| Commit message (Expand) | Author | Age | Files | Lines |
* | Support registration / login with phone number | David Baker | 2017-03-13 | 1 | -7/+25 |
* | Revert "Support registration & login with phone number" | Erik Johnston | 2017-03-13 | 1 | -25/+7 |
* | Fix log line | David Baker | 2017-03-08 | 1 | -1/+1 |
* | Factor out msisdn canonicalisation | David Baker | 2017-03-08 | 1 | -1/+1 |
* | Fix pep8 | David Baker | 2017-03-08 | 1 | -1/+1 |
* | Just return the deferred straight off | David Baker | 2017-03-01 | 1 | -4/+2 |
* | WIP support for msisdn 3pid proxy methods | David Baker | 2017-02-14 | 1 | -5/+25 |
* | Fix email push in pusher worker | Erik Johnston | 2017-02-02 | 1 | -36/+44 |
* | Fix another comment typo | David Baker | 2016-12-21 | 1 | -1/+1 |
* | Add /account/3pid/delete endpoint | David Baker | 2016-12-20 | 1 | -0/+11 |
* | fix ability to change password to a non-ascii one | Matthew Hodgson | 2016-12-18 | 1 | -2/+2 |
* | Merge pull request #1649 from matrix-org/dbkr/log_ui_auth_args | Erik Johnston | 2016-12-05 | 1 | -1/+9 |
|\ |
|
| * | Clarify that creds doesn not contain passwords. | David Baker | 2016-11-24 | 1 | -1/+3 |
| * | Log the args that we have on UI auth completion | David Baker | 2016-11-24 | 1 | -1/+7 |
* | | Rip out more refresh_token code | Richard van der Hoff | 2016-11-30 | 1 | -10/+0 |
* | | Merge branch 'develop' into rav/no_more_refresh_tokens | Richard van der Hoff | 2016-11-30 | 1 | -5/+6 |
|\ \ |
|
| * | | Stop putting a time caveat on access tokens | Richard van der Hoff | 2016-11-29 | 1 | -5/+6 |
| |/ |
|
* / | Stop generating refresh tokens | Richard van der Hoff | 2016-11-28 | 1 | -16/+4 |
|/ |
|
* | Use external ldap auth pacakge | Erik Johnston | 2016-11-15 | 1 | -0/+2 |
* | Don't error on non-ascii passwords | David Baker | 2016-11-03 | 1 | -1/+1 |
* | Convert emails to lowercase when storing | David Baker | 2016-10-19 | 1 | -0/+12 |
* | Merge pull request #1155 from matrix-org/erikj/pluggable_pwd_auth | Erik Johnston | 2016-10-12 | 1 | -295/+39 |
|\ |
|
| * | Implement pluggable password auth | Erik Johnston | 2016-10-03 | 1 | -295/+39 |
* | | Work around email-spamming Riot bug | Richard van der Hoff | 2016-10-11 | 1 | -3/+14 |
* | | Merge pull request #1160 from matrix-org/rav/401_on_password_fail | Richard van der Hoff | 2016-10-07 | 1 | -32/+52 |
|\ \
| |/
|/| |
|
| * | Interactive Auth: Return 401 from for incorrect password | Richard van der Hoff | 2016-10-07 | 1 | -32/+52 |
* | | Restructure ldap authentication | Martin Weinelt | 2016-09-29 | 1 | -87/+192 |
|/ |
|
* | Refactor user_delete_access_tokens. Invalidate get_user_by_access_token to sl... | Erik Johnston | 2016-08-15 | 1 | -3/+3 |
* | Log the value which is observed in the first place. | Daniel Ehlers | 2016-08-14 | 1 | -1/+1 |
* | Fix AttributeError when bind_dn is not defined. | Daniel Ehlers | 2016-08-14 | 1 | -1/+1 |
* | /login: Respond with a 403 when we get an invalid m.login.token | Richard van der Hoff | 2016-08-09 | 1 | -3/+3 |
* | Fix login with m.login.token | Richard van der Hoff | 2016-08-08 | 1 | -13/+4 |
* | Implement deleting devices | Richard van der Hoff | 2016-07-26 | 1 | -2/+20 |
* | Use get to avoid KeyErrors | David Baker | 2016-07-22 | 1 | -1/+1 |
* | Log the hostname the reCAPTCHA was completed on | David Baker | 2016-07-22 | 1 | -2/+11 |
* | Type annotations | Richard van der Hoff | 2016-07-19 | 1 | -0/+4 |
* | Add device_id support to /login | Richard van der Hoff | 2016-07-18 | 1 | -8/+11 |
* | Refactor login flow | Richard van der Hoff | 2016-07-18 | 1 | -47/+59 |
* | Bug fix: expire invalid access tokens | Negar Fazeli | 2016-07-13 | 1 | -2/+3 |
* | Fix password config | Kent Shikama | 2016-07-05 | 1 | -2/+2 |
* | Fix pep8 | Kent Shikama | 2016-07-05 | 1 | -1/+2 |
* | Add pepper to password hashing | Kent Shikama | 2016-07-05 | 1 | -2/+3 |
* | Rework ldap integration with ldap3 | Martin Weinelt | 2016-06-22 | 1 | -33/+170 |
* | Fix TypeError in call to bcrypt.hashpw | Salvatore LaMendola | 2016-06-16 | 1 | -1/+1 |
* | Email unsubscribing that may in theory, work | David Baker | 2016-06-02 | 1 | -0/+5 |
* | Send down correct error response if user not found | Erik Johnston | 2016-05-27 | 1 | -2/+7 |
* | Merge pull request #741 from negzi/create_user_with_expiry | Erik Johnston | 2016-05-13 | 1 | -2/+2 |
|\ |
|
| * | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -2/+2 |
* | | Correctly handle NULL password hashes from the database | Erik Johnston | 2016-05-11 | 1 | -1/+4 |
|/ |
|
* | Simplify _check_password | Erik Johnston | 2016-04-15 | 1 | -5/+9 |
* | Fix check_password rather than inverting the meaning of _check_local_password... | Mark Haines | 2016-04-14 | 1 | -9/+12 |
* | Fix login to error for nonexistent users | David Baker | 2016-04-14 | 1 | -1/+1 |
* | fix check for failed authentication | Christoph Witzany | 2016-04-06 | 1 | -2/+4 |
* | remove line | Christoph Witzany | 2016-04-06 | 1 | -1/+0 |
* | make tests for ldap more specific to not be fooled by Mocks | Christoph Witzany | 2016-04-06 | 1 | -3/+3 |
* | output ldap version for info and to pacify pep8 | Christoph Witzany | 2016-04-06 | 1 | -0/+2 |
* | conditionally import ldap | Christoph Witzany | 2016-04-06 | 1 | -2/+5 |
* | fix pep8 | Christoph Witzany | 2016-04-06 | 1 | -2/+1 |
* | fix exception handling | Christoph Witzany | 2016-04-06 | 1 | -2/+2 |
* | code style | Christoph Witzany | 2016-04-06 | 1 | -6/+13 |
* | add tls property and twist my head around twisted | Christoph Witzany | 2016-04-06 | 1 | -15/+29 |
* | move LDAP authentication to AuthenticationHandler | Christoph Witzany | 2016-04-06 | 1 | -6/+48 |
* | Use google style doc strings. | Mark Haines | 2016-04-01 | 1 | -9/+17 |
* | Make registration idempotent, part 2: be idempotent if the client specifies a... | David Baker | 2016-03-16 | 1 | -0/+14 |
* | pep8 | David Baker | 2016-03-16 | 1 | -1/+2 |
* | time_msec() | David Baker | 2016-03-16 | 1 | -1/+1 |
* | string with symbols is a bit too symboly. | David Baker | 2016-03-16 | 1 | -1/+1 |
* | Replace other time.time(). | David Baker | 2016-03-16 | 1 | -2/+1 |
* | Use hs get_clock instead of time.time() | David Baker | 2016-03-16 | 1 | -2/+2 |
* | pep8 & remove debug logging | David Baker | 2016-03-16 | 1 | -1/+1 |
* | Make registration idempotent: if you specify the same session, make it give y... | David Baker | 2016-03-16 | 1 | -12/+48 |
* | Make select more sensible when dseleting access tokens, rename pusher deletio... | David Baker | 2016-03-11 | 1 | -1/+1 |
* | Delete old, unused methods and rename new one to just be `user_delete_access_... | David Baker | 2016-03-11 | 1 | -1/+1 |
* | Dear PyCharm, please indent sensibly for me. Thx. | David Baker | 2016-03-11 | 1 | -2/+2 |
* | Fix cache invalidation so deleting access tokens (which we did when changing ... | David Baker | 2016-03-11 | 1 | -4/+9 |
* | Stop using checkpw as it seems to have vanished from bcrypt. Use `bcrypt.hash... | David Baker | 2016-03-02 | 1 | -1/+1 |
* | Allow guests to upgrade their accounts | Daniel Wagner-Hall | 2016-01-05 | 1 | -3/+3 |
* | Take a boolean not a list of lambdas | Daniel Wagner-Hall | 2015-11-19 | 1 | -1/+1 |
* | Minor review fixes | Steven Hammerton | 2015-11-11 | 1 | -4/+4 |
* | Share more code between macaroon validation | Steven Hammerton | 2015-11-11 | 1 | -48/+7 |
* | Allow hs to do CAS login completely and issue the client with a login token t... | Steven Hammerton | 2015-11-05 | 1 | -3/+73 |
* | Allow guests to register and call /events?room_id= | Daniel Wagner-Hall | 2015-11-04 | 1 | -1/+4 |
* | Add config for how many bcrypt rounds to use for password hashes | Mark Haines | 2015-10-16 | 1 | -1/+2 |
* | Formatting changes | Steven Hammerton | 2015-10-10 | 1 | -1/+2 |
* | Provide ability to login using CAS | Steven Hammerton | 2015-10-10 | 1 | -0/+31 |
* | Allow configuration to ignore invalid SSL certs | Daniel Wagner-Hall | 2015-09-09 | 1 | -2/+1 |
* | Swap out bcrypt for md5 in tests | Daniel Wagner-Hall | 2015-08-26 | 1 | -2/+25 |
* | Merge erikj/user_dedup to develop | Daniel Wagner-Hall | 2015-08-26 | 1 | -8/+31 |
* | Fix bad merge | Daniel Wagner-Hall | 2015-08-20 | 1 | -8/+1 |
* | Fix indentation | Daniel Wagner-Hall | 2015-08-20 | 1 | -1/+2 |
* | Fix flake8 warnings | Daniel Wagner-Hall | 2015-08-20 | 1 | -4/+6 |
* | Merge branch 'auth' into refresh | Daniel Wagner-Hall | 2015-08-20 | 1 | -3/+3 |
|\ |
|
* | | Merge branch 'develop' into refresh | Daniel Wagner-Hall | 2015-08-20 | 1 | -1/+1 |
|\| |
|
| * | Another use of check_password that got missed in the yield fix | David Baker | 2015-08-20 | 1 | -1/+1 |
* | | /tokenrefresh POST endpoint | Daniel Wagner-Hall | 2015-08-20 | 1 | -5/+30 |
* | | Move token generation to auth handler | Daniel Wagner-Hall | 2015-08-20 | 1 | -5/+24 |
|/ |
|
* | Remove an access token log line | Erik Johnston | 2015-08-19 | 1 | -1/+1 |
* | Fix regression where we incorrectly responded with a 200 to /login | Erik Johnston | 2015-08-19 | 1 | -1/+2 |
* | Merge password checking implementations | Daniel Wagner-Hall | 2015-08-12 | 1 | -20/+15 |
* | Simplify LoginHander and AuthHandler | Daniel Wagner-Hall | 2015-08-12 | 1 | -18/+72 |
* | Add back in support for remembering parameters submitted to a user-interactiv... | David Baker | 2015-07-15 | 1 | -2/+4 |
* | Merge branch 'develop' into markjh/SYT-8-recaptcha | Mark Haines | 2015-05-29 | 1 | -0/+1 |
|\ |
|
| * | SYN-395: Fix CAPTCHA, don't double decode json | Erik Johnston | 2015-05-28 | 1 | -2/+3 |
* | | Add config for setting the recaptcha verify api endpoint, so we can test it i... | Mark Haines | 2015-05-29 | 1 | -3/+3 |
|/ |
|
* | This api now no longer returns an array | David Baker | 2015-05-01 | 1 | -1/+1 |
* | Add commentage. | David Baker | 2015-04-27 | 1 | -0/+4 |
* | Use underscores instead of camelcase for id server stuff | David Baker | 2015-04-24 | 1 | -6/+6 |
* | pep8 | David Baker | 2015-04-24 | 1 | -2/+2 |
* | Remove ultimately unused feature of saving params from the first call in the ... | David Baker | 2015-04-23 | 1 | -2/+10 |
* | Password reset, finally. | David Baker | 2015-04-17 | 1 | -1/+7 |
* | Return user ID in use error straight away | David Baker | 2015-04-16 | 1 | -0/+2 |
* | Dummy login so we can do the first POST request to get login flows without it... | David Baker | 2015-04-15 | 1 | -0/+6 |
* | Regstration with email in v2 | David Baker | 2015-04-15 | 1 | -21/+43 |
* | Completely replace fallback auth for C/S V2: | David Baker | 2015-04-01 | 1 | -21/+77 |
* | pep8 | David Baker | 2015-03-31 | 1 | -1/+1 |
* | New registration for C/S API v2. Only ReCAPTCHA working currently. | David Baker | 2015-03-30 | 1 | -13/+77 |
* | Implement password changing (finally) along with a start on making client/ser... | David Baker | 2015-03-23 | 1 | -0/+109 |