letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
6,580 Commits 2 Branches 1 Tag
e7c1f126bef94cb907b01eba72c8db9bf5832905
Commit Graph

6580 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Quentin Gliech
e7c1f126be Fix foreign key constraint when cleaning up upstream OAuth 2.0 links 
https://sentry.tools.element.io/organizations/element/issues/11222736/
 2026-01-20 14:29:27 +01:00
Quentin Gliech
ab90e89685 Cleanup old completed jobs from the database (#5427) 2026-01-19 16:57:09 +01:00
Quentin Gliech
1254d9f8f0 Mark the next attempt foreign key as initially not valid 2026-01-19 15:44:22 +01:00
Quentin Gliech
9268d5199e Cleanup old upstream OAuth sessions and unlinked links (#5426) 2026-01-19 15:14:12 +01:00
Quentin Gliech
50e734a866 Cleanup old email authentications & account recoveries (#5425) 2026-01-19 15:12:02 +01:00
Quentin Gliech
3b61660d18 Cleanup old OAuth grants (#5424) 2026-01-19 15:11:48 +01:00
Quentin Gliech
1253bbd498 Implement cleanup job for queue jobs 
Add scheduled cleanup job that removes old completed and failed queue
jobs after 30 days. Jobs are kept for debugging purposes.

Includes migration to change the next_attempt_id FK constraint from NO
ACTION to SET NULL, allowing cleanup of retry chains without breaking
foreign key constraints.

One caveat is that cleanup is based on their creation time, *not* when
they got completed/failed. This means that if the job takes a long time
(as in, several days) to get scheduled, it might get cleared as soon as
it runs. This is fine for now, we may want to revisit this if we start
scheduling jobs far in the future
 2026-01-19 12:25:04 +01:00
Quentin Gliech
e7c07a8f88 Implement cleanup jobs for upstream OAuth sessions and links 
Add two cleanup jobs scheduled hourly:

1. Upstream OAuth authorization sessions - removes sessions after 30 days
2. Orphaned upstream OAuth links - removes links after 7 days where user_id IS NULL. These are links created during upstream OAuth 2.0 login but never associated with a user
 2026-01-19 12:24:13 +01:00
Quentin Gliech
6df3496767 build(deps-dev): bump knip from 5.75.1 to 5.80.0 in /frontend (#5403) 2026-01-17 11:11:29 +01:00
Quentin Gliech
d735a3db32 build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.14 to 2.0.15 (#5404) 2026-01-17 11:05:29 +01:00
dependabot[bot]
e6b9311db2 build(deps-dev): bump knip from 5.75.1 to 5.80.0 in /frontend 
Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 5.75.1 to 5.80.0.
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@5.80.0/packages/knip)

---
updated-dependencies:
- dependency-name: knip
  dependency-version: 5.80.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-17 10:04:47 +00:00
Quentin Gliech
59b9852fa9 build(deps): bump the tanstack-router group in /frontend with 3 updates (#5402) 2026-01-17 11:04:07 +01:00
Quentin Gliech
778246c5bd build(deps): bump the i18next group across 1 directory with 3 updates (#5412) 2026-01-17 11:03:26 +01:00
Quentin Gliech
f350b94918 Implement cleanup job for email authentications 
Add scheduled cleanup job that removes old user email authentications
after 7 days. Runs every hour.
 2026-01-16 17:56:16 +01:00
Quentin Gliech
e6e793f46f Implement cleanup job for user recovery sessions 
Add scheduled cleanup job that removes old user recovery sessions after
7 days. Runs hourly.

Implementation uses ULID cursor-based pagination with no additional
indexes needed. Child tickets cascade-delete automatically.
 2026-01-16 17:46:01 +01:00
Quentin Gliech
67a0d0e92e Implement cleanup job for OAuth2 device code grants 
Add cleanup job that removes device code grants older than 7 days.
Uses ULID cursor-based pagination for efficiency.

- Add cleanup method to OAuth2DeviceCodeGrantRepository
- Add CleanupOAuthDeviceCodeGrantsJob task
- Register handler and schedule to run hourly
 2026-01-16 17:40:11 +01:00
Quentin Gliech
fc07a32a8c Implement cleanup job for OAuth2 authorization grants 
Add cleanup job that removes authorization grants older than 7 days.
Uses ULID cursor-based pagination for efficiency.

- Add cleanup method to OAuth2AuthorizationGrantRepository trait
- Add CleanupOAuthAuthorizationGrantsJob task
- Register handler and schedule to run hourly
 2026-01-16 17:39:38 +01:00
dependabot[bot]
d47aac714e build(deps): bump the tanstack-router group in /frontend with 3 updates 
Bumps the tanstack-router group in /frontend with 3 updates: [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router), [@tanstack/react-router-devtools](https://github.com/TanStack/router/tree/HEAD/packages/react-router-devtools) and [@tanstack/router-plugin](https://github.com/TanStack/router/tree/HEAD/packages/router-plugin).


Updates `@tanstack/react-router` from 1.145.7 to 1.145.11
- [Release notes](https://github.com/TanStack/router/releases)
- [Commits](https://github.com/TanStack/router/commits/v1.145.11/packages/react-router)

Updates `@tanstack/react-router-devtools` from 1.145.7 to 1.145.11
- [Release notes](https://github.com/TanStack/router/releases)
- [Commits](https://github.com/TanStack/router/commits/v1.145.11/packages/react-router-devtools)

Updates `@tanstack/router-plugin` from 1.145.10 to 1.145.11
- [Release notes](https://github.com/TanStack/router/releases)
- [Commits](https://github.com/TanStack/router/commits/v1.145.11/packages/router-plugin)

---
updated-dependencies:
- dependency-name: "@tanstack/react-router"
  dependency-version: 1.145.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tanstack-router
- dependency-name: "@tanstack/react-router-devtools"
  dependency-version: 1.145.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: tanstack-router
- dependency-name: "@tanstack/router-plugin"
  dependency-version: 1.145.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: tanstack-router
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 13:54:42 +00:00
dependabot[bot]
d64f3d783d build(deps): bump the i18next group across 1 directory with 3 updates 
Bumps the i18next group with 3 updates in the /frontend directory: [i18next](https://github.com/i18next/i18next), [react-i18next](https://github.com/i18next/react-i18next) and [i18next-cli](https://github.com/i18next/i18next-cli).


Updates `i18next` from 25.7.3 to 25.7.4
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.7.3...v25.7.4)

Updates `react-i18next` from 16.5.1 to 16.5.2
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v16.5.1...v16.5.2)

Updates `i18next-cli` from 1.34.1 to 1.35.0
- [Changelog](https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next-cli/compare/v1.34.1...v1.35.0)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: i18next
- dependency-name: react-i18next
  dependency-version: 16.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: i18next
- dependency-name: i18next-cli
  dependency-version: 1.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: i18next
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 13:54:38 +00:00
Quentin Gliech
1b7fe64165 Allow hourly cleanup jobs to run for longer (#5422) 2026-01-16 11:46:33 +01:00
Quentin Gliech
90a46e2a35 Allow hourly cleanup jobs to run for longer 2026-01-16 11:25:28 +01:00
Quentin Gliech
6246c36308 Cleanup finished compat sessions after 30 days (#5419) 2026-01-15 17:39:15 +01:00
Quentin Gliech
87f4ec3e80 Cleanup finished compat sessions after 30 days 2026-01-15 12:29:43 +01:00
Quentin Gliech
cf4613618e Adjust the retention period for user registrations to 30 days (#5417) 2026-01-15 11:54:41 +01:00
Quentin Gliech
e8f1ca4038 Adjust the retention period for user registrations to 30 days 2026-01-14 17:51:55 +01:00
Quentin Gliech
4c72c933b4 Cleanup old user registrations from the database (#5415) 2026-01-14 15:25:39 +01:00
Quentin Gliech
1725da721c Add "Getting started" section with ESS reference to README (#5416) 2026-01-14 14:46:38 +01:00
Quentin Gliech
169e57f789 Keep the copyright info consistent with the rest 2026-01-14 14:36:06 +01:00
Patrick Maier
191aba954c Add "Getting started" section with ESS reference to README 2026-01-14 14:33:54 +01:00
Quentin Gliech
3fa53d285e Cleanup old user registrations from the database 2026-01-14 14:01:10 +01:00
Quentin Gliech
d4d4cd7cd1 Remove imported unsupported threepids when deactivating a user (#5406) 2026-01-13 17:30:20 +01:00
matrixbot
ce0de46762 Automatic merge back to main (#5414) 2026-01-13 17:26:52 +01:00
Quentin Gliech
186a887125 Hard delete expired, revoked and consumed OAuth 2.0 tokens after some time (#5409) 2026-01-13 17:23:16 +01:00
Quentin Gliech
291accc37d Fix typo in comment 
Co-authored-by: Olivier 'reivilibre' <oliverw@element.io>
 2026-01-13 17:22:48 +01:00
Quentin Gliech
5bfdb4514f Clean up leftovers in the database schema, part 1 (#5405) 2026-01-13 17:22:32 +01:00
github-actions[bot]
6a790809e3 1.9.0 2026-01-13 16:19:28 +00:00
matrixbot
144e50a18f Translations updates for v1.9 (#5413) 2026-01-13 17:17:52 +01:00
github-actions[bot]
6cc073cbb8 Translations updates 2026-01-13 16:04:29 +00:00
Olivier 'reivilibre
74f4e13c61 Support for stable MSC4191 account management actions (#5312) 2026-01-12 12:14:16 +00:00
Olivier 'reivilibre
bb6b5cee93 Support for stable MSC3824 (OAuth 2.0 API aware clients) values (#5321) 2026-01-12 12:08:23 +00:00
Quentin Gliech
5827883979 Apply suggestions from code review 2026-01-12 11:58:19 +01:00
Quentin Gliech
6915878bc6 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-12 11:57:42 +01:00
Quentin Gliech
f98957617e Cleanup consumed refresh tokens 2026-01-12 11:18:18 +01:00
Quentin Gliech
ab25c23829 Replace the FK constraint on the refresh token chain to nullify the 
field on deletion

This will make garbage collecting refresh tokens easier
 2026-01-12 09:36:52 +01:00
Quentin Gliech
3e521a105d Cleanup revoked refresh tokens 2026-01-09 18:37:09 +01:00
Quentin Gliech
7aad841e04 Handle garbage-collected access tokens in the refresh token logic 
We check if the access token was used when a double-refresh happened,
but can't do that reliably as we started garbage-collecting expired
access tokens
 2026-01-09 18:09:05 +01:00
Quentin Gliech
991c60255e Setup recurring jobs schedules when running in tests 2026-01-09 18:07:44 +01:00
Quentin Gliech
04cbafbc5f Cleanup expired OAuth 2.0 access tokens 2026-01-09 13:38:50 +01:00
Quentin Gliech
73e838ff08 Rename the cleanup revoked access tokens job 
"cleanup-expired-tokens" was not accurate, and since the plan is to have
different jobs for the different kind of tokens, we renamed this job to
use a more accurate description
 2026-01-09 13:36:46 +01:00
Quentin Gliech
ad1910c22e Introduce a way to clear jobs from a deprecated queue 2026-01-09 12:08:20 +01:00