letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
3,723 Commits 2 Branches 1 Tag
ec552bd40370dce93eb91a4dd53831300a40c242
Commit Graph

122 Commits

Author SHA1 Message Date
reivilibre
163b9e8849 Add pre-migration checks to syn2mas (#3805) 
This matches or exceeds `advisor.mts` from the old tool.

Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 18:01:46 +00:00
Quentin Gliech
ea6b80c5ac Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Mathieu Velten
33e1cdbf16 Allow response_mode to be null and if so do not add the query param (#3700) 2024-12-18 18:18:39 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
Quentin Gliech
2903ff5e7a Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
f832666a86 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Quentin Gliech
ec28c30e3c Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
dddd9fe998 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
Quentin Gliech
34ab23d97c Better error when the email addresses in the config are invalid 2024-10-22 16:19:43 +02:00
Quentin Gliech
9a946c19e7 Remove (C) 2024-09-10 14:28:55 +02:00
Quentin Gliech
9da19e2af0 License headers change 2024-09-05 13:25:42 +02:00
reivilibre
ca05566e82 Add rate-limiting for account recovery and registration (#3093) 
* Add rate-limiting for account recovery and registration

* Rename login ratelimiter `per_address` to `per_ip` for consistency

Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-08-07 17:57:36 +00:00
reivilibre
8f0d7800ff Add configuration for rate-limiting of logins, replacing hardcoded limits (#3090) 2024-08-07 18:36:02 +01:00
Quentin Gliech
58b673d54d Disallow OAuth 2.0 use of the GraphQL API by default 2024-08-07 18:09:51 +02:00
Quentin Gliech
a8cf8c519a Move the account-related options out of experimental 2024-08-01 14:50:21 +02:00
Quentin Gliech
c8b4a17a55 config: allow serving the admin API routes 2024-07-26 11:36:55 +02:00
reivilibre
a4891fa9ef Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Christian Tramnitz
b52342cee5 Fix RFC1918 network in default proxy configuration (#2908) 2024-07-05 08:22:39 +00:00
Quentin Gliech
65c416ff2e New config options to set the database certificates 2024-07-05 09:54:18 +02:00
Quentin Gliech
041c74e7b2 Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Olivier 'reivilibre
d0a18ab322 Use Reverse() helper instead of sorting then reversing 2024-05-16 16:39:57 +02:00
Quentin Gliech
5e1e27f7ea hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
608daa9ac2 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
764069b6bc Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
3e450b50f0 Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
9c22a39c0e Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
Quentin Gliech
f82ad8c0e6 Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
2d9157986e Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
4674db94f4 Simplify ConfigurationSection trait & skip default values when serializing 
This removes the `test` and `generate` methods from the
`ConfigurationSection` trait, as they did not really had a reason to
exist in the trait itself.
 2024-03-22 13:33:09 +01:00
Quentin Gliech
ff1267eefd Flatten the upstream_oauth2 config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
5eadd1ffbd Flatten the telemetry config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
4fd2bc8000 Flatten the secrets config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
8d41352a1b Clean up the default policy config data 2024-03-22 13:33:09 +01:00
Quentin Gliech
0e7e2e7089 Flatten the passwords config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
0f0dff8c1a Flatten the http config 
Also properly remove the `spa` resource
 2024-03-22 13:33:09 +01:00
Quentin Gliech
fedf41fe38 Flatten the email config 2024-03-22 13:33:09 +01:00
Quentin Gliech
8eff88e9e8 Flatten the database config 2024-03-22 13:33:09 +01:00
Quentin Gliech
f61bdbba72 Flatten the clients config 2024-03-22 13:33:09 +01:00
Quentin Gliech
3ef31bee37 Move the sub-configuration path to an associated constant 2024-03-22 13:33:09 +01:00
Quentin Gliech
85f6311f74 Load the configuration from a common Figment instance 
This should avoid loading the same files multiple times.
It should also make it easier to do post-processing on the
configuration, like validation.

This does deprecate one undocumented feature: the ability to override
some fields during the configuration generation using environment
variables.
 2024-03-22 13:33:09 +01:00
Quentin Gliech
771b6a2f8b Upgrade OTEL and remove support for Jaeger and Zipkin exporters 2024-03-18 17:26:40 +01:00
Quentin Gliech
1627fc6945 Upgrade chrono and replace deprecated methods usage 2024-03-18 17:26:40 +01:00
Quentin Gliech
2e0c72811e Automatically sync the configuration on server startup 2024-03-01 18:14:05 +01:00
Quentin Gliech
f567586d23 Append additional parameters to the OAuth2 authorize endpoint 2024-03-01 14:36:37 +01:00
Quentin Gliech
dd15135915 Load the additional OAuth parameters from the config 2024-03-01 14:36:37 +01:00
Quentin Gliech
b49eadf418 Upgrade rustls 2024-02-02 11:45:20 +01:00
Quentin Gliech
253495e8bd Upgrade clippy lints to 1.74.0 & fix warnings 2023-12-05 17:20:42 +01:00
Quentin Gliech
36a793b971 Make the claims_imports optional in the config 2023-11-22 15:13:28 +01:00