letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
main
Commit Graph

1204 Commits

Author SHA1 Message Date
Quentin Gliech
00234469a9 Human-readable error page on the compat SSO login redirect 2025-07-24 10:01:00 +02:00
Quentin Gliech
e964c08eb6 Make the compat_router also recover from errors in human-facing routes 2025-07-23 19:45:59 +02:00
Quentin Gliech
e21d113cfb Human-readable error page on the upstream callback page 2025-07-23 19:36:39 +02:00
Quentin Gliech
089de9ef8f Human-readable error page on the upstream authorization page 2025-07-23 19:36:17 +02:00
Quentin Gliech
d356ae5732 Human-readable error page on the authorization endpoint 2025-07-23 19:35:51 +02:00
Quentin Gliech
db27ffb0a2 Human-readable error page on the consent page 2025-07-23 19:35:28 +02:00
Quentin Gliech
0730a3b18a Allow the homeserver to perform introspection using a shared secret (#4808) 2025-07-22 13:30:49 +02:00
Quentin Gliech
faa3282792 Clarify comment 
Co-authored-by: reivilibre <oliverw@element.io>
 2025-07-22 13:24:03 +02:00
Quentin Gliech
01d5a2cca2 Allow the homeserver to perform introspection using a shared secret 2025-07-22 11:27:56 +02:00
Quentin Gliech
6ffe95cdc6 Merge branch 'main' into feat/allow_override_user 2025-07-21 17:03:35 +02:00
olivier
e3511bef2e simplify unit tests 2025-07-21 11:32:54 +02:00
Quentin Gliech
089229732e Rename create_device -> upsert_device 2025-07-21 10:54:40 +02:00
Olivier D
aa62b92638 Update crates/handlers/src/upstream_oauth2/link.rs 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-07-21 09:52:24 +02:00
Olivier D
9d2cceb497 Update crates/handlers/src/upstream_oauth2/link.rs 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-07-21 09:52:24 +02:00
olivier
64b3b1b2a5 fix rust style 2025-07-21 09:52:24 +02:00
olivier
54cb82af3e add semi column 2025-07-21 09:52:24 +02:00
Olivier D
e2a6091424 fix code style 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-07-21 09:52:24 +02:00
Olivier D
2172a961cc Update crates/handlers/src/upstream_oauth2/link.rs 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-07-21 09:52:24 +02:00
mcalinghee
a0e320b994 rename is_forced to is_forced_or_required 2025-07-21 09:52:24 +02:00
mcalinghee
f78e2c38f5 use of UpstreamOAuthProviderLocalpartPreference 2025-07-21 09:52:24 +02:00
mcalinghee
1886e73e40 allow importing existing users when the localpart matches in upstream OAuth 2.0 logins 2025-07-21 09:52:24 +02:00
Quentin Gliech
445f26b8bf Take the localpart instead of the MXID in HomeserverConnection methods 2025-07-18 16:39:24 +02:00
Quentin Gliech
81147cc43a Merge branch 'main' into quenting/rust-1.87 2025-07-17 09:22:28 +02:00
Quentin Gliech
4c06421716 Support M_USER_LOCKED error for compat sessions (#4789) 2025-07-17 09:17:14 +02:00
Quentin Gliech
0878505429 Allow skipping GDPR-erasure when deactivating a user through the admin API (#4744) 2025-07-17 09:15:25 +02:00
Quentin Gliech
2bd29b8f2a New admin API endpoint to reactivate users & align what lock/unlock/deactivate does in the admin API (#4768) 2025-07-17 09:11:32 +02:00
Quentin Gliech
b8897baeec Make the admin API provision users synchronously (#4788) 2025-07-17 09:07:41 +02:00
Andrew Ferrazzutti
8bacf44c68 Revert GraphQL's unlock to also reactivate 
Unlike the CLI and admin API, leave the behaviour of the GraphQL's
unlock handler unchanged from before, so as to not break internal
tooling that depends on it.

Also update its documentation description to make note of the fact that
it reactivates in addition to unlocks.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
49540693ab Decouple (un)locking from (re/de)activation 
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
27accd963a Satisfy Clippy 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
24dbd792a4 Format 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
415e3a2555 Separate active state from lock state in admin API 
- Allow the admin API to deactivate a user without locking it, and to
  unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
  option is used only by the admin API which doesn't use a job.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
44ffec5111 Add admin API endpoint to reactivate user 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
7a37a78eca Format 2025-07-16 13:42:14 -04:00
Andrew Ferrazzutti
8a56bbd8f1 Don't return locked error for deactivated users 
When a user is both locked and deactivated, give precedence to
deactivation errors over locked errors, as a locked error suggests that
unlocking the user would make it available.
 2025-07-16 13:38:15 -04:00
Quentin Gliech
62dcab9f75 Box all the figment errors to avoid large enum differences 2025-07-16 19:23:06 +02:00
Quentin Gliech
a51a697013 Miscellaneous housekeeping (#4735) 2025-07-16 18:53:59 +02:00
Andrew Ferrazzutti
12bd245980 Always add users synchronously with admin API 2025-07-15 12:08:47 -04:00
Andrew Ferrazzutti
ec12bfef90 Let admin API add users synchronously 
as opposed to always launching an asynchronous worker job.

This allows callers to have a guarantee that the user is fully created
by the time it receives the response to the user creation request.
 2025-07-15 12:08:33 -04:00
Andrew Ferrazzutti
0eca22a6f5 Satisfy Clippy 2025-07-15 11:19:41 -04:00
Andrew Ferrazzutti
b57020cf9f Add test coverage 
Also update snapshots for token values affected by state changes
 2025-07-15 11:19:19 -04:00
Andrew Ferrazzutti
75346d9827 Check for compat session locking earlier 2025-07-15 11:19:19 -04:00
Andrew Ferrazzutti
6a49a140a8 Support M_USER_LOCKED error for compat sessions 2025-07-15 11:19:19 -04:00
Andrew Ferrazzutti
23a87a02d2 Negate erase option and make optional 
This makes it more intuitive for an empty request body to be equivalent
to the option being set to false.
 2025-07-14 01:02:51 -04:00
Andrew Ferrazzutti
02898021fd Merge with 'main' 2025-07-11 09:50:38 -04:00
Andrew Ferrazzutti
88f5df36d4 Force optional request body for JSON schema 2025-07-10 13:26:58 -04:00
Quentin Gliech
f4c0c84e00 Use an async-aware mutex for the test queue worker 2025-07-09 18:30:12 +02:00
Quentin Gliech
d985815cfd Update the deactivate admin API test to run the deactivation job 2025-07-09 17:28:54 +02:00
Quentin Gliech
928da0709e Test helper to run all tests in the job queue 2025-07-09 17:26:09 +02:00
Quentin Gliech
5fc6b369ce Allow setting a custom clock on the QueueWorker & add one to the 
TestState
 2025-07-09 17:24:04 +02:00