Draft: full id service #57
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
packages/matrix-identity-server/matrix-server/lemon/lmConf-1.json
Dismissed
Show dismissed
Hide dismissed
packages/matrix-identity-server/matrix-server/lemon/lmConf-1.json
Dismissed
Show dismissed
Hide dismissed
packages/matrix-identity-server/matrix-server/synapse-ref/homeserver.yaml
Dismissed
Show dismissed
Hide dismissed
| // eslint-disable-next-line @typescript-eslint/promise-function-async | ||
| createKeypair( | ||
| type: 'longTerm' | 'shortTerm', | ||
| algorithm: 'ed25519' | 'curve25519' |
Check notice
Code scanning / devskim
Generic: Hard-coded Elliptic Curve Note
| ): { publicKey: string; privateKey: string; keyId: string } => { | ||
| if (algorithm === 'ed25519') { | ||
| return generateEdKeyPair() | ||
| } else if (algorithm === 'curve25519') { |
Check notice
Code scanning / devskim
Generic: Hard-coded Elliptic Curve Note
| } | ||
|
|
||
| export const generateKeyPair = ( | ||
| algorithm: 'ed25519' | 'curve25519' |
Check notice
Code scanning / devskim
Generic: Hard-coded Elliptic Curve Note
| // Convert to unpadded Base64 URL encoded form | ||
| identifierHex = toBase64Url(identifierHex) | ||
|
|
||
| const algorithm = 'curve25519' |
Check notice
Code scanning / devskim
Generic: Hard-coded Elliptic Curve Note
| "smtp_user": "", | ||
| "smtp_verify_certificate": true, | ||
| "smtp_sender": "", | ||
| "smtp_server": "localhost", |
Check notice
Code scanning / devskim
Accessing localhost could indicate debug code, or could hinder scaling.
| "rate_limiting_window": 600000, | ||
| "rate_limiting_nb_requests": 100, | ||
| "redis_uri": "", | ||
| "server_name": "localhost", |
Check notice
Code scanning / devskim
Accessing localhost could indicate debug code, or could hinder scaling.
| @@ -160,6 +160,46 @@ | |||
| }) | |||
| } | |||
|
|
|||
| // TODO : Merge update and updateAnd into one function that takes an array of conditions as argument | |||
Check notice
Code scanning / devskim
A "TODO" or similar was left in source code, possibly indicating incomplete functionality
| }) | ||
| } | ||
| } else { | ||
| // TODO : implement signature verification. If the request doesn't have a client_secret or sid, it should be signed |
Check notice
Code scanning / devskim
A "TODO" or similar was left in source code, possibly indicating incomplete functionality Note
| } else if (response.status === 400) { | ||
| const ephemeralKey = await idServer.db.createKeypair( | ||
| 'shortTerm', | ||
| 'curve25519' |
Check notice
Code scanning / devskim
Generic: Hard-coded Elliptic Curve
…disable /register endpoint.
…ied UI Authentication
…disable /register endpoint.
…disable /register endpoint.
…disable /register endpoint.
…ied UI Authentication
… upgrade to user account. Changed "tokenContent" to "TokenContent" from authentication for clarification and to distinguish it from matrix-identity-server.
…with openIDconnect, still need to add refresh token handling in register
…pt additional parameters
feat : added a strict version of validateParameters
fix : removed the fetch in /delete and replaced it with auxiliary function
…message, completed deactivate and added tests for it, modified SafeClientEvent typing
…es from all tables
Clean identity server
Added endpoint to deactivate an account
… before uiauthenticate, changed uiauthenticate to prevent obsolete jsoncontent call, added typecheckers
…ages deletion by batches of 10, finished delete_devices endpoint
Client server delete devices
feat : fixed store-invite with fetch to self and other mistakes
…one at all to prevent confusion for others
Reviewed the code one last time
DOn't merge for now, this PR just enables CI