letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
0fb4a195a223f11aa5fa70dbc7629c26960b2a66
Commit Graph

307 Commits

Author SHA1 Message Date
Kai A. Hiller
0fb4a195a2 Adapt markdown formatting 2025-07-23 09:39:52 +02:00
Kai A. Hiller
c16384d2f3 docs: Remove requirement for arbitrary KIDs 2025-07-21 18:37:03 +02:00
Quentin Gliech
942287f99b Threaten to switch to using the modern API in a few releases. 2025-07-21 13:15:48 +02:00
Quentin Gliech
85287c5471 Use the new dedicated Synapse API 2025-07-18 16:39:24 +02:00
Quentin Gliech
0878505429 Allow skipping GDPR-erasure when deactivating a user through the admin API (#4744) 2025-07-17 09:15:25 +02:00
Andrew Ferrazzutti
49540693ab Decouple (un)locking from (re/de)activation 
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
415e3a2555 Separate active state from lock state in admin API 
- Allow the admin API to deactivate a user without locking it, and to
  unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
  option is used only by the admin API which doesn't use a job.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
63bb786b5d Update schema 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
44ffec5111 Add admin API endpoint to reactivate user 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
23a87a02d2 Negate erase option and make optional 
This makes it more intuitive for an empty request body to be equivalent
to the option being set to false.
 2025-07-14 01:02:51 -04:00
Andrew Ferrazzutti
02898021fd Merge with 'main' 2025-07-11 09:50:38 -04:00
Andrew Ferrazzutti
88f5df36d4 Force optional request body for JSON schema 2025-07-10 13:26:58 -04:00
Johannes Marbach
8de2870ea2 Fix link title 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
 2025-07-10 11:31:59 +02:00
Andrew Morgan
ed36787714 Docs: fix link to build GitHub Actions workflow 2025-07-08 12:43:19 +01:00
Andrew Ferrazzutti
f8b4dcc6c2 Require "erase" key in deactivation request body 
If body is absent, treat "erase" as true.
If body is present, require "erase" to be present in the body.
 2025-07-04 14:30:42 -04:00
Quentin Gliech
b2ca7d5f9e Add documentation for backchannel logout 2025-07-04 16:27:10 +02:00
Quentin Gliech
e8627166a9 Log out oauth & compat sessions when receiving a backchannel logout request 2025-07-04 16:27:10 +02:00
Quentin Gliech
db8c557f81 Backchannel logout behavior settings on upstream providers 2025-07-04 16:27:10 +02:00
Andrew Ferrazzutti
58cd2ba993 Add "erase" option to REST deactivate request body 
This allows using the endpoint to deactivate a user without deleting it.

TODO: make the request body optional.
 2025-07-03 13:22:17 -04:00
Quentin Gliech
a5f3b8278c README, contribution and release documentation (#4675) 2025-06-12 09:17:22 +02:00
Quentin Gliech
6695773035 Apply suggestions from code review 
Co-authored-by: Will Lewis <1543626+wrjlewis@users.noreply.github.com>
 2025-06-12 09:11:03 +02:00
Quentin Gliech
c41ec28aa6 Update the contributing guidelines 2025-06-11 15:57:12 +02:00
Quentin Gliech
c64086f213 Release documentation 2025-06-11 15:16:41 +02:00
Quentin Gliech
a12b50147a Remove optional features from mas-iana & regenerate 
Also ignores 'TEMPORARY' items in the IANA registry
 2025-06-10 14:25:38 +02:00
Quentin Gliech
642c8ba508 Support for experimental plan management tab in UI (#4549) 2025-06-10 14:14:24 +02:00
Quentin Gliech
89c4f49d1b Admin API to un-revoke and edit registration tokens (#4637) 2025-06-06 12:56:43 +02:00
Hugh Nimmo-Smith
0551b93cae Update schemas 2025-06-06 10:45:23 +01:00
Quentin Gliech
5a4bc59bd3 Admin API to edit registration tokens 2025-06-05 18:22:16 +02:00
Quentin Gliech
5a34e28f4c Admin API to un-revoke a user registration token. 2025-06-05 16:56:42 +02:00
Quentin Gliech
186b5cbdbe Add secrets.encryption_file config option (#4617) 2025-06-05 15:14:55 +02:00
Quentin Gliech
65ec6c187c config: Refactor parsing of secrets section (#4602) 2025-06-05 15:13:00 +02:00
Kai A. Hiller
4a8dfae7b9 Update encryption secret warning in docs 2025-06-04 14:50:54 +02:00
Kai A. Hiller
67874be00f Skip encryption serialization if None 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-04 11:53:43 +02:00
Kai A. Hiller
6db309f796 Document secrets.encryption_file 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-04 11:42:51 +02:00
Quentin Gliech
0e94e6c2bb Add whether the registration is valid or not in the admin API 2025-06-03 17:42:55 +02:00
Quentin Gliech
3821c6550d CLI tool to issue user registration tokens 2025-06-03 17:42:55 +02:00
Quentin Gliech
4d1122533b Admin API to revoke user registration tokens 2025-06-03 17:42:54 +02:00
Quentin Gliech
2eaca3db22 Admin API to create a new user registration token 2025-06-03 17:42:54 +02:00
Quentin Gliech
378e83ef66 Admin API to get individual user registration tokens 2025-06-03 17:42:54 +02:00
Quentin Gliech
35a33f3464 Admin API to list user registration tokens 2025-06-03 17:42:54 +02:00
Quentin Gliech
dcef4bcf3f Add config flag to require registration tokens for password registrations 2025-06-03 17:42:53 +02:00
Kai A. Hiller
1d88c875e8 Add secrets.encryption_file config option 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 18:39:19 +02:00
Kai A. Hiller
c448bd69bf Refactor key options in secret config 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Kai A. Hiller
647f415892 Refactor password options in secret config 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Kai A. Hiller
d46f66a056 Add KeyConfig doc comment 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 14:06:43 +02:00
Quentin Gliech
cd96b6324e Add the user deactivation state in the admin API 2025-06-02 11:54:16 +02:00
Quentin Gliech
f63b466145 Allow applying unicode normalisation to passwords before hashing 2025-05-30 15:42:32 +02:00
Hugh Nimmo-Smith
aad2d8afb3 Merge branch 'main' into hughns/plan-management 2025-05-09 10:33:39 +01:00
Lomion0815
c45d98fdc3 Fix Swagger UI callback path 2025-05-07 22:09:46 +02:00
Quentin Gliech
4d0bce9382 Make the default scope on upstream providers config openid 2025-05-07 15:34:30 +02:00