letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
e54664ad6f8c7455954123447573cf33594a7982
Commit Graph

56 Commits

Author SHA1 Message Date
Quentin Gliech
e54664ad6f Upgrade schemars to 0.9 2025-06-12 15:48:24 +02:00
Michael Telatynski
44913a94a6 delint 2025-05-28 14:57:51 +01:00
Michael Telatynski
4db990e998 Add tests 2025-05-28 14:53:19 +01:00
Michael Telatynski
1c2ad83838 Fix client_registration URI regex not accepting full query string grammar 2025-05-13 11:28:56 +01:00
Michael Telatynski
97aa4575d0 Move the test 2025-05-08 08:41:26 +01:00
Michael Telatynski
8c6d934cb9 Allow non-default https port 2025-05-08 08:39:37 +01:00
Michael Telatynski
4a875947ef opa fmt 2025-05-07 18:52:01 +01:00
Michael Telatynski
b0bbc3bae1 Fix MSC2966 compliance around redirect_uri validity 
Fixes https://github.com/element-hq/matrix-authentication-service/issues/4528
 2025-05-07 18:49:52 +01:00
Quentin Gliech
ee25f5a937 Allow banning/alllowing usernames patterns during registration 2025-03-03 10:31:14 +01:00
Quentin Gliech
430eed25dd Update OPA and Regal to their latest versions 2025-02-18 11:48:44 +01:00
Quentin Gliech
993342ef58 Match suffixes and prefixes in string constraints 2025-02-17 16:40:10 +01:00
Quentin Gliech
ad4f1eaa78 Built-in support for banning IPs, user agents and email patterns 2025-02-17 15:34:46 +01:00
Quentin Gliech
3a4aba049c Expose the user agent string to the policy execution context 2025-02-17 11:51:26 +01:00
Quentin Gliech
b1b7bf5725 Allow banning registrations by IP address 2025-02-17 10:18:11 +01:00
Quentin Gliech
fa85d60652 Remove the unused password input schema 2025-02-17 10:17:30 +01:00
Quentin Gliech
a51ab2fb5c Propagate more specific error messages from the policy on registration 
This makes some policy errors translatable
 2025-01-06 10:15:08 +01:00
Quentin Gliech
1e3d838c99 Allow longer & shorter usernames, complying with the MXID length spec 2025-01-06 10:15:08 +01:00
Quentin Gliech
1aa7762027 Setup Regal to lint policies and clean them up 2024-12-19 11:08:57 +01:00
Quentin Gliech
0e465f4904 Remove the contacts requirement from the client registration policy 2024-09-20 20:39:04 +02:00
reivilibre
fbd57ad51a Remove OPA-based password policy enforcement (#2875) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-07-16 14:33:04 +01:00
Quentin Gliech
f93f6dffc3 Bump OPA 2024-05-07 07:32:02 +02:00
Quentin Gliech
942c05cb1f Remove the invalid characters OPA policy tests 2024-05-03 16:56:56 +02:00
Quentin Gliech
7998d30ba8 Allow more characters in device IDs 2024-05-03 16:56:56 +02:00
Alex Babel
39f97396a7 Increase allowed username length to 64 in the default policy (#2471) 2024-03-18 10:58:21 +00:00
Quentin Gliech
34ce0f3e37 Move schemars to workspace dependencies 
Also enables the `preserve_order` feature, hence the big schema output diff.
 2024-03-01 14:36:37 +01:00
Andrew Ferrazzutti
026840d36d Add Podman support to policies Makefile 2024-02-29 17:50:38 +01:00
Quentin Gliech
ef874b18fb Update generated files 2024-02-02 18:01:51 +01:00
Quentin Gliech
34f3d446b3 Make the device code grants go through the policy engine 2024-02-02 18:01:51 +01:00
Quentin Gliech
ba7dc7e44c Bump Open Policy Agent version to 0.59.0 2023-11-30 17:59:24 +01:00
Quentin Gliech
28a07adf8e dockerfile: bump rust, opa, nodejs and debian version 2023-11-14 13:41:10 +01:00
Quentin Gliech
92d2a18afb "Can request admin" flag on user 2023-10-09 18:52:30 +02:00
Quentin Gliech
c1cbde5ee1 fixup! policies: allow subdomains for the various URIs 2023-09-18 11:57:50 +02:00
Quentin Gliech
13b344a0ee policies: allow subdomains for the various URIs 2023-09-18 11:57:50 +02:00
Quentin Gliech
5ec7e7ef05 Suggestion from code review 
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
 2023-09-06 09:35:34 +02:00
Quentin Gliech
b0c9e02b26 policy: only require redirect_uris for the authorization_code and implicit grants 2023-09-06 09:35:34 +02:00
Quentin Gliech
a53040b94b Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
03a4d56415 policy: prepare for the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech
b9fae6fe0f Allow HTTPS redirectors for native apps 2023-08-31 14:20:21 +02:00
Quentin Gliech
38eacbebc1 Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech
86d40b0345 Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech
3c33923d2c policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech
ea7299a14a Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00
Quentin Gliech
49e82d491b policies: test for the new GraphQL/MAS scopes 2023-08-11 14:56:21 +02:00
Quentin Gliech
64b9198315 Make the GraphQL interface accessible for OAuth clients 2023-08-11 14:56:21 +02:00
Quentin Gliech
fa824dbb76 Bump rustc, nodejs, opa, etc. 2023-07-17 19:54:49 +02:00
Quentin Gliech
be837a54e3 Bump Rust dependencies 2023-06-14 12:02:16 +02:00
Quentin Gliech
3ea8668e39 Bump the OTEL crates to 0.19.0 (#1132) 
* Bump the OTEL crates to 0.19.0

Also pins a bunch of versions in the Dockerfile and fixes the docker build in CI
 2023-04-24 17:10:55 +00:00
Quentin Gliech
8e485c397d Upgrade rustc (and clippy) to 1.67.0 2023-02-01 10:37:04 +01:00
Quentin Gliech
643c53f241 Upgrade Rust, OPA, Node in CI and Docker image 2022-12-16 18:16:18 +01:00
Quentin Gliech
44d397b54c Do not embed the WASM-compiled policies in the binary 2022-11-18 22:37:55 +01:00