summary refs log tree commit diff
path: root/synapse/rest/client/login.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Describe which rate limiter was hit in logs (#16135)David Robertson2023-08-301-4/+2
|
* Add login spam checker API (#15838)Erik Johnston2023-06-261-4/+48
|
* Implement stable support for MSC3882 to allow an existing device/session to ↵Hugh Nimmo-Smith2023-06-011-8/+23
| | | | | | | | generate a login token for use on a new device/session (#15388) Implements stable support for MSC3882; this involves updating Synapse's support to match the MSC / the spec says. Continue to support the unstable version to allow clients to transition.
* Refactor config to be an experimental featureHugh Nimmo-Smith2023-05-301-1/+1
| | | | Also enforce you can't combine it with incompatible config options
* Disable account related endpoints when using OAuth delegationQuentin Gliech2023-05-301-0/+3
|
* Consolidate logic to check for deactivated users. (#15634)Patrick Cloke2023-05-231-3/+20
| | | | | | | This moves the deactivated user check to the method which all login types call. Additionally updates the application service tests to be more realistic by removing invalid tests and fixing server names.
* Do not allow deactivated users to login with JWT. (#15624)Patrick Cloke2023-05-191-65/+12
| | | | | To improve the organization of this code it moves the JWT login checks to a separate handler and then fixes the bug (and a deprecation warning).
* Only load the SSO redirect servlet if SSO is enabled. (#15421)Dirk Klimpel2023-04-131-1/+6
|
* Disable loading `RefreshTokenServlet` on workers (#15428)Dirk Klimpel2023-04-131-1/+4
|
* Add a primitive helper script for listing worker endpoints. (#15243)reivilibre2023-03-231-0/+4
| | | | Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* Remove redundant types from comments. (#14412)Patrick Cloke2022-11-161-1/+1
| | | | | | | Remove type hints from comments which have been added as Python type hints. This helps avoid drift between comments and reality, as well as removing redundant information. Also adds some missing type hints which were simple to fill in.
* Fix /refresh endpoint version (#14364)Tulir Asokan2022-11-041-1/+1
|
* Save login tokens in database (#13844)Quentin Gliech2022-10-261-2/+1
| | | | | | | | | | | * Save login tokens in database Signed-off-by: Quentin Gliech <quenting@element.io> * Add upgrade notes * Track login token reuse in a Prometheus metric Signed-off-by: Quentin Gliech <quenting@element.io>
* Allow admins to require a manual approval process before new accounts can be ↵Brendan Abolivier2022-09-291-3/+34
| | | | used (using MSC3866) (#13556)
* Make the AS login method call `Auth.get_user_by_req` for checking the AS ↵Quentin Gliech2022-07-121-2/+8
| | | | | | | | token. (#13094) This gets rid of another usage of get_appservice_by_req, with all the benefits, including correctly tracking the appservice IP and setting the tracing attributes correctly. Signed-off-by: Quentin Gliech <quenting@element.io>
* Replace pyjwt with authlib in `org.matrix.login.jwt` (#13011)Hannes Lerchl2022-06-151-8/+38
|
* Use `getClientAddress` instead of `getClientIP`. (#12599)Patrick Cloke2022-05-041-4/+10
| | | | | getClientIP was deprecated in Twisted 18.4.0, which also added getClientAddress. The Synapse minimum version for Twisted is currently 18.9.0, so all supported versions have the new API.
* Remove unstable/unspecced login types. (#12597)Patrick Cloke2022-05-041-11/+4
| | | | | | * `m.login.jwt`, which was never specced and has been deprecated since Synapse 1.16.0. (`org.matrix.login.jwt` can be used instead.) * `uk.half-shot.msc2778.login.application_service`, which was stabilized as part of the Matrix spec v1.2 release.
* Limit `device_id` size to 512B (#12454)Shay2022-04-131-0/+9
| | | *
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-231-2/+2
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Stabilise support for MSC2918 refresh tokens as they have now been merged ↵reivilibre2021-12-061-16/+13
| | | | into the Matrix specification. (#11435)
* Save the OIDC session ID (sid) with the device on login (#11482)Quentin Gliech2021-12-061-2/+5
| | | As a step towards allowing back-channel logout for OIDC.
* Register the login redirect endpoint for v3. (#11451)Patrick Cloke2021-12-011-1/+1
| | | As specified for Matrix v1.1.
* Update MSC2918 refresh token support to confirm with the latest revision: ↵reivilibre2021-11-261-5/+7
| | | | accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. (#11430)
* Support expiry of refresh tokens and expiry of the overall session when ↵reivilibre2021-11-261-15/+37
| | | | refresh tokens are in use. (#11425)
* Rename unstable `access_token_lifetime` configuration option to ↵reivilibre2021-11-231-4/+10
| | | | `refreshable_access_token_lifetime` to make it clear it only concerns refreshable access tokens. (#11388)
* Add config for customizing the claim used for JWT logins. (#11361)Kostas2021-11-221-1/+2
| | | | | Allows specifying a different claim (from the default "sub") to use when calculating the localpart of the Matrix ID used during the JWT login.
* Add support for the stable version of MSC2778 (#11335)Tulir Asokan2021-11-151-2/+7
| | | | | | | | | * Add support for the stable version of MSC2778 Signed-off-by: Tulir Asokan <tulir@maunium.net> * Expect m.login.application_service in login and password provider tests Signed-off-by: Tulir Asokan <tulir@maunium.net>
* Use direct references for configuration variables (part 7). (#10959)Patrick Cloke2021-10-041-3/+3
|
* Use direct references for configuration variables (part 5). (#10897)Patrick Cloke2021-09-241-1/+1
|
* Use direct references for configuration variables (part 4). (#10893)Patrick Cloke2021-09-231-6/+6
|
* Use direct references for some configuration variables (part 3) (#10885)Patrick Cloke2021-09-231-2/+2
| | | | | | | | This avoids the overhead of searching through the various configuration classes by directly referencing the class that the attributes are in. It also improves type hints since mypy can now resolve the types of the configuration variables.
* Use direct references for some configuration variables (#10798)Patrick Cloke2021-09-131-5/+5
| | | | Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit).
* Remove unstable MSC2858 API, including `experimental.msc2858_enabled` config ↵Sean2021-09-091-46/+11
| | | | | option (#10693) Signed-off-by: Sean Quah <seanq@element.io>
* Additional type hints for REST servlets (part 2). (#10674)Patrick Cloke2021-08-261-12/+9
| | | Applies the changes from #10665 to additional modules.
* Correctly initialise the `synapse_user_logins` metric. (#10677)Richard van der Hoff2021-08-241-6/+23
| | | | | Fix a bug where the prometheus metrics for SSO logins wouldn't be initialised until the first user logged in with a given auth provider.
* Flatten the synapse.rest.client package (#10600)reivilibre2021-08-171-0/+600