letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
NaN Commits 2 Branches 1 Tag
f98957617e0356a0d9158107076109728fffa110
Commit Graph

2636 Commits

Author SHA1 Message Date
Quentin Gliech
f98957617e Cleanup consumed refresh tokens 2026-01-12 11:18:18 +01:00
Quentin Gliech
ab25c23829 Replace the FK constraint on the refresh token chain to nullify the 
field on deletion

This will make garbage collecting refresh tokens easier
 2026-01-12 09:36:52 +01:00
Quentin Gliech
3e521a105d Cleanup revoked refresh tokens 2026-01-09 18:37:09 +01:00
Quentin Gliech
7aad841e04 Handle garbage-collected access tokens in the refresh token logic 
We check if the access token was used when a double-refresh happened,
but can't do that reliably as we started garbage-collecting expired
access tokens
 2026-01-09 18:09:05 +01:00
Quentin Gliech
991c60255e Setup recurring jobs schedules when running in tests 2026-01-09 18:07:44 +01:00
Quentin Gliech
04cbafbc5f Cleanup expired OAuth 2.0 access tokens 2026-01-09 13:38:50 +01:00
Quentin Gliech
73e838ff08 Rename the cleanup revoked access tokens job 
"cleanup-expired-tokens" was not accurate, and since the plan is to have
different jobs for the different kind of tokens, we renamed this job to
use a more accurate description
 2026-01-09 13:36:46 +01:00
Quentin Gliech
ad1910c22e Introduce a way to clear jobs from a deprecated queue 2026-01-09 12:08:20 +01:00
Quentin Gliech
bf2ad55b5c Speed up access token cleanup with an index 2026-01-08 19:03:09 +01:00
Quentin Gliech
fa742bc992 Clean up revoked access tokens in batches 2026-01-08 19:03:09 +01:00
Quentin Gliech
1ac6f9c5ee Allow jobs to declare a timeout and cancel them 2026-01-08 19:03:09 +01:00
Quentin Gliech
2519f4f229 Don't include integrity attributes on fetch and image preloads 2026-01-05 15:09:41 +01:00
Quentin Gliech
889545fed4 Simplify compat login SSO redirect URI building 2026-01-05 14:44:03 +01:00
Quentin Gliech
6ab4c189be Add more context to serialization errors 2026-01-05 13:49:11 +01:00
Quentin Gliech
f587c17bcd Fix the 'invalid type' error during compat SSO login with urlencoded parameters 
Fixes #5384
 2026-01-05 13:41:44 +01:00
Quentin Gliech
c360144bfe Handle pre-compressed assets better (#5370) 2025-12-18 17:00:30 +01:00
Quentin Gliech
926721c279 Only serve pre-compressed gzip and brotli files 2025-12-18 14:39:58 +01:00
Quentin Gliech
cfa775c06b Pre-load locale data in the React app 2025-12-17 15:53:37 +01:00
Quentin Gliech
579304e53a Deduplicate included assets 2025-12-17 15:53:00 +01:00
Quentin Gliech
e6810efdab Expose process metrics on Linux (#5342) 2025-12-16 13:31:42 +01:00
Quentin Gliech
4ee344012f Remove rustls-pemfile dependency (#5339) 2025-12-16 13:27:30 +01:00
Quentin Gliech
cc67f515a6 Merge remote-tracking branch 'origin/main' into quenting/process-metrics 2025-12-16 13:23:10 +01:00
Quentin Gliech
74899939bf Switch to opentelemetry-instrumentation-tokio crate for Tokio instrumentation 2025-12-15 12:17:31 +01:00
Quentin Gliech
30c4e12d12 Merge branch 'main' into rei/reapply_5297 2025-12-10 22:09:56 +01:00
Quentin Gliech
9300a60242 Fix running multiple migration process in parallel (#5329) 2025-12-10 22:08:51 +01:00
Quentin Gliech
4a79fdc5be Expose process metrics on Linux 2025-12-10 16:45:48 +01:00
Devon Hudson
9b65574885 Remove rustls-pemfile dependency 2025-12-09 12:37:56 -07:00
Quentin Gliech
cca2015920 Fix typos 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-04 16:32:13 +01:00
Quentin Gliech
b99722f42a Better error message when checksum in database is invalid 2025-12-04 15:14:14 +01:00
Quentin Gliech
368cd4541d Don't error out if a migration is missing 
This allows us to roll back to older versions of MAS.
 2025-12-04 15:13:42 +01:00
Quentin Gliech
eb2284ba7c Better lock and handle missing and modified migrations 
This rewrites the database migration code to:

 - avoid deadlocks when running multiple migration processes at the same
   time with a `CREATE INDEX CONCURRENTLY` statement
 - allow us to remove some migrations from the code base and mark them as
   intentionally removed
 - allow us to modify some migrations and declare alternate checksums
   for previous versions of the migration
 2025-12-04 14:44:16 +01:00
Quentin Gliech
56ce9ccd1c Simplify the consent screen (#5310) 2025-12-03 14:22:14 +01:00
Quentin Gliech
9cc9fc8bbe Update comment on the id_color_hash template filter 2025-12-03 13:47:59 +01:00
Quentin Gliech
c7bb887c65 Apply minor suggestions from Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-03 13:39:34 +01:00
Quentin Gliech
7c3e6701c1 Add a test for the new skip_confirmation option 2025-12-03 11:00:32 +01:00
Quentin Gliech
5efd963707 Merge remote-tracking branch 'origin/main' into quenting/upstream-oauth/skip-interactive 2025-12-03 10:48:31 +01:00
Quentin Gliech
1b77b5ce4b Add more options to deal with localpart conflicts on upstream OAuth 2.0 logins (#5295) 2025-12-03 10:39:05 +01:00
Quentin Gliech
8a615fd8ba Merge remote-tracking branch 'origin/main' into quenting/simpler-consent-screen 2025-12-02 19:42:57 +01:00
Quentin Gliech
f9008f3184 Add the Matrix user display name in the compat SSO login context 2025-12-02 18:09:47 +01:00
Quentin Gliech
29383dfd49 Add a template function to compute the avatar color hash same as 
Compound Web
 2025-12-02 17:51:51 +01:00
Quentin Gliech
ff6b25061e Get the display name of the Matrix user on the consent screens 2025-12-02 17:51:23 +01:00
Olivier 'reivilibre
eeb0692b8e Add experimental and preliminary policy-driven session limiting when logging in compatibility sessions. (#5287) 2025-12-02 15:50:04 +00:00
Olivier 'reivilibre
1dd51c77f4 Reapply "Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks (#5297)" (#5299) 
This reverts commit 2c3054bb24, reversing
changes made to 396950806c.
 2025-12-01 12:45:19 +00:00
Olivier 'reivilibre
21e45ce972 Revert "Add 'IF NOT EXISTS' to all 'CREATE INDEX CONCURRENTLY' statements to avoid deadlocks (#5297)" 
This reverts commit 396950806c, reversing
changes made to ef563f33c6.
 2025-12-01 12:14:31 +00:00
Olivier 'reivilibre
a59d38fc0b Comment on why we special-case 'only violation is too-many-sessions' 2025-12-01 11:47:59 +00:00
Olivier 'reivilibre
65b7cdc409 Expose Violations directly to the compat policy violation template 2025-12-01 11:47:59 +00:00
Olivier 'reivilibre
70f3efc0b8 Remove is_interactive and carry on with login types 2025-12-01 11:47:59 +00:00
Quentin Gliech
e484a810a7 Typos and error message rewording 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-01 11:03:04 +01:00
Quentin Gliech
3e65ff54b7 Merge branch 'main' into quenting/upstream-oauth/better-conflict-options 2025-11-28 18:10:22 +01:00
Quentin Gliech
a56482cf60 Merge branch 'quenting/upstream-oauth/better-conflict-options' into quenting/upstream-oauth/skip-interactive 2025-11-28 18:08:09 +01:00