dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-05-23 21:55:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,196 Commits 84 Branches 88 Tags
main
Commit Graph

477 Commits

Author SHA1 Message Date
Eric Eastwood 404a266b0e Merge branch 'main' into madlittlemods/max-session-threshold 2026-05-14 14:59:20 -05:00
Quentin Gliech aecb172209 Add oauth.device_code_grant_enabled configuration option (#5612) 2026-05-13 21:40:02 +02:00
Eric Eastwood ce3cfe73d9 Pass through max_session_threshold 2026-05-08 13:45:08 -05:00
Eric Eastwood 31f00df71b Add a bit more context for *what* bind address couldn't be parsed (#5637) 2026-05-07 10:32:03 -05:00
Eric Eastwood 8ab60954cf Rename option dangerous_hard_limit_eviction 2026-04-24 19:12:58 -05:00
Eric Eastwood 8d5cb566b1 Add context for what's bad 2026-04-14 15:07:47 -05:00
Eric Eastwood 93312fb97b Add tests for old vs recent 2026-04-09 21:36:39 -05:00
Eric Eastwood fcf6591588 Pass in session_limit to policy as BaseData 2026-04-09 11:01:53 -05:00
Eric Eastwood 8a3acae1ae Revert "Pass in session_limit_config directly to policy" 
This reverts commit 724e0cf5ca.
 2026-04-09 10:08:31 -05:00
Hugh Nimmo-Smith 53e6d05f40 Add oauth.device_code_grant_enabled configuration option 2026-04-07 11:13:56 +01:00
Eric Eastwood 724e0cf5ca Pass in session_limit_config directly to policy 
Revert changes from
https://github.com/element-hq/matrix-authentication-service/pull/5221. I
assume it was done that way as the "session_limit_config" doesn't change
after the server is created. But this makes downstream usage complicated as
you whenever you create `SiteConfig`, you also have to make sure to configure
whatever else is necessary.

Easier to just pass in `session_limit_config` as necessary whenever
we evaluate the policy
 2026-04-06 18:28:50 -05:00
Eric Eastwood 5532c0cda9 Better rustdoc links 2026-04-03 17:42:09 -05:00
Olivier 'reivilibre 5b7b4d61ec Schedule ProvisionUserJob after locking/unlocking user 2026-03-16 13:44:34 +00:00
Jason Robinson 6a786dccbc Add syn2mas flag to ignore missing auth providers 
Currently `syn2mas` will always error in the Synapse checks phase if it finds auth providers in the `user_external_ids` database table, that are not configured in Synapse config. While normally this the right thing to do, we may have situations where we know what we're doing, and want to ignore invalid looking data in the external identifiers table. If the flag is given, ignore errors and output them as warnings instead.
 2026-01-26 14:57:31 +02:00
Hugh Nimmo-Smith dcac8dc62a Support for stable MSC3824 names 2025-12-19 18:13:01 +00:00
Quentin Gliech 792022ee18 Only serve pre-compressed gzip and brotli files 2025-12-18 14:39:58 +01:00
Quentin Gliech 78c1ccae80 Merge remote-tracking branch 'origin/main' into quenting/process-metrics 2025-12-16 13:23:10 +01:00
Quentin Gliech 4a28094705 Switch to opentelemetry-instrumentation-tokio crate for Tokio instrumentation 2025-12-15 12:17:31 +01:00
Quentin Gliech 13b3a36983 Expose process metrics on Linux 2025-12-10 16:45:48 +01:00
Quentin Gliech f6051fdbd9 Better lock and handle missing and modified migrations 
This rewrites the database migration code to:

 - avoid deadlocks when running multiple migration processes at the same
   time with a `CREATE INDEX CONCURRENTLY` statement
 - allow us to remove some migrations from the code base and mark them as
   intentionally removed
 - allow us to modify some migrations and declare alternate checksums
   for previous versions of the migration
 2025-12-04 14:44:16 +01:00
Quentin Gliech c09898c9f5 Merge remote-tracking branch 'origin/main' into quenting/upstream-oauth/skip-interactive 2025-12-03 10:48:31 +01:00
Quentin Gliech ee4d1304ab Add more options to deal with localpart conflicts on upstream OAuth 2.0 logins (#5295) 2025-12-03 10:39:05 +01:00
Quentin Gliech df14076dd0 Merge branch 'quenting/upstream-oauth/better-conflict-options' into quenting/upstream-oauth/skip-interactive 2025-11-28 18:08:09 +01:00
Quentin Gliech 47d411f641 Option to skip confirmation when registering through an upstream OAuth provider 2025-11-28 15:51:43 +01:00
Quentin Gliech ffb86f6558 Add more options to deal with localpart conflicts on upstream OAuth 2.0 logins 2025-11-28 10:53:28 +01:00
Olivier 'reivilibre f670577feb Expose the compat login policy from the policy engine 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre 0c8017fc80 Add experimental and preliminary policy-driven session limiting when logging in OAuth 2 sessions. (#5221) 2025-11-25 15:24:02 +00:00
reivilibre 4753aa811b templates check: Add --stabilise flag to make renders reproducible (#5214) 2025-11-24 16:16:11 +00:00
Quentin Gliech 4bdf34719d Add upstream_oauth2.providers.[].client_secret_file config option (#4882) 2025-11-18 11:29:21 +01:00
Olivier 'reivilibre 16f443eba0 Merge branch 'main' into rei/policy_driven_session_limit 2025-11-13 15:54:48 +00:00
networkException b5a0834faa Add upstream_oauth2.providers.[].client_secret_file config option 
This patch factors out the previously introduced config
wrapper for client secrets to also use it for upstream oauth
providers.

See a7e7c3caa1
 2025-11-08 16:10:19 +01:00
Quentin Gliech eeb5d61fe0 Don't extract the parent context if the span is disabled 2025-11-07 13:37:26 +01:00
Quentin Gliech 2a3ea458b3 Fix spurious "Failed to set parent context on span" error 
This would happen when the `info` log level is surpressed, and therefore
the request span would not be enabled and fail to set the parent OTEL
context.
 2025-11-07 11:34:42 +01:00
Olivier 'reivilibre 37e5969374 Use less zero-y timestamp 2025-11-06 15:36:52 +00:00
Olivier 'reivilibre a73d655351 Add session limit config to policy data 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre 87c897c51a Add configuration for session limiting 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre 09dd5e6d83 Stub out the vite manifest when stabilising template renders 2025-10-30 16:33:50 +00:00
Olivier 'reivilibre d3cabf4a4b cli: templates check: add option to --stabilise date and RNG 2025-10-30 15:14:49 +00:00
Olivier 'reivilibre f633e4251e Merge branch 'main' into rei/templatecheck_todisk 2025-10-30 13:52:33 +00:00
Olivier 'reivilibre e5183f600b Fix comment and change delimiter to = 2025-10-30 13:51:33 +00:00
Olivier 'reivilibre 16ec04eb95 Change the format of SampleIdentifiers and don't make a subdir per locale 2025-10-30 12:06:09 +00:00
Olivier 'reivilibre eeeec358c7 Downgrade to SemiStrict in production 2025-10-28 17:20:49 +00:00
Olivier 'reivilibre 7a24a22498 Introduce SampleIdentifiers to stably track samples 
and use these in output filenames
 2025-10-24 17:14:00 +01:00
Olivier 'reivilibre 763e236a0b cli: templates check: allow rendering to --out-dir 2025-10-24 15:43:19 +01:00
Quentin Gliech f0ac252fd3 Always initialize OpenTelemetry even if no exporter is configured 2025-10-09 16:28:35 +02:00
Quentin Gliech cf18ffe7eb build(deps): bump the opentelemetry group with 2 updates (#5074) 2025-10-08 11:20:10 +02:00
Quentin Gliech acb5290326 Adapt to the new tracing-opentelemetry API 2025-10-08 11:12:30 +02:00
Quentin Gliech e4844968d3 Add a configuration option to make email optional for password registration 2025-10-07 17:28:01 +02:00
Quentin Gliech 377ef1d390 Inject the version in the app state 2025-10-03 11:41:22 +02:00
Quentin Gliech ad7fedf6ff Adapt most code to use the new edges and cursors 2025-09-29 15:08:46 +02:00