From fe2ce41009e1228cfa654cdf461ea1f444f65d01 Mon Sep 17 00:00:00 2001 From: Eric Eastwood Date: Tue, 7 Apr 2026 15:49:02 -0500 Subject: [PATCH] Run `sh misc/update.sh` --- docs/config.schema.json | 6 +++--- policies/schema/authorization_grant_input.json | 6 ++++++ policies/schema/compat_login_input.json | 6 ++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/docs/config.schema.json b/docs/config.schema.json index 72b85a7e3..042bbafbd 100644 --- a/docs/config.schema.json +++ b/docs/config.schema.json @@ -2898,19 +2898,19 @@ "type": "object", "properties": { "soft_limit": { - "description": "Upon login in interactive contexts (like OAuth 2.0 sessions), if the soft limit\n is reached, it will display a policy violation screen (web UI) to remove\n sessions before creating the new session.\n\n This is not enforced in non-interactive contexts (like the legacy compability\n login API) as there is no opportunity for us to show some UI for people remove\n some sessions. See [`hard_limit`] for enforcement on that side.\n\n [`hard_limit`]: Self::hard_limit", + "description": "Upon login in interactive contexts (like OAuth 2.0 sessions), if the\n soft limit is reached, it will display a policy violation screen\n (web UI) to remove sessions before creating the new session.\n\n This is not enforced in non-interactive contexts (like the legacy\n compability login API) as there is no opportunity for us to show\n some UI for people remove some sessions. See [`hard_limit`] for\n enforcement on that side.\n\n [`hard_limit`]: Self::hard_limit", "type": "integer", "format": "uint64", "minimum": 1 }, "hard_limit": { - "description": "Upon login, when `hard_limit_eviction: false`, will refuse the new login (policy\n violation error), otherwise, see [`hard_limit_eviction`].\n\n The hard limit is enforced in all contexts (interactive/non-interactive).\n\n [`hard_limit_eviction`]: Self::hard_limit_eviction", + "description": "Upon login, when `hard_limit_eviction: false`, will refuse the new login\n (policy violation error), otherwise, see [`hard_limit_eviction`].\n\n The hard limit is enforced in all contexts\n (interactive/non-interactive).\n\n [`hard_limit_eviction`]: Self::hard_limit_eviction", "type": "integer", "format": "uint64", "minimum": 1 }, "hard_limit_eviction": { - "description": "Whether we should automatically choose the least recently used devices to remove\n when the [`Self::hard_limit`] is reached; in order to allow the new login to continue.\n\n Disabled by default\n\n WARNING: Removing sessions is a potentially damaging operation. Any end-to-end\n encrypted history on the device will be lost and can only be recovered if you\n have another verified active device or have a recovery key setup.\n\n When using [`hard_limit_eviction`], the [`hard_limit`] must be\n at-least 2 to avoid catastropically losing encrypted history and digital\n identity in pathological cases. Keep in mind this is a bare minimum restriction\n and you can still run into trouble.\n\n This is most applicable in scenarios where your homeserver has many legacy\n bots/scripts that login over and over (which ideally should be using [personal\n access\n tokens](https://github.com/element-hq/matrix-authentication-service/issues/4492))\n and you want to avoid breaking their operation while maintaining some level of\n sanity with the number of devices that people can have.\n\n [`hard_limit`]: Self::hard_limit\n [`hard_limit_eviction`]: Self::hard_limit_eviction", + "description": "Whether we should automatically choose the least recently used devices\n to remove when the [`Self::hard_limit`] is reached; in order to\n allow the new login to continue.\n\n Disabled by default\n\n WARNING: Removing sessions is a potentially damaging operation. Any\n end-to-end encrypted history on the device will be lost and can only\n be recovered if you have another verified active device or have a\n recovery key setup.\n\n When using [`hard_limit_eviction`], the [`hard_limit`] must be\n at-least 2 to avoid catastropically losing encrypted history and digital\n identity in pathological cases. Keep in mind this is a bare minimum\n restriction and you can still run into trouble.\n\n This is most applicable in scenarios where your homeserver has many\n legacy bots/scripts that login over and over (which ideally should\n be using [personal access\n tokens](https://github.com/element-hq/matrix-authentication-service/issues/4492))\n and you want to avoid breaking their operation while maintaining some\n level of sanity with the number of devices that people can have.\n\n [`hard_limit`]: Self::hard_limit\n [`hard_limit_eviction`]: Self::hard_limit_eviction", "type": "boolean", "default": false } diff --git a/policies/schema/authorization_grant_input.json b/policies/schema/authorization_grant_input.json index 8f346cc5c..e9b7ff3b7 100644 --- a/policies/schema/authorization_grant_input.json +++ b/policies/schema/authorization_grant_input.json @@ -11,6 +11,11 @@ ], "additionalProperties": true }, + "session_limit": { + "description": "Limits on the number of application sessions that each user can have", + "type": "object", + "additionalProperties": true + }, "session_counts": { "description": "How many sessions the user has.\n Not populated if it's not a user logging in.", "anyOf": [ @@ -37,6 +42,7 @@ } }, "required": [ + "session_limit", "client", "scope", "grant_type", diff --git a/policies/schema/compat_login_input.json b/policies/schema/compat_login_input.json index ffb182de4..85e87e447 100644 --- a/policies/schema/compat_login_input.json +++ b/policies/schema/compat_login_input.json @@ -8,6 +8,11 @@ "type": "object", "additionalProperties": true }, + "session_limit": { + "description": "Limits on the number of application sessions that each user can have", + "type": "object", + "additionalProperties": true + }, "session_counts": { "description": "How many sessions the user has.", "allOf": [ @@ -34,6 +39,7 @@ }, "required": [ "user", + "session_limit", "session_counts", "session_replaced", "login",