2e3b8bdd86
Allow setting an explicit upstream account name ( #3600 )
2024-11-29 12:30:18 +01:00
56edcb4e52
Add fetch_userinfo to upstream SSO provider ( #3363 )
2024-11-26 15:01:03 +00:00
6efe8bf45a
Allow setting the response_mode on upstream OAuth 2.0 providers
2024-11-22 08:48:00 +01:00
ab4f438464
Support Sign in with Apple
2024-11-22 08:48:00 +01:00
5d4a4a6fb8
Add rate-limiting for account recovery and registration ( #3093 )
...
* Add rate-limiting for account recovery and registration
* Rename login ratelimiter `per_address` to `per_ip` for consistency
Co-authored-by: Quentin Gliech <quenting@element.io >
2024-08-07 17:57:36 +00:00
244f8f5e5e
Add configuration for rate-limiting of logins, replacing hardcoded limits ( #3090 )
2024-08-07 18:36:02 +01:00
1bdad262cd
Disallow OAuth 2.0 use of the GraphQL API by default
2024-08-07 18:09:51 +02:00
8b3451d66f
Move the account-related options out of experimental
2024-08-01 14:50:21 +02:00
76755610cb
config: allow serving the admin API routes
2024-07-26 11:36:55 +02:00
fbc360d1a9
Backend work to support minimum password complexity ( #2965 )
...
* config: Add minimum password complexity option
* PasswordManager: add function for checking if complexity is sufficient
* Enforce password complexity on registration, change and recovery
* cli: Use exit code 1 for weak passwords
This seems preferable to exit code 0, but ideally we should choose one
and document it.
* Expose minimum password complexity score over GraphQL
2024-07-11 10:17:39 +01:00
3ab733bf3a
Fix RFC1918 network in default proxy configuration ( #2908 )
2024-07-05 08:22:39 +00:00
eff66726d5
New config options to set the database certificates
2024-07-05 09:54:18 +02:00
f9f2f4a3be
Gate account recovery behing a configuration flag
2024-06-28 15:59:21 +02:00
0e270d5449
hCaptcha support
2024-05-15 09:38:10 +02:00
f9ae7ae313
Cloudflare Turnstile support
2024-05-15 09:38:10 +02:00
a3beeb2398
Render reCAPTCHA challenge on the registration form
2024-05-15 09:38:10 +02:00
3978acd94e
Fix recently added Clippy lints
...
This also ignores the clippy::blocks_in_conditions lint in two crates,
until tracing gets fixed: https://github.com/tokio-rs/tracing/issues/2876
2024-05-07 07:32:02 +02:00
90080235da
Introduce config to restrict user capabilities
2024-04-30 13:33:47 +02:00
cd0ec35d2f
Soft-delete upstream OAuth 2.0 providers on config sync
2024-04-03 09:51:22 +02:00
58fd6ab4c1
Allow disabling registrations ( #2553 )
2024-04-03 09:27:14 +02:00
8e7bb26a51
Simplify ConfigurationSection trait & skip default values when serializing
...
This removes the `test` and `generate` methods from the
`ConfigurationSection` trait, as they did not really had a reason to
exist in the trait itself.
2024-03-22 13:33:09 +01:00
fc7489c5f8
Flatten the upstream_oauth2 config section
2024-03-22 13:33:09 +01:00
aa6178abe6
Flatten the telemetry config section
2024-03-22 13:33:09 +01:00
809fe16d29
Flatten the secrets config section
2024-03-22 13:33:09 +01:00
156dc08280
Clean up the default policy config data
2024-03-22 13:33:09 +01:00
f5b34b5b18
Flatten the passwords config section
2024-03-22 13:33:09 +01:00
8bc35f63d8
Flatten the http config
...
Also properly remove the `spa` resource
2024-03-22 13:33:09 +01:00
6d77d0ed25
Flatten the email config
2024-03-22 13:33:09 +01:00
bf50469da1
Flatten the database config
2024-03-22 13:33:09 +01:00
cba431d20e
Flatten the clients config
2024-03-22 13:33:09 +01:00
eb950151af
Upgrade OTEL and remove support for Jaeger and Zipkin exporters
2024-03-18 17:26:40 +01:00
25fbbf96b9
Load the additional OAuth parameters from the config
2024-03-01 14:36:37 +01:00
46c565cc89
Move schemars to workspace dependencies
...
Also enables the `preserve_order` feature, hence the big schema output diff.
2024-03-01 14:36:37 +01:00
a980bc79cf
Update config schema
...
Because enabled the serde_json feature which preserves the order in
dicts, keys moved around in the generated schema.
2024-02-08 15:28:43 +01:00
20fa1d516e
Make the claims_imports optional in the config
2023-11-22 15:13:28 +01:00
5126d36b2e
Add upstream OAuth 2.0 providers name and branding
2023-11-20 17:23:02 +01:00
7315dd9a7a
Allow endpoints and discovery mode override for upstream oauth2 providers
...
This time, at the configuration and database level
2023-11-17 16:18:39 +01:00
6ded397977
Use minijinja templates to map OIDC claims to user attributes
2023-11-08 12:05:58 +01:00
8984cc703b
Add instance privacy policy, TOS and imprint, and loads of design cleanups
2023-10-30 15:55:15 +01:00
9b5c8fb44b
Allow running the authentication service on a different base path
2023-10-06 14:07:55 +02:00
15ad89aa82
templates: add translations function
2023-10-05 19:29:23 +02:00
f20c8d8ef3
Infer client IP address from the peer address and the X-Forwarded-Proxy header
2023-09-20 20:24:30 +02:00
21d3d3a5d4
Rename the 'hack' configuration section to 'experimental'
2023-08-31 18:05:00 +02:00
bc04860afb
Make the access tokens TTL configurable
2023-08-31 18:05:00 +02:00
ae3213fe87
Make the email verification state more configurable on upstream OAuth 2.0 registration
...
This also marks the email as primary
2023-08-31 14:20:06 +02:00
7fcd022eea
Make sure we validate passwords & emails by the policy at all stages
...
Also refactors the way we get the policy engines in requests
2023-08-30 19:39:39 +02:00
7c83dce66e
Move some common dependencies on the workspace level
...
Also deprecates the AWS SESv2 transport for emails
2023-08-14 13:00:01 +02:00
76653f9638
Better frontend assets handling and move the react app to /account/ ( #1324 )
...
This makes the Vite assets handling better, namely:
- make it possible to include any vite assets in the templates
- include the right `<link rel="preload">` tags for assets
- include Subresource Integrity hashes
- pre-compress assets and remove on-the-fly compression by the Rust server
- build the CSS used by templates through Vite
It also moves the React app from /app/ to /account/, and remove some of the old SSR account screens.
2023-07-06 15:30:26 +02:00
125a6bdf11
Allow setting a different issuer from the public base URL
2023-06-27 12:53:15 +02:00
de13d3ef19
CLI tool to sync the upstream IDPs with the config
2023-06-26 17:24:56 +02:00
Quentin Gliech