letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
bf2ad55b5ce8229fc62b5f8709eae91ba57366d3
Commit Graph

338 Commits

Author SHA1 Message Date
Quentin Gliech
bf2ad55b5c Speed up access token cleanup with an index 2026-01-08 19:03:09 +01:00
Quentin Gliech
fa742bc992 Clean up revoked access tokens in batches 2026-01-08 19:03:09 +01:00
Quentin Gliech
30c4e12d12 Merge branch 'main' into rei/reapply_5297 2025-12-10 22:09:56 +01:00
Quentin Gliech
cca2015920 Fix typos 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-04 16:32:13 +01:00
Quentin Gliech
b99722f42a Better error message when checksum in database is invalid 2025-12-04 15:14:14 +01:00
Quentin Gliech
368cd4541d Don't error out if a migration is missing 
This allows us to roll back to older versions of MAS.
 2025-12-04 15:13:42 +01:00
Quentin Gliech
eb2284ba7c Better lock and handle missing and modified migrations 
This rewrites the database migration code to:

 - avoid deadlocks when running multiple migration processes at the same
   time with a `CREATE INDEX CONCURRENTLY` statement
 - allow us to remove some migrations from the code base and mark them as
   intentionally removed
 - allow us to modify some migrations and declare alternate checksums
   for previous versions of the migration
 2025-12-04 14:44:16 +01:00
Olivier 'reivilibre
eeb0692b8e Add experimental and preliminary policy-driven session limiting when logging in compatibility sessions. (#5287) 2025-12-02 15:50:04 +00:00
Olivier 'reivilibre
1dd51c77f4 Reapply "Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks (#5297)" (#5299) 
This reverts commit 2c3054bb24, reversing
changes made to 396950806c.
 2025-12-01 12:45:19 +00:00
Olivier 'reivilibre
21e45ce972 Revert "Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks (#5297)" 
This reverts commit 396950806c, reversing
changes made to ef563f33c6.
 2025-12-01 12:14:31 +00:00
Ben Banfield-Zanin
e065f830e9 Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks 2025-11-28 15:18:53 +00:00
Quentin Gliech
7b653ce04e Fix test name 2025-11-27 16:05:13 +01:00
Quentin Gliech
bd3173baa1 Create the new index CONCURRENTLY 2025-11-27 16:04:23 +01:00
Olivier 'reivilibre
3b04fd5621 Make finish_sessions_to_replace_device return whether any were finished 2025-11-25 18:41:14 +00:00
Quentin Gliech
c9b89c2f8d Store upstream OAuth sessions on user registrations 
This will allow us creating user registrations from upstream OAuth auth
sessions
 2025-11-21 19:31:37 +01:00
Quentin Gliech
ad9f04c8ba Allow completing user email authentications using an upstream session 
This will let us push emails in user registrations using an upstream
session
 2025-11-21 19:28:26 +01:00
Olivier 'reivilibre
25fa81e431 fix up test that relied on it being broken 2025-10-23 16:02:19 +01:00
Olivier 'reivilibre
07f77778af Fix UNIQUE constraint on active personal access tokens per session 2025-10-23 15:01:39 +01:00
Olivier 'reivilibre
7e70afa6ab Add comments for the filters 2025-10-22 14:22:10 +01:00
Olivier 'reivilibre
120c8f7d23 Add revoke_bulk for personal sessions storage 2025-10-22 11:27:10 +01:00
reivilibre
c82f454365 Personal Sessions: add create, list, get, revoke, regenerate Admin APIs (#5141) 
Introduces some admin API endpoints for Personal Sessions.

- add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
- get: Shows the information about a personal session
- list: Shows many personal sessions
- revoke: Revokes a personal session, so it can't be used anymore
- regenerate: Revoke the active personal access token for a session and issue a new one to replace it.
 2025-10-22 11:20:02 +01:00
Olivier 'reivilibre
a8adab1301 Add expires filter to personal sessions list 2025-10-21 10:10:14 +01:00
Olivier 'reivilibre
2bf837257c find_active_by_session: take &PersonalSession 2025-10-21 09:43:46 +01:00
Olivier 'reivilibre
c5fe099d50 Implement activity tracking for personal sessions 2025-10-20 17:23:31 +01:00
Olivier 'reivilibre
411a66fa72 Delete owned PATs & personal sessions when pruning OAuth2 clients 2025-10-20 14:33:30 +01:00
Olivier 'reivilibre
12124663c1 When revoking a personal session, also revoke its PAT 2025-10-20 14:33:30 +01:00
Olivier 'reivilibre
0346425129 storage: include PATs alongside personal sessions 2025-10-20 14:33:30 +01:00
Olivier 'reivilibre
46045d44bc storage: introduce find_active_for_session for PATs 2025-10-20 13:06:41 +01:00
Olivier 'reivilibre
1a9b4b4d93 Take access_token by ref in add 2025-10-09 13:00:19 +01:00
Olivier 'reivilibre
b9e1cdb554 Support OAuth2 clients as owners of personal sessions 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
e4dee42cb3 Enable session filter tests 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
2a86a446b2 Add filters for personal sessions 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
e1b228c48b Add storage tests (with TODOs for unsupported functionality) 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
8ca8d878e7 Add personal access token and session storage 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
4920bab254 Add tables for personal access tokens 2025-10-07 13:12:54 +01:00
Quentin Gliech
8962f355ff storage: make the edges in pages include cursors 2025-09-29 14:46:28 +02:00
Quentin Gliech
cb8c408489 Admin API filter to search users by username 2025-09-15 14:12:31 +02:00
Quentin Gliech
b7015c0b3d Allow filtering guest/non-guest users 2025-09-15 12:51:06 +02:00
Quentin Gliech
a2172a02ba Surface the user guest flag in the admin API 2025-09-15 12:51:00 +02:00
Quentin Gliech
7253ca69b0 Merge remote-tracking branch 'origin/main' into feat/login_hint_with_email 2025-08-18 16:43:00 +02:00
Quentin Gliech
8dd096ce60 Fix a few more clippy lints 2025-08-18 10:45:20 +02:00
Quentin Gliech
eded025ff4 Fix a few clippy lints, mostly in doc comments 2025-08-18 10:34:28 +02:00
mcalinghee
8bad68cc34 Merge branch 'main' into feat/login_hint_with_email 2025-08-05 17:02:14 +02:00
Quentin Gliech
4d83fcb25e Merge remote-tracking branch 'origin/main' into quenting/stable-api 2025-08-04 16:38:49 +02:00
mcalinghee
062f5aced7 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model 2025-07-31 11:17:33 +02:00
Quentin Gliech
b8d23be313 Fix many clippy warnings 
This is because the tracing-attributes update made clippy look at those
again. I've removed the `too_many_lines` lint, as it's not really useful
and we ignore it most of the time anyway.
 2025-07-30 14:49:38 +02:00
Andrew Ferrazzutti
49540693ab Decouple (un)locking from (re/de)activation 
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
415e3a2555 Separate active state from lock state in admin API 
- Allow the admin API to deactivate a user without locking it, and to
  unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
  option is used only by the admin API which doesn't use a job.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
44ffec5111 Add admin API endpoint to reactivate user 2025-07-16 14:17:01 -04:00
matrixbot
38f5b8dac8 Automatic merge back to main (#4781) 2025-07-10 17:28:11 +02:00