letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
76b971ad4540936c015c155abe208eccfc9c06af
Commit Graph

362 Commits

Author SHA1 Message Date
Quentin Gliech
76b971ad45 Add index on the user_session_id foreign key for upstream auth sessions 2026-01-21 14:49:07 +01:00
Quentin Gliech
39e417b461 Only cleanup orphan upstream authorization sessions 
This includes sessions that were never completed, and sessions where
user_session was cleaned up. This is to avoid breaking features like
OIDC Backchannel Logout after 30 days.
 2026-01-21 12:25:42 +01:00
Quentin Gliech
63f02c4dea Track user session authenticated through upstream auth sessions 
This will help us avoid clearing upstream authorization sessions that
might still be useful to keep around for OIDC Backchannel Logouts
 2026-01-21 12:19:05 +01:00
Quentin Gliech
e7c1f126be Fix foreign key constraint when cleaning up upstream OAuth 2.0 links 
https://sentry.tools.element.io/organizations/element/issues/11222736/
 2026-01-20 14:29:27 +01:00
Quentin Gliech
1254d9f8f0 Mark the next attempt foreign key as initially not valid 2026-01-19 15:44:22 +01:00
Quentin Gliech
1253bbd498 Implement cleanup job for queue jobs 
Add scheduled cleanup job that removes old completed and failed queue
jobs after 30 days. Jobs are kept for debugging purposes.

Includes migration to change the next_attempt_id FK constraint from NO
ACTION to SET NULL, allowing cleanup of retry chains without breaking
foreign key constraints.

One caveat is that cleanup is based on their creation time, *not* when
they got completed/failed. This means that if the job takes a long time
(as in, several days) to get scheduled, it might get cleared as soon as
it runs. This is fine for now, we may want to revisit this if we start
scheduling jobs far in the future
 2026-01-19 12:25:04 +01:00
Quentin Gliech
e7c07a8f88 Implement cleanup jobs for upstream OAuth sessions and links 
Add two cleanup jobs scheduled hourly:

1. Upstream OAuth authorization sessions - removes sessions after 30 days
2. Orphaned upstream OAuth links - removes links after 7 days where user_id IS NULL. These are links created during upstream OAuth 2.0 login but never associated with a user
 2026-01-19 12:24:13 +01:00
Quentin Gliech
f350b94918 Implement cleanup job for email authentications 
Add scheduled cleanup job that removes old user email authentications
after 7 days. Runs every hour.
 2026-01-16 17:56:16 +01:00
Quentin Gliech
e6e793f46f Implement cleanup job for user recovery sessions 
Add scheduled cleanup job that removes old user recovery sessions after
7 days. Runs hourly.

Implementation uses ULID cursor-based pagination with no additional
indexes needed. Child tickets cascade-delete automatically.
 2026-01-16 17:46:01 +01:00
Quentin Gliech
67a0d0e92e Implement cleanup job for OAuth2 device code grants 
Add cleanup job that removes device code grants older than 7 days.
Uses ULID cursor-based pagination for efficiency.

- Add cleanup method to OAuth2DeviceCodeGrantRepository
- Add CleanupOAuthDeviceCodeGrantsJob task
- Register handler and schedule to run hourly
 2026-01-16 17:40:11 +01:00
Quentin Gliech
fc07a32a8c Implement cleanup job for OAuth2 authorization grants 
Add cleanup job that removes authorization grants older than 7 days.
Uses ULID cursor-based pagination for efficiency.

- Add cleanup method to OAuth2AuthorizationGrantRepository trait
- Add CleanupOAuthAuthorizationGrantsJob task
- Register handler and schedule to run hourly
 2026-01-16 17:39:38 +01:00
Quentin Gliech
87f4ec3e80 Cleanup finished compat sessions after 30 days 2026-01-15 12:29:43 +01:00
Quentin Gliech
3fa53d285e Cleanup old user registrations from the database 2026-01-14 14:01:10 +01:00
Quentin Gliech
d4d4cd7cd1 Remove imported unsupported threepids when deactivating a user (#5406) 2026-01-13 17:30:20 +01:00
Quentin Gliech
186a887125 Hard delete expired, revoked and consumed OAuth 2.0 tokens after some time (#5409) 2026-01-13 17:23:16 +01:00
Quentin Gliech
f98957617e Cleanup consumed refresh tokens 2026-01-12 11:18:18 +01:00
Quentin Gliech
ab25c23829 Replace the FK constraint on the refresh token chain to nullify the 
field on deletion

This will make garbage collecting refresh tokens easier
 2026-01-12 09:36:52 +01:00
Quentin Gliech
3e521a105d Cleanup revoked refresh tokens 2026-01-09 18:37:09 +01:00
Quentin Gliech
04cbafbc5f Cleanup expired OAuth 2.0 access tokens 2026-01-09 13:38:50 +01:00
Quentin Gliech
bf2ad55b5c Speed up access token cleanup with an index 2026-01-08 19:03:09 +01:00
Quentin Gliech
fa742bc992 Clean up revoked access tokens in batches 2026-01-08 19:03:09 +01:00
Quentin Gliech
8c9add00f4 Remove imported unsupported threepids when deactivating a user 2026-01-08 15:33:50 +01:00
Quentin Gliech
215ad75ab2 Cleanup id_token_claims trigger 2026-01-08 15:17:37 +01:00
Quentin Gliech
bc1ca15833 Remove leftovers from OAuth 2.0 consent tracking cleanup 2026-01-08 15:17:37 +01:00
Quentin Gliech
5cdf938129 Remove leftovers from the old email verification system 2026-01-08 15:17:37 +01:00
Quentin Gliech
5067e420c6 Remove leftover in the scheam from apalis 2026-01-08 15:17:25 +01:00
Quentin Gliech
30c4e12d12 Merge branch 'main' into rei/reapply_5297 2025-12-10 22:09:56 +01:00
Quentin Gliech
cca2015920 Fix typos 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-04 16:32:13 +01:00
Quentin Gliech
b99722f42a Better error message when checksum in database is invalid 2025-12-04 15:14:14 +01:00
Quentin Gliech
368cd4541d Don't error out if a migration is missing 
This allows us to roll back to older versions of MAS.
 2025-12-04 15:13:42 +01:00
Quentin Gliech
eb2284ba7c Better lock and handle missing and modified migrations 
This rewrites the database migration code to:

 - avoid deadlocks when running multiple migration processes at the same
   time with a `CREATE INDEX CONCURRENTLY` statement
 - allow us to remove some migrations from the code base and mark them as
   intentionally removed
 - allow us to modify some migrations and declare alternate checksums
   for previous versions of the migration
 2025-12-04 14:44:16 +01:00
Olivier 'reivilibre
eeb0692b8e Add experimental and preliminary policy-driven session limiting when logging in compatibility sessions. (#5287) 2025-12-02 15:50:04 +00:00
Olivier 'reivilibre
1dd51c77f4 Reapply "Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks (#5297)" (#5299) 
This reverts commit 2c3054bb24, reversing
changes made to 396950806c.
 2025-12-01 12:45:19 +00:00
Olivier 'reivilibre
21e45ce972 Revert "Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks (#5297)" 
This reverts commit 396950806c, reversing
changes made to ef563f33c6.
 2025-12-01 12:14:31 +00:00
Ben Banfield-Zanin
e065f830e9 Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks 2025-11-28 15:18:53 +00:00
Quentin Gliech
7b653ce04e Fix test name 2025-11-27 16:05:13 +01:00
Quentin Gliech
bd3173baa1 Create the new index CONCURRENTLY 2025-11-27 16:04:23 +01:00
Olivier 'reivilibre
3b04fd5621 Make finish_sessions_to_replace_device return whether any were finished 2025-11-25 18:41:14 +00:00
Quentin Gliech
c9b89c2f8d Store upstream OAuth sessions on user registrations 
This will allow us creating user registrations from upstream OAuth auth
sessions
 2025-11-21 19:31:37 +01:00
Quentin Gliech
ad9f04c8ba Allow completing user email authentications using an upstream session 
This will let us push emails in user registrations using an upstream
session
 2025-11-21 19:28:26 +01:00
Olivier 'reivilibre
25fa81e431 fix up test that relied on it being broken 2025-10-23 16:02:19 +01:00
Olivier 'reivilibre
07f77778af Fix UNIQUE constraint on active personal access tokens per session 2025-10-23 15:01:39 +01:00
Olivier 'reivilibre
7e70afa6ab Add comments for the filters 2025-10-22 14:22:10 +01:00
Olivier 'reivilibre
120c8f7d23 Add revoke_bulk for personal sessions storage 2025-10-22 11:27:10 +01:00
reivilibre
c82f454365 Personal Sessions: add create, list, get, revoke, regenerate Admin APIs (#5141) 
Introduces some admin API endpoints for Personal Sessions.

- add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
- get: Shows the information about a personal session
- list: Shows many personal sessions
- revoke: Revokes a personal session, so it can't be used anymore
- regenerate: Revoke the active personal access token for a session and issue a new one to replace it.
 2025-10-22 11:20:02 +01:00
Olivier 'reivilibre
a8adab1301 Add expires filter to personal sessions list 2025-10-21 10:10:14 +01:00
Olivier 'reivilibre
2bf837257c find_active_by_session: take &PersonalSession 2025-10-21 09:43:46 +01:00
Olivier 'reivilibre
c5fe099d50 Implement activity tracking for personal sessions 2025-10-20 17:23:31 +01:00
Olivier 'reivilibre
411a66fa72 Delete owned PATs & personal sessions when pruning OAuth2 clients 2025-10-20 14:33:30 +01:00
Olivier 'reivilibre
12124663c1 When revoking a personal session, also revoke its PAT 2025-10-20 14:33:30 +01:00