62a4aba08b
Better error pages when a user is deactivated or locked
2025-03-11 17:35:13 +01:00
3d2b67a0b2
Upgrade to Rust 1.85 and edition 2024
2025-02-21 16:15:02 +01:00
7e6ab8ffc3
Disclose that email is already in use after verification
2025-01-23 18:18:19 +01:00
f50a386b10
Registration step to set a display name
2025-01-15 15:28:48 +01:00
f8517a5982
Implement email verification in the registration flow
2025-01-15 15:28:48 +01:00
0bedaf3745
Make the password registration create a user_registration
2025-01-14 16:30:44 +01:00
3da27afc91
Move the registration-related views into a sub-module
2025-01-14 16:30:44 +01:00
5f5fc44fbd
Job to send the new email authentication codes
2025-01-14 15:47:17 +01:00
0513f198d8
Rip out the email verification codes
...
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
2025-01-14 15:46:45 +01:00
1f83b39313
Remove the dedicated page to add an email address
2025-01-14 15:46:39 +01:00
342eaefa81
Split the base registration page with local password registration
2025-01-07 11:49:01 +01:00
d16049524b
Propagate more specific error messages from the policy on registration
...
This makes some policy errors translatable
2025-01-06 10:15:08 +01:00
af1282b510
Allow response_mode to be null and if so do not add the query param ( #3700 )
2024-12-18 18:18:39 +01:00
a97d2daa3d
Make the issue optional on upstream OAuth 2.0 providers
2024-12-17 13:40:34 +01:00
80903ed629
Add id_token_signed_response_alg and userinfo_signed_response_alg ( #3664 )
2024-12-17 11:54:16 +01:00
2e3b8bdd86
Allow setting an explicit upstream account name ( #3600 )
2024-11-29 12:30:18 +01:00
7296364cd3
Avoid using SameSite=None by re-submitting incoming form data
2024-11-22 08:48:00 +01:00
80fbaaa41c
More format
...
For some reason my cargo disagrees with the use line
2024-11-18 11:42:43 +01:00
32eb5499b9
clippy 📎
2024-11-18 11:42:43 +01:00
edc4604a6c
cargo fmt
2024-11-18 11:42:43 +01:00
c017dd0840
Implement login_hint
2024-11-18 11:42:43 +01:00
4b7aff6049
Enable better minijinja compatibility with the Python implementation
2024-10-28 14:59:36 +01:00
ed4b6c42a7
Remove (C)
2024-09-10 14:28:55 +02:00
f6bb100c0a
License headers change
2024-09-05 13:25:42 +02:00
5d4a4a6fb8
Add rate-limiting for account recovery and registration ( #3093 )
...
* Add rate-limiting for account recovery and registration
* Rename login ratelimiter `per_address` to `per_ip` for consistency
Co-authored-by: Quentin Gliech <quenting@element.io >
2024-08-07 17:57:36 +00:00
3f947025e2
Host a Swagger UI both in the static documentation and by the server
2024-08-01 15:17:14 +02:00
e25c170403
Rate-limit password-based login attempts
2024-07-26 13:56:45 +02:00
e937ea8fa8
Rework assets loading to fix splitting CSS chunks
2024-07-25 12:59:29 +02:00
756f2c01f8
Separate error page when the recovery link was already used
2024-06-28 15:59:21 +02:00
96df94104e
Show a proper 'link expired' page
2024-06-28 15:59:21 +02:00
f9f2f4a3be
Gate account recovery behing a configuration flag
2024-06-28 15:59:21 +02:00
09fca9fd75
Implement the password change form
2024-06-28 15:59:21 +02:00
2e4d868385
Recovery progress page
2024-06-28 15:59:21 +02:00
c156a3891e
Actually send emails for recovery
2024-06-28 15:59:21 +02:00
319c43abc5
Start recovery view
2024-06-28 15:59:21 +02:00
7c67630c95
Remove the old password change page ( #2874 )
2024-06-27 13:41:24 +01:00
359da66b88
Display a user-friendly error on CAPTCHA failures
2024-05-15 09:38:10 +02:00
0e270d5449
hCaptcha support
2024-05-15 09:38:10 +02:00
f9ae7ae313
Cloudflare Turnstile support
2024-05-15 09:38:10 +02:00
a3beeb2398
Render reCAPTCHA challenge on the registration form
2024-05-15 09:38:10 +02:00
353815bc6f
Skip the device code form when using the full verification URI
...
This changes the form to use a GET method, as it is only really doing
a redirect.
2024-05-07 12:19:10 +02:00
3567f7c445
Upgrade minijinja to 2.0.1
2024-05-02 14:04:14 +02:00
10d7ca95ae
Update copyright headers
2024-04-30 13:33:47 +02:00
aa2e2229bc
Finish moving the site config
2024-04-30 13:33:47 +02:00
58fd6ab4c1
Allow disabling registrations ( #2553 )
2024-04-03 09:27:14 +02:00
61a69f5af4
Upgrade chrono and replace deprecated methods usage
2024-03-18 17:26:40 +01:00
f3cbd3b315
Parse User Agents on the backend side ( #2388 )
...
* Parse user agents on the server side
* Parse and expose user agents on the backend
* Use the parsed user agent in the device consent page
* Fix the device icon tests
* Fix clippy warnings
* Box stuff to avoid large enum variants
* Ignore a clippy warning
* Fix the requester boxing
2024-02-23 16:47:48 +01:00
1c000a1fed
Make sure the locale fallback works as expected
...
- Also makes sure that the fallback runs in the backend and is then
picked up by the frontend
- and explicitely fallback zh-CN to zh-Hans
2024-02-19 11:43:36 +01:00
0beb842195
Make the user agree to T&C during registration
2024-02-07 17:21:22 +01:00
17e968f7cc
Record the user agent and IP in the device code grant
2024-02-02 18:01:51 +01:00
Quentin Gliech