forked-synapse

mirror of https://mau.dev/maunium/synapse.git synced 2024-10-01 01:36:05 -04:00

Author	SHA1	Message	Date
Erik Johnston	23740eaa3d	Correctly mention previous copyright (#16820 ) During the migration the automated script to update the copyright headers accidentally got rid of some of the existing copyright lines. Reinstate them.	2024-01-23 11:26:48 +00:00
Erik Johnston	eaad9bb156	Merge remote-tracking branch 'gitlab/clokep/license-license' into new_develop	2023-12-13 15:11:56 +00:00
David Robertson	32a59a6495	Keep track of `user_ips` and `monthly_active_users` when delegating auth (#16672 ) * Describe `insert_client_ip` * Pull out client_ips and MAU tracking to BaseAuth * Define HAS_AUTHLIB once in tests sick of copypasting * Track ips and token usage when delegating auth * Test that we track MAU and user_ips * Don't track `__oidc_admin`	2023-11-23 12:35:37 +00:00
Patrick Cloke	8e1e62c9e0	Update license headers	2023-11-21 15:29:58 -05:00
Christoph	32fd9bc673	Fix possible AttributeError when account-api is called over unix socket (#16404 ) Fixes #16396	2023-10-09 10:16:07 +01:00
Erik Johnston	954921736b	Refactor `get_user_by_id` (#16316 )	2023-09-14 12:46:30 +01:00
Quentin Gliech	1940d990a3	Revert MSC3861 introspection cache, admin impersonation and account lock (#16258 )	2023-09-06 15:19:51 +01:00
Shay	69048f7b48	Add an admin endpoint to allow authorizing server to signal token revocations (#16125 )	2023-08-22 14:15:34 +00:00
Mathieu Velten	2d15e39684	MSC3861: allow impersonation by an admin using a query param (#16132 )	2023-08-18 15:46:46 +02:00
Erik Johnston	6130afb862	Add response time metrics for introspection requests (#16131 ) See #16119	2023-08-18 12:16:00 +01:00
Shay	54a51ff6c1	Cache token introspection response from OIDC provider (#16117 )	2023-08-17 10:53:10 -07:00
Mathieu Velten	dac97642e4	Implements admin API to lock an user (MSC3939) (#15870 )	2023-08-10 09:10:55 +00:00
Patrick Cloke	c01343de43	Add stricter mypy options (#15694 ) Enable warn_unused_configs, strict_concatenate, disallow_subclassing_any, and disallow_incomplete_defs.	2023-05-31 07:18:29 -04:00
Quentin Gliech	ceb3dd77db	Enforce that an admin token also has the basic Matrix API scope	2023-05-30 09:43:06 -04:00
Quentin Gliech	f739bde962	Reject tokens with multiple device scopes	2023-05-30 09:43:06 -04:00
Quentin Gliech	98afc57d59	Make OIDC scope constants	2023-05-30 09:43:06 -04:00
Quentin Gliech	14a5be9c4d	Handle errors when introspecting tokens This returns a proper 503 when the introspection endpoint is not working for some reason, which should avoid logging out clients in those cases.	2023-05-30 09:43:06 -04:00
Quentin Gliech	4d0231b364	Make AS tokens work & allow ASes to /register	2023-05-30 09:43:06 -04:00
Quentin Gliech	c008b44b4f	Add an admin token for MAS -> Synapse calls	2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith	249f4a338d	Refactor config to be an experimental feature Also enforce you can't combine it with incompatible config options	2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith	5fe96082d0	Actually enforce guest + return www-authenticate header	2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith	a1374b5c70	MSC2967: Check access token scope for use as user and add guest support	2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith	d20669971a	Use `name` claim as display name when registering users on the fly. This makes is so that the `name` claim got when introspecting the token is used as the display name when registering a user on the fly.	2023-05-30 09:43:06 -04:00
Quentin Gliech	f9cd549f64	Record the `sub` claims as an external_id	2023-05-30 09:43:06 -04:00
Quentin Gliech	7628dbf4e9	Handle the Synapse admin scope	2023-05-30 09:43:06 -04:00
Quentin Gliech	c5cf1b421d	Save the scopes in the requester	2023-05-30 09:43:06 -04:00
Quentin Gliech	765244faee	Initial MSC3964 support: delegation of auth to OIDC server	2023-05-30 09:43:06 -04:00
Quentin Gliech	e2c8458bba	Make the api.auth.Auth a Protocol	2023-05-30 09:43:06 -04:00

28 Commits