dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-05-20 00:45:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,062 Commits 93 Branches 88 Tags
2f94de202cc00450b49a41d9f97040f069955686
Commit Graph

64 Commits

Author SHA1 Message Date
Quentin Gliech e4844968d3 Add a configuration option to make email optional for password registration 2025-10-07 17:28:01 +02:00
Quentin Gliech 4bccafa69f Allow more characters in redirect URI paths (#4975) 2025-09-12 14:51:36 +02:00
Quentin Gliech 80825d28ce Fix reference to the regal image 2025-09-12 10:58:55 +02:00
Quentin Gliech a5e75541ef Upgrade OPA and regal to latest versions 2025-09-12 10:52:39 +02:00
Andrew Ferrazzutti d49ff70640 Don't mistakenly invoke a regex range expression 2025-09-03 12:56:21 -04:00
Andrew Ferrazzutti cf9d7052c7 Allow more characters in redirect URI paths 
Allow all unreserved characters permitted in URI paths according to
https://www.rfc-editor.org/rfc/rfc3986#section-3.3
 2025-09-03 11:29:49 -04:00
Quentin Gliech 7e018a06aa Merge remote-tracking branch 'origin/main' into quenting/stable-api 2025-08-04 16:38:49 +02:00
Quentin Gliech 64f5bba26d Allow the stable scope in the policy 2025-06-13 15:55:22 +02:00
Quentin Gliech c3707c13ae Add license headers in most files that missed them 2025-06-12 11:01:07 +02:00
Michael Telatynski 6ecc150def delint 2025-05-28 14:57:51 +01:00
Michael Telatynski 2685133410 Add tests 2025-05-28 14:53:19 +01:00
Michael Telatynski e64cd84081 Fix client_registration URI regex not accepting full query string grammar 2025-05-13 11:28:56 +01:00
Michael Telatynski ba986d36f9 Move the test 2025-05-08 08:41:26 +01:00
Michael Telatynski e5a2debd4c Allow non-default https port 2025-05-08 08:39:37 +01:00
Michael Telatynski ccdbf69e5f opa fmt 2025-05-07 18:52:01 +01:00
Michael Telatynski 5ec9bfc7fa Fix MSC2966 compliance around redirect_uri validity 
Fixes https://github.com/element-hq/matrix-authentication-service/issues/4528
 2025-05-07 18:49:52 +01:00
Quentin Gliech d40fdbd995 Allow banning/alllowing usernames patterns during registration 2025-03-03 10:31:14 +01:00
Quentin Gliech 7c09b4510b Update OPA and Regal to their latest versions 2025-02-18 11:48:44 +01:00
Quentin Gliech 0ab0f13c7c Match suffixes and prefixes in string constraints 2025-02-17 16:40:10 +01:00
Quentin Gliech af569d9642 Built-in support for banning IPs, user agents and email patterns 2025-02-17 15:34:46 +01:00
Quentin Gliech 0eb6638e41 Expose the user agent string to the policy execution context 2025-02-17 11:51:26 +01:00
Quentin Gliech aa6436aa1a Allow banning registrations by IP address 2025-02-17 10:18:11 +01:00
Quentin Gliech 67468ca0bc Remove the unused password input schema 2025-02-17 10:17:30 +01:00
Quentin Gliech d16049524b Propagate more specific error messages from the policy on registration 
This makes some policy errors translatable
 2025-01-06 10:15:08 +01:00
Quentin Gliech 2820794c8d Allow longer & shorter usernames, complying with the MXID length spec 2025-01-06 10:15:08 +01:00
Quentin Gliech 881c6df5cc Setup Regal to lint policies and clean them up 2024-12-19 11:08:57 +01:00
Quentin Gliech 4ccce4de46 Remove the contacts requirement from the client registration policy 2024-09-20 20:39:04 +02:00
reivilibre 1afd2a2906 Remove OPA-based password policy enforcement (#2875) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-07-16 14:33:04 +01:00
Quentin Gliech fbb8044dbd Bump OPA 2024-05-07 07:32:02 +02:00
Quentin Gliech 3ea24dc8e5 Remove the invalid characters OPA policy tests 2024-05-03 16:56:56 +02:00
Quentin Gliech 6db50f098d Allow more characters in device IDs 2024-05-03 16:56:56 +02:00
Alex Babel 5d85d0fb65 Increase allowed username length to 64 in the default policy (#2471) 2024-03-18 10:58:21 +00:00
Quentin Gliech 46c565cc89 Move schemars to workspace dependencies 
Also enables the `preserve_order` feature, hence the big schema output diff.
 2024-03-01 14:36:37 +01:00
Andrew Ferrazzutti d5e1127c32 Add Podman support to policies Makefile 2024-02-29 17:50:38 +01:00
Quentin Gliech 04f70aa168 Update generated files 2024-02-02 18:01:51 +01:00
Quentin Gliech 1c62543220 Make the device code grants go through the policy engine 2024-02-02 18:01:51 +01:00
Quentin Gliech 5b272dff08 Bump Open Policy Agent version to 0.59.0 2023-11-30 17:59:24 +01:00
Quentin Gliech 974405c7c3 dockerfile: bump rust, opa, nodejs and debian version 2023-11-14 13:41:10 +01:00
Quentin Gliech 3cb8a26d95 "Can request admin" flag on user 2023-10-09 18:52:30 +02:00
Quentin Gliech 6ce216e611 fixup! policies: allow subdomains for the various URIs 2023-09-18 11:57:50 +02:00
Quentin Gliech bdc375fc6b policies: allow subdomains for the various URIs 2023-09-18 11:57:50 +02:00
Quentin Gliech 86c425eaf3 Suggestion from code review 
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
 2023-09-06 09:35:34 +02:00
Quentin Gliech d16b880267 policy: only require redirect_uris for the authorization_code and implicit grants 2023-09-06 09:35:34 +02:00
Quentin Gliech 542d0a6073 Implement the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech 8658a3400d policy: prepare for the client credentials grant 2023-09-06 09:35:34 +02:00
Quentin Gliech 45e3fb045d Allow HTTPS redirectors for native apps 2023-08-31 14:20:21 +02:00
Quentin Gliech 23571e87ea Run the registration policy on upstream OAuth registration 2023-08-30 19:39:39 +02:00
Quentin Gliech 7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech 23151ef092 policies: split the email & password policies and add jsonschema validation of the input 2023-08-30 19:39:39 +02:00
Quentin Gliech 17e28f56c1 Upgrade Rust to 1.72.0 
Fixes new clippy errors and upgrade other tools
 2023-08-28 18:05:56 +02:00