f9f2f4a3be
Gate account recovery behing a configuration flag
2024-06-28 15:59:21 +02:00
0e270d5449
hCaptcha support
2024-05-15 09:38:10 +02:00
f9ae7ae313
Cloudflare Turnstile support
2024-05-15 09:38:10 +02:00
a3beeb2398
Render reCAPTCHA challenge on the registration form
2024-05-15 09:38:10 +02:00
3978acd94e
Fix recently added Clippy lints
...
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
2024-05-07 07:32:02 +02:00
90080235da
Introduce config to restrict user capabilities
2024-04-30 13:33:47 +02:00
cd0ec35d2f
Soft-delete upstream OAuth 2.0 providers on config sync
2024-04-03 09:51:22 +02:00
58fd6ab4c1
Allow disabling registrations ( #2553 )
2024-04-03 09:27:14 +02:00
8e7bb26a51
Simplify ConfigurationSection trait & skip default values when serializing
...
This removes the `test` and `generate` methods from the
`ConfigurationSection` trait, as they did not really had a reason to
exist in the trait itself.
2024-03-22 13:33:09 +01:00
fc7489c5f8
Flatten the upstream_oauth2 config section
2024-03-22 13:33:09 +01:00
aa6178abe6
Flatten the telemetry config section
2024-03-22 13:33:09 +01:00
809fe16d29
Flatten the secrets config section
2024-03-22 13:33:09 +01:00
156dc08280
Clean up the default policy config data
2024-03-22 13:33:09 +01:00
f5b34b5b18
Flatten the passwords config section
2024-03-22 13:33:09 +01:00
8bc35f63d8
Flatten the http config
...
Also properly remove the `spa` resource
2024-03-22 13:33:09 +01:00
6d77d0ed25
Flatten the email config
2024-03-22 13:33:09 +01:00
bf50469da1
Flatten the database config
2024-03-22 13:33:09 +01:00
cba431d20e
Flatten the clients config
2024-03-22 13:33:09 +01:00
eb950151af
Upgrade OTEL and remove support for Jaeger and Zipkin exporters
2024-03-18 17:26:40 +01:00
25fbbf96b9
Load the additional OAuth parameters from the config
2024-03-01 14:36:37 +01:00
46c565cc89
Move schemars to workspace dependencies
...
Also enables the `preserve_order` feature, hence the big schema output diff.
2024-03-01 14:36:37 +01:00
a980bc79cf
Update config schema
...
Because enabled the serde_json feature which preserves the order in
dicts, keys moved around in the generated schema.
2024-02-08 15:28:43 +01:00
20fa1d516e
Make the claims_imports optional in the config
2023-11-22 15:13:28 +01:00
5126d36b2e
Add upstream OAuth 2.0 providers name and branding
2023-11-20 17:23:02 +01:00
7315dd9a7a
Allow endpoints and discovery mode override for upstream oauth2 providers
...
This time, at the configuration and database level
2023-11-17 16:18:39 +01:00
6ded397977
Use minijinja templates to map OIDC claims to user attributes
2023-11-08 12:05:58 +01:00
8984cc703b
Add instance privacy policy, TOS and imprint, and loads of design cleanups
2023-10-30 15:55:15 +01:00
9b5c8fb44b
Allow running the authentication service on a different base path
2023-10-06 14:07:55 +02:00
15ad89aa82
templates: add translations function
2023-10-05 19:29:23 +02:00
f20c8d8ef3
Infer client IP address from the peer address and the X-Forwarded-Proxy header
2023-09-20 20:24:30 +02:00
21d3d3a5d4
Rename the 'hack' configuration section to 'experimental'
2023-08-31 18:05:00 +02:00
bc04860afb
Make the access tokens TTL configurable
2023-08-31 18:05:00 +02:00
ae3213fe87
Make the email verification state more configurable on upstream OAuth 2.0 registration
...
This also marks the email as primary
2023-08-31 14:20:06 +02:00
7fcd022eea
Make sure we validate passwords & emails by the policy at all stages
...
Also refactors the way we get the policy engines in requests
2023-08-30 19:39:39 +02:00
7c83dce66e
Move some common dependencies on the workspace level
...
Also deprecates the AWS SESv2 transport for emails
2023-08-14 13:00:01 +02:00
76653f9638
Better frontend assets handling and move the react app to /account/ ( #1324 )
...
This makes the Vite assets handling better, namely:
- make it possible to include any vite assets in the templates
- include the right `<link rel="preload">` tags for assets
- include Subresource Integrity hashes
- pre-compress assets and remove on-the-fly compression by the Rust server
- build the CSS used by templates through Vite
It also moves the React app from /app/ to /account/, and remove some of the old SSR account screens.
2023-07-06 15:30:26 +02:00
125a6bdf11
Allow setting a different issuer from the public base URL
2023-06-27 12:53:15 +02:00
de13d3ef19
CLI tool to sync the upstream IDPs with the config
2023-06-26 17:24:56 +02:00
4f1b201c74
Define upstream OAuth providers in the config
...
And adds CLI tool to sync them with the database (WIP)
2023-06-26 17:24:56 +02:00
08d9b0b886
Update the JSON schema
2023-06-14 12:53:48 +02:00
d2d68e9a27
Make password-based login optional
2023-05-23 17:02:02 +02:00
2c937bda26
Lint
2023-04-14 10:22:22 +02:00
c602b29ffd
Fix the default listener configuration
2023-03-14 12:14:06 +01:00
311cad47c2
iana: manually implement JsonSchema/Display/FromStr/Serialize/Deserialize
...
This removes the dependency on serde_with and parse-display, and makes
the serde & schemars dependencies optional
2023-02-01 15:11:45 +01:00
875025467e
Log more errors and setup Sentry integration
2023-01-30 18:04:44 +01:00
ee42250660
Remove the dependency on sqlx in the config crate
2022-12-15 16:51:43 +01:00
ff2f009b0e
Password schemes configuration
2022-12-14 16:04:36 +01:00
1c735664aa
Config schema is auto-generated
2022-12-09 23:27:13 +01:00
9197e997d9
client_ids are required to be ULIDs
2022-12-09 23:27:13 +01:00
9c0ece7512
Do not embed the templates and static files in the binary
2022-11-18 22:37:55 +01:00
Quentin Gliech