dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-04-25 17:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,858 Commits 87 Branches 85 Tags
40cb052d1f4ff667b6c0aedfb6bdbf7dc9447e62
Commit Graph

93 Commits

Author SHA1 Message Date
Quentin Gliech
40cb052d1f Allow applying unicode normalisation to passwords before hashing 2025-05-30 15:42:32 +02:00
Quentin Gliech
632904a7ae Make the default scope on upstream providers config openid 2025-05-07 15:34:30 +02:00
Doug
0d1caae379 Update the login schema docs. 2025-05-07 10:21:40 +01:00
Doug
6d29ebb5e7 Generate the schema (which fixes a typo amongst other things 🤦‍♂️) 2025-05-06 18:03:53 +01:00
Doug
096ce6037d Add a configuration for forwarding the login hint to the upstream provider. 2025-05-06 17:50:33 +01:00
Quentin Gliech
9cfecaf5db Insert client_name when upserting statically registered clients (#4417) 2025-04-30 11:50:49 +02:00
Quentin Gliech
aef5dca40d Move the synapse_idp_id field to the top of the provider section 
This means that when serializing those, it will be at a more obvious place.
 2025-04-18 18:25:46 +02:00
Quentin Gliech
b58ad863c5 Make a few password-related options public in the config crate 
It also adds docs to a few of those options
 2025-04-18 18:24:35 +02:00
Adis Veletanlic
6579980924 Run ./misc/update.sh 2025-04-16 13:16:43 +02:00
Adis Veletanlic
754c0d8bab Format project and run misc/update.sh 2025-04-14 13:41:43 +02:00
Adis Veletanlic
0e50c44605 Add private_key_file option for apple sso and edit docs 2025-04-14 12:21:00 +02:00
mcalinghee
f2a47f9a88 add login by email + feature flag 2025-04-10 17:57:58 +02:00
Quentin Gliech
12b316198e Expose more Sentry configuration (#4352) 2025-04-07 08:50:27 +02:00
hummingbard
65f4c4dc6c Added Discord to default upstream oauth2 providers, regenerated config schema 2025-04-06 23:21:12 +06:00
Quentin Gliech
5bcc1ec011 Allow setting the OTLP tracing sample rate 2025-04-05 23:19:50 +02:00
Quentin Gliech
bb34e9a6b5 Allow setting the Sentry environment & sample rates 
Also record the version in the Sentry release field.
 2025-04-05 23:19:16 +02:00
Quentin Gliech
3543b4048f Change the default value of account_deactivation_allowed to true. 2025-03-13 12:04:57 +01:00
Quentin Gliech
19f1091e56 Config option to allow account self-deactivation 2025-03-12 15:58:54 +01:00
Quentin Gliech
d0f1cf4971 Allow configuring the connection to the homeserver to be read-only. 2025-03-03 17:24:15 +01:00
Quentin Gliech
674c1a4ada Upgrade OpenTelemetry to 0.28 2025-02-24 10:44:08 +01:00
Quentin Gliech
935400d87b Experimental feature to timeout inactive sessions 2025-02-12 17:31:21 +01:00
reivilibre
e5b6e1e8c2 Add pre-migration checks to syn2mas (#3805) 
This matches or exceeds `advisor.mts` from the old tool.

Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 18:01:46 +00:00
Quentin Gliech
ef077d0e51 Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech
0513f198d8 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
a97d2daa3d Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
80903ed629 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
Quentin Gliech
2e3b8bdd86 Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
56edcb4e52 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Quentin Gliech
6efe8bf45a Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
ab4f438464 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
reivilibre
5d4a4a6fb8 Add rate-limiting for account recovery and registration (#3093) 
* Add rate-limiting for account recovery and registration

* Rename login ratelimiter `per_address` to `per_ip` for consistency

Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-08-07 17:57:36 +00:00
reivilibre
244f8f5e5e Add configuration for rate-limiting of logins, replacing hardcoded limits (#3090) 2024-08-07 18:36:02 +01:00
Quentin Gliech
1bdad262cd Disallow OAuth 2.0 use of the GraphQL API by default 2024-08-07 18:09:51 +02:00
Quentin Gliech
8b3451d66f Move the account-related options out of experimental 2024-08-01 14:50:21 +02:00
Quentin Gliech
76755610cb config: allow serving the admin API routes 2024-07-26 11:36:55 +02:00
reivilibre
fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Christian Tramnitz
3ab733bf3a Fix RFC1918 network in default proxy configuration (#2908) 2024-07-05 08:22:39 +00:00
Quentin Gliech
eff66726d5 New config options to set the database certificates 2024-07-05 09:54:18 +02:00
Quentin Gliech
f9f2f4a3be Gate account recovery behing a configuration flag 2024-06-28 15:59:21 +02:00
Quentin Gliech
0e270d5449 hCaptcha support 2024-05-15 09:38:10 +02:00
Quentin Gliech
f9ae7ae313 Cloudflare Turnstile support 2024-05-15 09:38:10 +02:00
Quentin Gliech
a3beeb2398 Render reCAPTCHA challenge on the registration form 2024-05-15 09:38:10 +02:00
Quentin Gliech
3978acd94e Fix recently added Clippy lints 
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
 2024-05-07 07:32:02 +02:00
Quentin Gliech
90080235da Introduce config to restrict user capabilities 2024-04-30 13:33:47 +02:00
Quentin Gliech
cd0ec35d2f Soft-delete upstream OAuth 2.0 providers on config sync 2024-04-03 09:51:22 +02:00
Quentin Gliech
58fd6ab4c1 Allow disabling registrations (#2553) 2024-04-03 09:27:14 +02:00
Quentin Gliech
8e7bb26a51 Simplify ConfigurationSection trait & skip default values when serializing 
This removes the `test` and `generate` methods from the
`ConfigurationSection` trait, as they did not really had a reason to
exist in the trait itself.
 2024-03-22 13:33:09 +01:00
Quentin Gliech
fc7489c5f8 Flatten the upstream_oauth2 config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
aa6178abe6 Flatten the telemetry config section 2024-03-22 13:33:09 +01:00
Quentin Gliech
809fe16d29 Flatten the secrets config section 2024-03-22 13:33:09 +01:00