letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
87f4ec3e80928b11746aef518c51a1cce4a8bc9d
Commit Graph

454 Commits

Author SHA1 Message Date
Quentin Gliech
87f4ec3e80 Cleanup finished compat sessions after 30 days 2026-01-15 12:29:43 +01:00
Quentin Gliech
3fa53d285e Cleanup old user registrations from the database 2026-01-14 14:01:10 +01:00
Quentin Gliech
d4d4cd7cd1 Remove imported unsupported threepids when deactivating a user (#5406) 2026-01-13 17:30:20 +01:00
Quentin Gliech
291accc37d Fix typo in comment 
Co-authored-by: Olivier 'reivilibre' <oliverw@element.io>
 2026-01-13 17:22:48 +01:00
Quentin Gliech
5827883979 Apply suggestions from code review 2026-01-12 11:58:19 +01:00
Quentin Gliech
6915878bc6 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-12 11:57:42 +01:00
Quentin Gliech
f98957617e Cleanup consumed refresh tokens 2026-01-12 11:18:18 +01:00
Quentin Gliech
3e521a105d Cleanup revoked refresh tokens 2026-01-09 18:37:09 +01:00
Quentin Gliech
04cbafbc5f Cleanup expired OAuth 2.0 access tokens 2026-01-09 13:38:50 +01:00
Quentin Gliech
73e838ff08 Rename the cleanup revoked access tokens job 
"cleanup-expired-tokens" was not accurate, and since the plan is to have
different jobs for the different kind of tokens, we renamed this job to
use a more accurate description
 2026-01-09 13:36:46 +01:00
Quentin Gliech
fa742bc992 Clean up revoked access tokens in batches 2026-01-08 19:03:09 +01:00
Quentin Gliech
8c9add00f4 Remove imported unsupported threepids when deactivating a user 2026-01-08 15:33:50 +01:00
Olivier 'reivilibre
eeb0692b8e Add experimental and preliminary policy-driven session limiting when logging in compatibility sessions. (#5287) 2025-12-02 15:50:04 +00:00
Olivier 'reivilibre
3b04fd5621 Make finish_sessions_to_replace_device return whether any were finished 2025-11-25 18:41:14 +00:00
Quentin Gliech
ad9f04c8ba Allow completing user email authentications using an upstream session 
This will let us push emails in user registrations using an upstream
session
 2025-11-21 19:28:26 +01:00
Olivier 'reivilibre
f8ff41cb43 Fix another broken link in the rustdocs 2025-11-06 10:11:22 +00:00
Olivier 'reivilibre
676c594dc4 Remove stale comment 2025-10-22 14:23:18 +01:00
Olivier 'reivilibre
120c8f7d23 Add revoke_bulk for personal sessions storage 2025-10-22 11:27:10 +01:00
reivilibre
c82f454365 Personal Sessions: add create, list, get, revoke, regenerate Admin APIs (#5141) 
Introduces some admin API endpoints for Personal Sessions.

- add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
- get: Shows the information about a personal session
- list: Shows many personal sessions
- revoke: Revokes a personal session, so it can't be used anymore
- regenerate: Revoke the active personal access token for a session and issue a new one to replace it.
 2025-10-22 11:20:02 +01:00
Olivier 'reivilibre
a8adab1301 Add expires filter to personal sessions list 2025-10-21 10:10:14 +01:00
Olivier 'reivilibre
2bf837257c find_active_by_session: take &PersonalSession 2025-10-21 09:43:46 +01:00
Olivier 'reivilibre
c5fe099d50 Implement activity tracking for personal sessions 2025-10-20 17:23:31 +01:00
Olivier 'reivilibre
0346425129 storage: include PATs alongside personal sessions 2025-10-20 14:33:30 +01:00
Olivier 'reivilibre
46045d44bc storage: introduce find_active_for_session for PATs 2025-10-20 13:06:41 +01:00
Olivier 'reivilibre
1a9b4b4d93 Take access_token by ref in add 2025-10-09 13:00:19 +01:00
Olivier 'reivilibre
b9e1cdb554 Support OAuth2 clients as owners of personal sessions 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
2a86a446b2 Add filters for personal sessions 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
8ca8d878e7 Add personal access token and session storage 2025-10-07 19:54:59 +01:00
Quentin Gliech
8962f355ff storage: make the edges in pages include cursors 2025-09-29 14:46:28 +02:00
Quentin Gliech
cb8c408489 Admin API filter to search users by username 2025-09-15 14:12:31 +02:00
Quentin Gliech
b7015c0b3d Allow filtering guest/non-guest users 2025-09-15 12:51:06 +02:00
Quentin Gliech
7253ca69b0 Merge remote-tracking branch 'origin/main' into feat/login_hint_with_email 2025-08-18 16:43:00 +02:00
Quentin Gliech
eded025ff4 Fix a few clippy lints, mostly in doc comments 2025-08-18 10:34:28 +02:00
mcalinghee
a45a1d7f73 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model : format 2025-07-31 12:35:56 +02:00
mcalinghee
9fa91b9524 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model : correct documentation 2025-07-31 12:34:01 +02:00
mcalinghee
062f5aced7 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model 2025-07-31 11:17:33 +02:00
Andrew Ferrazzutti
49540693ab Decouple (un)locking from (re/de)activation 
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
415e3a2555 Separate active state from lock state in admin API 
- Allow the admin API to deactivate a user without locking it, and to
  unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
  option is used only by the admin API which doesn't use a job.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
44ffec5111 Add admin API endpoint to reactivate user 2025-07-16 14:17:01 -04:00
Quentin Gliech
a51a697013 Miscellaneous housekeeping (#4735) 2025-07-16 18:53:59 +02:00
Quentin Gliech
0f45344937 Allow running jobs from the job queue in tests (#4775) 2025-07-11 14:47:23 +02:00
Quentin Gliech
716640486e Make the task State::clock() return a &dyn Clock instead of a BoxClock 2025-07-09 17:20:03 +02:00
Quentin Gliech
39b3dbe5db Make email address lookups case-insensitive 2025-07-08 18:01:20 +02:00
Quentin Gliech
e8627166a9 Log out oauth & compat sessions when receiving a backchannel logout request 2025-07-04 16:27:10 +02:00
Quentin Gliech
84d9e47e23 Compose filters for batch logging out of browser sessions 
Instead of having to load all authentication sessions in memory, we
allow composing browser session filters with a upstream auth sessions
filter
 2025-07-04 16:27:10 +02:00
Quentin Gliech
500e25a069 storage: allow filtering browser sessions by which upstream session 
authd them
 2025-07-04 16:27:10 +02:00
Quentin Gliech
db8c557f81 Backchannel logout behavior settings on upstream providers 2025-07-04 16:27:10 +02:00
Quentin Gliech
aaf4bf588f Allow filtering upstream sessions by sub and sid claims 2025-07-04 16:27:09 +02:00
Quentin Gliech
a3acec4973 storage: list and count methods for upstream oauth sessions 2025-07-04 16:27:09 +02:00
Quentin Gliech
5b7bf232d6 Record the decoded ID token claims on upstream auth sessions 2025-07-04 16:27:09 +02:00