| Commit message (Expand) | Author | Age | Files | Lines |
* | Use inline type hints in `handlers/` and `rest/`. (#10382) | Jonathan de Jong | 2021-07-16 | 1 | -8/+8 |
* | MSC2918 Refresh tokens implementation (#9450) | Quentin Gliech | 2021-06-24 | 1 | -5/+127 |
* | Always require users to re-authenticate for dangerous operations. (#10184) | Patrick Cloke | 2021-06-16 | 1 | -1/+6 |
* | Change the format of access tokens away from macaroons (#5588) | Richard van der Hoff | 2021-05-12 | 1 | -7/+21 |
* | Fix (final) Bugbear violations (#9838) | Jonathan de Jong | 2021-04-20 | 1 | -1/+1 |
* | Remove redundant "coding: utf-8" lines (#9786) | Jonathan de Jong | 2021-04-14 | 1 | -1/+0 |
* | Make RateLimiter class check for ratelimit overrides (#9711) | Erik Johnston | 2021-03-30 | 1 | -10/+14 |
* | Import HomeServer from the proper module. (#9665) | Patrick Cloke | 2021-03-23 | 1 | -1/+1 |
* | Return m.change_password.enabled=false if local database is disabled (#9588) | Dirk Klimpel | 2021-03-16 | 1 | -0/+13 |
* | Convert Requester to attrs (#9586) | Richard van der Hoff | 2021-03-10 | 1 | -2/+3 |
* | Record the SSO Auth Provider in the login token (#9510) | Richard van der Hoff | 2021-03-04 | 1 | -10/+58 |
* | Use the proper Request in type hints. (#9515) | Patrick Cloke | 2021-03-01 | 1 | -2/+2 |
* | Update black, and run auto formatting over the codebase (#9381) | Eric Eastwood | 2021-02-16 | 1 | -9/+25 |
* | Social login UI polish (#9301) | Richard van der Hoff | 2021-02-03 | 1 | -2/+14 |
* | Merge branch 'social_login' into develop | Richard van der Hoff | 2021-02-01 | 1 | -1/+3 |
|\ |
|
| * | Improve styling and wording of SSO UIA templates (#9286) | Richard van der Hoff | 2021-02-01 | 1 | -1/+3 |
* | | Merge branch 'social_login' into develop | Richard van der Hoff | 2021-02-01 | 1 | -1/+23 |
|\| |
|
| * | Improve styling and wording of SSO redirect confirm template (#9272) | Richard van der Hoff | 2021-02-01 | 1 | -1/+23 |
* | | Prevent email UIA failures from raising a LoginError (#9265) | Andrew Morgan | 2021-02-01 | 1 | -10/+0 |
|/ |
|
* | Fix bugs in handling clientRedirectUrl, and improve OIDC tests (#9127, #9128) | Richard van der Hoff | 2021-01-18 | 1 | -2/+2 |
* | Move `complete_sso_ui_auth` into SSOHandler | Richard van der Hoff | 2021-01-13 | 1 | -25/+0 |
* | UI Auth via SSO: redirect the user to an appropriate SSO. (#9081) | Richard van der Hoff | 2021-01-12 | 1 | -18/+64 |
* | Kill off `HomeServer.get_ip_from_request()` (#9080) | Richard van der Hoff | 2021-01-12 | 1 | -7/+2 |
* | Remove SynapseRequest.get_user_agent (#9069) | Richard van der Hoff | 2021-01-12 | 1 | -3/+3 |
* | Allow re-using a UI auth validation for a period of time (#8970) | Patrick Cloke | 2020-12-18 | 1 | -8/+24 |
* | Merge remote-tracking branch 'origin/erikj/as_mau_block' into develop | Erik Johnston | 2020-12-18 | 1 | -1/+7 |
|\ |
|
| * | Correctly handle AS registerations and add test | Erik Johnston | 2020-12-17 | 1 | -1/+7 |
* | | Fix startup failure with localdb_enabled: False (#8937) | Richard van der Hoff | 2020-12-14 | 1 | -14/+12 |
* | | Allow spam-checker modules to be provide async methods. (#8890) | David Teller | 2020-12-11 | 1 | -4/+4 |
* | | Honour AS ratelimit settings for /login requests (#8920) | Erik Johnston | 2020-12-11 | 1 | -3/+4 |
* | | Simplify the flow for SSO UIA (#8881) | Richard van der Hoff | 2020-12-08 | 1 | -5/+6 |
* | | UIA: offer only available auth flows | Richard van der Hoff | 2020-12-02 | 1 | -15/+43 |
|/ |
|
* | Create a `PasswordProvider` wrapper object (#8849) | Richard van der Hoff | 2020-12-02 | 1 | -55/+148 |
* | Support "identifier" dicts in UIA (#8848) | Richard van der Hoff | 2020-12-01 | 1 | -24/+161 |
* | Don't offer password login when it is disabled (#8835) | Richard van der Hoff | 2020-12-01 | 1 | -1/+9 |
* | Add admin API for logging in as a user (#8617) | Erik Johnston | 2020-11-17 | 1 | -4/+20 |
* | Catch exceptions in password_providers (#8636) | Nicolai Søborg | 2020-11-11 | 1 | -4/+9 |
* | Add ability for access tokens to belong to one user but grant access to anoth... | Erik Johnston | 2020-10-29 | 1 | -4/+4 |
* | Add type hints to application services. (#8655) | Patrick Cloke | 2020-10-28 | 1 | -7/+16 |
* | Fix typos and spelling errors. (#8639) | Patrick Cloke | 2020-10-23 | 1 | -1/+1 |
* | Fix handling of User-Agent headers with bad utf-8. (#8632) | Erik Johnston | 2020-10-23 | 1 | -3/+1 |
* | Fix mypy error: auth handler "checkpw" internal function type mismatch (#8569) | Jonathan de Jong | 2020-10-19 | 1 | -3/+5 |
* | Remove the deprecated Handlers object (#8494) | Patrick Cloke | 2020-10-09 | 1 | -1/+1 |
* | Combine `SpamCheckerApi` with the more generic `ModuleApi`. (#8464) | Richard van der Hoff | 2020-10-07 | 1 | -0/+7 |
* | Allow background tasks to be run on a separate worker. (#8369) | Patrick Cloke | 2020-10-02 | 1 | -1/+1 |
* | Allow additional SSO properties to be passed to the client (#8413) | Patrick Cloke | 2020-09-30 | 1 | -1/+59 |
* | Simplify super() calls to Python 3 syntax. (#8344) | Patrick Cloke | 2020-09-18 | 1 | -1/+1 |
* | Use slots in attrs classes where possible (#8296) | Patrick Cloke | 2020-09-14 | 1 | -1/+1 |
* | Stop sub-classing object (#8249) | Patrick Cloke | 2020-09-04 | 1 | -1/+1 |
* | Move and refactor LoginRestServlet helper methods (#8182) | Andrew Morgan | 2020-08-28 | 1 | -1/+87 |
* | Allow denying or shadow banning registrations via the spam checker (#8034) | Patrick Cloke | 2020-08-20 | 1 | -0/+8 |
* | Use the default templates when a custom template file cannot be found (#8037) | Andrew Morgan | 2020-08-17 | 1 | -7/+5 |
* | Improve performance of the register endpoint (#8009) | Patrick Cloke | 2020-08-06 | 1 | -7/+12 |
* | Update the auth providers to be async. (#7935) | Patrick Cloke | 2020-07-23 | 1 | -1/+6 |
* | isort 5 compatibility (#7786) | Will Hunt | 2020-07-05 | 1 | -2/+1 |
* | Fix inconsistent handling of upper and lower cases of email addresses. (#7021) | Dirk Klimpel | 2020-07-03 | 1 | -2/+3 |
* | Merge branch 'master' into develop | Patrick Cloke | 2020-07-02 | 1 | -23/+7 |
|\ |
|
| * | Ensure that HTML pages served from Synapse include headers to avoid embedding. | Patrick Cloke | 2020-07-02 | 1 | -23/+7 |
* | | Fix a typo when comparing the URI & method during UI Auth. (#7689) | Patrick Cloke | 2020-06-12 | 1 | -1/+1 |
|/ |
|
* | Performance improvements and refactor of Ratelimiter (#7595) | Andrew Morgan | 2020-06-05 | 1 | -16/+8 |
* | Support UI Authentication for OpenID Connect accounts (#7457) | Patrick Cloke | 2020-05-15 | 1 | -1/+3 |
* | Merge tag 'v1.13.0rc2' into develop | Richard van der Hoff | 2020-05-14 | 1 | -19/+18 |
|\ |
|
| * | Do not validate that the client dict is stable during UI Auth. (#7483) | Patrick Cloke | 2020-05-13 | 1 | -19/+18 |
* | | Merge branch 'release-v1.13.0' into develop | Andrew Morgan | 2020-05-11 | 1 | -14/+40 |
|\| |
|
| * | Rework UI Auth session validation for registration (#7455) | Patrick Cloke | 2020-05-08 | 1 | -14/+40 |
* | | Implement OpenID Connect-based login (#7256) | Quentin Gliech | 2020-05-08 | 1 | -2/+2 |
|/ |
|
* | Persist user interactive authentication sessions (#7302) | Patrick Cloke | 2020-04-30 | 1 | -114/+61 |
* | Reject unknown UI auth sessions (instead of silently generating a new one) (#... | Patrick Cloke | 2020-04-20 | 1 | -65/+94 |
* | Use a template for the SSO success page to allow for customization. (#7279) | Patrick Cloke | 2020-04-17 | 1 | -32/+12 |
* | Convert auth handler to async/await (#7261) | Patrick Cloke | 2020-04-15 | 1 | -92/+81 |
* | Do not allow a deactivated user to login via SSO. (#7240) | Patrick Cloke | 2020-04-09 | 1 | -4/+30 |
* | Support CAS in UI Auth flows. (#7186) | Patrick Cloke | 2020-04-03 | 1 | -2/+2 |
* | Support SAML in the user interactive authentication workflow. (#7102) | Patrick Cloke | 2020-04-01 | 1 | -4/+112 |
* | Validate that the session is not modified during UI-Auth (#7068) | Patrick Cloke | 2020-03-26 | 1 | -4/+33 |
* | Add type annotations and comments to auth handler (#7063) | Patrick Cloke | 2020-03-12 | 1 | -89/+104 |
* | Factor out complete_sso_login and expose it to the Module API | Brendan Abolivier | 2020-03-03 | 1 | -0/+74 |
* | Admin api to add an email address (#6789) | Dirk Klimpel | 2020-02-07 | 1 | -0/+8 |
* | Merge pull request #6335 from matrix-org/erikj/rc_login_cleanups | Brendan Abolivier | 2019-11-20 | 1 | -53/+31 |
|\ |
|
| * | Apply suggestions from code review | Erik Johnston | 2019-11-18 | 1 | -2/+2 |
| * | Add failed auth ratelimiting to UIA | Erik Johnston | 2019-11-06 | 1 | -1/+32 |
| * | Only do `rc_login` ratelimiting on succesful login. | Erik Johnston | 2019-11-06 | 1 | -54/+1 |
* | | Replace instance variations of homeserver with correct case/spacing | Andrew Morgan | 2019-11-12 | 1 | -2/+2 |
|/ |
|
* | Remove usage of deprecated logger.warn method from codebase (#6271) | Andrew Morgan | 2019-10-31 | 1 | -3/+3 |
* | Stop advertising unsupported flows for registration (#6107) | Richard van der Hoff | 2019-09-25 | 1 | -1/+10 |
* | Refactor the user-interactive auth handling (#6105) | Richard van der Hoff | 2019-09-25 | 1 | -131/+10 |
* | Use account_threepid_delegate for 3pid validation | Andrew Morgan | 2019-09-10 | 1 | -1/+10 |
* | Allow Synapse to send registration emails + choose Synapse or an external ser... | Andrew Morgan | 2019-09-06 | 1 | -26/+8 |
* | Remove unnecessary parentheses around return statements (#5931) | Andrew Morgan | 2019-08-30 | 1 | -4/+4 |
* | Remove non-functional 'expire_access_token' setting (#5782) | Richard van der Hoff | 2019-07-30 | 1 | -1/+1 |
* | Replace returnValue with return (#5736) | Amber Brown | 2019-07-23 | 1 | -22/+22 |
* | Return a different error from Invalid Password when a user is deactivated (#5... | Andrew Morgan | 2019-07-15 | 1 | -0/+9 |
* | Implement access token expiry (#5660) | Richard van der Hoff | 2019-07-12 | 1 | -3/+14 |
* | Inline issue_access_token (#5659) | Richard van der Hoff | 2019-07-11 | 1 | -7/+3 |
* | Move logging utilities out of the side drawer of util/ and into logging/ (#5606) | Amber Brown | 2019-07-04 | 1 | -3/+3 |
* | Added possibilty to disable local password authentication (#5092) | Daniel Hoffend | 2019-06-27 | 1 | -1/+1 |
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 1 | -145/+121 |
* | Fix defaults on checking threepids | Erik Johnston | 2019-06-10 | 1 | -0/+1 |
* | Add ability to perform password reset via email without trusting the identity... | Andrew Morgan | 2019-06-06 | 1 | -12/+52 |
* | Allowing specifying IS to use in unbind API. | Erik Johnston | 2019-04-01 | 1 | -1/+6 |
* | Support 3PID login in password providers (#4931) | Andrew Morgan | 2019-03-26 | 1 | -1/+38 |
* | Add ratelimiting on failed login attempts (#4865) | Brendan Abolivier | 2019-03-18 | 1 | -5/+23 |
* | Add ratelimiting on login (#4821) | Brendan Abolivier | 2019-03-15 | 1 | -0/+36 |
* | Factor SSO success handling out of CAS login (#4264) | Richard van der Hoff | 2018-12-07 | 1 | -2/+11 |
* | Remove duplicate slashes in generated consent URLs | Travis Ralston | 2018-11-15 | 1 | -1/+1 |
* | Add config variables for enabling terms auth and the policy name (#4142) | Travis Ralston | 2018-11-06 | 1 | -1/+1 |
* | Include a version query string arg for the consent route | Travis Ralston | 2018-10-31 | 1 | -1/+4 |
* | Merge branch 'develop' into travis/login-terms | Travis Ralston | 2018-10-24 | 1 | -14/+4 |
|\ |
|
| * | Correctly account for cpu usage by background threads (#4074) | Richard van der Hoff | 2018-10-23 | 1 | -14/+4 |
* | | pep8 | Travis Ralston | 2018-10-15 | 1 | -1/+1 |
* | | Ensure the terms params are actually provided | Travis Ralston | 2018-10-15 | 1 | -0/+1 |
* | | Python is hard | Travis Ralston | 2018-10-15 | 1 | -5/+6 |
* | | Update login terms structure for the proposed language support | Travis Ralston | 2018-10-12 | 1 | -4/+7 |
* | | Use a flag rather than a new route for the public policy | Travis Ralston | 2018-10-03 | 1 | -1/+1 |
* | | Supply params for terms auth stage | Travis Ralston | 2018-10-03 | 1 | -0/+9 |
* | | Incorporate Dave's work for GDPR login flows | Travis Ralston | 2018-10-03 | 1 | -0/+4 |
|/ |
|
* | Port handlers/ to Python 3 (#3803) | Amber Brown | 2018-09-07 | 1 | -3/+5 |
* | Merge branch 'develop' of github.com:matrix-org/synapse into neilj/fix_off_by... | Neil Johnson | 2018-08-15 | 1 | -3/+17 |
|\ |
|
| * | Merge pull request #3667 from matrix-org/erikj/fixup_unbind | Erik Johnston | 2018-08-15 | 1 | -3/+17 |
| |\ |
|
| | * | Don't fail requests to unbind 3pids for non supporting ID servers | Erik Johnston | 2018-08-08 | 1 | -3/+17 |
* | | | fix off by 1s on mau | Neil Johnson | 2018-08-14 | 1 | -2/+2 |
|/ / |
|
* | | bug fixes | Neil Johnson | 2018-08-03 | 1 | -13/+2 |
* | | do mau checks based on monthly_active_users table | Neil Johnson | 2018-08-02 | 1 | -6/+4 |
|/ |
|
* | Merge pull request #3630 from matrix-org/neilj/mau_sign_in_log_in_limits | Neil Johnson | 2018-08-01 | 1 | -1/+18 |
|\ |
|
| * | count_monthly_users() async | Neil Johnson | 2018-08-01 | 1 | -4/+7 |
| * | coding style | Neil Johnson | 2018-07-31 | 1 | -1/+2 |
| * | limit register and sign in on number of monthly users | Neil Johnson | 2018-07-30 | 1 | -0/+13 |
* | | Python 3: Convert some unicode/bytes uses (#3569) | Amber Brown | 2018-08-02 | 1 | -9/+20 |
|/ |
|
* | run isort | Amber Brown | 2018-07-09 | 1 | -12/+14 |
* | Attempt to be more performant on PyPy (#3462) | Amber Brown | 2018-06-28 | 1 | -2/+3 |
* | Pass around the reactor explicitly (#3385) | Amber Brown | 2018-06-22 | 1 | -10/+20 |
* | Remove run_on_reactor (#3395) | Amber Brown | 2018-06-14 | 1 | -6/+2 |
* | Merge pull request #3276 from matrix-org/dbkr/unbind | David Baker | 2018-06-11 | 1 | -0/+9 |
|\ |
|
| * | Missing yield | David Baker | 2018-06-04 | 1 | -1/+1 |
| * | pep8 | David Baker | 2018-05-24 | 1 | -1/+2 |
| * | Unbind 3pids when they're deleted too | David Baker | 2018-05-24 | 1 | -0/+8 |
* | | Consistently use six's iteritems and wrap lazy keys/values in list() if they'... | Amber Brown | 2018-05-31 | 1 | -3/+3 |
|/ |
|
* | use bcrypt.checkpw | Krombel | 2018-03-05 | 1 | -2/+4 |
* | Merge pull request #2773 from matrix-org/erikj/hash_bg | Erik Johnston | 2018-01-10 | 1 | -8/+16 |
|\ |
|
| * | Do bcrypt hashing in a background thread | Erik Johnston | 2018-01-10 | 1 | -8/+16 |
* | | support custom login types for validating users | Richard van der Hoff | 2017-12-05 | 1 | -24/+57 |
* | | Factor out a validate_user_via_ui_auth method | Richard van der Hoff | 2017-12-05 | 1 | -0/+43 |
* | | Refactor UI auth implementation | Richard van der Hoff | 2017-12-05 | 1 | -17/+29 |
|/ |
|
* | Move set_password into its own handler | Richard van der Hoff | 2017-11-29 | 1 | -16/+0 |
* | Move deactivate_account into its own handler | Richard van der Hoff | 2017-11-29 | 1 | -16/+0 |
* | Remove pushers when deleting access tokens | Richard van der Hoff | 2017-11-29 | 1 | -4/+12 |
* | Fix auth handler #2678 | Jurek | 2017-11-16 | 1 | -1/+1 |
* | Factor _AccountHandler proxy out to ModuleApi | Richard van der Hoff | 2017-11-02 | 1 | -69/+3 |
* | Merge pull request #2624 from matrix-org/rav/password_provider_notify_logout | David Baker | 2017-11-02 | 1 | -2/+24 |
|\ |
|
| * | Notify auth providers on logout | Richard van der Hoff | 2017-11-01 | 1 | -2/+24 |
* | | Merge pull request #2623 from matrix-org/rav/callbacks_for_auth_providers | David Baker | 2017-11-02 | 1 | -6/+11 |
|\ \ |
|
| * | | Fix user-interactive password auth | Richard van der Hoff | 2017-11-01 | 1 | -1/+3 |
| * | | Allow password_auth_providers to return a callback | Richard van der Hoff | 2017-11-01 | 1 | -5/+8 |
| |/ |
|
* | | Merge pull request #2622 from matrix-org/rav/db_access_for_auth_providers | David Baker | 2017-11-02 | 1 | -0/+16 |
|\ \
| |/
|/| |
|
| * | Let auth providers get to the database | Richard van der Hoff | 2017-10-31 | 1 | -0/+16 |
* | | Merge pull request #2620 from matrix-org/rav/auth_non_password | Richard van der Hoff | 2017-11-01 | 1 | -22/+96 |
|\ \ |
|
| * | | Let password auth providers handle arbitrary login types | Richard van der Hoff | 2017-11-01 | 1 | -22/+96 |
| |/ |
|
* | | Merge remote-tracking branch 'origin/develop' into rav/refactor_accesstoken_d... | David Baker | 2017-11-01 | 1 | -9/+6 |
|\ \ |
|
| * | | Break dependency of auth_handler on device_handler | Richard van der Hoff | 2017-11-01 | 1 | -9/+6 |
| |/ |
|
* / | Move access token deletion into auth handler | Richard van der Hoff | 2017-11-01 | 1 | -2/+47 |
|/ |
|
* | Refactor some logic from LoginRestServlet into AuthHandler | Richard van der Hoff | 2017-10-31 | 1 | -28/+52 |
* | Allow ASes to deactivate their own users | Richard van der Hoff | 2017-10-27 | 1 | -1/+1 |
* | Remove pointless create() method | Richard van der Hoff | 2017-10-20 | 1 | -1/+1 |
* | Use an ExpiringCache for storing registration sessions | Erik Johnston | 2017-06-29 | 1 | -11/+10 |
* | Support registration / login with phone number | David Baker | 2017-03-13 | 1 | -7/+25 |
* | Revert "Support registration & login with phone number" | Erik Johnston | 2017-03-13 | 1 | -25/+7 |
* | Fix log line | David Baker | 2017-03-08 | 1 | -1/+1 |
* | Factor out msisdn canonicalisation | David Baker | 2017-03-08 | 1 | -1/+1 |
* | Fix pep8 | David Baker | 2017-03-08 | 1 | -1/+1 |
* | Just return the deferred straight off | David Baker | 2017-03-01 | 1 | -4/+2 |
* | WIP support for msisdn 3pid proxy methods | David Baker | 2017-02-14 | 1 | -5/+25 |
* | Fix email push in pusher worker | Erik Johnston | 2017-02-02 | 1 | -36/+44 |
* | Fix another comment typo | David Baker | 2016-12-21 | 1 | -1/+1 |
* | Add /account/3pid/delete endpoint | David Baker | 2016-12-20 | 1 | -0/+11 |
* | fix ability to change password to a non-ascii one | Matthew Hodgson | 2016-12-18 | 1 | -2/+2 |
* | Merge pull request #1649 from matrix-org/dbkr/log_ui_auth_args | Erik Johnston | 2016-12-05 | 1 | -1/+9 |
|\ |
|
| * | Clarify that creds doesn not contain passwords. | David Baker | 2016-11-24 | 1 | -1/+3 |
| * | Log the args that we have on UI auth completion | David Baker | 2016-11-24 | 1 | -1/+7 |
* | | Rip out more refresh_token code | Richard van der Hoff | 2016-11-30 | 1 | -10/+0 |
* | | Merge branch 'develop' into rav/no_more_refresh_tokens | Richard van der Hoff | 2016-11-30 | 1 | -5/+6 |
|\ \ |
|
| * | | Stop putting a time caveat on access tokens | Richard van der Hoff | 2016-11-29 | 1 | -5/+6 |
| |/ |
|
* / | Stop generating refresh tokens | Richard van der Hoff | 2016-11-28 | 1 | -16/+4 |
|/ |
|
* | Use external ldap auth pacakge | Erik Johnston | 2016-11-15 | 1 | -0/+2 |
* | Don't error on non-ascii passwords | David Baker | 2016-11-03 | 1 | -1/+1 |
* | Convert emails to lowercase when storing | David Baker | 2016-10-19 | 1 | -0/+12 |
* | Merge pull request #1155 from matrix-org/erikj/pluggable_pwd_auth | Erik Johnston | 2016-10-12 | 1 | -295/+39 |
|\ |
|
| * | Implement pluggable password auth | Erik Johnston | 2016-10-03 | 1 | -295/+39 |
* | | Work around email-spamming Riot bug | Richard van der Hoff | 2016-10-11 | 1 | -3/+14 |
* | | Merge pull request #1160 from matrix-org/rav/401_on_password_fail | Richard van der Hoff | 2016-10-07 | 1 | -32/+52 |
|\ \
| |/
|/| |
|
| * | Interactive Auth: Return 401 from for incorrect password | Richard van der Hoff | 2016-10-07 | 1 | -32/+52 |
* | | Restructure ldap authentication | Martin Weinelt | 2016-09-29 | 1 | -87/+192 |
|/ |
|
* | Refactor user_delete_access_tokens. Invalidate get_user_by_access_token to sl... | Erik Johnston | 2016-08-15 | 1 | -3/+3 |
* | Log the value which is observed in the first place. | Daniel Ehlers | 2016-08-14 | 1 | -1/+1 |
* | Fix AttributeError when bind_dn is not defined. | Daniel Ehlers | 2016-08-14 | 1 | -1/+1 |
* | /login: Respond with a 403 when we get an invalid m.login.token | Richard van der Hoff | 2016-08-09 | 1 | -3/+3 |
* | Fix login with m.login.token | Richard van der Hoff | 2016-08-08 | 1 | -13/+4 |
* | Implement deleting devices | Richard van der Hoff | 2016-07-26 | 1 | -2/+20 |
* | Use get to avoid KeyErrors | David Baker | 2016-07-22 | 1 | -1/+1 |
* | Log the hostname the reCAPTCHA was completed on | David Baker | 2016-07-22 | 1 | -2/+11 |
* | Type annotations | Richard van der Hoff | 2016-07-19 | 1 | -0/+4 |
* | Add device_id support to /login | Richard van der Hoff | 2016-07-18 | 1 | -8/+11 |
* | Refactor login flow | Richard van der Hoff | 2016-07-18 | 1 | -47/+59 |
* | Bug fix: expire invalid access tokens | Negar Fazeli | 2016-07-13 | 1 | -2/+3 |
* | Fix password config | Kent Shikama | 2016-07-05 | 1 | -2/+2 |
* | Fix pep8 | Kent Shikama | 2016-07-05 | 1 | -1/+2 |
* | Add pepper to password hashing | Kent Shikama | 2016-07-05 | 1 | -2/+3 |
* | Rework ldap integration with ldap3 | Martin Weinelt | 2016-06-22 | 1 | -33/+170 |
* | Fix TypeError in call to bcrypt.hashpw | Salvatore LaMendola | 2016-06-16 | 1 | -1/+1 |
* | Email unsubscribing that may in theory, work | David Baker | 2016-06-02 | 1 | -0/+5 |
* | Send down correct error response if user not found | Erik Johnston | 2016-05-27 | 1 | -2/+7 |
* | Merge pull request #741 from negzi/create_user_with_expiry | Erik Johnston | 2016-05-13 | 1 | -2/+2 |
|\ |
|
| * | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -2/+2 |
* | | Correctly handle NULL password hashes from the database | Erik Johnston | 2016-05-11 | 1 | -1/+4 |
|/ |
|
* | Simplify _check_password | Erik Johnston | 2016-04-15 | 1 | -5/+9 |
* | Fix check_password rather than inverting the meaning of _check_local_password... | Mark Haines | 2016-04-14 | 1 | -9/+12 |
* | Fix login to error for nonexistent users | David Baker | 2016-04-14 | 1 | -1/+1 |
* | fix check for failed authentication | Christoph Witzany | 2016-04-06 | 1 | -2/+4 |
* | remove line | Christoph Witzany | 2016-04-06 | 1 | -1/+0 |
* | make tests for ldap more specific to not be fooled by Mocks | Christoph Witzany | 2016-04-06 | 1 | -3/+3 |
* | output ldap version for info and to pacify pep8 | Christoph Witzany | 2016-04-06 | 1 | -0/+2 |
* | conditionally import ldap | Christoph Witzany | 2016-04-06 | 1 | -2/+5 |
* | fix pep8 | Christoph Witzany | 2016-04-06 | 1 | -2/+1 |
* | fix exception handling | Christoph Witzany | 2016-04-06 | 1 | -2/+2 |
* | code style | Christoph Witzany | 2016-04-06 | 1 | -6/+13 |
* | add tls property and twist my head around twisted | Christoph Witzany | 2016-04-06 | 1 | -15/+29 |
* | move LDAP authentication to AuthenticationHandler | Christoph Witzany | 2016-04-06 | 1 | -6/+48 |
* | Use google style doc strings. | Mark Haines | 2016-04-01 | 1 | -9/+17 |
* | Make registration idempotent, part 2: be idempotent if the client specifies a... | David Baker | 2016-03-16 | 1 | -0/+14 |
* | pep8 | David Baker | 2016-03-16 | 1 | -1/+2 |
* | time_msec() | David Baker | 2016-03-16 | 1 | -1/+1 |
* | string with symbols is a bit too symboly. | David Baker | 2016-03-16 | 1 | -1/+1 |
* | Replace other time.time(). | David Baker | 2016-03-16 | 1 | -2/+1 |
* | Use hs get_clock instead of time.time() | David Baker | 2016-03-16 | 1 | -2/+2 |
* | pep8 & remove debug logging | David Baker | 2016-03-16 | 1 | -1/+1 |
* | Make registration idempotent: if you specify the same session, make it give y... | David Baker | 2016-03-16 | 1 | -12/+48 |
* | Make select more sensible when dseleting access tokens, rename pusher deletio... | David Baker | 2016-03-11 | 1 | -1/+1 |
* | Delete old, unused methods and rename new one to just be `user_delete_access_... | David Baker | 2016-03-11 | 1 | -1/+1 |
* | Dear PyCharm, please indent sensibly for me. Thx. | David Baker | 2016-03-11 | 1 | -2/+2 |
* | Fix cache invalidation so deleting access tokens (which we did when changing ... | David Baker | 2016-03-11 | 1 | -4/+9 |
* | Stop using checkpw as it seems to have vanished from bcrypt. Use `bcrypt.hash... | David Baker | 2016-03-02 | 1 | -1/+1 |
* | Allow guests to upgrade their accounts | Daniel Wagner-Hall | 2016-01-05 | 1 | -3/+3 |
* | Take a boolean not a list of lambdas | Daniel Wagner-Hall | 2015-11-19 | 1 | -1/+1 |
* | Minor review fixes | Steven Hammerton | 2015-11-11 | 1 | -4/+4 |
* | Share more code between macaroon validation | Steven Hammerton | 2015-11-11 | 1 | -48/+7 |
* | Allow hs to do CAS login completely and issue the client with a login token t... | Steven Hammerton | 2015-11-05 | 1 | -3/+73 |
* | Allow guests to register and call /events?room_id= | Daniel Wagner-Hall | 2015-11-04 | 1 | -1/+4 |
* | Add config for how many bcrypt rounds to use for password hashes | Mark Haines | 2015-10-16 | 1 | -1/+2 |
* | Formatting changes | Steven Hammerton | 2015-10-10 | 1 | -1/+2 |
* | Provide ability to login using CAS | Steven Hammerton | 2015-10-10 | 1 | -0/+31 |
* | Allow configuration to ignore invalid SSL certs | Daniel Wagner-Hall | 2015-09-09 | 1 | -2/+1 |
* | Swap out bcrypt for md5 in tests | Daniel Wagner-Hall | 2015-08-26 | 1 | -2/+25 |