letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
6,645 Commits 2 Branches 1 Tag
8ea5ebf8df60909367f65f0692dd80e1b56699f6
Commit Graph

6645 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Quentin Gliech
8ea5ebf8df Update msw 2026-02-04 16:58:53 +01:00
dependabot[bot]
e4adef61a6 build(deps-dev): bump msw from 2.12.4 to 2.12.7 in /frontend 
Bumps [msw](https://github.com/mswjs/msw) from 2.12.4 to 2.12.7.
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mswjs/msw/compare/v2.12.4...v2.12.7)

---
updated-dependencies:
- dependency-name: msw
  dependency-version: 2.12.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-04 15:52:00 +00:00
Quentin Gliech
2da2f1d655 build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 (#5420) 2026-02-04 16:50:47 +01:00
Quentin Gliech
8c683a48d7 build(deps-dev): bump @graphql-codegen/cli from 6.1.0 to 6.1.1 in /frontend in the graphql-codegen group (#5429) 2026-02-04 16:50:38 +01:00
Quentin Gliech
91e47f4937 build(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#5442) 2026-02-04 16:50:29 +01:00
Quentin Gliech
2f51221a88 build(deps-dev): bump the vitest group in /frontend with 2 updates (#5428) 2026-02-04 16:50:06 +01:00
dependabot[bot]
e636902be8 build(deps-dev): bump the vitest group in /frontend with 2 updates 
Bumps the vitest group in /frontend with 2 updates: [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `@vitest/coverage-v8` from 4.0.16 to 4.0.17
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.17/packages/coverage-v8)

Updates `vitest` from 4.0.16 to 4.0.17
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.17/packages/vitest)

---
updated-dependencies:
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.0.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: vitest
- dependency-name: vitest
  dependency-version: 4.0.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: vitest
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-04 13:54:39 +00:00
dependabot[bot]
71860c2cde build(deps-dev): bump @graphql-codegen/cli 
Bumps the graphql-codegen group in /frontend with 1 update: [@graphql-codegen/cli](https://github.com/dotansimha/graphql-code-generator/tree/HEAD/packages/graphql-codegen-cli).


Updates `@graphql-codegen/cli` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/dotansimha/graphql-code-generator/releases)
- [Changelog](https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/CHANGELOG.md)
- [Commits](https://github.com/dotansimha/graphql-code-generator/commits/@graphql-codegen/cli@6.1.1/packages/graphql-codegen-cli)

---
updated-dependencies:
- dependency-name: "@graphql-codegen/cli"
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: graphql-codegen
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-04 13:54:23 +00:00
Quentin Gliech
df1d694ac9 build(deps): bump lodash from 4.17.21 to 4.17.23 in /frontend (#5445) 2026-02-04 14:35:46 +01:00
matrixbot
f8de48a086 Automatic merge back to main (#5463) 2026-02-03 23:22:52 +01:00
github-actions[bot]
9afc2dba84 1.11.0-rc.0 2026-02-03 22:15:50 +00:00
matrixbot
34cf00bb78 Translations updates for main (#5462) 2026-02-03 23:15:02 +01:00
github-actions[bot]
2a6aba3433 Translations updates 2026-02-03 18:03:02 +00:00
Devon Hudson
a096d45fa7 Update bytes version (#5461) 2026-02-03 18:02:33 +00:00
Devon Hudson
466b1c4289 Update bytes version 2026-02-03 10:23:51 -07:00
Quentin Gliech
b7a4f49b36 Add syn2mas flag to ignore missing auth providers (#5451) 2026-01-29 11:23:17 +01:00
Quentin Gliech
02c8a7a92b Bump opa-wasm and wasmtime (#5455) 2026-01-27 21:06:08 +01:00
Devon Hudson
a10d0eedf9 Merge branch 'main' into devon/wasmtime-update 2026-01-27 18:46:11 +00:00
Devon Hudson
24729a7d78 Automatic merge back to main (#5454) 2026-01-27 18:46:03 +00:00
Devon Hudson
65c0a86da9 Bump opa-wasm and wasmtime 2026-01-27 11:36:49 -07:00
github-actions[bot]
d0da1052ac 1.10.0 2026-01-27 16:15:51 +00:00
Devon Hudson
e2d443a9a2 Translations updates for v1.10 (#5453) 2026-01-27 16:10:42 +00:00
github-actions[bot]
703ec74bb1 Translations updates 2026-01-27 15:53:13 +00:00
Jason Robinson
720c77b331 Add syn2mas flag to ignore missing auth providers 
Currently `syn2mas` will always error in the Synapse checks phase if it finds auth providers in the `user_external_ids` database table, that are not configured in Synapse config. While normally this the right thing to do, we may have situations where we know what we're doing, and want to ignore invalid looking data in the external identifiers table. If the flag is given, ignore errors and output them as warnings instead.
 2026-01-26 14:57:31 +02:00
Quentin Gliech
93a72203a7 Clear out last active IP on each sessions after 30 days (#5448) 2026-01-26 13:57:01 +01:00
Quentin Gliech
270236cb4a Refactor inactive IP cleanup to use pagination 
This should avoid dead many dead tuples when processing batches of
sessions to cleanup
 2026-01-23 18:52:33 +01:00
Quentin Gliech
4806da8f2d Cleanup finished user/browser sessions (#5444) 2026-01-23 18:27:45 +01:00
Quentin Gliech
7688a8f8b7 Cleanup finished OAuth 2.0 sessions (#5443) 2026-01-23 18:23:55 +01:00
Quentin Gliech
845a448b71 Re-enable the upstream authentication sessions cleanup job (#5439) 2026-01-23 18:17:11 +01:00
Quentin Gliech
3320cf8cc2 Developer documentation about the various cleanup jobs (#5447) 2026-01-23 18:16:11 +01:00
Quentin Gliech
9afb0dd4ce Clean up leftovers in the database schema, part 2 (#5408) 2026-01-23 18:13:29 +01:00
Quentin Gliech
7abedeba83 Minor reword in the cleanup jobs documentation 
Co-authored-by: Olivier 'reivilibre' <oliverw@element.io>
 2026-01-23 17:43:13 +01:00
Quentin Gliech
82ba74d34f Clean up unsupported threepids from already deactivated users (#5407) 2026-01-23 17:42:46 +01:00
Quentin Gliech
f7db25bce2 Add cleanup jobs developer documentation 2026-01-23 16:37:52 +01:00
Quentin Gliech
256d11c5a1 Include pagination params in the tracing fields of cleanup methods 2026-01-23 16:30:26 +01:00
Quentin Gliech
b4025acc80 Add cleanup jobs for inactive session IP addresses 
This adds three new scheduled cleanup jobs that clear the last_active_ip
field from sessions that have been inactive for more than 30 days:

- CleanupInactiveOAuth2SessionIpsJob
- CleanupInactiveCompatSessionIpsJob
- CleanupInactiveUserSessionIpsJob

This helps with data minimization by not retaining IP addresses longer
 2026-01-23 16:29:29 +01:00
dependabot[bot]
2e225f29e0 build(deps): bump lodash from 4.17.21 to 4.17.23 in /frontend 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-23 09:56:39 +00:00
Quentin Gliech
85f71d2200 Add cleanup job for finished user sessions 
Implements hard deletion of user/browser sessions that have been finished for more than 30 days, but only after all child sessions are cleaned up.

User sessions can only be deleted when no child sessions exist, ensuring backchannel logout propagation continues to work correctly.
 2026-01-22 15:44:57 +01:00
Quentin Gliech
c508c7899e Fix FK constraint to preserve backchannel logout chain 
Change compat_sessions.user_session_id FK from ON DELETE SET NULL to ON DELETE NO ACTION. This prevents deletion of user_sessions while compat_sessions still reference them, which is critical for backchannel logout propagation.

When an upstream IdP sends a backchannel logout, MAS must trace through:
  upstream_oauth_authorization_sessions -> user_sessions -> compat_sessions

If user_session_id links are SET NULL, logout propagation fails.

Uses two-step migration (DROP+ADD NOT VALID, then VALIDATE) to minimize table locking during deployment.
 2026-01-22 15:44:57 +01:00
Quentin Gliech
3b0937ca8e Add cleanup job for finished OAuth2 sessions 
Implements hard deletion of OAuth2 sessions that have been finished for more than 30 days, including their associated access and refresh tokens.
 2026-01-22 15:44:56 +01:00
dependabot[bot]
26cd63c626 build(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.0.0 to 8.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v8.0.0...v8.1.0)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-22 13:54:16 +00:00
matrixbot
755268ba79 Automatic merge back to main (#5441) 2026-01-21 16:04:19 +01:00
github-actions[bot]
e125ee3009 1.10.0-rc.0 2026-01-21 14:56:30 +00:00
Quentin Gliech
dd1fdb06c4 Translations updates for main (#5440) 2026-01-21 15:55:30 +01:00
github-actions[bot]
5de8766f63 Translations updates 2026-01-21 14:45:17 +00:00
Quentin Gliech
49802c7812 Re-enable upstream OAuth session cleanup job 
It should be safe to run now
 2026-01-21 14:50:03 +01:00
Quentin Gliech
f8e87ec2c4 Use the user_session_id on upstream authorisations for filtering instead 
of authentications

This makes it one less table to read
 2026-01-21 14:49:07 +01:00
Quentin Gliech
b912fbc0c9 Add trigger and backfill for upstream OAuth user session tracking 
Introduce a new trigger and a backfill migration to populate the
`user_session_id` column in `upstream_oauth_authorization_sessions`
based on `user_session_authentications`. This ensures historical data is
consistent and aids in backward compatibility.
 2026-01-21 14:49:07 +01:00
Quentin Gliech
76b971ad45 Add index on the user_session_id foreign key for upstream auth sessions 2026-01-21 14:49:07 +01:00
Quentin Gliech
1fd3c6ff55 Do not cleanup upstream OAuth sessions that may still be useful (#5437) 2026-01-21 13:20:38 +01:00