letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
main
Commit Graph

2727 Commits

Author SHA1 Message Date
Quentin Gliech
8b2addbe0e Allow linking upstream accounts to matching users without confirmation 
This reworks the link flow to handle many edge cases better. One major
functionality change is that when we had a new upstream account with no
user linked, but the localpart matching an existing user, if
`on_conflict` was set to `add`, we prompt the user to link the existing
account. This prompt is now skipped and the user is linked automatically.
 2025-11-27 16:18:17 +01:00
Quentin Gliech
aeaf63b001 Unify registrations for local passwords and upstream OAuth registrations (#5281) 2025-11-27 16:13:03 +01:00
Quentin Gliech
7b653ce04e Fix test name 2025-11-27 16:05:13 +01:00
Quentin Gliech
bd3173baa1 Create the new index CONCURRENTLY 2025-11-27 16:04:23 +01:00
Olivier 'reivilibre
d2ac79d4c8 fixup! Introduce compat login policy 2025-11-26 13:48:01 +00:00
Olivier 'reivilibre
f450d0449c Make policy depend on whether the login is interactive or not 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
6fdb63b361 Don't apply a session limit when genuinely replacing a session 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
3b04fd5621 Make finish_sessions_to_replace_device return whether any were finished 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
985ea0b30a Enforce policy on compat login 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
31c3fe2b39 Add a 'compat login policy violation' page 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
2c95c0a9a0 Expose the compat login policy from the policy engine 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
069b57758b Introduce compat login policy 2025-11-25 18:41:14 +00:00
Olivier 'reivilibre
1d2f7fecf8 Add experimental and preliminary policy-driven session limiting when logging in OAuth 2 sessions. (#5221) 2025-11-25 15:24:02 +00:00
reivilibre
96b596fa0c templates check: Add --stabilise flag to make renders reproducible (#5214) 2025-11-24 16:16:11 +00:00
Quentin Gliech
43d4c8af53 Fix typo in error message 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-24 17:00:05 +01:00
Quentin Gliech
45159e03e9 Create user registrations for upstream OAuth registrations 2025-11-24 16:52:09 +01:00
Quentin Gliech
e50664a711 Associate the upstream link with the new user if present on the 
registration
 2025-11-21 19:37:05 +01:00
Quentin Gliech
5a9fbcb98e Don't error out if there is no email associated to the registration 
In case an email is required for password auth, we create a user
authentication which we force the user to complete. We used to
double-check that the email is required before completing the
registration, which was only really useful when the config flipped from
not being required to being required, in the 1h window in which running
registrations were still valid. We think this is a fine trade-off.
 2025-11-21 19:36:04 +01:00
Quentin Gliech
c9b89c2f8d Store upstream OAuth sessions on user registrations 
This will allow us creating user registrations from upstream OAuth auth
sessions
 2025-11-21 19:31:37 +01:00
Quentin Gliech
ad9f04c8ba Allow completing user email authentications using an upstream session 
This will let us push emails in user registrations using an upstream
session
 2025-11-21 19:28:26 +01:00
Kai A. Hiller
611c9e7731 Allow keys and keys_dir simultaneously 2025-11-18 19:27:21 +01:00
Kai A. Hiller
770016ebf7 Merge branch 'main' into keys_dir 2025-11-18 18:12:14 +01:00
Quentin Gliech
aec28a2f42 Add upstream_oauth2.providers.[].client_secret_file config option (#4882) 2025-11-18 11:29:21 +01:00
Olivier 'reivilibre
236de8f071 Merge branch 'main' into rei/policy_driven_session_limit 2025-11-13 15:54:48 +00:00
matrixbot
a6a1a67dbf Automatic merge back to main (#5235) 2025-11-11 12:07:40 +01:00
networkException
23322cfc28 Add upstream_oauth2.providers.[].client_secret_file config option 
This patch factors out the previously introduced config
wrapper for client secrets to also use it for upstream oauth
providers.

See dd040220db
 2025-11-08 16:10:19 +01:00
Quentin Gliech
2eaba46e1b Don't extract the parent context if the span is disabled 2025-11-07 13:37:26 +01:00
Quentin Gliech
c7b00ebe03 Fix spurious "Failed to set parent context on span" error 
This would happen when the `info` log level is surpressed, and therefore
the request span would not be enabled and fail to set the parent OTEL
context.
 2025-11-07 11:34:42 +01:00
Quentin Gliech
7d2f85c891 Remove the nullable transform from the policies schemas 2025-11-07 11:11:41 +01:00
Quentin Gliech
d0a5a1406b Remove the nullable transformation for the config schema. 2025-11-07 11:08:59 +01:00
Quentin Gliech
889ead8eaa Merge branch 'main' into quenting/schemars-0.9 2025-11-07 10:59:56 +01:00
Quentin Gliech
7901657b72 Remove the nullable transform 2025-11-07 10:53:46 +01:00
Olivier 'reivilibre
1c5fe5e322 Replace dummy manifest with fake include_asset function 2025-11-06 21:32:24 +00:00
Quentin Gliech
56911f25c1 Merge remote-tracking branch 'origin/main' into quenting/schemars-0.9 2025-11-06 17:34:43 +01:00
Olivier 'reivilibre
7d92a2210c Don't require proliferation of Rng: Clone in sample method 2025-11-06 15:42:31 +00:00
Olivier 'reivilibre
83844bc723 Use less zero-y timestamp 2025-11-06 15:36:52 +00:00
Olivier 'reivilibre
bcb9a04597 also update is_default 2025-11-06 15:29:54 +00:00
reivilibre
29ab273e5a Update crates/config/src/sections/experimental.rs 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-06 15:29:54 +00:00
Olivier 'reivilibre
184c2845ea Pass out RepositoryError 2025-11-06 15:05:40 +00:00
Olivier 'reivilibre
24152a47cb Make explicit the data...base 2025-11-06 15:02:04 +00:00
Olivier 'reivilibre
78db4a11fe Use NonZeroU64 2025-11-06 15:01:49 +00:00
Olivier 'reivilibre
ea2506d2c7 Add TooManySessions violation code 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
cb5ea26792 Add session counts to policy input 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
7ee32e796a Add session limit config to policy data 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
db54d90a32 Add helper function to count user sessions for limiting 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
1c056bfdad Add SessionCounts struct for use in policy 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
dc535d7451 Add configuration for session limiting 2025-11-06 10:12:14 +00:00
Olivier 'reivilibre
f8ff41cb43 Fix another broken link in the rustdocs 2025-11-06 10:11:22 +00:00
Olivier 'reivilibre
49512d106f Fix broken link in rustdoc 2025-11-06 09:20:20 +00:00
Olivier 'reivilibre
a33605b388 Stub out the vite manifest when stabilising template renders 2025-10-30 16:33:50 +00:00