letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
4,133 Commits 2 Branches 1 Tag
155c19e9495dccba4e33dbf76aca17ae9915707f
Commit Graph

158 Commits

Author SHA1 Message Date
Quentin Gliech
a8332937ba Fix missing 'ui_order' field in tests 2025-03-12 11:32:06 +01:00
Quentin Gliech
cc98fd7a53 Order the OAuth providers in the UI by their order in the config file 2025-03-12 11:12:55 +01:00
Quentin Gliech
14f938bf93 Repository method to deactivate a user. 2025-03-11 17:35:13 +01:00
Quentin Gliech
9c35f18d79 Add a deactivated_at flag on users 2025-03-11 17:35:13 +01:00
Quentin Gliech
fce20ee80d Allow removing email addresses in bulk 2025-03-11 17:35:12 +01:00
Quentin Gliech
d80e1e4090 Stop writing to the old email confirmation-related tables 
This will allow to drop those old tables and fields in the next release
 2025-03-11 17:35:12 +01:00
Quentin Gliech
44b6777f1b Merge remote-tracking branch 'origin/main' into quenting/compat-device-id 2025-03-04 13:33:09 +01:00
Quentin Gliech
56d9c7e63b Upgrade to Rust 1.85 and edition 2024 2025-02-21 16:15:02 +01:00
Quentin Gliech
a3f22ae5f6 Allow compat session devices to have spaces 2025-02-19 17:55:18 +01:00
Quentin Gliech
9fea06693b Allow filtering sessions by client kind (dynamic or static) 2025-02-12 17:31:21 +01:00
Quentin Gliech
70936ba0f7 Allow filtering OAuth sessions with any/no user 2025-02-12 13:00:22 +01:00
Quentin Gliech
903b48792a storage: allow filtering upstream OAuth links by subject 2025-02-12 11:01:53 +01:00
Olivier 'reivilibre
3034819b7d Introduce optional human_name column on compat_sessions 2025-02-05 11:36:51 +01:00
Olivier 'reivilibre
221ab042c6 When consuming a compat refresh token, consume others in the session 2025-02-05 11:36:27 +01:00
reivilibre
87009be7e6 Support compatibility sessions that do not have devices (#3801) 
Co-authored-by: Quentin Gliech <quenting@element.io>
 2025-01-27 14:50:31 +00:00
Quentin Gliech
153c5e56d7 Merge remote-tracking branch 'origin/main' into quenting/optional-email 2025-01-23 18:28:33 +01:00
Quentin Gliech
4451cbfe86 Upgrade Rust to 1.84 and fix new clippy lints 2025-01-23 17:55:22 +01:00
Quentin Gliech
d58e13e2cf Data model and storage layer for storing user registrations 2025-01-14 16:30:43 +01:00
Quentin Gliech
9db14f6743 Rip out the email verification codes 
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
 2025-01-14 15:46:45 +01:00
Quentin Gliech
b697a2dfb2 storage: new email authentication codes 2025-01-13 17:00:30 +01:00
Quentin Gliech
077a55fd5d Remove the primary email address concept 2025-01-13 17:00:30 +01:00
Mathieu Velten
33e1cdbf16 Allow response_mode to be null and if so do not add the query param (#3700) 2024-12-18 18:18:39 +01:00
Quentin Gliech
f563daf822 Make the issue optional on upstream OAuth 2.0 providers 2024-12-17 13:40:34 +01:00
Mathieu Velten
75ee9a1e58 Add id_token_signed_response_alg and userinfo_signed_response_alg (#3664) 2024-12-17 11:54:16 +01:00
Quentin Gliech
6bda8b91d0 Allow revoking refresh tokens 
This lets us track 'revoked' tokens separately from 'consumed' tokens.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
a26bc6c843 Cleanup revoked tokens instead of expired ones 
If we continue deleting expired tokens, we might not record whether the
token was used or not, and not know what to do in case of
a double-refresh.

Revoked tokens are safe to delete.

This also reduces the frequency of the cleanup job to once an hour.
 2024-12-11 14:15:01 +01:00
Quentin Gliech
42bb83a628 Record when access tokens are first used 2024-12-11 14:15:01 +01:00
Quentin Gliech
b3756e4ae4 Record the next refresh token ID when refreshing 
This will help us determine whether we had a double-refresh happening
 2024-12-11 14:15:01 +01:00
Quentin Gliech
e0aab3740f Remove the schedule_expression from the database & other fixes 2024-12-06 16:24:26 +01:00
Quentin Gliech
fc7dd0ffdf Cron-like recurring jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
a01201f954 Allow scheduling jobs in the future 
Also retries jobs with an exponential backoff.
 2024-12-06 16:24:26 +01:00
Quentin Gliech
7113e0ddf6 Retry failed jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
bd72a57719 Actually consume jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
703bd743d6 Schedule jobs through the new queue 2024-12-06 16:24:26 +01:00
Quentin Gliech
b82483f936 Move the jobs types in the queue module 2024-12-06 16:24:26 +01:00
Quentin Gliech
7bbc867e2a WIP jobs 2024-12-06 16:24:26 +01:00
Quentin Gliech
ac991a6572 Use the database time for leader election 2024-12-06 16:24:26 +01:00
Quentin Gliech
312640605d Graceful shutdown 2024-12-06 16:24:26 +01:00
Quentin Gliech
f34ab1089c Make the worker heartbeat take a worker reference 2024-12-06 16:24:26 +01:00
Quentin Gliech
62ccd2b08c New job queue: worker registration and leader election 2024-12-06 16:24:26 +01:00
Quentin Gliech
ee6472178a Upgrade to Rust 1.83.0 and fix new warnings 2024-12-05 17:32:49 +01:00
Quentin Gliech
2903ff5e7a Allow setting an explicit upstream account name (#3600) 2024-11-29 12:30:18 +01:00
Mathieu Velten
f832666a86 Add fetch_userinfo to upstream SSO provider (#3363) 2024-11-26 15:01:03 +00:00
Quentin Gliech
05e2572258 Record extra query parameters during upstream callback 
And make them available in the templates.
This is useful to get the user display name for Sign-in with Apple
 2024-11-22 08:48:00 +01:00
Quentin Gliech
ec28c30e3c Allow setting the response_mode on upstream OAuth 2.0 providers 2024-11-22 08:48:00 +01:00
Quentin Gliech
dddd9fe998 Support Sign in with Apple 2024-11-22 08:48:00 +01:00
Tonkku
846a4ee14a Implement login_hint 2024-11-18 11:42:43 +01:00
Quentin Gliech
e6ddaf098b Output the registered client metadata in the registration endpoint 
Fixes #2848
 2024-09-20 20:39:04 +02:00
Quentin Gliech
03838bd909 Remove contacts from the data model 2024-09-20 20:39:04 +02:00
Quentin Gliech
9a946c19e7 Remove (C) 2024-09-10 14:28:55 +02:00