Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix handling of User-Agent headers with bad utf-8. (#8632) | Erik Johnston | 2020-10-23 | 1 | -3/+1 |
| | |||||
* | Use slots in attrs classes where possible (#8296) | Patrick Cloke | 2020-09-14 | 1 | -1/+1 |
| | | | | | slots use less memory (and attribute access is faster) while slightly limiting the flexibility of the class attributes. This focuses on objects which are instantiated "often" and for short periods of time. | ||||
* | Improve SAML error messages (#8248) | Patrick Cloke | 2020-09-14 | 1 | -59/+110 |
| | |||||
* | Stop sub-classing object (#8249) | Patrick Cloke | 2020-09-04 | 1 | -2/+2 |
| | |||||
* | Allow denying or shadow banning registrations via the spam checker (#8034) | Patrick Cloke | 2020-08-20 | 1 | -2/+16 |
| | |||||
* | Implement login blocking based on SAML attributes (#8052) | Richard van der Hoff | 2020-08-11 | 1 | -6/+36 |
| | | | | | | | Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the error handling. Fixes #8047 | ||||
* | Add additional logging for SAML sessions. (#7971) | Patrick Cloke | 2020-07-29 | 1 | -0/+3 |
| | |||||
* | Clean up exception handling in SAML2ResponseResource (#7614) | Richard van der Hoff | 2020-06-03 | 1 | -30/+11 |
| | | | | | | | | | | | | | * Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string * Clean up exception handling in SAML2ResponseResource * use the existing code in `return_html_error` instead of re-implementing it (giving it a jinja2 template rather than inventing a new form of template) * do the exception-catching in the REST layer rather than in the handler layer, to make sure we catch all exceptions. | ||||
* | allow emails to be passed through SAML (#7385) | Christopher Cooper | 2020-05-27 | 1 | -2/+10 |
| | | | Signed-off-by: Christopher Cooper <cooperc@ocf.berkeley.edu> | ||||
* | Add more type hints to SAML handler. (#7445) | Patrick Cloke | 2020-05-07 | 1 | -12/+16 |
| | |||||
* | Persist user interactive authentication sessions (#7302) | Patrick Cloke | 2020-04-30 | 1 | -1/+1 |
| | | | | | By persisting the user interactive authentication sessions to the database, this fixes situations where a user hits different works throughout their auth session and also allows sessions to persist through restarts of Synapse. | ||||
* | Do not allow a deactivated user to login via SSO. (#7240) | Patrick Cloke | 2020-04-09 | 1 | -1/+1 |
| | |||||
* | Support SAML in the user interactive authentication workflow. (#7102) | Patrick Cloke | 2020-04-01 | 1 | -10/+41 |
| | |||||
* | Allow RedirectResponse in SAML response handler | Jason Robinson | 2020-03-26 | 1 | -0/+4 |
| | | | | | | | | Allow custom SAML handlers to redirect after processing an auth response. Fixes #7149 Signed-off-by: Jason Robinson <jasonr@matrix.org> | ||||
* | SAML2: render a comprehensible error page if something goes wrong | Brendan Abolivier | 2020-03-10 | 1 | -1/+19 |
| | | | | | | If an error happened while processing a SAML AuthN response, or a client ends up doing a `GET` request to `/authn_response`, then render a customisable error page rather than a confusing error. | ||||
* | Fix wrong handler being used in SAML handler | Brendan Abolivier | 2020-03-03 | 1 | -3/+2 |
| | |||||
* | Merge pull request #6724 from matrix-org/rav/log_saml_attributes | Richard van der Hoff | 2020-01-17 | 1 | -1/+12 |
|\ | | | | | Log saml assertions rather than the whole response | ||||
| * | Log saml assertions rather than the whole response | Richard van der Hoff | 2020-01-16 | 1 | -1/+12 |
| | | | | | | | | | | | | ... since the whole response is huge. We even need to break up the assertions, since kibana otherwise truncates them. | ||||
* | | Delegate remote_user_id mapping to the saml mapping provider (#6723) | Richard van der Hoff | 2020-01-17 | 1 | -6/+21 |
|/ | | | Turns out that figuring out a remote user id for the SAML user isn't quite as obvious as it seems. Factor it out to the SamlMappingProvider so that it's easy to control. | ||||
* | Pass client redirect URL into SAML mapping providers | Richard van der Hoff | 2020-01-12 | 1 | -4/+11 |
| | |||||
* | Pass the module_api into the SamlMappingProvider | Richard van der Hoff | 2020-01-12 | 1 | -2/+5 |
| | | | | | ... for consistency with other modules, and because we'll need it sooner or later and it will be a pain to introduce later. | ||||
* | Allow SAML username provider plugins (#6411) | Andrew Morgan | 2019-12-10 | 1 | -28/+170 |
| | |||||
* | More better logging | Richard van der Hoff | 2019-09-20 | 1 | -1/+2 |
| | |||||
* | better logging | Richard van der Hoff | 2019-09-19 | 1 | -0/+2 |
| | |||||
* | Record mappings from saml users in an external table | Richard van der Hoff | 2019-09-13 | 1 | -8/+95 |
| | | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table. | ||||
* | Address review comments | Richard van der Hoff | 2019-07-01 | 1 | -5/+7 |
| | |||||
* | cleanups | Richard van der Hoff | 2019-06-27 | 1 | -0/+121 |