summary refs log tree commit diff
path: root/synapse/handlers/ui_auth (follow)
Commit message (Collapse)AuthorAgeFilesLines
* UI Auth via SSO: redirect the user to an appropriate SSO. (#9081)Richard van der Hoff2021-01-121-0/+15
| | | | | | | If we have integrations with multiple identity providers, when the user does a UI Auth, we need to redirect them to the right one. There are a few steps to this. First of all we actually need to store the userid of the user we are trying to validate in the UIA session, since the /auth/sso/fallback/web request is unauthenticated. Then, once we get the /auth/sso/fallback/web request, we can fish the user id out of the session, and use it to look up the external id mappings, and hence pick an SSO provider for them.
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-091-1/+1
| | | All handlers now available via get_*_handler() methods on the HomeServer.
* Be stricter about JSON that is accepted by Synapse (#8106)Patrick Cloke2020-08-191-3/+2
|
* Update the auth providers to be async. (#7935)Patrick Cloke2020-07-231-18/+17
|
* Ensure that calls to `json.dumps` are compatible with the standard library ↵Patrick Cloke2020-07-151-1/+2
| | | | json. (#7836)
* Convert identity handler to async/await. (#7561)Patrick Cloke2020-05-261-8/+7
|
* Support for routing outbound HTTP requests via a proxy (#6239)Richard van der Hoff2019-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | The `http_proxy` and `HTTPS_PROXY` env vars can be set to a `host[:port]` value which should point to a proxy. The address of the proxy should be excluded from IP blacklists such as the `url_preview_ip_range_blacklist`. The proxy will then be used for * push * url previews * phone-home stats * recaptcha validation * CAS auth validation It will *not* be used for: * Application Services * Identity servers * Outbound federation * In worker configurations, connections from workers to masters Fixes #4198.
* Threepid validity checks on msisdns should not be dependent on ↵Neil Johnson2019-09-251-29/+34
| | | | | | 'threepid_behaviour_email'. (#6104) Fixes #6103
* Stop advertising unsupported flows for registration (#6107)Richard van der Hoff2019-09-251-0/+26
| | | | | | | If email or msisdn verification aren't supported, let's stop advertising them for registration. Fixes #6100.
* Refactor the user-interactive auth handling (#6105)Richard van der Hoff2019-09-252-0/+238
Pull the checkers out to their own classes, rather than having them lost in a massive 1000-line class which does everything. This is also preparation for some more intelligent advertising of flows, as per #6100