letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
eeb0692b8eeb290600fdac8de6da7825b4b62aae
Commit Graph

442 Commits

Author SHA1 Message Date
Olivier 'reivilibre
eeb0692b8e Add experimental and preliminary policy-driven session limiting when logging in compatibility sessions. (#5287) 2025-12-02 15:50:04 +00:00
Olivier 'reivilibre
3b04fd5621 Make finish_sessions_to_replace_device return whether any were finished 2025-11-25 18:41:14 +00:00
Quentin Gliech
ad9f04c8ba Allow completing user email authentications using an upstream session 
This will let us push emails in user registrations using an upstream
session
 2025-11-21 19:28:26 +01:00
Olivier 'reivilibre
f8ff41cb43 Fix another broken link in the rustdocs 2025-11-06 10:11:22 +00:00
Olivier 'reivilibre
676c594dc4 Remove stale comment 2025-10-22 14:23:18 +01:00
Olivier 'reivilibre
120c8f7d23 Add revoke_bulk for personal sessions storage 2025-10-22 11:27:10 +01:00
reivilibre
c82f454365 Personal Sessions: add create, list, get, revoke, regenerate Admin APIs (#5141) 
Introduces some admin API endpoints for Personal Sessions.

- add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
- get: Shows the information about a personal session
- list: Shows many personal sessions
- revoke: Revokes a personal session, so it can't be used anymore
- regenerate: Revoke the active personal access token for a session and issue a new one to replace it.
 2025-10-22 11:20:02 +01:00
Olivier 'reivilibre
a8adab1301 Add expires filter to personal sessions list 2025-10-21 10:10:14 +01:00
Olivier 'reivilibre
2bf837257c find_active_by_session: take &PersonalSession 2025-10-21 09:43:46 +01:00
Olivier 'reivilibre
c5fe099d50 Implement activity tracking for personal sessions 2025-10-20 17:23:31 +01:00
Olivier 'reivilibre
0346425129 storage: include PATs alongside personal sessions 2025-10-20 14:33:30 +01:00
Olivier 'reivilibre
46045d44bc storage: introduce find_active_for_session for PATs 2025-10-20 13:06:41 +01:00
Olivier 'reivilibre
1a9b4b4d93 Take access_token by ref in add 2025-10-09 13:00:19 +01:00
Olivier 'reivilibre
b9e1cdb554 Support OAuth2 clients as owners of personal sessions 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
2a86a446b2 Add filters for personal sessions 2025-10-07 19:54:59 +01:00
Olivier 'reivilibre
8ca8d878e7 Add personal access token and session storage 2025-10-07 19:54:59 +01:00
Quentin Gliech
8962f355ff storage: make the edges in pages include cursors 2025-09-29 14:46:28 +02:00
Quentin Gliech
cb8c408489 Admin API filter to search users by username 2025-09-15 14:12:31 +02:00
Quentin Gliech
b7015c0b3d Allow filtering guest/non-guest users 2025-09-15 12:51:06 +02:00
Quentin Gliech
7253ca69b0 Merge remote-tracking branch 'origin/main' into feat/login_hint_with_email 2025-08-18 16:43:00 +02:00
Quentin Gliech
eded025ff4 Fix a few clippy lints, mostly in doc comments 2025-08-18 10:34:28 +02:00
mcalinghee
a45a1d7f73 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model : format 2025-07-31 12:35:56 +02:00
mcalinghee
9fa91b9524 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model : correct documentation 2025-07-31 12:34:01 +02:00
mcalinghee
062f5aced7 move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model 2025-07-31 11:17:33 +02:00
Andrew Ferrazzutti
49540693ab Decouple (un)locking from (re/de)activation 
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
415e3a2555 Separate active state from lock state in admin API 
- Allow the admin API to deactivate a user without locking it, and to
  unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
  option is used only by the admin API which doesn't use a job.
 2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti
44ffec5111 Add admin API endpoint to reactivate user 2025-07-16 14:17:01 -04:00
Quentin Gliech
a51a697013 Miscellaneous housekeeping (#4735) 2025-07-16 18:53:59 +02:00
Quentin Gliech
0f45344937 Allow running jobs from the job queue in tests (#4775) 2025-07-11 14:47:23 +02:00
Quentin Gliech
716640486e Make the task State::clock() return a &dyn Clock instead of a BoxClock 2025-07-09 17:20:03 +02:00
Quentin Gliech
39b3dbe5db Make email address lookups case-insensitive 2025-07-08 18:01:20 +02:00
Quentin Gliech
e8627166a9 Log out oauth & compat sessions when receiving a backchannel logout request 2025-07-04 16:27:10 +02:00
Quentin Gliech
84d9e47e23 Compose filters for batch logging out of browser sessions 
Instead of having to load all authentication sessions in memory, we
allow composing browser session filters with a upstream auth sessions
filter
 2025-07-04 16:27:10 +02:00
Quentin Gliech
500e25a069 storage: allow filtering browser sessions by which upstream session 
authd them
 2025-07-04 16:27:10 +02:00
Quentin Gliech
db8c557f81 Backchannel logout behavior settings on upstream providers 2025-07-04 16:27:10 +02:00
Quentin Gliech
aaf4bf588f Allow filtering upstream sessions by sub and sid claims 2025-07-04 16:27:09 +02:00
Quentin Gliech
a3acec4973 storage: list and count methods for upstream oauth sessions 2025-07-04 16:27:09 +02:00
Quentin Gliech
5b7bf232d6 Record the decoded ID token claims on upstream auth sessions 2025-07-04 16:27:09 +02:00
Jason Volk
f5f66c0a42 Fix rogue invalid characters inside doc comments. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2025-06-30 17:06:58 +00:00
Quentin Gliech
6421d9d1f5 Add license headers in most files that missed them 2025-06-12 11:01:07 +02:00
Quentin Gliech
52b0a9b2ba Update license headers to match the actual license 2025-06-12 10:32:16 +02:00
Quentin Gliech
69e3001966 Define all the dependencies at the workspace level 2025-06-10 14:25:38 +02:00
Quentin Gliech
5a4bc59bd3 Admin API to edit registration tokens 2025-06-05 18:22:16 +02:00
Quentin Gliech
5a34e28f4c Admin API to un-revoke a user registration token. 2025-06-05 16:56:42 +02:00
Quentin Gliech
8a6fd1d6b2 List and count methods on the UserRegistrationTokenRepository 2025-06-03 17:42:53 +02:00
Quentin Gliech
e28221ac49 Data model and repository for user registration tokens 2025-06-03 17:42:52 +02:00
Quentin Gliech
bdd56faa02 Don't hold database connections open when talking to the homeserver (#4527) 2025-05-09 09:13:42 +02:00
Quentin Gliech
481b2d4cf9 Move the pool acquisition metric logic to the PgRepositoryFactory 2025-05-07 17:09:20 +02:00
Quentin Gliech
90faa72633 Introduce a RepositoryFactory 2025-05-07 17:00:49 +02:00
Quentin Gliech
955bd28590 Don't generate and send a nonce for non-OIDC-compliant auth requests 2025-05-07 15:34:27 +02:00