letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
main
Commit Graph

471 Commits

Author SHA1 Message Date
Quentin Gliech
7ec4e1e371 Prune stale policy data once a day 2025-03-13 13:40:59 +01:00
Quentin Gliech
cc98fd7a53 Order the OAuth providers in the UI by their order in the config file 2025-03-12 11:12:55 +01:00
Quentin Gliech
14f938bf93 Repository method to deactivate a user. 2025-03-11 17:35:13 +01:00
Quentin Gliech
9c35f18d79 Add a deactivated_at flag on users 2025-03-11 17:35:13 +01:00
Quentin Gliech
fce20ee80d Allow removing email addresses in bulk 2025-03-11 17:35:12 +01:00
Quentin Gliech
098517edd0 storage: store dynamic policy data in the database 2025-02-25 12:26:22 +01:00
Quentin Gliech
10d7338934 Bump most Rust dependencies 2025-02-24 12:12:07 +01:00
Quentin Gliech
56d9c7e63b Upgrade to Rust 1.85 and edition 2024 2025-02-21 16:15:02 +01:00
Quentin Gliech
9fea06693b Allow filtering sessions by client kind (dynamic or static) 2025-02-12 17:31:21 +01:00
Quentin Gliech
b40fcdd712 Experimental feature to timeout inactive sessions 2025-02-12 17:31:21 +01:00
Quentin Gliech
d8b9bb1d9a Setup job to expire inactive browser sessions 2025-02-12 14:03:41 +01:00
Quentin Gliech
dcc23421c9 Setup a job to expire compatibility sessions 2025-02-12 13:57:36 +01:00
Quentin Gliech
0a624eb92c Setup a job to expire OAuth 2.0 sessions 2025-02-12 13:47:48 +01:00
Quentin Gliech
70936ba0f7 Allow filtering OAuth sessions with any/no user 2025-02-12 13:00:22 +01:00
Quentin Gliech
903b48792a storage: allow filtering upstream OAuth links by subject 2025-02-12 11:01:53 +01:00
Olivier 'reivilibre
221ab042c6 When consuming a compat refresh token, consume others in the session 2025-02-05 11:36:27 +01:00
Quentin Gliech
4953e08562 Clarify that VerifyEmailJob is kept for flushing old jobs 2025-01-23 18:31:27 +01:00
Quentin Gliech
0bca802585 Merge branch 'main' into quenting/optional-email 2025-01-20 11:31:48 +01:00
Quentin Gliech
5aa9535cb1 Remove unused dependencies 2025-01-16 17:59:03 +01:00
Quentin Gliech
d58e13e2cf Data model and storage layer for storing user registrations 2025-01-14 16:30:43 +01:00
Quentin Gliech
5aa5c9cb03 Job to send the new email authentication codes 2025-01-14 15:47:17 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
b697a2dfb2 storage: new email authentication codes 2025-01-13 17:00:30 +01:00
Quentin Gliech
077a55fd5d Remove the primary email address concept 2025-01-13 17:00:30 +01:00
Mathieu Velten
33e1cdbf16 Allow response_mode to be null and if so do not add the query param (#3700) 2024-12-18 18:18:39 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
Quentin Gliech
6bda8b91d0 Allow revoking refresh tokens 
This lets us track 'revoked' tokens separately from 'consumed' tokens.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
a26bc6c843 Cleanup revoked tokens instead of expired ones 
If we continue deleting expired tokens, we might not record whether the
token was used or not, and not know what to do in case of
a double-refresh.

Revoked tokens are safe to delete.

This also reduces the frequency of the cleanup job to once an hour.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
42bb83a628 Record when access tokens are first used 2024-12-11 14:15:01 +01:00
Quentin Gliech
b3756e4ae4 Record the next refresh token ID when refreshing 
This will help us determine whether we had a double-refresh happening
 2024-12-11 14:15:01 +01:00
Quentin Gliech
e0aab3740f Remove the schedule_expression from the database & other fixes 2024-12-06 16:24:26 +01:00
Quentin Gliech
fc7dd0ffdf Cron-like recurring jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
a01201f954 Allow scheduling jobs in the future 
Also retries jobs with an exponential backoff.
 2024-12-06 16:24:26 +01:00
Quentin Gliech
7113e0ddf6 Retry failed jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
bd72a57719 Actually consume jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
703bd743d6 Schedule jobs through the new queue 2024-12-06 16:24:26 +01:00
Quentin Gliech
b82483f936 Move the jobs types in the queue module 2024-12-06 16:24:26 +01:00
Quentin Gliech
7bbc867e2a WIP jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
312640605d Graceful shutdown 2024-12-06 16:24:26 +01:00
Quentin Gliech
f34ab1089c Make the worker heartbeat take a worker reference 2024-12-06 16:24:26 +01:00
Quentin Gliech
62ccd2b08c New job queue: worker registration and leader election 2024-12-06 16:24:26 +01:00
Quentin Gliech
ee6472178a Upgrade to Rust 1.83.0 and fix new warnings 2024-12-05 17:32:49 +01:00
Quentin Gliech
2903ff5e7a Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
f832666a86 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Quentin Gliech
05e2572258 Record extra query parameters during upstream callback 
And make them available in the templates.
This is useful to get the user display name for Sign-in with Apple
 2024-11-22 08:48:00 +01:00
Quentin Gliech
ec28c30e3c Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
dddd9fe998 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
Tonkku
846a4ee14a Implement login_hint 2024-11-18 11:42:43 +01:00
Quentin Gliech
0fde63594a Remove most doctests 2024-10-29 12:37:59 +01:00