letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
cab63f521df4bcb50bcecc7a947cd24527714ad3
Commit Graph

2538 Commits

Author SHA1 Message Date
Kai A. Hiller
611c9e7731 Allow keys and keys_dir simultaneously 2025-11-18 19:27:21 +01:00
Kai A. Hiller
770016ebf7 Merge branch 'main' into keys_dir 2025-11-18 18:12:14 +01:00
Quentin Gliech
aec28a2f42 Add upstream_oauth2.providers.[].client_secret_file config option (#4882) 2025-11-18 11:29:21 +01:00
matrixbot
a6a1a67dbf Automatic merge back to main (#5235) 2025-11-11 12:07:40 +01:00
networkException
23322cfc28 Add upstream_oauth2.providers.[].client_secret_file config option 
This patch factors out the previously introduced config
wrapper for client secrets to also use it for upstream oauth
providers.

See dd040220db
 2025-11-08 16:10:19 +01:00
Quentin Gliech
2eaba46e1b Don't extract the parent context if the span is disabled 2025-11-07 13:37:26 +01:00
Quentin Gliech
c7b00ebe03 Fix spurious "Failed to set parent context on span" error 
This would happen when the `info` log level is surpressed, and therefore
the request span would not be enabled and fail to set the parent OTEL
context.
 2025-11-07 11:34:42 +01:00
Quentin Gliech
7d2f85c891 Remove the nullable transform from the policies schemas 2025-11-07 11:11:41 +01:00
Quentin Gliech
d0a5a1406b Remove the nullable transformation for the config schema. 2025-11-07 11:08:59 +01:00
Quentin Gliech
889ead8eaa Merge branch 'main' into quenting/schemars-0.9 2025-11-07 10:59:56 +01:00
Quentin Gliech
7901657b72 Remove the nullable transform 2025-11-07 10:53:46 +01:00
Quentin Gliech
56911f25c1 Merge remote-tracking branch 'origin/main' into quenting/schemars-0.9 2025-11-06 17:34:43 +01:00
Olivier 'reivilibre
f8ff41cb43 Fix another broken link in the rustdocs 2025-11-06 10:11:22 +00:00
Olivier 'reivilibre
49512d106f Fix broken link in rustdoc 2025-11-06 09:20:20 +00:00
Olivier 'reivilibre
c69bae3311 Merge branch 'main' into rei/templatecheck_todisk 2025-10-30 13:52:33 +00:00
Olivier 'reivilibre
12b7524232 Fix comment and change delimiter to = 2025-10-30 13:51:33 +00:00
Olivier 'reivilibre
c60de0d7a8 Change the format of SampleIdentifiers and don't make a subdir per locale 2025-10-30 12:06:09 +00:00
Olivier 'reivilibre
00e051e67a Downgrade to SemiStrict in production 2025-10-28 17:20:49 +00:00
Olivier 'reivilibre
1803f2b0ac For branding: use none instead of undefined 2025-10-28 15:51:34 +00:00
Olivier 'reivilibre
97f4caf904 Introduce SampleIdentifiers to stably track samples 
and use these in output filenames
 2025-10-24 17:14:00 +01:00
Olivier 'reivilibre
0013101623 cli: templates check: allow rendering to --out-dir 2025-10-24 15:43:19 +01:00
Olivier 'reivilibre
cabc005ad4 template macro: generate function for all checks 2025-10-24 15:03:22 +01:00
Olivier 'reivilibre
3bc4cbcc02 template macro: return rendered samples 2025-10-24 14:47:02 +01:00
Olivier 'reivilibre
7356047f27 templates: Be strict about undefined variables 
We shouldn't have any reason to use undefined variables in MAS, so
silently printing as empty strings (etc) seems undesirable.

This will also be helpful for operators with custom templates, since
then they will notice their templates being broken.
 2025-10-24 14:27:35 +01:00
Olivier 'reivilibre
25fa81e431 fix up test that relied on it being broken 2025-10-23 16:02:19 +01:00
Olivier 'reivilibre
07f77778af Fix UNIQUE constraint on active personal access tokens per session 2025-10-23 15:01:39 +01:00
reivilibre
37a84d4d56 Revoke personal sessions when users are deactivated (#5181) 
Revoke both personal sessions that are owned by, and acting as, the deactivated user.

Owned by because: it doesn't make sense for a deactivated user to be able to control themselves or other users, so them having active personal sessions is just confusing.

Acting as because: current precedent is that deactivated users are not controllable, even by admins.
To uphold this, the admin API is also fixed to stop allowing the creation of personal sessions for deactivated users.
 2025-10-22 14:53:56 +01:00
Olivier 'reivilibre
ce943150bc Merge branch 'main' into rei/pat_devicesync 2025-10-22 14:27:40 +01:00
Olivier 'reivilibre
676c594dc4 Remove stale comment 2025-10-22 14:23:18 +01:00
Olivier 'reivilibre
7e70afa6ab Add comments for the filters 2025-10-22 14:22:10 +01:00
Olivier 'reivilibre
0ec91f5f4f Use is_valid_actor 2025-10-22 14:20:55 +01:00
Olivier 'reivilibre
7c53e0a3fe Merge branch 'main' into rei/pat_revoke_on_deactivate 2025-10-22 14:18:17 +01:00
Olivier 'reivilibre
670d9591c3 When adding personal session, upsert devices synchronously 2025-10-22 14:03:21 +01:00
Olivier 'reivilibre
bf51648607 Restructure user validity check 2025-10-22 13:29:53 +01:00
Olivier 'reivilibre
3aff0f8894 remove redundant #[source] 2025-10-22 13:29:45 +01:00
Olivier 'reivilibre
a5ea99fc4c Relax the validity check of the token actor 2025-10-22 13:15:12 +01:00
Olivier 'reivilibre
8470dc43ac Check validity of token owner 2025-10-22 13:04:39 +01:00
Olivier 'reivilibre
ee25c53978 Pass through the TokenFormatError 2025-10-22 12:59:49 +01:00
Olivier 'reivilibre
cfd8545b70 When adding or revoking personal sessions, schedule needed device syncs 2025-10-22 11:50:27 +01:00
Olivier 'reivilibre
e8ba1681a2 Accept PATs on the Admin API 2025-10-22 11:37:04 +01:00
Olivier 'reivilibre
09bb647e68 Rename record_personal_session function 2025-10-22 11:37:04 +01:00
Olivier 'reivilibre
29c3da5d0e Don't allow creating personal sessions for deactivated users 2025-10-22 11:31:17 +01:00
Olivier 'reivilibre
c94e4ea27b Revoke personal sessions on user deactivation 2025-10-22 11:27:10 +01:00
Olivier 'reivilibre
120c8f7d23 Add revoke_bulk for personal sessions storage 2025-10-22 11:27:10 +01:00
reivilibre
c82f454365 Personal Sessions: add create, list, get, revoke, regenerate Admin APIs (#5141) 
Introduces some admin API endpoints for Personal Sessions.

- add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
- get: Shows the information about a personal session
- list: Shows many personal sessions
- revoke: Revokes a personal session, so it can't be used anymore
- regenerate: Revoke the active personal access token for a session and issue a new one to replace it.
 2025-10-22 11:20:02 +01:00
Olivier 'reivilibre
86193de2f3 fixup! Add expires filter to personal sessions list 2025-10-21 11:30:11 +01:00
Olivier 'reivilibre
56da4ddd91 use axum_extract's version of Query everywhere 2025-10-21 11:30:11 +01:00
Olivier 'reivilibre
4a6c2b0484 fixup! Make expires_in u32 and (on regenerate) not default to the same as last time 2025-10-21 11:21:00 +01:00
Olivier 'reivilibre
9c88510540 Add scope filter to personal sessions list 2025-10-21 11:03:04 +01:00
Olivier 'reivilibre
fce2780d07 Use Option<Ulid> in schemars 2025-10-21 10:16:36 +01:00