Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Email unsubscribing that may in theory, work | David Baker | 2016-06-02 | 1 | -0/+5 |
| | | | | Were it not for that fact that you can't use the base handler in the pusher because it pulls in the world. Comitting while I fix that on a different branch. | ||||
* | Send down correct error response if user not found | Erik Johnston | 2016-05-27 | 1 | -2/+7 |
| | |||||
* | Merge pull request #741 from negzi/create_user_with_expiry | Erik Johnston | 2016-05-13 | 1 | -2/+2 |
|\ | | | | | Create user with expiry | ||||
| * | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -2/+2 |
| | | | | | | | | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> | ||||
* | | Correctly handle NULL password hashes from the database | Erik Johnston | 2016-05-11 | 1 | -1/+4 |
|/ | |||||
* | Simplify _check_password | Erik Johnston | 2016-04-15 | 1 | -5/+9 |
| | |||||
* | Fix check_password rather than inverting the meaning of ↵ | Mark Haines | 2016-04-14 | 1 | -9/+12 |
| | | | | _check_local_password (#730) | ||||
* | Fix login to error for nonexistent users | David Baker | 2016-04-14 | 1 | -1/+1 |
| | | | | Fixes SYN-680 | ||||
* | fix check for failed authentication | Christoph Witzany | 2016-04-06 | 1 | -2/+4 |
| | |||||
* | remove line | Christoph Witzany | 2016-04-06 | 1 | -1/+0 |
| | |||||
* | make tests for ldap more specific to not be fooled by Mocks | Christoph Witzany | 2016-04-06 | 1 | -3/+3 |
| | |||||
* | output ldap version for info and to pacify pep8 | Christoph Witzany | 2016-04-06 | 1 | -0/+2 |
| | |||||
* | conditionally import ldap | Christoph Witzany | 2016-04-06 | 1 | -2/+5 |
| | |||||
* | fix pep8 | Christoph Witzany | 2016-04-06 | 1 | -2/+1 |
| | |||||
* | fix exception handling | Christoph Witzany | 2016-04-06 | 1 | -2/+2 |
| | |||||
* | code style | Christoph Witzany | 2016-04-06 | 1 | -6/+13 |
| | |||||
* | add tls property and twist my head around twisted | Christoph Witzany | 2016-04-06 | 1 | -15/+29 |
| | |||||
* | move LDAP authentication to AuthenticationHandler | Christoph Witzany | 2016-04-06 | 1 | -6/+48 |
| | |||||
* | Use google style doc strings. | Mark Haines | 2016-04-01 | 1 | -9/+17 |
| | | | | | | | pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format. | ||||
* | Make registration idempotent, part 2: be idempotent if the client specifies ↵ | David Baker | 2016-03-16 | 1 | -0/+14 |
| | | | | a username. | ||||
* | pep8 | David Baker | 2016-03-16 | 1 | -1/+2 |
| | |||||
* | time_msec() | David Baker | 2016-03-16 | 1 | -1/+1 |
| | |||||
* | string with symbols is a bit too symboly. | David Baker | 2016-03-16 | 1 | -1/+1 |
| | |||||
* | Replace other time.time(). | David Baker | 2016-03-16 | 1 | -2/+1 |
| | |||||
* | Use hs get_clock instead of time.time() | David Baker | 2016-03-16 | 1 | -2/+2 |
| | |||||
* | pep8 & remove debug logging | David Baker | 2016-03-16 | 1 | -1/+1 |
| | |||||
* | Make registration idempotent: if you specify the same session, make it give ↵ | David Baker | 2016-03-16 | 1 | -12/+48 |
| | | | | you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions. | ||||
* | Make select more sensible when dseleting access tokens, rename pusher ↵ | David Baker | 2016-03-11 | 1 | -1/+1 |
| | | | | deletion to match access token deletion and make exception arg optional. | ||||
* | Delete old, unused methods and rename new one to just be ↵ | David Baker | 2016-03-11 | 1 | -1/+1 |
| | | | | `user_delete_access_tokens` with an `except_token_ids` argument doing what it says on the tin. | ||||
* | Dear PyCharm, please indent sensibly for me. Thx. | David Baker | 2016-03-11 | 1 | -2/+2 |
| | |||||
* | Fix cache invalidation so deleting access tokens (which we did when changing ↵ | David Baker | 2016-03-11 | 1 | -4/+9 |
| | | | | password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in 415c2f05491ce65a4fc34326519754cd1edd9c54 | ||||
* | Stop using checkpw as it seems to have vanished from bcrypt. Use ↵ | David Baker | 2016-03-02 | 1 | -1/+1 |
| | | | | `bcrypt.hashpw(password, hashed) == hashed` as per the bcrypt README. | ||||
* | Allow guests to upgrade their accounts | Daniel Wagner-Hall | 2016-01-05 | 1 | -3/+3 |
| | |||||
* | Take a boolean not a list of lambdas | Daniel Wagner-Hall | 2015-11-19 | 1 | -1/+1 |
| | |||||
* | Minor review fixes | Steven Hammerton | 2015-11-11 | 1 | -4/+4 |
| | |||||
* | Share more code between macaroon validation | Steven Hammerton | 2015-11-11 | 1 | -48/+7 |
| | |||||
* | Allow hs to do CAS login completely and issue the client with a login token ↵ | Steven Hammerton | 2015-11-05 | 1 | -3/+73 |
| | | | | that can be redeemed for the usual successful login response | ||||
* | Allow guests to register and call /events?room_id= | Daniel Wagner-Hall | 2015-11-04 | 1 | -1/+4 |
| | | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices. | ||||
* | Add config for how many bcrypt rounds to use for password hashes | Mark Haines | 2015-10-16 | 1 | -1/+2 |
| | | | | | By default we leave it at the default value of 12. But now we can reduce it for preparing users for loadtests or running integration tests. | ||||
* | Formatting changes | Steven Hammerton | 2015-10-10 | 1 | -1/+2 |
| | |||||
* | Provide ability to login using CAS | Steven Hammerton | 2015-10-10 | 1 | -0/+31 |
| | |||||
* | Allow configuration to ignore invalid SSL certs | Daniel Wagner-Hall | 2015-09-09 | 1 | -2/+1 |
| | | | | | This will be useful for sytest, and sytest only, hence the aggressive config key name. | ||||
* | Swap out bcrypt for md5 in tests | Daniel Wagner-Hall | 2015-08-26 | 1 | -2/+25 |
| | | | | This reduces our ~8 second sequential test time down to ~7 seconds | ||||
* | Merge erikj/user_dedup to develop | Daniel Wagner-Hall | 2015-08-26 | 1 | -8/+31 |
| | |||||
* | Fix bad merge | Daniel Wagner-Hall | 2015-08-20 | 1 | -8/+1 |
| | |||||
* | Fix indentation | Daniel Wagner-Hall | 2015-08-20 | 1 | -1/+2 |
| | |||||
* | Fix flake8 warnings | Daniel Wagner-Hall | 2015-08-20 | 1 | -4/+6 |
| | |||||
* | Merge branch 'auth' into refresh | Daniel Wagner-Hall | 2015-08-20 | 1 | -3/+3 |
|\ | | | | | | | | | Conflicts: synapse/handlers/register.py | ||||
* | | Merge branch 'develop' into refresh | Daniel Wagner-Hall | 2015-08-20 | 1 | -1/+1 |
|\| | | | | | | | | | Conflicts: synapse/rest/client/v1/login.py | ||||
| * | Another use of check_password that got missed in the yield fix | David Baker | 2015-08-20 | 1 | -1/+1 |
| | | |||||
* | | /tokenrefresh POST endpoint | Daniel Wagner-Hall | 2015-08-20 | 1 | -5/+30 |
| | | | | | | | | | | | | | | | | This allows refresh tokens to be exchanged for (access_token, refresh_token). It also starts issuing them on login, though no clients currently interpret them. | ||||
* | | Move token generation to auth handler | Daniel Wagner-Hall | 2015-08-20 | 1 | -5/+24 |
|/ | | | | | I prefer the auth handler to worry about all auth, and register to call into it as needed, than to smatter auth logic between the two. | ||||
* | Remove an access token log line | Erik Johnston | 2015-08-19 | 1 | -1/+1 |
| | |||||
* | Fix regression where we incorrectly responded with a 200 to /login | Erik Johnston | 2015-08-19 | 1 | -1/+2 |
| | |||||
* | Merge password checking implementations | Daniel Wagner-Hall | 2015-08-12 | 1 | -20/+15 |
| | |||||
* | Simplify LoginHander and AuthHandler | Daniel Wagner-Hall | 2015-08-12 | 1 | -18/+72 |
| | | | | | | | | | * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly | ||||
* | Add back in support for remembering parameters submitted to a ↵ | David Baker | 2015-07-15 | 1 | -2/+4 |
| | | | | user-interactive auth call. | ||||
* | Merge branch 'develop' into markjh/SYT-8-recaptcha | Mark Haines | 2015-05-29 | 1 | -0/+1 |
|\ | | | | | | | | | Conflicts: synapse/handlers/auth.py | ||||
| * | SYN-395: Fix CAPTCHA, don't double decode json | Erik Johnston | 2015-05-28 | 1 | -2/+3 |
| | | |||||
* | | Add config for setting the recaptcha verify api endpoint, so we can test it ↵ | Mark Haines | 2015-05-29 | 1 | -3/+3 |
|/ | | | | in sytest | ||||
* | This api now no longer returns an array | David Baker | 2015-05-01 | 1 | -1/+1 |
| | |||||
* | Add commentage. | David Baker | 2015-04-27 | 1 | -0/+4 |
| | |||||
* | Use underscores instead of camelcase for id server stuff | David Baker | 2015-04-24 | 1 | -6/+6 |
| | |||||
* | pep8 | David Baker | 2015-04-24 | 1 | -2/+2 |
| | |||||
* | Remove ultimately unused feature of saving params from the first call in the ↵ | David Baker | 2015-04-23 | 1 | -2/+10 |
| | | | | session: it's probably too open to abuse. | ||||
* | Password reset, finally. | David Baker | 2015-04-17 | 1 | -1/+7 |
| | |||||
* | Return user ID in use error straight away | David Baker | 2015-04-16 | 1 | -0/+2 |
| | |||||
* | Dummy login so we can do the first POST request to get login flows without ↵ | David Baker | 2015-04-15 | 1 | -0/+6 |
| | | | | it just succeeding | ||||
* | Regstration with email in v2 | David Baker | 2015-04-15 | 1 | -21/+43 |
| | |||||
* | Completely replace fallback auth for C/S V2: | David Baker | 2015-04-01 | 1 | -21/+77 |
| | | | | | | | * Now only the auth part goes to fallback, not the whole operation * Auth fallback is a normal API endpoint, not a static page * Params like the recaptcha pubkey can just live in the config Involves a little engineering on JsonResource so its servlets aren't always forced to return JSON. I should document this more, in fact I'll do that now. | ||||
* | pep8 | David Baker | 2015-03-31 | 1 | -1/+1 |
| | |||||
* | New registration for C/S API v2. Only ReCAPTCHA working currently. | David Baker | 2015-03-30 | 1 | -13/+77 |
| | |||||
* | Implement password changing (finally) along with a start on making ↵ | David Baker | 2015-03-23 | 1 | -0/+109 |
client/server auth more general. |