summary refs log tree commit diff
path: root/synapse/handlers/auth.py (follow)
Commit message (Expand)AuthorAgeFilesLines
* Flatten the synapse.rest.client package (#10600)reivilibre2021-08-171-3/+3
* Use inline type hints in `handlers/` and `rest/`. (#10382)Jonathan de Jong2021-07-161-8/+8
* MSC2918 Refresh tokens implementation (#9450)Quentin Gliech2021-06-241-5/+127
* Always require users to re-authenticate for dangerous operations. (#10184)Patrick Cloke2021-06-161-1/+6
* Change the format of access tokens away from macaroons (#5588)Richard van der Hoff2021-05-121-7/+21
* Fix (final) Bugbear violations (#9838)Jonathan de Jong2021-04-201-1/+1
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-141-1/+0
* Make RateLimiter class check for ratelimit overrides (#9711)Erik Johnston2021-03-301-10/+14
* Import HomeServer from the proper module. (#9665)Patrick Cloke2021-03-231-1/+1
* Return m.change_password.enabled=false if local database is disabled (#9588)Dirk Klimpel2021-03-161-0/+13
* Convert Requester to attrs (#9586)Richard van der Hoff2021-03-101-2/+3
* Record the SSO Auth Provider in the login token (#9510)Richard van der Hoff2021-03-041-10/+58
* Use the proper Request in type hints. (#9515)Patrick Cloke2021-03-011-2/+2
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-161-9/+25
* Social login UI polish (#9301)Richard van der Hoff2021-02-031-2/+14
* Merge branch 'social_login' into developRichard van der Hoff2021-02-011-1/+3
|\
| * Improve styling and wording of SSO UIA templates (#9286)Richard van der Hoff2021-02-011-1/+3
* | Merge branch 'social_login' into developRichard van der Hoff2021-02-011-1/+23
|\|
| * Improve styling and wording of SSO redirect confirm template (#9272)Richard van der Hoff2021-02-011-1/+23
* | Prevent email UIA failures from raising a LoginError (#9265)Andrew Morgan2021-02-011-10/+0
|/
* Fix bugs in handling clientRedirectUrl, and improve OIDC tests (#9127, #9128)Richard van der Hoff2021-01-181-2/+2
* Move `complete_sso_ui_auth` into SSOHandlerRichard van der Hoff2021-01-131-25/+0
* UI Auth via SSO: redirect the user to an appropriate SSO. (#9081)Richard van der Hoff2021-01-121-18/+64
* Kill off `HomeServer.get_ip_from_request()` (#9080)Richard van der Hoff2021-01-121-7/+2
* Remove SynapseRequest.get_user_agent (#9069)Richard van der Hoff2021-01-121-3/+3
* Allow re-using a UI auth validation for a period of time (#8970)Patrick Cloke2020-12-181-8/+24
* Merge remote-tracking branch 'origin/erikj/as_mau_block' into developErik Johnston2020-12-181-1/+7
|\
| * Correctly handle AS registerations and add testErik Johnston2020-12-171-1/+7
* | Fix startup failure with localdb_enabled: False (#8937)Richard van der Hoff2020-12-141-14/+12
* | Allow spam-checker modules to be provide async methods. (#8890)David Teller2020-12-111-4/+4
* | Honour AS ratelimit settings for /login requests (#8920)Erik Johnston2020-12-111-3/+4
* | Simplify the flow for SSO UIA (#8881)Richard van der Hoff2020-12-081-5/+6
* | UIA: offer only available auth flowsRichard van der Hoff2020-12-021-15/+43
|/
* Create a `PasswordProvider` wrapper object (#8849)Richard van der Hoff2020-12-021-55/+148
* Support "identifier" dicts in UIA (#8848)Richard van der Hoff2020-12-011-24/+161
* Don't offer password login when it is disabled (#8835)Richard van der Hoff2020-12-011-1/+9
* Add admin API for logging in as a user (#8617)Erik Johnston2020-11-171-4/+20
* Catch exceptions in password_providers (#8636)Nicolai Søborg2020-11-111-4/+9
* Add ability for access tokens to belong to one user but grant access to anoth...Erik Johnston2020-10-291-4/+4
* Add type hints to application services. (#8655)Patrick Cloke2020-10-281-7/+16
* Fix typos and spelling errors. (#8639)Patrick Cloke2020-10-231-1/+1
* Fix handling of User-Agent headers with bad utf-8. (#8632)Erik Johnston2020-10-231-3/+1
* Fix mypy error: auth handler "checkpw" internal function type mismatch (#8569)Jonathan de Jong2020-10-191-3/+5
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-091-1/+1
* Combine `SpamCheckerApi` with the more generic `ModuleApi`. (#8464)Richard van der Hoff2020-10-071-0/+7
* Allow background tasks to be run on a separate worker. (#8369)Patrick Cloke2020-10-021-1/+1
* Allow additional SSO properties to be passed to the client (#8413)Patrick Cloke2020-09-301-1/+59
* Simplify super() calls to Python 3 syntax. (#8344)Patrick Cloke2020-09-181-1/+1
* Use slots in attrs classes where possible (#8296)Patrick Cloke2020-09-141-1/+1
* Stop sub-classing object (#8249)Patrick Cloke2020-09-041-1/+1
* Move and refactor LoginRestServlet helper methods (#8182)Andrew Morgan2020-08-281-1/+87
* Allow denying or shadow banning registrations via the spam checker (#8034)Patrick Cloke2020-08-201-0/+8
* Use the default templates when a custom template file cannot be found (#8037)Andrew Morgan2020-08-171-7/+5
* Improve performance of the register endpoint (#8009)Patrick Cloke2020-08-061-7/+12
* Update the auth providers to be async. (#7935)Patrick Cloke2020-07-231-1/+6
* isort 5 compatibility (#7786)Will Hunt2020-07-051-2/+1
* Fix inconsistent handling of upper and lower cases of email addresses. (#7021)Dirk Klimpel2020-07-031-2/+3
* Merge branch 'master' into developPatrick Cloke2020-07-021-23/+7
|\
| * Ensure that HTML pages served from Synapse include headers to avoid embedding.Patrick Cloke2020-07-021-23/+7
* | Fix a typo when comparing the URI & method during UI Auth. (#7689)Patrick Cloke2020-06-121-1/+1
|/
* Performance improvements and refactor of Ratelimiter (#7595)Andrew Morgan2020-06-051-16/+8
* Support UI Authentication for OpenID Connect accounts (#7457)Patrick Cloke2020-05-151-1/+3
* Merge tag 'v1.13.0rc2' into developRichard van der Hoff2020-05-141-19/+18
|\
| * Do not validate that the client dict is stable during UI Auth. (#7483)Patrick Cloke2020-05-131-19/+18
* | Merge branch 'release-v1.13.0' into developAndrew Morgan2020-05-111-14/+40
|\|
| * Rework UI Auth session validation for registration (#7455)Patrick Cloke2020-05-081-14/+40
* | Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-081-2/+2
|/
* Persist user interactive authentication sessions (#7302)Patrick Cloke2020-04-301-114/+61
* Reject unknown UI auth sessions (instead of silently generating a new one) (#...Patrick Cloke2020-04-201-65/+94
* Use a template for the SSO success page to allow for customization. (#7279)Patrick Cloke2020-04-171-32/+12
* Convert auth handler to async/await (#7261)Patrick Cloke2020-04-151-92/+81
* Do not allow a deactivated user to login via SSO. (#7240)Patrick Cloke2020-04-091-4/+30
* Support CAS in UI Auth flows. (#7186)Patrick Cloke2020-04-031-2/+2
* Support SAML in the user interactive authentication workflow. (#7102)Patrick Cloke2020-04-011-4/+112
* Validate that the session is not modified during UI-Auth (#7068)Patrick Cloke2020-03-261-4/+33
* Add type annotations and comments to auth handler (#7063)Patrick Cloke2020-03-121-89/+104
* Factor out complete_sso_login and expose it to the Module APIBrendan Abolivier2020-03-031-0/+74
* Admin api to add an email address (#6789)Dirk Klimpel2020-02-071-0/+8
* Merge pull request #6335 from matrix-org/erikj/rc_login_cleanupsBrendan Abolivier2019-11-201-53/+31
|\
| * Apply suggestions from code reviewErik Johnston2019-11-181-2/+2
| * Add failed auth ratelimiting to UIAErik Johnston2019-11-061-1/+32
| * Only do `rc_login` ratelimiting on succesful login.Erik Johnston2019-11-061-54/+1
* | Replace instance variations of homeserver with correct case/spacingAndrew Morgan2019-11-121-2/+2
|/
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-3/+3
* Stop advertising unsupported flows for registration (#6107)Richard van der Hoff2019-09-251-1/+10
* Refactor the user-interactive auth handling (#6105)Richard van der Hoff2019-09-251-131/+10
* Use account_threepid_delegate for 3pid validationAndrew Morgan2019-09-101-1/+10
* Allow Synapse to send registration emails + choose Synapse or an external ser...Andrew Morgan2019-09-061-26/+8
* Remove unnecessary parentheses around return statements (#5931)Andrew Morgan2019-08-301-4/+4
* Remove non-functional 'expire_access_token' setting (#5782)Richard van der Hoff2019-07-301-1/+1
* Replace returnValue with return (#5736)Amber Brown2019-07-231-22/+22
* Return a different error from Invalid Password when a user is deactivated (#5...Andrew Morgan2019-07-151-0/+9
* Implement access token expiry (#5660)Richard van der Hoff2019-07-121-3/+14
* Inline issue_access_token (#5659)Richard van der Hoff2019-07-111-7/+3
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-3/+3
* Added possibilty to disable local password authentication (#5092)Daniel Hoffend2019-06-271-1/+1
* Run Black. (#5482)Amber Brown2019-06-201-145/+121
* Fix defaults on checking threepidsErik Johnston2019-06-101-0/+1
* Add ability to perform password reset via email without trusting the identity...Andrew Morgan2019-06-061-12/+52
* Allowing specifying IS to use in unbind API.Erik Johnston2019-04-011-1/+6
* Support 3PID login in password providers (#4931)Andrew Morgan2019-03-261-1/+38
* Add ratelimiting on failed login attempts (#4865)Brendan Abolivier2019-03-181-5/+23
* Add ratelimiting on login (#4821)Brendan Abolivier2019-03-151-0/+36
* Factor SSO success handling out of CAS login (#4264)Richard van der Hoff2018-12-071-2/+11
* Remove duplicate slashes in generated consent URLsTravis Ralston2018-11-151-1/+1
* Add config variables for enabling terms auth and the policy name (#4142)Travis Ralston2018-11-061-1/+1
* Include a version query string arg for the consent routeTravis Ralston2018-10-311-1/+4
* Merge branch 'develop' into travis/login-termsTravis Ralston2018-10-241-14/+4
|\
| * Correctly account for cpu usage by background threads (#4074)Richard van der Hoff2018-10-231-14/+4
* | pep8Travis Ralston2018-10-151-1/+1
* | Ensure the terms params are actually providedTravis Ralston2018-10-151-0/+1
* | Python is hardTravis Ralston2018-10-151-5/+6
* | Update login terms structure for the proposed language supportTravis Ralston2018-10-121-4/+7
* | Use a flag rather than a new route for the public policyTravis Ralston2018-10-031-1/+1
* | Supply params for terms auth stageTravis Ralston2018-10-031-0/+9
* | Incorporate Dave's work for GDPR login flowsTravis Ralston2018-10-031-0/+4
|/
* Port handlers/ to Python 3 (#3803)Amber Brown2018-09-071-3/+5
* Merge branch 'develop' of github.com:matrix-org/synapse into neilj/fix_off_by...Neil Johnson2018-08-151-3/+17
|\
| * Merge pull request #3667 from matrix-org/erikj/fixup_unbindErik Johnston2018-08-151-3/+17
| |\
| | * Don't fail requests to unbind 3pids for non supporting ID serversErik Johnston2018-08-081-3/+17
* | | fix off by 1s on mauNeil Johnson2018-08-141-2/+2
|/ /
* | bug fixesNeil Johnson2018-08-031-13/+2
* | do mau checks based on monthly_active_users tableNeil Johnson2018-08-021-6/+4
|/
* Merge pull request #3630 from matrix-org/neilj/mau_sign_in_log_in_limitsNeil Johnson2018-08-011-1/+18
|\
| * count_monthly_users() asyncNeil Johnson2018-08-011-4/+7
| * coding styleNeil Johnson2018-07-311-1/+2
| * limit register and sign in on number of monthly usersNeil Johnson2018-07-301-0/+13
* | Python 3: Convert some unicode/bytes uses (#3569)Amber Brown2018-08-021-9/+20
|/
* run isortAmber Brown2018-07-091-12/+14
* Attempt to be more performant on PyPy (#3462)Amber Brown2018-06-281-2/+3
* Pass around the reactor explicitly (#3385)Amber Brown2018-06-221-10/+20
* Remove run_on_reactor (#3395)Amber Brown2018-06-141-6/+2
* Merge pull request #3276 from matrix-org/dbkr/unbindDavid Baker2018-06-111-0/+9
|\
| * Missing yieldDavid Baker2018-06-041-1/+1
| * pep8David Baker2018-05-241-1/+2
| * Unbind 3pids when they're deleted tooDavid Baker2018-05-241-0/+8
* | Consistently use six's iteritems and wrap lazy keys/values in list() if they'...Amber Brown2018-05-311-3/+3
|/
* use bcrypt.checkpwKrombel2018-03-051-2/+4
* Merge pull request #2773 from matrix-org/erikj/hash_bgErik Johnston2018-01-101-8/+16
|\
| * Do bcrypt hashing in a background threadErik Johnston2018-01-101-8/+16
* | support custom login types for validating usersRichard van der Hoff2017-12-051-24/+57
* | Factor out a validate_user_via_ui_auth methodRichard van der Hoff2017-12-051-0/+43
* | Refactor UI auth implementationRichard van der Hoff2017-12-051-17/+29
|/
* Move set_password into its own handlerRichard van der Hoff2017-11-291-16/+0
* Move deactivate_account into its own handlerRichard van der Hoff2017-11-291-16/+0
* Remove pushers when deleting access tokensRichard van der Hoff2017-11-291-4/+12
* Fix auth handler #2678Jurek2017-11-161-1/+1
* Factor _AccountHandler proxy out to ModuleApiRichard van der Hoff2017-11-021-69/+3
* Merge pull request #2624 from matrix-org/rav/password_provider_notify_logoutDavid Baker2017-11-021-2/+24
|\
| * Notify auth providers on logoutRichard van der Hoff2017-11-011-2/+24
* | Merge pull request #2623 from matrix-org/rav/callbacks_for_auth_providersDavid Baker2017-11-021-6/+11
|\ \
| * | Fix user-interactive password authRichard van der Hoff2017-11-011-1/+3
| * | Allow password_auth_providers to return a callbackRichard van der Hoff2017-11-011-5/+8
| |/
* | Merge pull request #2622 from matrix-org/rav/db_access_for_auth_providersDavid Baker2017-11-021-0/+16
|\ \ | |/ |/|
| * Let auth providers get to the databaseRichard van der Hoff2017-10-311-0/+16
* | Merge pull request #2620 from matrix-org/rav/auth_non_passwordRichard van der Hoff2017-11-011-22/+96
|\ \
| * | Let password auth providers handle arbitrary login typesRichard van der Hoff2017-11-011-22/+96
| |/
* | Merge remote-tracking branch 'origin/develop' into rav/refactor_accesstoken_d...David Baker2017-11-011-9/+6
|\ \
| * | Break dependency of auth_handler on device_handlerRichard van der Hoff2017-11-011-9/+6
| |/
* / Move access token deletion into auth handlerRichard van der Hoff2017-11-011-2/+47
|/
* Refactor some logic from LoginRestServlet into AuthHandlerRichard van der Hoff2017-10-311-28/+52
* Allow ASes to deactivate their own usersRichard van der Hoff2017-10-271-1/+1
* Remove pointless create() methodRichard van der Hoff2017-10-201-1/+1
* Use an ExpiringCache for storing registration sessionsErik Johnston2017-06-291-11/+10
* Support registration / login with phone numberDavid Baker2017-03-131-7/+25
* Revert "Support registration & login with phone number"Erik Johnston2017-03-131-25/+7
* Fix log lineDavid Baker2017-03-081-1/+1
* Factor out msisdn canonicalisationDavid Baker2017-03-081-1/+1
* Fix pep8David Baker2017-03-081-1/+1
* Just return the deferred straight offDavid Baker2017-03-011-4/+2
* WIP support for msisdn 3pid proxy methodsDavid Baker2017-02-141-5/+25
* Fix email push in pusher workerErik Johnston2017-02-021-36/+44
* Fix another comment typoDavid Baker2016-12-211-1/+1
* Add /account/3pid/delete endpointDavid Baker2016-12-201-0/+11
* fix ability to change password to a non-ascii oneMatthew Hodgson2016-12-181-2/+2
* Merge pull request #1649 from matrix-org/dbkr/log_ui_auth_argsErik Johnston2016-12-051-1/+9
|\
| * Clarify that creds doesn not contain passwords.David Baker2016-11-241-1/+3
| * Log the args that we have on UI auth completionDavid Baker2016-11-241-1/+7
* | Rip out more refresh_token codeRichard van der Hoff2016-11-301-10/+0
* | Merge branch 'develop' into rav/no_more_refresh_tokensRichard van der Hoff2016-11-301-5/+6
|\ \
| * | Stop putting a time caveat on access tokensRichard van der Hoff2016-11-291-5/+6
| |/
* / Stop generating refresh tokensRichard van der Hoff2016-11-281-16/+4
|/
* Use external ldap auth pacakgeErik Johnston2016-11-151-0/+2
* Don't error on non-ascii passwordsDavid Baker2016-11-031-1/+1
* Convert emails to lowercase when storingDavid Baker2016-10-191-0/+12
* Merge pull request #1155 from matrix-org/erikj/pluggable_pwd_authErik Johnston2016-10-121-295/+39
|\
| * Implement pluggable password authErik Johnston2016-10-031-295/+39
* | Work around email-spamming Riot bugRichard van der Hoff2016-10-111-3/+14
* | Merge pull request #1160 from matrix-org/rav/401_on_password_failRichard van der Hoff2016-10-071-32/+52
|\ \ | |/ |/|
| * Interactive Auth: Return 401 from for incorrect passwordRichard van der Hoff2016-10-071-32/+52
* | Restructure ldap authenticationMartin Weinelt2016-09-291-87/+192
|/
* Refactor user_delete_access_tokens. Invalidate get_user_by_access_token to sl...Erik Johnston2016-08-151-3/+3
* Log the value which is observed in the first place.Daniel Ehlers2016-08-141-1/+1
* Fix AttributeError when bind_dn is not defined.Daniel Ehlers2016-08-141-1/+1
* /login: Respond with a 403 when we get an invalid m.login.tokenRichard van der Hoff2016-08-091-3/+3
* Fix login with m.login.tokenRichard van der Hoff2016-08-081-13/+4
* Implement deleting devicesRichard van der Hoff2016-07-261-2/+20
* Use get to avoid KeyErrorsDavid Baker2016-07-221-1/+1
* Log the hostname the reCAPTCHA was completed onDavid Baker2016-07-221-2/+11
* Type annotationsRichard van der Hoff2016-07-191-0/+4
* Add device_id support to /loginRichard van der Hoff2016-07-181-8/+11
* Refactor login flowRichard van der Hoff2016-07-181-47/+59
* Bug fix: expire invalid access tokensNegar Fazeli2016-07-131-2/+3
* Fix password configKent Shikama2016-07-051-2/+2
* Fix pep8Kent Shikama2016-07-051-1/+2
* Add pepper to password hashingKent Shikama2016-07-051-2/+3
* Rework ldap integration with ldap3Martin Weinelt2016-06-221-33/+170
* Fix TypeError in call to bcrypt.hashpwSalvatore LaMendola2016-06-161-1/+1
* Email unsubscribing that may in theory, workDavid Baker2016-06-021-0/+5
* Send down correct error response if user not foundErik Johnston2016-05-271-2/+7
* Merge pull request #741 from negzi/create_user_with_expiryErik Johnston2016-05-131-2/+2
|\
| * Create user with expiryNegi Fazeli2016-05-131-2/+2
* | Correctly handle NULL password hashes from the databaseErik Johnston2016-05-111-1/+4
|/
* Simplify _check_passwordErik Johnston2016-04-151-5/+9
* Fix check_password rather than inverting the meaning of _check_local_password...Mark Haines2016-04-141-9/+12
* Fix login to error for nonexistent usersDavid Baker2016-04-141-1/+1
* fix check for failed authenticationChristoph Witzany2016-04-061-2/+4
* remove lineChristoph Witzany2016-04-061-1/+0
* make tests for ldap more specific to not be fooled by MocksChristoph Witzany2016-04-061-3/+3
* output ldap version for info and to pacify pep8Christoph Witzany2016-04-061-0/+2
* conditionally import ldapChristoph Witzany2016-04-061-2/+5
* fix pep8Christoph Witzany2016-04-061-2/+1
* fix exception handlingChristoph Witzany2016-04-061-2/+2
* code styleChristoph Witzany2016-04-061-6/+13
* add tls property and twist my head around twistedChristoph Witzany2016-04-061-15/+29
* move LDAP authentication to AuthenticationHandlerChristoph Witzany2016-04-061-6/+48
* Use google style doc strings.Mark Haines2016-04-011-9/+17
* Make registration idempotent, part 2: be idempotent if the client specifies a...David Baker2016-03-161-0/+14
* pep8David Baker2016-03-161-1/+2
* time_msec()David Baker2016-03-161-1/+1
* string with symbols is a bit too symboly.David Baker2016-03-161-1/+1
* Replace other time.time().David Baker2016-03-161-2/+1
* Use hs get_clock instead of time.time()David Baker2016-03-161-2/+2
* pep8 & remove debug loggingDavid Baker2016-03-161-1/+1
* Make registration idempotent: if you specify the same session, make it give y...David Baker2016-03-161-12/+48
* Make select more sensible when dseleting access tokens, rename pusher deletio...David Baker2016-03-111-1/+1
* Delete old, unused methods and rename new one to just be `user_delete_access_...David Baker2016-03-111-1/+1
* Dear PyCharm, please indent sensibly for me. Thx.David Baker2016-03-111-2/+2
* Fix cache invalidation so deleting access tokens (which we did when changing ...David Baker2016-03-111-4/+9
* Stop using checkpw as it seems to have vanished from bcrypt. Use `bcrypt.hash...David Baker2016-03-021-1/+1
* Allow guests to upgrade their accountsDaniel Wagner-Hall2016-01-051-3/+3
* Take a boolean not a list of lambdasDaniel Wagner-Hall2015-11-191-1/+1
* Minor review fixesSteven Hammerton2015-11-111-4/+4
* Share more code between macaroon validationSteven Hammerton2015-11-111-48/+7
* Allow hs to do CAS login completely and issue the client with a login token t...Steven Hammerton2015-11-051-3/+73
* Allow guests to register and call /events?room_id=Daniel Wagner-Hall2015-11-041-1/+4
* Add config for how many bcrypt rounds to use for password hashesMark Haines2015-10-161-1/+2
* Formatting changesSteven Hammerton2015-10-101-1/+2
* Provide ability to login using CASSteven Hammerton2015-10-101-0/+31
* Allow configuration to ignore invalid SSL certsDaniel Wagner-Hall2015-09-091-2/+1