend.
 2024-07-05 10:07:40 +02:00
Quentin Gliech
d1542e6866 Replace parse-display with manual Display/FromStr impls 2024-03-19 16:38:46 +01:00
Quentin Gliech
862924c52c fixup! Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
9548df563d Deny URIs from client that are public suffixes 2023-09-18 11:57:50 +02:00
Quentin Gliech
90f18bc59d Add the Sentry event ID in error response headers 2023-09-08 15:19:43 +02:00
Quentin Gliech
86d40b0345 Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
3c33923d2c policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
d06061c14d Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech
cef7efca8c Define upstream OAuth providers in the config 
And adds CLI tool to sync them with the database (WIP)
 2023-06-26 17:24:56 +02:00
Quentin Gliech
0b4112f410 handlers: add a test for OIDC discovery 2023-02-22 16:38:48 +01:00
Quentin Gliech
0da644a315 handlers: add tests for client registration 2023-02-22 14:29:53 +01:00
Quentin Gliech
275c67863b Capture better errors in Sentry 2023-01-31 16:25:15 +01:00
Quentin Gliech
cb4bfe5b6b Log more errors and setup Sentry integration 2023-01-30 18:04:44 +01:00
Quentin Gliech
50825ce660 Box the repository everywhere 2023-01-20 17:53:04 +01:00
Quentin Gliech
34136a2a97 handlers: extract the PgRepository from the request 
Also fix a bunch of clippy errors & doctests
 2023-01-18 18:22:13 +01:00
Quentin Gliech
2265327bac handlers: box the rng and clock, and extract it from the state 2023-01-18 17:49:59 +01:00
Quentin Gliech
eb4ce7e7f0 Split the storage trait from the implementation 2023-01-18 10:38:22 +01:00
Quentin Gliech
2d781d32ec storage: wrap the postgres repository in a struct 2023-01-13 18:03:37 +01:00
Quentin Gliech
644eb61dd4 storage: oauth2 session repository 2023-01-05 16:44:56 +01:00
Quentin Gliech
94b6d31fe9 storage: OAuth2 client repository 2023-01-04 16:30:32 +01:00
Quentin Gliech
626a4dd1db policy: define custom errors and ditch anyhow 2022-12-08 15:29:15 +01:00
Quentin Gliech
4f9da0b8ed handlers: remove most usage of anyhow 2022-12-08 15:29:15 +01:00
Quentin Gliech
a9ac88f73f Generate a random secret on client registration 2022-11-02 18:59:00 +01:00
Quentin Gliech
394907d744 Disallow Ulid generation without explicit timestamp and rng 2022-11-02 18:59:00 +01:00
Quentin Gliech
9ad66ed94d Database refactoring 2022-11-02 18:59:00 +01:00
Kévin Commaille
df47791e7c Add variants for unknown values on mas-iana types 
Remove the Copy derive and mark enums as non-exhaustive.
 2022-09-28 13:43:39 +02:00
Kévin Commaille
efc6606960 Use ResponseType that doesn't care about tokens order 2022-09-13 15:15:30 +02:00
Quentin Gliech
8e549387cb Upgrade axum to 0.6.0-rc.1 2022-09-06 13:11:54 +02:00
Kévin Commaille
df81c3e665 Use an enum for client error codes 
Replace the ClientError constants with From<ClientErrorCode>.
 2022-09-01 17:59:37 +02:00
Kévin Commaille
3d9608ca82 Allow to validate client metadata 
According to OpenID Connect Dynamic Client Registration Spec 1.0.
Introduce VerifiedClientMetadata.
 2022-08-19 13:58:43 +02:00
Quentin Gliech
c1adcd6690 Enable the clippy::str_to_string lint 2022-08-08 10:06:20 +02:00
Hugh Nimmo-Smith
f35228de5f Return reason for invalid_client_metadata in HTTP response (#298) 2022-07-08 21:11:54 +00:00
Quentin Gliech
acfec5beac Switch the policies to a violation list based approach 
This allows policies to give proper feedback on form fields
 2022-06-03 13:37:20 +02:00
Quentin Gliech
9afec75dc8 Embed the default policy in the binary 2022-06-03 13:37:20 +02:00
Quentin Gliech
0625384042 Support for applying OPA policies during client registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
78e0a3747f Check some metadata on client registration 2022-04-21 13:34:07 +02:00
Quentin Gliech
a66888e363 Support signed userinfo responses 2022-04-21 11:49:49 +02:00
Quentin Gliech
5bd9c896b0 Simple dynamic client registration 2022-04-19 12:23:19 +02:00