letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
be00483fb415820c762390c664341ddec8c2d660
Commit Graph

2664 Commits

Author SHA1 Message Date
Quentin Gliech
be00483fb4 Handle deleted and invalid post-auth actions 2026-01-20 14:42:02 +01:00
Quentin Gliech
1254d9f8f0 Mark the next attempt foreign key as initially not valid 2026-01-19 15:44:22 +01:00
Quentin Gliech
1253bbd498 Implement cleanup job for queue jobs 
Add scheduled cleanup job that removes old completed and failed queue
jobs after 30 days. Jobs are kept for debugging purposes.

Includes migration to change the next_attempt_id FK constraint from NO
ACTION to SET NULL, allowing cleanup of retry chains without breaking
foreign key constraints.

One caveat is that cleanup is based on their creation time, *not* when
they got completed/failed. This means that if the job takes a long time
(as in, several days) to get scheduled, it might get cleared as soon as
it runs. This is fine for now, we may want to revisit this if we start
scheduling jobs far in the future
 2026-01-19 12:25:04 +01:00
Quentin Gliech
e7c07a8f88 Implement cleanup jobs for upstream OAuth sessions and links 
Add two cleanup jobs scheduled hourly:

1. Upstream OAuth authorization sessions - removes sessions after 30 days
2. Orphaned upstream OAuth links - removes links after 7 days where user_id IS NULL. These are links created during upstream OAuth 2.0 login but never associated with a user
 2026-01-19 12:24:13 +01:00
Quentin Gliech
f350b94918 Implement cleanup job for email authentications 
Add scheduled cleanup job that removes old user email authentications
after 7 days. Runs every hour.
 2026-01-16 17:56:16 +01:00
Quentin Gliech
e6e793f46f Implement cleanup job for user recovery sessions 
Add scheduled cleanup job that removes old user recovery sessions after
7 days. Runs hourly.

Implementation uses ULID cursor-based pagination with no additional
indexes needed. Child tickets cascade-delete automatically.
 2026-01-16 17:46:01 +01:00
Quentin Gliech
67a0d0e92e Implement cleanup job for OAuth2 device code grants 
Add cleanup job that removes device code grants older than 7 days.
Uses ULID cursor-based pagination for efficiency.

- Add cleanup method to OAuth2DeviceCodeGrantRepository
- Add CleanupOAuthDeviceCodeGrantsJob task
- Register handler and schedule to run hourly
 2026-01-16 17:40:11 +01:00
Quentin Gliech
fc07a32a8c Implement cleanup job for OAuth2 authorization grants 
Add cleanup job that removes authorization grants older than 7 days.
Uses ULID cursor-based pagination for efficiency.

- Add cleanup method to OAuth2AuthorizationGrantRepository trait
- Add CleanupOAuthAuthorizationGrantsJob task
- Register handler and schedule to run hourly
 2026-01-16 17:39:38 +01:00
Quentin Gliech
90a46e2a35 Allow hourly cleanup jobs to run for longer 2026-01-16 11:25:28 +01:00
Quentin Gliech
87f4ec3e80 Cleanup finished compat sessions after 30 days 2026-01-15 12:29:43 +01:00
Quentin Gliech
e8f1ca4038 Adjust the retention period for user registrations to 30 days 2026-01-14 17:51:55 +01:00
Quentin Gliech
3fa53d285e Cleanup old user registrations from the database 2026-01-14 14:01:10 +01:00
Quentin Gliech
d4d4cd7cd1 Remove imported unsupported threepids when deactivating a user (#5406) 2026-01-13 17:30:20 +01:00
Quentin Gliech
186a887125 Hard delete expired, revoked and consumed OAuth 2.0 tokens after some time (#5409) 2026-01-13 17:23:16 +01:00
Quentin Gliech
291accc37d Fix typo in comment 
Co-authored-by: Olivier 'reivilibre' <oliverw@element.io>
 2026-01-13 17:22:48 +01:00
Quentin Gliech
5bfdb4514f Clean up leftovers in the database schema, part 1 (#5405) 2026-01-13 17:22:32 +01:00
Olivier 'reivilibre
74f4e13c61 Support for stable MSC4191 account management actions (#5312) 2026-01-12 12:14:16 +00:00
Olivier 'reivilibre
bb6b5cee93 Support for stable MSC3824 (OAuth 2.0 API aware clients) values (#5321) 2026-01-12 12:08:23 +00:00
Quentin Gliech
5827883979 Apply suggestions from code review 2026-01-12 11:58:19 +01:00
Quentin Gliech
6915878bc6 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-12 11:57:42 +01:00
Quentin Gliech
f98957617e Cleanup consumed refresh tokens 2026-01-12 11:18:18 +01:00
Quentin Gliech
ab25c23829 Replace the FK constraint on the refresh token chain to nullify the 
field on deletion

This will make garbage collecting refresh tokens easier
 2026-01-12 09:36:52 +01:00
Quentin Gliech
3e521a105d Cleanup revoked refresh tokens 2026-01-09 18:37:09 +01:00
Quentin Gliech
7aad841e04 Handle garbage-collected access tokens in the refresh token logic 
We check if the access token was used when a double-refresh happened,
but can't do that reliably as we started garbage-collecting expired
access tokens
 2026-01-09 18:09:05 +01:00
Quentin Gliech
991c60255e Setup recurring jobs schedules when running in tests 2026-01-09 18:07:44 +01:00
Quentin Gliech
04cbafbc5f Cleanup expired OAuth 2.0 access tokens 2026-01-09 13:38:50 +01:00
Quentin Gliech
73e838ff08 Rename the cleanup revoked access tokens job 
"cleanup-expired-tokens" was not accurate, and since the plan is to have
different jobs for the different kind of tokens, we renamed this job to
use a more accurate description
 2026-01-09 13:36:46 +01:00
Quentin Gliech
ad1910c22e Introduce a way to clear jobs from a deprecated queue 2026-01-09 12:08:20 +01:00
Quentin Gliech
bf2ad55b5c Speed up access token cleanup with an index 2026-01-08 19:03:09 +01:00
Quentin Gliech
fa742bc992 Clean up revoked access tokens in batches 2026-01-08 19:03:09 +01:00
Quentin Gliech
1ac6f9c5ee Allow jobs to declare a timeout and cancel them 2026-01-08 19:03:09 +01:00
Quentin Gliech
8c9add00f4 Remove imported unsupported threepids when deactivating a user 2026-01-08 15:33:50 +01:00
Quentin Gliech
215ad75ab2 Cleanup id_token_claims trigger 2026-01-08 15:17:37 +01:00
Quentin Gliech
bc1ca15833 Remove leftovers from OAuth 2.0 consent tracking cleanup 2026-01-08 15:17:37 +01:00
Quentin Gliech
5cdf938129 Remove leftovers from the old email verification system 2026-01-08 15:17:37 +01:00
Quentin Gliech
5067e420c6 Remove leftover in the scheam from apalis 2026-01-08 15:17:25 +01:00
Quentin Gliech
2519f4f229 Don't include integrity attributes on fetch and image preloads 2026-01-05 15:09:41 +01:00
Quentin Gliech
889545fed4 Simplify compat login SSO redirect URI building 2026-01-05 14:44:03 +01:00
Quentin Gliech
6ab4c189be Add more context to serialization errors 2026-01-05 13:49:11 +01:00
Quentin Gliech
f587c17bcd Fix the 'invalid type' error during compat SSO login with urlencoded parameters 
Fixes #5384
 2026-01-05 13:41:44 +01:00
Hugh Nimmo-Smith
28b0f77543 Support for stable MSC3824 names 2025-12-19 18:13:01 +00:00
Quentin Gliech
c360144bfe Handle pre-compressed assets better (#5370) 2025-12-18 17:00:30 +01:00
Quentin Gliech
926721c279 Only serve pre-compressed gzip and brotli files 2025-12-18 14:39:58 +01:00
Quentin Gliech
cfa775c06b Pre-load locale data in the React app 2025-12-17 15:53:37 +01:00
Quentin Gliech
579304e53a Deduplicate included assets 2025-12-17 15:53:00 +01:00
Quentin Gliech
e6810efdab Expose process metrics on Linux (#5342) 2025-12-16 13:31:42 +01:00
Quentin Gliech
4ee344012f Remove rustls-pemfile dependency (#5339) 2025-12-16 13:27:30 +01:00
Quentin Gliech
cc67f515a6 Merge remote-tracking branch 'origin/main' into quenting/process-metrics 2025-12-16 13:23:10 +01:00
Quentin Gliech
74899939bf Switch to opentelemetry-instrumentation-tokio crate for Tokio instrumentation 2025-12-15 12:17:31 +01:00
Quentin Gliech
30c4e12d12 Merge branch 'main' into rei/reapply_5297 2025-12-10 22:09:56 +01:00