watcha-synapse

Commit Graph

Author	SHA1	Message	Date
Negi Fazeli	40aa6e8349	Create user with expiry - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>	9 years ago
Erik Johnston	1400bb1663	Correctly handle NULL password hashes from the database	9 years ago
Erik Johnston	6fd2f685fe	Simplify _check_password	9 years ago
Mark Haines	3c79bdd7a0	Fix check_password rather than inverting the meaning of _check_local_password (#730 )	9 years ago
David Baker	4c1b32d7e2	Fix login to error for nonexistent users Fixes SYN-680	9 years ago
Christoph Witzany	ed4d18f516	fix check for failed authentication	9 years ago
Christoph Witzany	9c62fcdb68	remove line	9 years ago
Christoph Witzany	27a0c21c38	make tests for ldap more specific to not be fooled by Mocks	9 years ago
Christoph Witzany	3555a659ec	output ldap version for info and to pacify pep8	9 years ago
Christoph Witzany	4c5e8adf8b	conditionally import ldap	9 years ago
Christoph Witzany	875ed05bdc	fix pep8	9 years ago
Christoph Witzany	67f3a50e9a	fix exception handling	9 years ago
Christoph Witzany	afff321e9a	code style	9 years ago
Christoph Witzany	823b8be4b7	add tls property and twist my head around twisted	9 years ago
Christoph Witzany	7b9319b1c8	move LDAP authentication to AuthenticationHandler	9 years ago
Mark Haines	2a37467fa1	Use google style doc strings. pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format.	9 years ago
David Baker	a7daa5ae13	Make registration idempotent, part 2: be idempotent if the client specifies a username.	9 years ago
David Baker	b58d10a875	pep8	9 years ago
David Baker	3ee7d7dc7f	time_msec()	9 years ago
David Baker	3176aebf9d	string with symbols is a bit too symboly.	9 years ago
David Baker	9671e6750c	Replace other time.time().	9 years ago
David Baker	742b6c6d15	Use hs get_clock instead of time.time()	9 years ago
David Baker	99797947aa	pep8 & remove debug logging	9 years ago
David Baker	c12b9d719a	Make registration idempotent: if you specify the same session, make it give you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions.	9 years ago
David Baker	af59826a2f	Make select more sensible when dseleting access tokens, rename pusher deletion to match access token deletion and make exception arg optional.	9 years ago
David Baker	f523177850	Delete old, unused methods and rename new one to just be `user_delete_access_tokens` with an `except_token_ids` argument doing what it says on the tin.	9 years ago
David Baker	57c444b3ad	Dear PyCharm, please indent sensibly for me. Thx.	9 years ago
David Baker	aa11db5f11	Fix cache invalidation so deleting access tokens (which we did when changing password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in `415c2f0549`	9 years ago
David Baker	ff8b87118d	Stop using checkpw as it seems to have vanished from bcrypt. Use `bcrypt.hashpw(password, hashed) == hashed` as per the bcrypt README.	9 years ago
Daniel Wagner-Hall	cfd07aafff	Allow guests to upgrade their accounts	9 years ago
Daniel Wagner-Hall	248cfd5eb3	Take a boolean not a list of lambdas	9 years ago
Steven Hammerton	2b779af10f	Minor review fixes	9 years ago
Steven Hammerton	dd2eb49385	Share more code between macaroon validation	9 years ago
Steven Hammerton	414a4a71b4	Allow hs to do CAS login completely and issue the client with a login token that can be redeemed for the usual successful login response	9 years ago
Daniel Wagner-Hall	f522f50a08	Allow guests to register and call /events?room_id= This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices.	9 years ago
Mark Haines	f2f031fd57	Add config for how many bcrypt rounds to use for password hashes By default we leave it at the default value of 12. But now we can reduce it for preparing users for loadtests or running integration tests.	9 years ago
Steven Hammerton	22112f8d14	Formatting changes	9 years ago
Steven Hammerton	c33f5c1a24	Provide ability to login using CAS	9 years ago
Daniel Wagner-Hall	81a93ddcc8	Allow configuration to ignore invalid SSL certs This will be useful for sytest, and sytest only, hence the aggressive config key name.	9 years ago
Daniel Wagner-Hall	3063383547	Swap out bcrypt for md5 in tests This reduces our ~8 second sequential test time down to ~7 seconds	9 years ago
Daniel Wagner-Hall	d3c0e48859	Merge erikj/user_dedup to develop	9 years ago
Erik Johnston	fd5ad0f00e	Doc string	9 years ago
Erik Johnston	42f12ad92f	When logging in fetch user by user_id case insensitively, unless there are multiple case insensitive matches, in which case require the exact user_id	9 years ago
Daniel Wagner-Hall	c7788685b0	Fix bad merge	9 years ago
Daniel Wagner-Hall	8c74bd8960	Fix indentation	9 years ago
Daniel Wagner-Hall	ea570ffaeb	Fix flake8 warnings	9 years ago
Daniel Wagner-Hall	cecbd636e9	/tokenrefresh POST endpoint This allows refresh tokens to be exchanged for (access_token, refresh_token). It also starts issuing them on login, though no clients currently interpret them.	9 years ago
David Baker	ca0d28ef34	Another use of check_password that got missed in the yield fix	9 years ago
Daniel Wagner-Hall	617501dd2a	Move token generation to auth handler I prefer the auth handler to worry about all auth, and register to call into it as needed, than to smatter auth logic between the two.	9 years ago
Erik Johnston	40da1f200d	Remove an access token log line	9 years ago

1 2

71 Commits (e501e9ecb2026afa0b97348c98b4fb5caa9974f4)