summary refs log tree commit diff
path: root/synapse/res (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Give the user a better error when they present bad SSO credsRichard van der Hoff2021-01-131-0/+18
| | | | | | | | | If a user tries to do UI Auth via SSO, but uses the wrong account on the SSO IdP, try to give them a better error. Previously, the UIA would claim to be successful, but then the operation in question would simply fail with "auth fail". Instead, serve up an error page which explains the failure.
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+28
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-183-0/+141
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Ensure that a URL exists in the content during push. (#8965)Patrick Cloke2020-12-181-1/+1
| | | | This fixes an KeyError exception, after this PR the content is just considered unknown.
* Include a simple message in email notifications that include encrypted ↵Patrick Cloke2020-10-196-69/+81
| | | | content (#8545)
* Convert additional templates to Jinja (#8444)Patrick Cloke2020-10-023-0/+79
| | | This converts a few more of our inline HTML templates to Jinja. This is somewhat part of #7280 and should make it a bit easier to customize these in the future.
* Escape the error description on the sso_error template. (#8405)Patrick Cloke2020-09-251-1/+1
|
* Improve SAML error messages (#8248)Patrick Cloke2020-09-142-56/+39
|
* Show a confirmation page during user password reset (#8004)Andrew Morgan2020-09-101-0/+16
| | | | | This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
* Implement login blocking based on SAML attributes (#8052)Richard van der Hoff2020-08-111-5/+12
| | | | | | | Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the error handling. Fixes #8047
* Element CSS and logo in email templates (#7919)Jason Robinson2020-07-213-0/+11
| | | | | Use Element CSS and logo in notification emails when app name is Element. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-081-0/+18
|
* Fixes typo (bellow -> below) (#7449)Patrick Cloke2020-05-072-2/+2
|
* Use a template for the SSO success page to allow for customization. (#7279)Patrick Cloke2020-04-171-0/+18
|
* Do not allow a deactivated user to login via SSO. (#7240)Patrick Cloke2020-04-091-0/+10
|
* Support SAML in the user interactive authentication workflow. (#7102)Patrick Cloke2020-04-011-0/+14
|
* Use innerText instead of innerHTMLBrendan Abolivier2020-03-131-1/+2
|
* Update wording and configBrendan Abolivier2020-03-111-2/+2
|
* Move the default SAML2 error HTML to a dedicated fileBrendan Abolivier2020-03-111-0/+44
| | | | | Also add some JS to it to process any error we might have in the URI (see #6893).
* Add a confirmation step to the SSO login flowBrendan Abolivier2020-03-021-0/+14
|
* Allow HS to send emails when adding an email to the HS (#6042)Andrew Morgan2019-09-204-0/+29
|
* Allow Synapse to send registration emails + choose Synapse or an external ↵Andrew Morgan2019-09-067-4/+39
| | | | | | | | | | | | | | | | server to handle 3pid validation (#5987) This is a combination of a few different PRs, finally all being merged into `develop`: * #5875 * #5876 * #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future) * #5835 * #5969 * #5940 Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged. UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
* Allow defining HTML templates to serve the user on account renewalBrendan Abolivier2019-08-012-0/+2
|
* Change password reset links to /_matrix.Erik Johnston2019-06-111-1/+1
|
* Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-064-0/+28
| | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* Send out emails with links to extend an account's validity periodBrendan Abolivier2019-04-173-0/+54
|
* Use static locations for Riot iconsTravis Ralston2019-03-013-7/+7
| | | See https://github.com/vector-im/riot-web/issues/9009
* Ship the email templates as package_dataRichard van der Hoff2018-10-178-0/+331
move the example email templates into the synapse package so that they can be used as package data, which should mean that all of the packaging mechanisms (pip, docker, debian, arch, etc) should now come with the example templates. In order to grandfather in people who relied on the templates being in the old place, check for that situation and fall back to using the defaults if the templates directory does not exist.