summary refs log tree commit diff
path: root/synapse/handlers/auth.py (follow)
Commit message (Expand)AuthorAgeFilesLines
* Implement MSC3848: Introduce errcodes for specific event sending failures (#1...Will Hunt2022-07-271-1/+1
* Move the "email unsubscribe" resource, refactor the macaroon generator & simp...Quentin Gliech2022-06-141-108/+1
* Decouple `synapse.api.auth_blocking.AuthBlocking` from `synapse.api.auth.Auth...Quentin Gliech2022-06-141-2/+3
* Return the same error message from `/login` when password is incorrect and wh...Daniel Aloni2022-06-071-2/+6
* Add an option allowing users to use their password to reauthenticate even tho...reivilibre2022-05-271-9/+20
* Implement cancellation support/protection for module callbacks (#12568)Sean Quah2022-05-091-6/+19
* Use `getClientAddress` instead of `getClientIP`. (#12599)Patrick Cloke2022-05-041-1/+1
* Remove unused `# type: ignore`s (#12531)David Robertson2022-04-271-1/+1
* Add a callback to react to 3PID associations (#12302)Brendan Abolivier2022-03-311-0/+3
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-231-2/+2
* Allow modules to set a display name on registration (#12009)Brendan Abolivier2022-02-171-0/+58
* Add a callback to allow modules to deny 3PID (#11854)Brendan Abolivier2022-02-081-0/+44
* Add a module callback to set username at registration (#11790)Brendan Abolivier2022-01-261-0/+58
* Correctly await on_logged_out callbacks (#11786)Brendan Abolivier2022-01-201-1/+1
* Use auto_attribs/native type hints for attrs classes. (#11692)Patrick Cloke2022-01-131-7/+7
* Make `get_device` return None if the device doesn't exist rather than raising...reivilibre2021-12-131-3/+1
* Save the OIDC session ID (sid) with the device on login (#11482)Quentin Gliech2021-12-061-3/+31
* Support expiry of refresh tokens and expiry of the overall session when refre...reivilibre2021-11-261-11/+79
* Rename `get_refresh_token_for_user_id` to `create_refresh_token_for_user_id` ...reivilibre2021-11-181-2/+2
* Rename `get_access_token_for_user_id` method to `create_access_token_for_user...reivilibre2021-11-171-2/+2
* Properly register all callback hooks for legacy password authentication provi...reivilibre2021-11-161-13/+13
* Make minor correction to type of auth_checkers callbacks (#11253)reivilibre2021-11-041-1/+3
* Fix cyclic import in the module API (#11180)Brendan Abolivier2021-10-251-2/+4
* Port the Password Auth Providers module interface to the new generic interfac...Azrenbeth2021-10-131-140/+388
* Remove the deprecated BaseHandler. (#11005)Patrick Cloke2021-10-081-4/+4
* Use direct references for configuration variables (part 7). (#10959)Patrick Cloke2021-10-041-1/+1
* Use direct references for configuration variables (part 5). (#10897)Patrick Cloke2021-09-241-4/+6
* Use direct references for configuration variables (part 4). (#10893)Patrick Cloke2021-09-231-1/+1
* Use direct references for some configuration variables (part 3) (#10885)Patrick Cloke2021-09-231-11/+11
* Require type hints in the handlers module. (#10831)Patrick Cloke2021-09-201-21/+24
* Name the type of token in "Invalid token" messages (#10815)David Robertson2021-09-141-1/+1
* Use direct references for some configuration variables (#10798)Patrick Cloke2021-09-131-8/+8
* Remove pushers when deleting 3pid from account (#10581)Azrenbeth2021-08-261-1/+4
* Display an error page during failure of fallback UIA. (#10561)Callum Brown2021-08-181-9/+14
* Flatten the synapse.rest.client package (#10600)reivilibre2021-08-171-3/+3
* Use inline type hints in `handlers/` and `rest/`. (#10382)Jonathan de Jong2021-07-161-8/+8
* MSC2918 Refresh tokens implementation (#9450)Quentin Gliech2021-06-241-5/+127
* Always require users to re-authenticate for dangerous operations. (#10184)Patrick Cloke2021-06-161-1/+6
* Change the format of access tokens away from macaroons (#5588)Richard van der Hoff2021-05-121-7/+21
* Fix (final) Bugbear violations (#9838)Jonathan de Jong2021-04-201-1/+1
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-141-1/+0
* Make RateLimiter class check for ratelimit overrides (#9711)Erik Johnston2021-03-301-10/+14
* Import HomeServer from the proper module. (#9665)Patrick Cloke2021-03-231-1/+1
* Return m.change_password.enabled=false if local database is disabled (#9588)Dirk Klimpel2021-03-161-0/+13
* Convert Requester to attrs (#9586)Richard van der Hoff2021-03-101-2/+3
* Record the SSO Auth Provider in the login token (#9510)Richard van der Hoff2021-03-041-10/+58
* Use the proper Request in type hints. (#9515)Patrick Cloke2021-03-011-2/+2
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-161-9/+25
* Social login UI polish (#9301)Richard van der Hoff2021-02-031-2/+14
* Merge branch 'social_login' into developRichard van der Hoff2021-02-011-1/+3
|\
| * Improve styling and wording of SSO UIA templates (#9286)Richard van der Hoff2021-02-011-1/+3
* | Merge branch 'social_login' into developRichard van der Hoff2021-02-011-1/+23
|\|
| * Improve styling and wording of SSO redirect confirm template (#9272)Richard van der Hoff2021-02-011-1/+23
* | Prevent email UIA failures from raising a LoginError (#9265)Andrew Morgan2021-02-011-10/+0
|/
* Fix bugs in handling clientRedirectUrl, and improve OIDC tests (#9127, #9128)Richard van der Hoff2021-01-181-2/+2
* Move `complete_sso_ui_auth` into SSOHandlerRichard van der Hoff2021-01-131-25/+0
* UI Auth via SSO: redirect the user to an appropriate SSO. (#9081)Richard van der Hoff2021-01-121-18/+64
* Kill off `HomeServer.get_ip_from_request()` (#9080)Richard van der Hoff2021-01-121-7/+2
* Remove SynapseRequest.get_user_agent (#9069)Richard van der Hoff2021-01-121-3/+3
* Allow re-using a UI auth validation for a period of time (#8970)Patrick Cloke2020-12-181-8/+24
* Merge remote-tracking branch 'origin/erikj/as_mau_block' into developErik Johnston2020-12-181-1/+7
|\
| * Correctly handle AS registerations and add testErik Johnston2020-12-171-1/+7
* | Fix startup failure with localdb_enabled: False (#8937)Richard van der Hoff2020-12-141-14/+12
* | Allow spam-checker modules to be provide async methods. (#8890)David Teller2020-12-111-4/+4
* | Honour AS ratelimit settings for /login requests (#8920)Erik Johnston2020-12-111-3/+4
* | Simplify the flow for SSO UIA (#8881)Richard van der Hoff2020-12-081-5/+6
* | UIA: offer only available auth flowsRichard van der Hoff2020-12-021-15/+43
|/
* Create a `PasswordProvider` wrapper object (#8849)Richard van der Hoff2020-12-021-55/+148
* Support "identifier" dicts in UIA (#8848)Richard van der Hoff2020-12-011-24/+161
* Don't offer password login when it is disabled (#8835)Richard van der Hoff2020-12-011-1/+9
* Add admin API for logging in as a user (#8617)Erik Johnston2020-11-171-4/+20
* Catch exceptions in password_providers (#8636)Nicolai Søborg2020-11-111-4/+9
* Add ability for access tokens to belong to one user but grant access to anoth...Erik Johnston2020-10-291-4/+4
* Add type hints to application services. (#8655)Patrick Cloke2020-10-281-7/+16
* Fix typos and spelling errors. (#8639)Patrick Cloke2020-10-231-1/+1
* Fix handling of User-Agent headers with bad utf-8. (#8632)Erik Johnston2020-10-231-3/+1
* Fix mypy error: auth handler "checkpw" internal function type mismatch (#8569)Jonathan de Jong2020-10-191-3/+5
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-091-1/+1
* Combine `SpamCheckerApi` with the more generic `ModuleApi`. (#8464)Richard van der Hoff2020-10-071-0/+7
* Allow background tasks to be run on a separate worker. (#8369)Patrick Cloke2020-10-021-1/+1
* Allow additional SSO properties to be passed to the client (#8413)Patrick Cloke2020-09-301-1/+59
* Simplify super() calls to Python 3 syntax. (#8344)Patrick Cloke2020-09-181-1/+1
* Use slots in attrs classes where possible (#8296)Patrick Cloke2020-09-141-1/+1
* Stop sub-classing object (#8249)Patrick Cloke2020-09-041-1/+1
* Move and refactor LoginRestServlet helper methods (#8182)Andrew Morgan2020-08-281-1/+87
* Allow denying or shadow banning registrations via the spam checker (#8034)Patrick Cloke2020-08-201-0/+8
* Use the default templates when a custom template file cannot be found (#8037)Andrew Morgan2020-08-171-7/+5
* Improve performance of the register endpoint (#8009)Patrick Cloke2020-08-061-7/+12
* Update the auth providers to be async. (#7935)Patrick Cloke2020-07-231-1/+6
* isort 5 compatibility (#7786)Will Hunt2020-07-051-2/+1
* Fix inconsistent handling of upper and lower cases of email addresses. (#7021)Dirk Klimpel2020-07-031-2/+3
* Merge branch 'master' into developPatrick Cloke2020-07-021-23/+7
|\
| * Ensure that HTML pages served from Synapse include headers to avoid embedding.Patrick Cloke2020-07-021-23/+7
* | Fix a typo when comparing the URI & method during UI Auth. (#7689)Patrick Cloke2020-06-121-1/+1
|/
* Performance improvements and refactor of Ratelimiter (#7595)Andrew Morgan2020-06-051-16/+8
* Support UI Authentication for OpenID Connect accounts (#7457)Patrick Cloke2020-05-151-1/+3
* Merge tag 'v1.13.0rc2' into developRichard van der Hoff2020-05-141-19/+18
|\
| * Do not validate that the client dict is stable during UI Auth. (#7483)Patrick Cloke2020-05-131-19/+18
* | Merge branch 'release-v1.13.0' into developAndrew Morgan2020-05-111-14/+40
|\|
| * Rework UI Auth session validation for registration (#7455)Patrick Cloke2020-05-081-14/+40
* | Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-081-2/+2
|/
* Persist user interactive authentication sessions (#7302)Patrick Cloke2020-04-301-114/+61
* Reject unknown UI auth sessions (instead of silently generating a new one) (#...Patrick Cloke2020-04-201-65/+94
* Use a template for the SSO success page to allow for customization. (#7279)Patrick Cloke2020-04-171-32/+12
* Convert auth handler to async/await (#7261)Patrick Cloke2020-04-151-92/+81
* Do not allow a deactivated user to login via SSO. (#7240)Patrick Cloke2020-04-091-4/+30
* Support CAS in UI Auth flows. (#7186)Patrick Cloke2020-04-031-2/+2
* Support SAML in the user interactive authentication workflow. (#7102)Patrick Cloke2020-04-011-4/+112
* Validate that the session is not modified during UI-Auth (#7068)Patrick Cloke2020-03-261-4/+33
* Add type annotations and comments to auth handler (#7063)Patrick Cloke2020-03-121-89/+104
* Factor out complete_sso_login and expose it to the Module APIBrendan Abolivier2020-03-031-0/+74
* Admin api to add an email address (#6789)Dirk Klimpel2020-02-071-0/+8
* Merge pull request #6335 from matrix-org/erikj/rc_login_cleanupsBrendan Abolivier2019-11-201-53/+31
|\
| * Apply suggestions from code reviewErik Johnston2019-11-181-2/+2
| * Add failed auth ratelimiting to UIAErik Johnston2019-11-061-1/+32
| * Only do `rc_login` ratelimiting on succesful login.Erik Johnston2019-11-061-54/+1
* | Replace instance variations of homeserver with correct case/spacingAndrew Morgan2019-11-121-2/+2
|/
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-3/+3
* Stop advertising unsupported flows for registration (#6107)Richard van der Hoff2019-09-251-1/+10
* Refactor the user-interactive auth handling (#6105)Richard van der Hoff2019-09-251-131/+10
* Use account_threepid_delegate for 3pid validationAndrew Morgan2019-09-101-1/+10
* Allow Synapse to send registration emails + choose Synapse or an external ser...Andrew Morgan2019-09-061-26/+8
* Remove unnecessary parentheses around return statements (#5931)Andrew Morgan2019-08-301-4/+4
* Remove non-functional 'expire_access_token' setting (#5782)Richard van der Hoff2019-07-301-1/+1
* Replace returnValue with return (#5736)Amber Brown2019-07-231-22/+22
* Return a different error from Invalid Password when a user is deactivated (#5...Andrew Morgan2019-07-151-0/+9
* Implement access token expiry (#5660)Richard van der Hoff2019-07-121-3/+14
* Inline issue_access_token (#5659)Richard van der Hoff2019-07-111-7/+3
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-3/+3
* Added possibilty to disable local password authentication (#5092)Daniel Hoffend2019-06-271-1/+1
* Run Black. (#5482)Amber Brown2019-06-201-145/+121
* Fix defaults on checking threepidsErik Johnston2019-06-101-0/+1
* Add ability to perform password reset via email without trusting the identity...Andrew Morgan2019-06-061-12/+52
* Allowing specifying IS to use in unbind API.Erik Johnston2019-04-011-1/+6
* Support 3PID login in password providers (#4931)Andrew Morgan2019-03-261-1/+38
* Add ratelimiting on failed login attempts (#4865)Brendan Abolivier2019-03-181-5/+23
* Add ratelimiting on login (#4821)Brendan Abolivier2019-03-151-0/+36
* Factor SSO success handling out of CAS login (#4264)Richard van der Hoff2018-12-071-2/+11
* Remove duplicate slashes in generated consent URLsTravis Ralston2018-11-151-1/+1
* Add config variables for enabling terms auth and the policy name (#4142)Travis Ralston2018-11-061-1/+1
* Include a version query string arg for the consent routeTravis Ralston2018-10-311-1/+4
* Merge branch 'develop' into travis/login-termsTravis Ralston2018-10-241-14/+4
|\
| * Correctly account for cpu usage by background threads (#4074)Richard van der Hoff2018-10-231-14/+4
* | pep8Travis Ralston2018-10-151-1/+1
* | Ensure the terms params are actually providedTravis Ralston2018-10-151-0/+1
* | Python is hardTravis Ralston2018-10-151-5/+6
* | Update login terms structure for the proposed language supportTravis Ralston2018-10-121-4/+7
* | Use a flag rather than a new route for the public policyTravis Ralston2018-10-031-1/+1
* | Supply params for terms auth stageTravis Ralston2018-10-031-0/+9
* | Incorporate Dave's work for GDPR login flowsTravis Ralston2018-10-031-0/+4
|/
* Port handlers/ to Python 3 (#3803)Amber Brown2018-09-071-3/+5
* Merge branch 'develop' of github.com:matrix-org/synapse into neilj/fix_off_by...Neil Johnson2018-08-151-3/+17
|\
| * Merge pull request #3667 from matrix-org/erikj/fixup_unbindErik Johnston2018-08-151-3/+17
| |\
| | * Don't fail requests to unbind 3pids for non supporting ID serversErik Johnston2018-08-081-3/+17
* | | fix off by 1s on mauNeil Johnson2018-08-141-2/+2
|/ /
* | bug fixesNeil Johnson2018-08-031-13/+2
* | do mau checks based on monthly_active_users tableNeil Johnson2018-08-021-6/+4
|/
* Merge pull request #3630 from matrix-org/neilj/mau_sign_in_log_in_limitsNeil Johnson2018-08-011-1/+18
|\
| * count_monthly_users() asyncNeil Johnson2018-08-011-4/+7
| * coding styleNeil Johnson2018-07-311-1/+2
| * limit register and sign in on number of monthly usersNeil Johnson2018-07-301-0/+13
* | Python 3: Convert some unicode/bytes uses (#3569)Amber Brown2018-08-021-9/+20
|/
* run isortAmber Brown2018-07-091-12/+14
* Attempt to be more performant on PyPy (#3462)Amber Brown2018-06-281-2/+3
* Pass around the reactor explicitly (#3385)Amber Brown2018-06-221-10/+20
* Remove run_on_reactor (#3395)Amber Brown2018-06-141-6/+2
* Merge pull request #3276 from matrix-org/dbkr/unbindDavid Baker2018-06-111-0/+9
|\
| * Missing yieldDavid Baker2018-06-041-1/+1
| * pep8David Baker2018-05-241-1/+2
| * Unbind 3pids when they're deleted tooDavid Baker2018-05-241-0/+8
* | Consistently use six's iteritems and wrap lazy keys/values in list() if they'...Amber Brown2018-05-311-3/+3
|/
* use bcrypt.checkpwKrombel2018-03-051-2/+4
* Merge pull request #2773 from matrix-org/erikj/hash_bgErik Johnston2018-01-101-8/+16
|\
| * Do bcrypt hashing in a background threadErik Johnston2018-01-101-8/+16
* | support custom login types for validating usersRichard van der Hoff2017-12-051-24/+57
* | Factor out a validate_user_via_ui_auth methodRichard van der Hoff2017-12-051-0/+43
* | Refactor UI auth implementationRichard van der Hoff2017-12-051-17/+29
|/
* Move set_password into its own handlerRichard van der Hoff2017-11-291-16/+0
* Move deactivate_account into its own handlerRichard van der Hoff2017-11-291-16/+0
* Remove pushers when deleting access tokensRichard van der Hoff2017-11-291-4/+12
* Fix auth handler #2678Jurek2017-11-161-1/+1
* Factor _AccountHandler proxy out to ModuleApiRichard van der Hoff2017-11-021-69/+3
* Merge pull request #2624 from matrix-org/rav/password_provider_notify_logoutDavid Baker2017-11-021-2/+24
|\
| * Notify auth providers on logoutRichard van der Hoff2017-11-011-2/+24
* | Merge pull request #2623 from matrix-org/rav/callbacks_for_auth_providersDavid Baker2017-11-021-6/+11
|\ \
| * | Fix user-interactive password authRichard van der Hoff2017-11-011-1/+3
| * | Allow password_auth_providers to return a callbackRichard van der Hoff2017-11-011-5/+8
| |/
* | Merge pull request #2622 from matrix-org/rav/db_access_for_auth_providersDavid Baker2017-11-021-0/+16
|\ \ | |/ |/|
| * Let auth providers get to the databaseRichard van der Hoff2017-10-311-0/+16
* | Merge pull request #2620 from matrix-org/rav/auth_non_passwordRichard van der Hoff2017-11-011-22/+96
|\ \
| * | Let password auth providers handle arbitrary login typesRichard van der Hoff2017-11-011-22/+96
| |/
* | Merge remote-tracking branch 'origin/develop' into rav/refactor_accesstoken_d...David Baker2017-11-011-9/+6
|\ \
| * | Break dependency of auth_handler on device_handlerRichard van der Hoff2017-11-011-9/+6
| |/
* / Move access token deletion into auth handlerRichard van der Hoff2017-11-011-2/+47
|/
* Refactor some logic from LoginRestServlet into AuthHandlerRichard van der Hoff2017-10-311-28/+52
* Allow ASes to deactivate their own usersRichard van der Hoff2017-10-271-1/+1
* Remove pointless create() methodRichard van der Hoff2017-10-201-1/+1
* Use an ExpiringCache for storing registration sessionsErik Johnston2017-06-291-11/+10
* Support registration / login with phone numberDavid Baker2017-03-131-7/+25
* Revert "Support registration & login with phone number"Erik Johnston2017-03-131-25/+7
* Fix log lineDavid Baker2017-03-081-1/+1
* Factor out msisdn canonicalisationDavid Baker2017-03-081-1/+1
* Fix pep8David Baker2017-03-081-1/+1
* Just return the deferred straight offDavid Baker2017-03-011-4/+2
* WIP support for msisdn 3pid proxy methodsDavid Baker2017-02-141-5/+25
* Fix email push in pusher workerErik Johnston2017-02-021-36/+44
* Fix another comment typoDavid Baker2016-12-211-1/+1
* Add /account/3pid/delete endpointDavid Baker2016-12-201-0/+11
* fix ability to change password to a non-ascii oneMatthew Hodgson2016-12-181-2/+2
* Merge pull request #1649 from matrix-org/dbkr/log_ui_auth_argsErik Johnston2016-12-051-1/+9
|\
| * Clarify that creds doesn not contain passwords.David Baker2016-11-241-1/+3
| * Log the args that we have on UI auth completionDavid Baker2016-11-241-1/+7
* | Rip out more refresh_token codeRichard van der Hoff2016-11-301-10/+0
* | Merge branch 'develop' into rav/no_more_refresh_tokensRichard van der Hoff2016-11-301-5/+6
|\ \
| * | Stop putting a time caveat on access tokensRichard van der Hoff2016-11-291-5/+6
| |/
* / Stop generating refresh tokensRichard van der Hoff2016-11-281-16/+4
|/
* Use external ldap auth pacakgeErik Johnston2016-11-151-0/+2
* Don't error on non-ascii passwordsDavid Baker2016-11-031-1/+1
* Convert emails to lowercase when storingDavid Baker2016-10-191-0/+12
* Merge pull request #1155 from matrix-org/erikj/pluggable_pwd_authErik Johnston2016-10-121-295/+39
|\
| * Implement pluggable password authErik Johnston2016-10-031-295/+39
* | Work around email-spamming Riot bugRichard van der Hoff2016-10-111-3/+14
* | Merge pull request #1160 from matrix-org/rav/401_on_password_failRichard van der Hoff2016-10-071-32/+52
|\ \ | |/ |/|
| * Interactive Auth: Return 401 from for incorrect passwordRichard van der Hoff2016-10-071-32/+52
* | Restructure ldap authenticationMartin Weinelt2016-09-291-87/+192
|/
* Refactor user_delete_access_tokens. Invalidate get_user_by_access_token to sl...Erik Johnston2016-08-151-3/+3
* Log the value which is observed in the first place.Daniel Ehlers2016-08-141-1/+1
* Fix AttributeError when bind_dn is not defined.Daniel Ehlers2016-08-141-1/+1
* /login: Respond with a 403 when we get an invalid m.login.tokenRichard van der Hoff2016-08-091-3/+3
* Fix login with m.login.tokenRichard van der Hoff2016-08-081-13/+4
* Implement deleting devicesRichard van der Hoff2016-07-261-2/+20
* Use get to avoid KeyErrorsDavid Baker2016-07-221-1/+1
* Log the hostname the reCAPTCHA was completed onDavid Baker2016-07-221-2/+11
* Type annotationsRichard van der Hoff2016-07-191-0/+4
* Add device_id support to /loginRichard van der Hoff2016-07-181-8/+11
* Refactor login flowRichard van der Hoff2016-07-181-47/+59
* Bug fix: expire invalid access tokensNegar Fazeli2016-07-131-2/+3
* Fix password configKent Shikama2016-07-051-2/+2
* Fix pep8Kent Shikama2016-07-051-1/+2
* Add pepper to password hashingKent Shikama2016-07-051-2/+3
* Rework ldap integration with ldap3Martin Weinelt2016-06-221-33/+170
* Fix TypeError in call to bcrypt.hashpwSalvatore LaMendola2016-06-161-1/+1
* Email unsubscribing that may in theory, workDavid Baker2016-06-021-0/+5
* Send down correct error response if user not foundErik Johnston2016-05-271-2/+7
* Merge pull request #741 from negzi/create_user_with_expiryErik Johnston2016-05-131-2/+2
|\
| * Create user with expiryNegi Fazeli2016-05-131-2/+2
* | Correctly handle NULL password hashes from the databaseErik Johnston2016-05-111-1/+4
|/
* Simplify _check_passwordErik Johnston2016-04-151-5/+9
* Fix check_password rather than inverting the meaning of _check_local_password...Mark Haines2016-04-141-9/+12
* Fix login to error for nonexistent usersDavid Baker2016-04-141-1/+1