letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
497 Commits 2 Branches 1 Tag
bfbdb9efe4fdb11200e8c8cc2ca92c593ff9fa50
Commit Graph

497 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Quentin Gliech
bfbdb9efe4 Run OPA policies during registration 2022-06-03 13:37:20 +02:00
Quentin Gliech
25a1285e98 Generate spans for policy evaluations 2022-06-03 13:37:20 +02:00
Quentin Gliech
e5cac2dcac opa fmt 2022-06-03 13:37:20 +02:00
Quentin Gliech
420647ae65 Add OPA policies tests 2022-06-03 13:37:20 +02:00
Quentin Gliech
0625384042 Support for applying OPA policies during client registration 2022-06-03 13:37:20 +02:00
dependabot[bot]
37e8037edb Bump serde_with from 1.13.0 to 1.14.0 
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:41 +02:00
dependabot[bot]
4bb24a6405 Bump hyper from 0.14.18 to 0.14.19 
Bumps [hyper](https://github.com/hyperium/hyper) from 0.14.18 to 0.14.19.
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper/compare/v0.14.18...v0.14.19)

---
updated-dependencies:
- dependency-name: hyper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:30 +02:00
dependabot[bot]
5aec3e3f90 Bump cssnano from 5.1.9 to 5.1.10 in /crates/static-files 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.1.9 to 5.1.10.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.1.9...cssnano@5.1.10)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:19 +02:00
dependabot[bot]
026281e8e4 Bump actions/cache from 3.0.2 to 3.0.3 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-02 16:29:10 +02:00
Quentin Gliech
966d2ecff5 Add an email field in the registration form 2022-06-02 16:18:55 +02:00
Quentin Gliech
d6ccab96df Update sqlx-data.json 2022-06-02 16:18:55 +02:00
Quentin Gliech
f3f96058b8 Make email verification mandatory 2022-06-02 16:18:55 +02:00
Quentin Gliech
4459c04f6d Switch email verification to a code-based flow 2022-06-02 16:18:55 +02:00
Hugh Nimmo-Smith
e53d899e99 Implementation of MSC3824 actions for compat (#221) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2022-05-31 09:49:52 +00:00
dependabot[bot]
b8970ad976 Bump once_cell from 1.11.0 to 1.12.0 
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 22:46:53 +02:00
dependabot[bot]
444311b0d5 Bump http-body from 0.4.4 to 0.4.5 
Bumps [http-body](https://github.com/hyperium/http-body) from 0.4.4 to 0.4.5.
- [Release notes](https://github.com/hyperium/http-body/releases)
- [Changelog](https://github.com/hyperium/http-body/blob/v0.4.5/CHANGELOG.md)
- [Commits](https://github.com/hyperium/http-body/compare/v0.4.4...v0.4.5)

---
updated-dependencies:
- dependency-name: http-body
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 22:01:21 +02:00
dependabot[bot]
10ad400dbb Bump cssnano from 5.1.8 to 5.1.9 in /crates/static-files 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.1.8 to 5.1.9.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.1.8...cssnano@5.1.9)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 21:43:05 +02:00
Quentin Gliech
bca382ffdf Have a better error on registration if the username is already taken 2022-05-23 14:36:38 +02:00
dependabot[bot]
d5d9e73100 Bump once_cell from 1.10.0 to 1.11.0 
Bumps [once_cell](https://github.com/matklad/once_cell) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/matklad/once_cell/releases)
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](https://github.com/matklad/once_cell/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-23 10:42:52 +02:00
Quentin Gliech
8c1762bc20 Advertise m.login.token as compat login method 2022-05-23 10:42:25 +02:00
Quentin Gliech
15913d46c5 Make the sign out buttons keep the current action context 2022-05-23 10:42:25 +02:00
Quentin Gliech
10e85306b7 Check timings when validating an SSO login 
- exchanging a token twice should not work
 - exchanging a token more than 30s after its fullfillment should not
   work
 - exchanging a pending token should not work
 - fullfilling a login more than 30min after its creation should not
   work
 - also have better errors in some cases
 2022-05-23 10:42:25 +02:00
Quentin Gliech
3ac7633140 Perform some checks on the redirectUrl 2022-05-23 10:42:25 +02:00
Quentin Gliech
eb08e3f1b6 Have a consent screen before continuing the SSO login 2022-05-23 10:42:25 +02:00
Quentin Gliech
9a989edd79 Legacy login via m.login.sso 2022-05-23 10:42:25 +02:00
Quentin Gliech
27724591f4 Upgrade AWS crates 2022-05-19 10:23:40 +02:00
dependabot[bot]
8b8ba082d7 Bump axum-extra from 0.3.2 to 0.3.3 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.3.2 to 0.3.3.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.3.2...axum-extra-v0.3.3)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 10:22:57 +02:00
Quentin Gliech
3b2eca9e39 Handle legacy /refresh 2022-05-19 10:17:49 +02:00
Quentin Gliech
e7e8212ffc Handle legacy token expiration & refresh tokens 2022-05-19 10:17:49 +02:00
Quentin Gliech
ac95e35a7a Better data-model for compat sessions & devices 2022-05-19 10:17:49 +02:00
Quentin Gliech
8cbaee399a Prepare the storage layer for legacy refresh tkoens 2022-05-19 10:17:49 +02:00
Quentin Gliech
ee89ed8de2 Split compat and api routers 2022-05-19 10:17:49 +02:00
Quentin Gliech
85b05f5ede Appease cargo fmt 2022-05-19 10:17:49 +02:00
Quentin Gliech
fb051eb2f4 Handle legacy /logout 2022-05-19 10:17:49 +02:00
Quentin Gliech
a4ee085664 Working legacy login endpoint 2022-05-19 10:17:49 +02:00
Quentin Gliech
f27954375a WIP: Handle /login 2022-05-19 10:17:49 +02:00
dependabot[bot]
3214c673ae Bump postcss from 8.4.13 to 8.4.14 in /crates/static-files 
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.13 to 8.4.14.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.13...8.4.14)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 09:42:53 +02:00
dependabot[bot]
91add3d133 Bump @tailwindcss/forms from 0.5.1 to 0.5.2 in /crates/static-files 
Bumps [@tailwindcss/forms](https://github.com/tailwindlabs/tailwindcss-forms) from 0.5.1 to 0.5.2.
- [Release notes](https://github.com/tailwindlabs/tailwindcss-forms/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss-forms/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss-forms/compare/v0.5.1...v0.5.2)

---
updated-dependencies:
- dependency-name: "@tailwindcss/forms"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 09:02:53 +02:00
dependabot[bot]
a553f72d19 Bump rustls from 0.20.5 to 0.20.6 
Bumps [rustls](https://github.com/rustls/rustls) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.20.5...v/0.20.6)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 09:02:46 +02:00
dependabot[bot]
7b91a88a0b Bump axum-macros from 0.2.1 to 0.2.2 
Bumps [axum-macros](https://github.com/tokio-rs/axum) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.2.1...axum-macros-v0.2.2)

---
updated-dependencies:
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 09:02:17 +02:00
dependabot[bot]
347eed27da Bump rustls from 0.20.4 to 0.20.5 
Bumps [rustls](https://github.com/rustls/rustls) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.20.4...v/0.20.5)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-18 09:47:05 +02:00
dependabot[bot]
5af84d7c6d Bump schemars from 0.8.9 to 0.8.10 
Bumps [schemars](https://github.com/GREsau/schemars) from 0.8.9 to 0.8.10.
- [Release notes](https://github.com/GREsau/schemars/releases)
- [Changelog](https://github.com/GREsau/schemars/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GREsau/schemars/compare/v0.8.9...v0.8.10)

---
updated-dependencies:
- dependency-name: schemars
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-18 09:46:58 +02:00
dependabot[bot]
0127d18d7a Bump cssnano from 5.1.7 to 5.1.8 in /crates/static-files 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 5.1.7 to 5.1.8.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/cssnano@5.1.7...cssnano@5.1.8)

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-18 09:46:22 +02:00
dependabot[bot]
1f9439e264 Bump schemars from 0.8.8 to 0.8.9 
Bumps [schemars](https://github.com/GREsau/schemars) from 0.8.8 to 0.8.9.
- [Release notes](https://github.com/GREsau/schemars/releases)
- [Changelog](https://github.com/GREsau/schemars/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GREsau/schemars/compare/v0.8.8...v0.8.9)

---
updated-dependencies:
- dependency-name: schemars
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-17 17:45:04 +02:00
dependabot[bot]
b6cfd41949 Bump axum from 0.5.5 to 0.5.6 
Bumps [axum](https://github.com/tokio-rs/axum) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.5.5...axum-v0.5.6)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-17 17:42:34 +02:00
dependabot[bot]
e1a8cbee41 Bump axum-extra from 0.3.1 to 0.3.2 
Bumps [axum-extra](https://github.com/tokio-rs/axum) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.3.1...axum-extra-v0.3.2)

---
updated-dependencies:
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-17 17:05:26 +02:00
Quentin Gliech
7919502397 Add password change discovery 
See https://web.dev/change-password-url/
 2022-05-12 15:06:37 +02:00
Quentin Gliech
c13f383252 Add autocomplete attributes to form fields 2022-05-12 14:59:53 +02:00
Quentin Gliech
92d3c00db0 Form error state overhaul 
This adds a new FormState structure here to hold the state of an errored
from, including retaining field value and better error codes.

It also adds error recovery for the registration form, and properly
loads the post_login_action context in case of errors.
 2022-05-12 13:35:58 +02:00
dependabot[bot]
50e48cbaf9 Bump clap from 3.1.17 to 3.1.18 
Bumps [clap](https://github.com/clap-rs/clap) from 3.1.17 to 3.1.18.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.1.17...v3.1.18)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-11 22:28:01 +02:00