dandri/matrix-authentication-service
1
0
Fork 0
mirror of https://github.com/element-hq/matrix-authentication-service.git synced 2026-05-14 19:05:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add admin APIs to finish individual sessions (#5091)

Browse Source
This commit is contained in:
Quentin Gliech
2025-10-08 10:30:22 +02:00
committed by GitHub
parent 8b942c9ee6 7e3df5585b
commit cd39513d44
8 changed files with 989 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/handlers/src/admin/v1/compat_sessions/finish.rs
+243
View File
@@ -0,0 +1,243 @@
// Copyright 2025 New Vector Ltd.
//
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.
use aide::{NoApi, OperationIo, transform::TransformOperation};
use axum::{Json, response::IntoResponse};
use hyper::StatusCode;
use mas_axum_utils::record_error;
use mas_data_model::BoxRng;
use mas_storage::queue::{QueueJobRepositoryExt as _, SyncDevicesJob};
use ulid::Ulid;
use crate::{
admin::{
call_context::CallContext,
model::{CompatSession, Resource},
params::UlidPathParam,
response::{ErrorResponse, SingleResponse},
},
impl_from_error_for_route,
};
#[derive(Debug, thiserror::Error, OperationIo)]
#[aide(output_with = "Json<ErrorResponse>")]
pub enum RouteError {
#[error(transparent)]
Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
#[error("Compatibility session with ID {0} not found")]
NotFound(Ulid),
#[error("Compatibility session with ID {0} is already finished")]
AlreadyFinished(Ulid),
}
impl_from_error_for_route!(mas_storage::RepositoryError);
impl IntoResponse for RouteError {
fn into_response(self) -> axum::response::Response {
let error = ErrorResponse::from_error(&self);
let sentry_event_id = record_error!(self, Self::Internal(_));
let status = match self {
Self::Internal(_) => StatusCode::INTERNAL_SERVER_ERROR,
Self::NotFound(_) => StatusCode::NOT_FOUND,
Self::AlreadyFinished(_) => StatusCode::BAD_REQUEST,
};
(status, sentry_event_id, Json(error)).into_response()
}
}
pub fn doc(operation: TransformOperation) -> TransformOperation {
operation
.id("finishCompatSession")
.summary("Finish a compatibility session")
.description(
"Calling this endpoint will finish the compatibility session, preventing any further use. A job will be scheduled to sync the user's devices with the homeserver.",
)
.tag("compat-session")
.response_with::<200, Json<SingleResponse<CompatSession>>, _>(|t| {
// Get the finished session sample
let [_, finished_session, _] = CompatSession::samples();
let id = finished_session.id();
let response = SingleResponse::new(
finished_session,
format!("/api/admin/v1/compat-sessions/{id}/finish"),
);
t.description("Compatibility session was finished").example(response)
})
.response_with::<400, RouteError, _>(|t| {
let response = ErrorResponse::from_error(&RouteError::AlreadyFinished(Ulid::nil()));
t.description("Session is already finished")
.example(response)
})
.response_with::<404, RouteError, _>(|t| {
let response = ErrorResponse::from_error(&RouteError::NotFound(Ulid::nil()));
t.description("Compatibility session was not found")
.example(response)
})
}
#[tracing::instrument(name = "handler.admin.v1.compat_sessions.finish", skip_all)]
pub async fn handler(
CallContext {
mut repo, clock, ..
}: CallContext,
NoApi(mut rng): NoApi<BoxRng>,
id: UlidPathParam,
) -> Result<Json<SingleResponse<CompatSession>>, RouteError> {
let id = *id;
let session = repo
.compat_session()
.lookup(id)
.await?
.ok_or(RouteError::NotFound(id))?;
// Check if the session is already finished
if session.finished_at().is_some() {
return Err(RouteError::AlreadyFinished(id));
}
// Schedule a job to sync the devices of the user with the homeserver
tracing::info!(user.id = %session.user_id, "Scheduling device sync job for user");
repo.queue_job()
.schedule_job(
&mut rng,
&clock,
SyncDevicesJob::new_for_id(session.user_id),
)
.await?;
// Finish the session
let session = repo.compat_session().finish(&clock, session).await?;
// Get the SSO login info for the response
let sso_login = repo.compat_sso_login().find_for_session(&session).await?;
repo.save().await?;
Ok(Json(SingleResponse::new(
CompatSession::from((session, sso_login)),
format!("/api/admin/v1/compat-sessions/{id}/finish"),
)))
}
#[cfg(test)]
mod tests {
use chrono::Duration;
use hyper::{Request, StatusCode};
use mas_data_model::{Clock as _, Device};
use sqlx::PgPool;
use crate::test_utils::{RequestBuilderExt, ResponseExt, TestState, setup};
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
let token = state.token_with_scope("urn:mas:admin").await;
let mut rng = state.rng();
// Provision a user and a compat session
let mut repo = state.repository().await.unwrap();
let user = repo
.user()
.add(&mut rng, &state.clock, "alice".to_owned())
.await
.unwrap();
let device = Device::generate(&mut rng);
let session = repo
.compat_session()
.add(&mut rng, &state.clock, &user, device, None, false, None)
.await
.unwrap();
repo.save().await.unwrap();
let request = Request::post(format!(
"/api/admin/v1/compat-sessions/{}/finish",
session.id
))
.bearer(&token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::OK);
let body: serde_json::Value = response.json();
// The finished_at timestamp should be the same as the current time
assert_eq!(
body["data"]["attributes"]["finished_at"],
serde_json::json!(state.clock.now())
);
}
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_already_finished_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
let token = state.token_with_scope("urn:mas:admin").await;
let mut rng = state.rng();
// Provision a user and a compat session
let mut repo = state.repository().await.unwrap();
let user = repo
.user()
.add(&mut rng, &state.clock, "alice".to_owned())
.await
.unwrap();
let device = Device::generate(&mut rng);
let session = repo
.compat_session()
.add(&mut rng, &state.clock, &user, device, None, false, None)
.await
.unwrap();
// Finish the session first
let session = repo
.compat_session()
.finish(&state.clock, session)
.await
.unwrap();
repo.save().await.unwrap();
// Move the clock forward
state.clock.advance(Duration::try_minutes(1).unwrap());
let request = Request::post(format!(
"/api/admin/v1/compat-sessions/{}/finish",
session.id
))
.bearer(&token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::BAD_REQUEST);
let body: serde_json::Value = response.json();
assert_eq!(
body["errors"][0]["title"],
format!(
"Compatibility session with ID {} is already finished",
session.id
)
);
}
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_unknown_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
let token = state.token_with_scope("urn:mas:admin").await;
let request =
Request::post("/api/admin/v1/compat-sessions/01040G2081040G2081040G2081/finish")
.bearer(&token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::NOT_FOUND);
let body: serde_json::Value = response.json();
assert_eq!(
body["errors"][0]["title"],
"Compatibility session with ID 01040G2081040G2081040G2081 not found"
);
}
}
crates/handlers/src/admin/v1/compat_sessions/mod.rs
+2
View File
@@ -3,10 +3,12 @@
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.
mod finish;
mod get;
mod list;
pub use self::{
finish::{doc as finish_doc, handler as finish},
get::{doc as get_doc, handler as get},
list::{doc as list_doc, handler as list},
};
crates/handlers/src/admin/v1/mod.rs
+18
View File
@@ -58,6 +58,13 @@ where
"/compat-sessions/{id}",
get_with(self::compat_sessions::get, self::compat_sessions::get_doc),
)
.api_route(
"/compat-sessions/{id}/finish",
post_with(
self::compat_sessions::finish,
self::compat_sessions::finish_doc,
),
)
.api_route(
"/oauth2-sessions",
get_with(self::oauth2_sessions::list, self::oauth2_sessions::list_doc),
@@ -66,6 +73,13 @@ where
"/oauth2-sessions/{id}",
get_with(self::oauth2_sessions::get, self::oauth2_sessions::get_doc),
)
.api_route(
"/oauth2-sessions/{id}/finish",
post_with(
self::oauth2_sessions::finish,
self::oauth2_sessions::finish_doc,
),
)
.api_route(
"/policy-data",
post_with(self::policy_data::set, self::policy_data::set_doc),
@@ -136,6 +150,10 @@ where
"/user-sessions/{id}",
get_with(self::user_sessions::get, self::user_sessions::get_doc),
)
.api_route(
"/user-sessions/{id}/finish",
post_with(self::user_sessions::finish, self::user_sessions::finish_doc),
)
.api_route(
"/user-registration-tokens",
get_with(
crates/handlers/src/admin/v1/oauth2_sessions/finish.rs
+234
View File
@@ -0,0 +1,234 @@
// Copyright 2025 New Vector Ltd.
//
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.
use aide::{NoApi, OperationIo, transform::TransformOperation};
use axum::{Json, response::IntoResponse};
use hyper::StatusCode;
use mas_axum_utils::record_error;
use mas_data_model::BoxRng;
use mas_storage::queue::{QueueJobRepositoryExt as _, SyncDevicesJob};
use ulid::Ulid;
use crate::{
admin::{
call_context::CallContext,
model::{OAuth2Session, Resource},
params::UlidPathParam,
response::{ErrorResponse, SingleResponse},
},
impl_from_error_for_route,
};
#[derive(Debug, thiserror::Error, OperationIo)]
#[aide(output_with = "Json<ErrorResponse>")]
pub enum RouteError {
#[error(transparent)]
Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
#[error("OAuth 2.0 session with ID {0} not found")]
NotFound(Ulid),
#[error("OAuth 2.0 session with ID {0} is already finished")]
AlreadyFinished(Ulid),
}
impl_from_error_for_route!(mas_storage::RepositoryError);
impl IntoResponse for RouteError {
fn into_response(self) -> axum::response::Response {
let error = ErrorResponse::from_error(&self);
let sentry_event_id = record_error!(self, Self::Internal(_));
let status = match self {
Self::Internal(_) => StatusCode::INTERNAL_SERVER_ERROR,
Self::NotFound(_) => StatusCode::NOT_FOUND,
Self::AlreadyFinished(_) => StatusCode::BAD_REQUEST,
};
(status, sentry_event_id, Json(error)).into_response()
}
}
pub fn doc(operation: TransformOperation) -> TransformOperation {
operation
.id("finishOAuth2Session")
.summary("Finish an OAuth 2.0 session")
.description(
"Calling this endpoint will finish the OAuth 2.0 session, preventing any further use. If the session has a user associated with it, a job will be scheduled to sync the user's devices with the homeserver.",
)
.tag("oauth2-session")
.response_with::<200, Json<SingleResponse<OAuth2Session>>, _>(|t| {
// Get the finished session sample
let [_, _, finished_session] = OAuth2Session::samples();
let id = finished_session.id();
let response = SingleResponse::new(
finished_session,
format!("/api/admin/v1/oauth2-sessions/{id}/finish"),
);
t.description("OAuth 2.0 session was finished").example(response)
})
.response_with::<400, RouteError, _>(|t| {
let response = ErrorResponse::from_error(&RouteError::AlreadyFinished(Ulid::nil()));
t.description("Session is already finished")
.example(response)
})
.response_with::<404, RouteError, _>(|t| {
let response = ErrorResponse::from_error(&RouteError::NotFound(Ulid::nil()));
t.description("OAuth 2.0 session was not found")
.example(response)
})
}
#[tracing::instrument(name = "handler.admin.v1.oauth2_sessions.finish", skip_all)]
pub async fn handler(
CallContext {
mut repo, clock, ..
}: CallContext,
NoApi(mut rng): NoApi<BoxRng>,
id: UlidPathParam,
) -> Result<Json<SingleResponse<OAuth2Session>>, RouteError> {
let id = *id;
let session = repo
.oauth2_session()
.lookup(id)
.await?
.ok_or(RouteError::NotFound(id))?;
// Check if the session is already finished
if session.finished_at().is_some() {
return Err(RouteError::AlreadyFinished(id));
}
// If the session has a user associated with it, schedule a job to sync devices
if let Some(user_id) = session.user_id {
tracing::info!(user.id = %user_id, "Scheduling device sync job for user");
let job = SyncDevicesJob::new_for_id(user_id);
repo.queue_job().schedule_job(&mut rng, &clock, job).await?;
}
// Finish the session
let session = repo.oauth2_session().finish(&clock, session).await?;
repo.save().await?;
Ok(Json(SingleResponse::new(
OAuth2Session::from(session),
format!("/api/admin/v1/oauth2-sessions/{id}/finish"),
)))
}
#[cfg(test)]
mod tests {
use chrono::Duration;
use hyper::{Request, StatusCode};
use mas_data_model::{AccessToken, Clock as _};
use sqlx::PgPool;
use crate::test_utils::{RequestBuilderExt, ResponseExt, TestState, setup};
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
let token = state.token_with_scope("urn:mas:admin").await;
// Get the session ID from the token we just created
let mut repo = state.repository().await.unwrap();
let AccessToken { session_id, .. } = repo
.oauth2_access_token()
.find_by_token(&token)
.await
.unwrap()
.unwrap();
repo.save().await.unwrap();
let request = Request::post(format!("/api/admin/v1/oauth2-sessions/{session_id}/finish"))
.bearer(&token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::OK);
let body: serde_json::Value = response.json();
// The finished_at timestamp should be the same as the current time
assert_eq!(
body["data"]["attributes"]["finished_at"],
serde_json::json!(state.clock.now())
);
}
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_already_finished_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
// Create first admin token for the API call
let admin_token = state.token_with_scope("urn:mas:admin").await;
// Create a second admin session that we'll finish
let second_admin_token = state.token_with_scope("urn:mas:admin").await;
// Get the second session and finish it first
let mut repo = state.repository().await.unwrap();
let AccessToken { session_id, .. } = repo
.oauth2_access_token()
.find_by_token(&second_admin_token)
.await
.unwrap()
.unwrap();
let session = repo
.oauth2_session()
.lookup(session_id)
.await
.unwrap()
.unwrap();
// Finish the session first
let session = repo
.oauth2_session()
.finish(&state.clock, session)
.await
.unwrap();
repo.save().await.unwrap();
// Move the clock forward
state.clock.advance(Duration::try_minutes(1).unwrap());
let request = Request::post(format!(
"/api/admin/v1/oauth2-sessions/{}/finish",
session.id
))
.bearer(&admin_token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::BAD_REQUEST);
let body: serde_json::Value = response.json();
assert_eq!(
body["errors"][0]["title"],
format!(
"OAuth 2.0 session with ID {} is already finished",
session.id
)
);
}
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_unknown_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
let token = state.token_with_scope("urn:mas:admin").await;
let request =
Request::post("/api/admin/v1/oauth2-sessions/01040G2081040G2081040G2081/finish")
.bearer(&token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::NOT_FOUND);
let body: serde_json::Value = response.json();
assert_eq!(
body["errors"][0]["title"],
"OAuth 2.0 session with ID 01040G2081040G2081040G2081 not found"
);
}
}
crates/handlers/src/admin/v1/oauth2_sessions/mod.rs
+2
View File
@@ -4,10 +4,12 @@
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.
mod finish;
mod get;
mod list;
pub use self::{
finish::{doc as finish_doc, handler as finish},
get::{doc as get_doc, handler as get},
list::{doc as list_doc, handler as list},
};
crates/handlers/src/admin/v1/user_sessions/finish.rs
+216
View File
@@ -0,0 +1,216 @@
// Copyright 2025 New Vector Ltd.
//
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.
use aide::{OperationIo, transform::TransformOperation};
use axum::{Json, response::IntoResponse};
use hyper::StatusCode;
use mas_axum_utils::record_error;
use ulid::Ulid;
use crate::{
admin::{
call_context::CallContext,
model::{Resource, UserSession},
params::UlidPathParam,
response::{ErrorResponse, SingleResponse},
},
impl_from_error_for_route,
};
#[derive(Debug, thiserror::Error, OperationIo)]
#[aide(output_with = "Json<ErrorResponse>")]
pub enum RouteError {
#[error(transparent)]
Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
#[error("User session with ID {0} not found")]
NotFound(Ulid),
#[error("User session with ID {0} is already finished")]
AlreadyFinished(Ulid),
}
impl_from_error_for_route!(mas_storage::RepositoryError);
impl IntoResponse for RouteError {
fn into_response(self) -> axum::response::Response {
let error = ErrorResponse::from_error(&self);
let sentry_event_id = record_error!(self, Self::Internal(_));
let status = match self {
Self::Internal(_) => StatusCode::INTERNAL_SERVER_ERROR,
Self::NotFound(_) => StatusCode::NOT_FOUND,
Self::AlreadyFinished(_) => StatusCode::BAD_REQUEST,
};
(status, sentry_event_id, Json(error)).into_response()
}
}
pub fn doc(operation: TransformOperation) -> TransformOperation {
operation
.id("finishUserSession")
.summary("Finish a user session")
.description(
"Calling this endpoint will finish the user session, preventing any further use.",
)
.tag("user-session")
.response_with::<200, Json<SingleResponse<UserSession>>, _>(|t| {
// Get the finished session sample
let [_, _, finished_session] = UserSession::samples();
let id = finished_session.id();
let response = SingleResponse::new(
finished_session,
format!("/api/admin/v1/user-sessions/{id}/finish"),
);
t.description("User session was finished").example(response)
})
.response_with::<400, RouteError, _>(|t| {
let response = ErrorResponse::from_error(&RouteError::AlreadyFinished(Ulid::nil()));
t.description("Session is already finished")
.example(response)
})
.response_with::<404, RouteError, _>(|t| {
let response = ErrorResponse::from_error(&RouteError::NotFound(Ulid::nil()));
t.description("User session was not found")
.example(response)
})
}
#[tracing::instrument(name = "handler.admin.v1.user_sessions.finish", skip_all)]
pub async fn handler(
CallContext {
mut repo, clock, ..
}: CallContext,
id: UlidPathParam,
) -> Result<Json<SingleResponse<UserSession>>, RouteError> {
let id = *id;
let session = repo
.browser_session()
.lookup(id)
.await?
.ok_or(RouteError::NotFound(id))?;
// Check if the session is already finished
if session.finished_at.is_some() {
return Err(RouteError::AlreadyFinished(id));
}
// Finish the session
let session = repo.browser_session().finish(&clock, session).await?;
repo.save().await?;
Ok(Json(SingleResponse::new(
UserSession::from(session),
format!("/api/admin/v1/user-sessions/{id}/finish"),
)))
}
#[cfg(test)]
mod tests {
use chrono::Duration;
use hyper::{Request, StatusCode};
use mas_data_model::Clock as _;
use sqlx::PgPool;
use crate::test_utils::{RequestBuilderExt, ResponseExt, TestState, setup};
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
let token = state.token_with_scope("urn:mas:admin").await;
let mut rng = state.rng();
// Provision a user and a user session
let mut repo = state.repository().await.unwrap();
let user = repo
.user()
.add(&mut rng, &state.clock, "alice".to_owned())
.await
.unwrap();
let session = repo
.browser_session()
.add(&mut rng, &state.clock, &user, None)
.await
.unwrap();
repo.save().await.unwrap();
let request = Request::post(format!("/api/admin/v1/user-sessions/{}/finish", session.id))
.bearer(&token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::OK);
let body: serde_json::Value = response.json();
// The finished_at timestamp should be the same as the current time
assert_eq!(
body["data"]["attributes"]["finished_at"],
serde_json::json!(state.clock.now())
);
}
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_already_finished_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
let token = state.token_with_scope("urn:mas:admin").await;
let mut rng = state.rng();
// Provision a user and a user session
let mut repo = state.repository().await.unwrap();
let user = repo
.user()
.add(&mut rng, &state.clock, "alice".to_owned())
.await
.unwrap();
let session = repo
.browser_session()
.add(&mut rng, &state.clock, &user, None)
.await
.unwrap();
// Finish the session first
let session = repo
.browser_session()
.finish(&state.clock, session)
.await
.unwrap();
repo.save().await.unwrap();
// Move the clock forward
state.clock.advance(Duration::try_minutes(1).unwrap());
let request = Request::post(format!("/api/admin/v1/user-sessions/{}/finish", session.id))
.bearer(&token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::BAD_REQUEST);
let body: serde_json::Value = response.json();
assert_eq!(
body["errors"][0]["title"],
format!("User session with ID {} is already finished", session.id)
);
}
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
async fn test_finish_unknown_session(pool: PgPool) {
setup();
let mut state = TestState::from_pool(pool).await.unwrap();
let token = state.token_with_scope("urn:mas:admin").await;
let request =
Request::post("/api/admin/v1/user-sessions/01040G2081040G2081040G2081/finish")
.bearer(&token)
.empty();
let response = state.request(request).await;
response.assert_status(StatusCode::NOT_FOUND);
let body: serde_json::Value = response.json();
assert_eq!(
body["errors"][0]["title"],
"User session with ID 01040G2081040G2081040G2081 not found"
);
}
}
crates/handlers/src/admin/v1/user_sessions/mod.rs
+2
View File
@@ -3,10 +3,12 @@
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.
mod finish;
mod get;
mod list;
pub use self::{
finish::{doc as finish_doc, handler as finish},
get::{doc as get_doc, handler as get},
list::{doc as list_doc, handler as list},
};
docs/api/spec.json
+272
View File
@@ -367,6 +367,98 @@
}
}
},
"/api/admin/v1/compat-sessions/{id}/finish": {
"post": {
"tags": [
"compat-session"
],
"summary": "Finish a compatibility session",
"description": "Calling this endpoint will finish the compatibility session, preventing any further use. A job will be scheduled to sync the user's devices with the homeserver.",
"operationId": "finishCompatSession",
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"schema": {
"title": "The ID of the resource",
"$ref": "#/components/schemas/ULID"
},
"style": "simple"
}
],
"responses": {
"200": {
"description": "Compatibility session was finished",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SingleResponse_for_CompatSession"
},
"example": {
"data": {
"type": "compat-session",
"id": "02081040G2081040G2081040G2",
"attributes": {
"user_id": "01040G2081040G2081040G2081",
"device_id": "FFGGHHIIJJ",
"user_session_id": "0J289144GJ289144GJ289144GJ",
"redirect_uri": null,
"created_at": "1970-01-01T00:00:00Z",
"user_agent": "Mozilla/5.0",
"last_active_at": "1970-01-01T00:00:00Z",
"last_active_ip": "1.2.3.4",
"finished_at": "1970-01-01T00:00:00Z",
"human_name": null
},
"links": {
"self": "/api/admin/v1/compat-sessions/02081040G2081040G2081040G2"
}
},
"links": {
"self": "/api/admin/v1/compat-sessions/02081040G2081040G2081040G2/finish"
}
}
}
}
},
"400": {
"description": "Session is already finished",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
},
"example": {
"errors": [
{
"title": "Compatibility session with ID 00000000000000000000000000 is already finished"
}
]
}
}
}
},
"404": {
"description": "Compatibility session was not found",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
},
"example": {
"errors": [
{
"title": "Compatibility session with ID 00000000000000000000000000 not found"
}
]
}
}
}
}
}
}
},
"/api/admin/v1/oauth2-sessions": {
"get": {
"tags": [
@@ -712,6 +804,98 @@
}
}
},
"/api/admin/v1/oauth2-sessions/{id}/finish": {
"post": {
"tags": [
"oauth2-session"
],
"summary": "Finish an OAuth 2.0 session",
"description": "Calling this endpoint will finish the OAuth 2.0 session, preventing any further use. If the session has a user associated with it, a job will be scheduled to sync the user's devices with the homeserver.",
"operationId": "finishOAuth2Session",
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"schema": {
"title": "The ID of the resource",
"$ref": "#/components/schemas/ULID"
},
"style": "simple"
}
],
"responses": {
"200": {
"description": "OAuth 2.0 session was finished",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SingleResponse_for_OAuth2Session"
},
"example": {
"data": {
"type": "oauth2-session",
"id": "030C1G60R30C1G60R30C1G60R3",
"attributes": {
"created_at": "1970-01-01T00:00:00Z",
"finished_at": "1970-01-01T00:00:00Z",
"user_id": "040G2081040G2081040G208104",
"user_session_id": "050M2GA1850M2GA1850M2GA185",
"client_id": "060R30C1G60R30C1G60R30C1G6",
"scope": "urn:matrix:client:api:*",
"user_agent": "Mozilla/5.0",
"last_active_at": "1970-01-01T00:00:00Z",
"last_active_ip": "127.0.0.1",
"human_name": null
},
"links": {
"self": "/api/admin/v1/oauth2-sessions/030C1G60R30C1G60R30C1G60R3"
}
},
"links": {
"self": "/api/admin/v1/oauth2-sessions/030C1G60R30C1G60R30C1G60R3/finish"
}
}
}
}
},
"400": {
"description": "Session is already finished",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
},
"example": {
"errors": [
{
"title": "OAuth 2.0 session with ID 00000000000000000000000000 is already finished"
}
]
}
}
}
},
"404": {
"description": "OAuth 2.0 session was not found",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
},
"example": {
"errors": [
{
"title": "OAuth 2.0 session with ID 00000000000000000000000000 not found"
}
]
}
}
}
}
}
}
},
"/api/admin/v1/policy-data": {
"post": {
"tags": [
@@ -2424,6 +2608,94 @@
}
}
},
"/api/admin/v1/user-sessions/{id}/finish": {
"post": {
"tags": [
"user-session"
],
"summary": "Finish a user session",
"description": "Calling this endpoint will finish the user session, preventing any further use.",
"operationId": "finishUserSession",
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"schema": {
"title": "The ID of the resource",
"$ref": "#/components/schemas/ULID"
},
"style": "simple"
}
],
"responses": {
"200": {
"description": "User session was finished",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SingleResponse_for_UserSession"
},
"example": {
"data": {
"type": "user-session",
"id": "030C1G60R30C1G60R30C1G60R3",
"attributes": {
"created_at": "1970-01-01T00:00:00Z",
"finished_at": "1970-01-01T00:00:00Z",
"user_id": "040G2081040G2081040G208104",
"user_agent": "Mozilla/5.0",
"last_active_at": "1970-01-01T00:00:00Z",
"last_active_ip": "127.0.0.1"
},
"links": {
"self": "/api/admin/v1/user-sessions/030C1G60R30C1G60R30C1G60R3"
}
},
"links": {
"self": "/api/admin/v1/user-sessions/030C1G60R30C1G60R30C1G60R3/finish"
}
}
}
}
},
"400": {
"description": "Session is already finished",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
},
"example": {
"errors": [
{
"title": "User session with ID 00000000000000000000000000 is already finished"
}
]
}
}
}
},
"404": {
"description": "User session was not found",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
},
"example": {
"errors": [
{
"title": "User session with ID 00000000000000000000000000 not found"
}
]
}
}
}
}
}
}
},
"/api/admin/v1/user-registration-tokens": {
"get": {
"tags": [