39c126318f
Fix the authorization grant template
...
It previously relied on the client being in the authorization grant,
which is not the case anymore. This commit also adds a test to ensure
we're not breaking this template in the future.
2023-01-31 16:50:48 +01:00
3f4ad789bf
storage-pg: write tests for the OAuth2 repositories
2023-01-25 17:24:34 +01:00
d14ca156ad
storage: split the repository trait
2023-01-24 16:05:14 +01:00
876bc9fcb3
handlers: extract the PgRepository from the request
...
Also fix a bunch of clippy errors & doctests
2023-01-18 18:22:13 +01:00
9005931e2a
handlers: box the rng and clock, and extract it from the state
2023-01-18 17:49:59 +01:00
3798f25f7d
Fix rustdoc lints
2023-01-18 12:25:49 +01:00
488a666a8d
storage: remaining oauth2 repositories
...
- authorization grants
- access tokens
- refresh tokens
2023-01-12 18:26:04 +01:00
36396c0b45
storage: repository pattern for the compat layer
2023-01-12 15:41:26 +01:00
9f0c9f1466
storage: cleanup access/refresh token lookups
2023-01-11 12:14:52 +01:00
920869b583
storage: do less joins in compat sessions
2023-01-10 18:49:35 +01:00
35787aa072
data-model: have more structs use a state machine
2023-01-09 18:02:32 +01:00
39cd9a2578
data-model: don't embed the client in the auth grant
2023-01-09 10:49:51 +01:00
fb7c6f4dd1
storage: do less joins on authorization grants and refresh tokens
2023-01-05 16:49:19 +01:00
603a26eabd
storage: oauth2 session repository
2023-01-05 16:44:56 +01:00
e26f75246d
storage: Load with less joins
...
This is done to simplify some queries, to avoid loading more data than
necessary, and in preparation of a proper cache layer
2023-01-04 18:06:17 +01:00
53172d6a3f
strorage: browser session and user password repositories
2023-01-03 15:58:01 +01:00
13a9d03647
storage: user and user email repository
2023-01-02 15:28:44 +01:00
ca112d45e1
ci: Update clippy to 1.66 and fix new warnings
2022-12-16 18:16:18 +01:00
533cabe005
Use the new password manager
2022-12-14 16:04:36 +01:00
12ce2a3d04
data-model: simplify the authorization grants and sessions
2022-12-08 15:29:15 +01:00
92d6f5b087
data-model: simplify the oauth2 clients
2022-12-08 15:29:15 +01:00
479e009931
data-model: simplify the compat sessions
2022-12-08 15:29:15 +01:00
feebbd0e97
data-model: simplify users and sessions
2022-12-08 15:29:15 +01:00
dff2f98167
data-model: simplify tokens
2022-12-08 15:29:15 +01:00
2e7112ef13
GraphQL API
2022-12-05 19:39:51 +01:00
28bfce7e45
Save the ID token during an upstream authorization
2022-12-05 19:39:51 +01:00
bf432a31e1
OIDC account linking and login
2022-12-05 19:39:51 +01:00
cde9187adc
Lookup and save upstream links
2022-12-05 19:39:51 +01:00
bedcf44741
WIP: upstream OIDC provider support
2022-12-05 19:39:51 +01:00
2d2127dcdb
More cleanups
2022-11-02 18:59:00 +01:00
368a9282a1
Cleanups
2022-11-02 18:59:00 +01:00
f0d95a7613
Stop using Utc::now in templates samples
2022-11-02 18:59:00 +01:00
559181c2c3
Pass the rng and clock around
2022-11-02 18:59:00 +01:00
e2142f9cd4
Database refactoring
2022-11-02 18:59:00 +01:00
29f1b134ae
Make the JWK generic over the parameters
2022-09-02 15:37:46 +02:00
495285162b
Remove support for the token response type
2022-09-02 13:59:10 +02:00
5c8b442747
Fix new clippy 0.1.63 warnings
2022-08-12 11:05:21 +02:00
c1ed726dc8
Enable the clippy::str_to_string lint
2022-08-08 10:06:20 +02:00
3215e86eaa
Use unstable prefixes for scope names ( #337 )
2022-08-05 17:58:22 +00:00
649e5cd645
Move the PKCE validation logic to oauth2-types
2022-08-03 13:57:31 +02:00
f7361f871e
Fix PKCE characters verification rules & add tests
2022-08-03 13:57:31 +02:00
51848bf89d
Update crates/data-model/src/oauth2/authorization_grant.rs
...
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com >
2022-08-03 13:57:31 +02:00
372b32a780
Make PKCE implementation compliant with RFC7636
...
This checks for the PKCE code_verifier length as well as the characters
used. It also give better errors when the PKCE verifier is invalid.
Fixes #316
2022-08-03 13:57:31 +02:00
4870d1e899
Fix some false-positive clippy lints
...
Those were introduced in clippy 1.62 (under clippy::pedantic) and are in
proc-macro generated code
2022-07-01 16:36:35 +02:00
89597dbf81
Switch email verification to a code-based flow
2022-06-02 16:18:55 +02:00
1d61a94da4
Have a consent screen before continuing the SSO login
2022-05-23 10:42:25 +02:00
033d60eb73
Legacy login via m.login.sso
2022-05-23 10:42:25 +02:00
309c89fc4f
Handle legacy token expiration & refresh tokens
2022-05-19 10:17:49 +02:00
c4fa87e457
Better data-model for compat sessions & devices
2022-05-19 10:17:49 +02:00
1aff98bdb3
Working legacy login endpoint
2022-05-19 10:17:49 +02:00
Quentin Gliech