letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
4d83fcb25eee320a0b2bbdb55eed0d4432ac619e
Commit Graph

315 Commits

Author SHA1 Message Date
Quentin Gliech
4d83fcb25e Merge remote-tracking branch 'origin/main' into quenting/stable-api 2025-08-04 16:38:49 +02:00
Quentin Gliech
0c32681e26 docs: Remove requirement for arbitrary KIDs (#4807) 2025-07-23 12:38:47 +02:00
Kai A. Hiller
d066259a31 KIDs must be stable across restarts 2025-07-23 12:31:38 +02:00
Kai A. Hiller
6612a90e4b Fix wording 2025-07-23 09:43:43 +02:00
Kai A. Hiller
0fb4a195a2 Adapt markdown formatting 2025-07-23 09:39:52 +02:00
Kai A. Hiller
c16384d2f3 docs: Remove requirement for arbitrary KIDs 2025-07-21 18:37:03 +02:00
Quentin Gliech
6ffe95cdc6 Merge branch 'main' into feat/allow_override_user 2025-07-21 17:03:35 +02:00
Quentin Gliech
942287f99b Threaten to switch to using the modern API in a few releases. 2025-07-21 13:15:48 +02:00
mcalinghee
1886e73e40 allow importing existing users when the localpart matches in upstream OAuth 2.0 logins 2025-07-21 09:52:24 +02:00
Quentin Gliech
85287c5471 Use the new dedicated Synapse API 2025-07-18 16:39:24 +02:00
Quentin Gliech
0878505429 Allow skipping GDPR-erasure when deactivating a user through the admin API (#4744) 2025-07-17 09:15:25 +02:00
Andrew Ferrazzutti
49540693ab Decouple (un)locking from (re/de)activation 
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
415e3a2555 Separate active state from lock state in admin API 
- Allow the admin API to deactivate a user without locking it, and to
  unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
  option is used only by the admin API which doesn't use a job.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
63bb786b5d Update schema 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
44ffec5111 Add admin API endpoint to reactivate user 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
23a87a02d2 Negate erase option and make optional 
This makes it more intuitive for an empty request body to be equivalent
to the option being set to false.
 2025-07-14 01:02:51 -04:00
Andrew Ferrazzutti
02898021fd Merge with 'main' 2025-07-11 09:50:38 -04:00
Andrew Ferrazzutti
88f5df36d4 Force optional request body for JSON schema 2025-07-10 13:26:58 -04:00
Johannes Marbach
8de2870ea2 Fix link title 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
 2025-07-10 11:31:59 +02:00
Andrew Morgan
ed36787714 Docs: fix link to build GitHub Actions workflow 2025-07-08 12:43:19 +01:00
Andrew Ferrazzutti
f8b4dcc6c2 Require "erase" key in deactivation request body 
If body is absent, treat "erase" as true.
If body is present, require "erase" to be present in the body.
 2025-07-04 14:30:42 -04:00
Quentin Gliech
b2ca7d5f9e Add documentation for backchannel logout 2025-07-04 16:27:10 +02:00
Quentin Gliech
e8627166a9 Log out oauth & compat sessions when receiving a backchannel logout request 2025-07-04 16:27:10 +02:00
Quentin Gliech
db8c557f81 Backchannel logout behavior settings on upstream providers 2025-07-04 16:27:10 +02:00
Andrew Ferrazzutti
58cd2ba993 Add "erase" option to REST deactivate request body 
This allows using the endpoint to deactivate a user without deleting it.

TODO: make the request body optional.
 2025-07-03 13:22:17 -04:00
Quentin Gliech
a390e61b08 Update the admin API doc to use stable scope in the example 2025-06-13 15:57:53 +02:00
Quentin Gliech
dc6ba0f400 Mention the stable scopes in the doc, remove the guest scope 2025-06-13 15:56:13 +02:00
Quentin Gliech
a5f3b8278c README, contribution and release documentation (#4675) 2025-06-12 09:17:22 +02:00
Quentin Gliech
6695773035 Apply suggestions from code review 
Co-authored-by: Will Lewis <1543626+wrjlewis@users.noreply.github.com>
 2025-06-12 09:11:03 +02:00
Quentin Gliech
c41ec28aa6 Update the contributing guidelines 2025-06-11 15:57:12 +02:00
Quentin Gliech
c64086f213 Release documentation 2025-06-11 15:16:41 +02:00
Quentin Gliech
a12b50147a Remove optional features from mas-iana & regenerate 
Also ignores 'TEMPORARY' items in the IANA registry
 2025-06-10 14:25:38 +02:00
Quentin Gliech
642c8ba508 Support for experimental plan management tab in UI (#4549) 2025-06-10 14:14:24 +02:00
Quentin Gliech
89c4f49d1b Admin API to un-revoke and edit registration tokens (#4637) 2025-06-06 12:56:43 +02:00
Hugh Nimmo-Smith
0551b93cae Update schemas 2025-06-06 10:45:23 +01:00
Quentin Gliech
5a4bc59bd3 Admin API to edit registration tokens 2025-06-05 18:22:16 +02:00
Quentin Gliech
5a34e28f4c Admin API to un-revoke a user registration token. 2025-06-05 16:56:42 +02:00
Quentin Gliech
186b5cbdbe Add secrets.encryption_file config option (#4617) 2025-06-05 15:14:55 +02:00
Quentin Gliech
65ec6c187c config: Refactor parsing of secrets section (#4602) 2025-06-05 15:13:00 +02:00
Kai A. Hiller
4a8dfae7b9 Update encryption secret warning in docs 2025-06-04 14:50:54 +02:00
Kai A. Hiller
67874be00f Skip encryption serialization if None 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-04 11:53:43 +02:00
Kai A. Hiller
6db309f796 Document secrets.encryption_file 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-04 11:42:51 +02:00
Quentin Gliech
0e94e6c2bb Add whether the registration is valid or not in the admin API 2025-06-03 17:42:55 +02:00
Quentin Gliech
3821c6550d CLI tool to issue user registration tokens 2025-06-03 17:42:55 +02:00
Quentin Gliech
4d1122533b Admin API to revoke user registration tokens 2025-06-03 17:42:54 +02:00
Quentin Gliech
2eaca3db22 Admin API to create a new user registration token 2025-06-03 17:42:54 +02:00
Quentin Gliech
378e83ef66 Admin API to get individual user registration tokens 2025-06-03 17:42:54 +02:00
Quentin Gliech
35a33f3464 Admin API to list user registration tokens 2025-06-03 17:42:54 +02:00
Quentin Gliech
dcef4bcf3f Add config flag to require registration tokens for password registrations 2025-06-03 17:42:53 +02:00
Kai A. Hiller
1d88c875e8 Add secrets.encryption_file config option 
Signed-off-by: Kai A. Hiller <git@kaialexhiller.de>
 2025-06-02 18:39:19 +02:00