e1de5c5860
Simplify the consent screen ( #5310 )
2025-12-03 14:22:14 +01:00
4eb8543af5
Update comment on the id_color_hash template filter
2025-12-03 13:47:59 +01:00
9574a516c5
Apply minor suggestions from Copilot
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-03 13:39:34 +01:00
bd1bb01dd9
Add a test for the new skip_confirmation option
2025-12-03 11:00:32 +01:00
c09898c9f5
Merge remote-tracking branch 'origin/main' into quenting/upstream-oauth/skip-interactive
2025-12-03 10:48:31 +01:00
ee4d1304ab
Add more options to deal with localpart conflicts on upstream OAuth 2.0 logins ( #5295 )
2025-12-03 10:39:05 +01:00
fbf5fbf7a8
Merge remote-tracking branch 'origin/main' into quenting/simpler-consent-screen
2025-12-02 19:42:57 +01:00
6bf811a7f4
Add the Matrix user display name in the compat SSO login context
2025-12-02 18:09:47 +01:00
412edb2659
Add a template function to compute the avatar color hash same as
...
Compound Web
2025-12-02 17:51:51 +01:00
9213a1ebcc
Get the display name of the Matrix user on the consent screens
2025-12-02 17:51:23 +01:00
3a342b6165
Add experimental and preliminary policy-driven session limiting when logging in compatibility sessions. ( #5287 )
2025-12-02 15:50:04 +00:00
be0444a2f0
Revert "Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks ( #5297 )"
...
This reverts commit 1de9148f5382906a83e8
2025-12-01 12:14:31 +00:00
8f523e3959
Comment on why we special-case 'only violation is too-many-sessions'
2025-12-01 11:47:59 +00:00
d21922f10f
Expose Violations directly to the compat policy violation template
2025-12-01 11:47:59 +00:00
9c7c157744
Remove is_interactive and carry on with login types
2025-12-01 11:47:59 +00:00
7bfeef9ef5
Typos and error message rewording
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-01 11:03:04 +01:00
8384a5af4c
Merge branch 'main' into quenting/upstream-oauth/better-conflict-options
2025-11-28 18:10:22 +01:00
df14076dd0
Merge branch 'quenting/upstream-oauth/better-conflict-options' into quenting/upstream-oauth/skip-interactive
2025-11-28 18:08:09 +01:00
c1266e6aef
Skip the attributes confirmation screen if configured to do so
2025-11-28 18:01:49 +01:00
be900cfb78
Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks
2025-11-28 15:18:53 +00:00
c5ba1f610d
Check for the new on_conflict options & update docs
2025-11-28 16:10:07 +01:00
47d411f641
Option to skip confirmation when registering through an upstream OAuth provider
2025-11-28 15:51:43 +01:00
0ff619f665
We don't know if there's a device ID
2025-11-28 12:42:48 +00:00
9650dc11d6
Add tests for the new on_conflict options
2025-11-28 11:55:34 +01:00
ffb86f6558
Add more options to deal with localpart conflicts on upstream OAuth 2.0 logins
2025-11-28 10:53:28 +01:00
7ce1be1fa0
Apply suggestions from code review
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-11-27 17:23:10 +01:00
93b9b174e2
Remove unused login_link.html template
2025-11-27 16:18:18 +01:00
c58033a740
Allow linking upstream accounts to matching users without confirmation
...
This reworks the link flow to handle many edge cases better. One major
functionality change is that when we had a new upstream account with no
user linked, but the localpart matching an existing user, if
`on_conflict` was set to `add`, we prompt the user to link the existing
account. This prompt is now skipped and the user is linked automatically.
2025-11-27 16:18:17 +01:00
4b6c1db5a2
Unify registrations for local passwords and upstream OAuth registrations ( #5281 )
2025-11-27 16:13:03 +01:00
61ee8dae87
Fix test name
2025-11-27 16:05:13 +01:00
4c3d2bae88
Create the new index CONCURRENTLY
2025-11-27 16:04:23 +01:00
959e383fc4
fixup! Introduce compat login policy
2025-11-26 13:48:01 +00:00
1ce2c39dd6
Make policy depend on whether the login is interactive or not
2025-11-25 18:41:14 +00:00
04951d983e
Don't apply a session limit when genuinely replacing a session
2025-11-25 18:41:14 +00:00
3d50eaec9f
Make finish_sessions_to_replace_device return whether any were finished
2025-11-25 18:41:14 +00:00
86f0b27c72
Enforce policy on compat login
2025-11-25 18:41:14 +00:00
86d71de995
Add a 'compat login policy violation' page
2025-11-25 18:41:14 +00:00
f670577feb
Expose the compat login policy from the policy engine
2025-11-25 18:41:14 +00:00
9f36cfd8b9
Introduce compat login policy
2025-11-25 18:41:14 +00:00
0c8017fc80
Add experimental and preliminary policy-driven session limiting when logging in OAuth 2 sessions. ( #5221 )
2025-11-25 15:24:02 +00:00
4753aa811b
templates check: Add --stabilise flag to make renders reproducible ( #5214 )
2025-11-24 16:16:11 +00:00
5fb37d2fa0
Fix typo in error message
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-11-24 17:00:05 +01:00
1e69ea8c22
Create user registrations for upstream OAuth registrations
2025-11-24 16:52:09 +01:00
e712c23a84
Associate the upstream link with the new user if present on the
...
registration
2025-11-21 19:37:05 +01:00
fe362d48d6
Don't error out if there is no email associated to the registration
...
In case an email is required for password auth, we create a user
authentication which we force the user to complete. We used to
double-check that the email is required before completing the
registration, which was only really useful when the config flipped from
not being required to being required, in the 1h window in which running
registrations were still valid. We think this is a fine trade-off.
2025-11-21 19:36:04 +01:00
ac4f66920c
Store upstream OAuth sessions on user registrations
...
This will allow us creating user registrations from upstream OAuth auth
sessions
2025-11-21 19:31:37 +01:00
f7c8a28592
Allow completing user email authentications using an upstream session
...
This will let us push emails in user registrations using an upstream
session
2025-11-21 19:28:26 +01:00
c9a8123335
Allow keys and keys_dir simultaneously
2025-11-18 19:27:21 +01:00
a93fa72477
Merge branch 'main' into keys_dir
2025-11-18 18:12:14 +01:00
4bdf34719d
Add upstream_oauth2.providers.[].client_secret_file config option ( #4882 )
2025-11-18 11:29:21 +01:00
Quentin Gliech