letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
cf9f0a47aba8eb9e397cf38302f2d2b48049a8e4
Commit Graph

262 Commits

Author SHA1 Message Date
Quentin Gliech
7b9b44c644 Allow setting custom names on sessions (#4459) 2025-04-30 15:32:25 +02:00
Quentin Gliech
aba9ca38e6 Insert client_name when upserting statically registered clients (#4417) 2025-04-30 11:50:49 +02:00
Quentin Gliech
0396de202a Avoid deadlocks when updating the last activity of sessions 2025-04-28 09:56:30 +02:00
Quentin Gliech
3b9d580b17 storage: methods to set the sessions human name 2025-04-25 16:55:30 +02:00
Quentin Gliech
7ec87b1855 storage: add a user-provided human name to OAuth 2.0 sessions 2025-04-25 16:55:29 +02:00
Quentin Gliech
234de8b737 Save the locale detected when starting an authorization grant 2025-04-25 12:55:22 +02:00
Quentin Gliech
bcd83ef649 storage: allow setting the human_name when creating compat sessions 2025-04-25 12:55:10 +02:00
Quentin Gliech
f457bd8d35 Don't parse the user agent unless we need to 2025-04-24 13:13:26 +02:00
Adis Veletanlic
7890862500 Add client_name to static registrations function and generate new query data 2025-04-16 11:44:58 +02:00
Quentin Gliech
133a773b2c Create missing indexes for all the foreign keys in the database. (#4385) 2025-04-14 16:03:28 +02:00
Quentin Gliech
c4f4f09336 Lookup usernames case insensitively (#4378) 2025-04-14 15:51:59 +02:00
Quentin Gliech
a47dba1b1d Always ask for consent, never for reauth (#4386) 2025-04-14 15:51:48 +02:00
Quentin Gliech
3eb9822791 Handle the case where there are multiple users with the same username, but with a different casing. 2025-04-11 15:38:28 +02:00
Quentin Gliech
73a4007c18 Always ask for consent, never for reauth 
Now that we have deduplicated clients, we're in this weird situation
where authorization grants just… go through.

This is because 4 years ago, I designed it to support prompt=consent and
prompt=none, but that never ended up being used/mentioned in the MSCs.

We also had support for max_age, but that required reauthing, which
doesn't work well with upstream providers.

So this removes support for prompt=consent|none and max_age, and makes
sure we always go through the consent page.

Lots of code deleted, yay!
 2025-04-10 19:57:45 +02:00
Quentin Gliech
b80a52e390 Also lowercase the username when checking if it exists. 2025-04-10 18:45:13 +02:00
Quentin Gliech
7f0dcaa73f Lookup usernames case insensitively 2025-04-10 18:36:43 +02:00
Quentin Gliech
237a7a3ee7 Create missing indexes for all the foreign keys in the database. 2025-04-10 18:32:40 +02:00
mcalinghee
2fe4752aa4 add login by email + feature flag 2025-04-10 17:57:58 +02:00
Quentin Gliech
e064c381b6 Admin API for adding and removing upstream oauth links (#4255) 2025-04-09 13:33:16 +02:00
Tonkku
8f19164e09 Separate spans 2025-04-08 16:54:35 +00:00
Quentin Gliech
2c6e2b42a1 compat login: support using client-provided device ID (#4342) 2025-04-07 08:52:29 +02:00
Quentin Gliech
3d08db08d4 Properly record the queries in two spans 2025-04-07 08:21:36 +02:00
Quentin Gliech
a86696e0a8 Fix Clippy lints introduced by Rust 1.86 2025-04-06 16:18:27 +02:00
Olivier 'reivilibre
74276140c6 UNFINISHED: finish active sessions when replacing a device 2025-04-04 17:52:08 +01:00
Olivier 'reivilibre
1e2af0fd3a compat login (sso): support using client-provided device_id 2025-04-04 16:25:01 +01:00
Quentin Gliech
8fbd75eb7e Deduplicate client registrations by hashing the metadata 2025-03-25 15:00:23 +01:00
MTRNord
1ab402c7bf Link removal storage API 
From #3245 with changes from review
 2025-03-17 18:31:11 +02:00
dependabot[bot]
24534c7df5 build(deps): bump uuid from 1.15.1 to 1.16.0 
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.15.1 to 1.16.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.15.1...v1.16.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 12:55:37 +00:00
Quentin Gliech
fd41b719ba Merge branch 'main' into quenting/dynamic-policy-data 2025-03-14 10:16:16 +01:00
Quentin Gliech
13d1d29a77 Add a comment on the migration stating that we keep an history of the policy data 2025-03-13 13:27:32 +01:00
Quentin Gliech
a8332937ba Fix missing 'ui_order' field in tests 2025-03-12 11:32:06 +01:00
Quentin Gliech
cc98fd7a53 Order the OAuth providers in the UI by their order in the config file 2025-03-12 11:12:55 +01:00
Quentin Gliech
14f938bf93 Repository method to deactivate a user. 2025-03-11 17:35:13 +01:00
Quentin Gliech
9c35f18d79 Add a deactivated_at flag on users 2025-03-11 17:35:13 +01:00
Quentin Gliech
fce20ee80d Allow removing email addresses in bulk 2025-03-11 17:35:12 +01:00
Quentin Gliech
d80e1e4090 Stop writing to the old email confirmation-related tables 
This will allow to drop those old tables and fields in the next release
 2025-03-11 17:35:12 +01:00
dependabot[bot]
895678f968 build(deps): bump uuid from 1.14.0 to 1.15.1 
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.14.0 to 1.15.1.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.14.0...v1.15.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-07 14:05:02 +00:00
Quentin Gliech
44b6777f1b Merge remote-tracking branch 'origin/main' into quenting/compat-device-id 2025-03-04 13:33:09 +01:00
Quentin Gliech
098517edd0 storage: store dynamic policy data in the database 2025-02-25 12:26:22 +01:00
Quentin Gliech
10d7338934 Bump most Rust dependencies 2025-02-24 12:12:07 +01:00
Quentin Gliech
56d9c7e63b Upgrade to Rust 1.85 and edition 2024 2025-02-21 16:15:02 +01:00
dependabot[bot]
686b05b04f build(deps): bump uuid from 1.13.2 to 1.14.0 
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.13.2 to 1.14.0.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/v1.13.2...v1.14.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-21 13:53:19 +00:00
Quentin Gliech
a3f22ae5f6 Allow compat session devices to have spaces 2025-02-19 17:55:18 +01:00
dependabot[bot]
e2f7c513be build(deps): bump uuid from 1.13.1 to 1.13.2 
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.13.1 to 1.13.2.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.13.1...v1.13.2)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-19 16:53:29 +00:00
Quentin Gliech
9fea06693b Allow filtering sessions by client kind (dynamic or static) 2025-02-12 17:31:21 +01:00
Quentin Gliech
70936ba0f7 Allow filtering OAuth sessions with any/no user 2025-02-12 13:00:22 +01:00
Quentin Gliech
903b48792a storage: allow filtering upstream OAuth links by subject 2025-02-12 11:01:53 +01:00
dependabot[bot]
8b229eddaf build(deps): bump uuid from 1.12.1 to 1.13.1 
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.12.1 to 1.13.1.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.12.1...1.13.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-05 13:31:06 +00:00
Olivier 'reivilibre
ac58b4f326 Support reading and writing guests 2025-02-05 11:41:52 +01:00
Olivier 'reivilibre
3034819b7d Introduce optional human_name column on compat_sessions 2025-02-05 11:36:51 +01:00