dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-05-11 13:14:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,405 Commits 90 Branches 87 Tags
799f80e6adbc8d9fa3f8024f400a6ff19463e68a
Commit Graph

76 Commits

Author SHA1 Message Date
Quentin Gliech 238be90812 Explain what the 'hsErase' parameter does 2025-03-13 11:36:53 +01:00
Quentin Gliech 1f03d6da03 GraphQL mutation to deactivate a user 2025-03-12 15:58:54 +01:00
Quentin Gliech 19f1091e56 Config option to allow account self-deactivation 2025-03-12 15:58:54 +01:00
Quentin Gliech 09d185da6d Require the user password to add or remove an email address 2025-03-06 17:37:54 +01:00
Quentin Gliech 03eaeca8a6 Only show the password change section if the user has a password 2025-02-24 14:28:06 +01:00
reivilibre 0c26dd859a Support compatibility sessions that do not have devices (#3801) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 14:50:31 +00:00
Quentin Gliech 7e6ab8ffc3 Disclose that email is already in use after verification 2025-01-23 18:18:19 +01:00
Quentin Gliech ef077d0e51 Rate-limit email authentications 2025-01-23 12:09:26 +01:00
Quentin Gliech 23b019c626 GraphQL API to use the new email authentication codes 2025-01-14 15:47:36 +01:00
Quentin Gliech 0513f198d8 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech 4ca76be866 Polish the password recovery page 
This includes:

 - show an error message if the recovery link is expired, with a button
   to resend the email
 - show an error message if the recovery link has already been used
 - include an invisible username field in the form, so that password
   managers can save the new password
 2025-01-13 16:58:42 +01:00
Quentin Gliech b5940b969f Additional fields in the GraphQL API for upstream providers 2025-01-06 11:59:43 +01:00
Quentin Gliech a97d2daa3d Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Quentin Gliech 21fb01d961 Remove contacts from the data model 2024-09-20 20:39:04 +02:00
Olivier 'reivilibre 8737d6f89b graphql: Expose CAPTCHA config and whether password registration is enabled 2024-07-26 13:02:58 +01:00
reivilibre 8147016735 graphql: Add a SetPasswordByRecovery mutation to perform account recovery (#2986) 2024-07-24 16:19:14 +01:00
Quentin Gliech 6f2ab4f738 graphql: allow filtering of sessions by last activity 2024-07-19 13:40:27 +02:00
Quentin Gliech fa32387ca5 Show whether the user is deactivated on the homeserver in the GraphQL API 
Fix #2375
 2024-07-16 13:20:28 +02:00
Quentin Gliech bac2db9884 GraphQL API to unlock a user 
Fixes #2101
 2024-07-16 13:20:28 +02:00
reivilibre fbc360d1a9 Backend work to support minimum password complexity (#2965) 
* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL
 2024-07-11 10:17:39 +01:00
Quentin Gliech f849b487cf graphql: users query to list users with a few filters 2024-07-05 13:44:14 +02:00
Quentin Gliech 8a1ac9cc91 graphql: move the users queries to their own module 2024-07-05 13:44:14 +02:00
Quentin Gliech 378bcbc39e Update the schema 2024-07-05 10:07:40 +02:00
reivilibre aaa7cf3fe9 Add Self-service Password Change (#2863) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2024-06-25 13:25:33 +00:00
reivilibre 121966ccce GraphQL API: Add password_change_allowed to SiteConfig (#2857) 2024-06-20 15:16:50 +01:00
reivilibre d76b54b13f Add a setPassword GraphQL mutation for setting a user's password (#2820) 
* Feed `PasswordManager` through to the GraphQL `State`

* Add `setPassword` GraphQL mutation to update a user's password
 2024-06-05 18:04:17 +01:00
Quentin Gliech ee68521792 Hide the displayname edit button if disabled in the config 2024-04-30 13:33:47 +02:00
Quentin Gliech 49cf6dc5cc Expose the site config in the GraphQL API 2024-04-30 13:33:47 +02:00
Quentin Gliech 452f4c17f5 graphql: check that the username is available when creating them 
This calls the HS to make sure the username isn't reserved.
This check can be bypassed using the `skipHomeserverCheck` flag on the
`addUser` mutation.
 2024-02-29 11:21:24 +01:00
Quentin Gliech f3cbd3b315 Parse User Agents on the backend side (#2388) 
* Parse user agents on the server side

* Parse and expose user agents on the backend

* Use the parsed user agent in the device consent page

* Fix the device icon tests

* Fix clippy warnings

* Box stuff to avoid large enum variants

* Ignore a clippy warning

* Fix the requester boxing
 2024-02-23 16:47:48 +01:00
Quentin Gliech ed5893eb20 Save which user session created a compat session 
This also exposes the user session in the GraphQL API, and allow
filtering on browser session ID on the app session list.
 2024-02-21 11:55:58 +01:00
Quentin Gliech e041f47dfe Replace Jotai with @tanstack/router (#2359) 
* Start replacing jotai with @tanstack/router

* Remove jotai completely

* Move the common layout & reimplement the ?action parameter

This also makes sure everything is properly loaded in the route loader,
and we use fragment where it makes sense

* Change the default error component

* GraphQL API: make the sessions fetchable through node(id: ID!)
 2024-02-15 17:19:05 +01:00
Quentin Gliech f8d745d308 Add a GraphQL mutation to allow cross-signing reset 2023-12-05 17:47:36 +01:00
Quentin Gliech 3cb8a26d95 "Can request admin" flag on user 2023-10-09 18:52:30 +02:00
Quentin Gliech 2a100ab927 graphql: allow filtering appsessions on device_id 2023-10-06 16:05:26 +02:00
Quentin Gliech d91b0e20e4 Expose a unified session list in the GraphQL API 2023-09-20 20:27:08 +02:00
Quentin Gliech 50558a7319 Make the last activity timestamp and IP available through the API 2023-09-19 21:57:54 +02:00
Quentin Gliech 83ca90ee3d Add a GraphQL mutation to create arbitrary OAuth2 sessions. 2023-09-11 12:03:42 +02:00
Quentin Gliech 7e247830c9 data-model: Make the user_id optional in the OAuth 2.0 sessions 2023-09-06 09:35:34 +02:00
Quentin Gliech bc3f665739 graphql: expose the logo_uri in the OAuth 2.0 client 
Fixes #1705
 2023-09-06 09:28:47 +02:00
Quentin Gliech 15ade8e1c8 Update the graphql schema after the async-graphql update. 2023-09-04 09:37:26 +02:00
Quentin Gliech be5b527403 graphql: admin API to add a user, lock them, and add emails without verification 2023-09-01 11:34:58 +02:00
Quentin Gliech 7fcd022eea Make sure we validate passwords & emails by the policy at all stages 
Also refactors the way we get the policy engines in requests
 2023-08-30 19:39:39 +02:00
Quentin Gliech a19f405e53 graphql: Expose the BrowserSession User-Agent 2023-08-29 17:38:01 +02:00
Quentin Gliech ba98b7c448 graphql: API to query client sessions out of a device_id and a user ID 2023-08-29 16:53:38 +02:00
Quentin Gliech 438a10332a Add the user_id directly on oauth2_sessions and make the scope a text list 2023-08-29 12:52:24 +02:00
Quentin Gliech 85629820fd api: Add a finishedAt property to the BrowserSession and a state property to all 3 session types 2023-08-29 08:34:07 +02:00
Quentin Gliech 096386e9b9 Save the application_type and the contacts in the OAuth 2.0 clients 
This also removes the dedicated "redirect_uris" table and makes it a field of the "oauth2_clients" table
 2023-08-28 14:41:49 +02:00
Quentin Gliech 1c372da6b8 Update GraphQL schema 2023-08-11 14:56:21 +02:00
Quentin Gliech 1e474518f5 graphql: API to set the user displayname (#1412) 2023-08-03 14:45:59 +00:00