378f24b118
Clear out last active IP on each sessions after 30 days ( #5448 )
2026-01-26 13:57:01 +01:00
dbdb2970ed
Refactor inactive IP cleanup to use pagination
...
This should avoid dead many dead tuples when processing batches of
sessions to cleanup
2026-01-23 18:52:33 +01:00
b0e836eb44
Cleanup finished user/browser sessions ( #5444 )
2026-01-23 18:27:45 +01:00
26caee7c99
Add cleanup jobs for inactive session IP addresses
...
This adds three new scheduled cleanup jobs that clear the last_active_ip
field from sessions that have been inactive for more than 30 days:
- CleanupInactiveOAuth2SessionIpsJob
- CleanupInactiveCompatSessionIpsJob
- CleanupInactiveUserSessionIpsJob
This helps with data minimization by not retaining IP addresses longer
2026-01-23 16:29:29 +01:00
5bca9726b6
Add cleanup job for finished user sessions
...
Implements hard deletion of user/browser sessions that have been finished for more than 30 days, but only after all child sessions are cleaned up.
User sessions can only be deleted when no child sessions exist, ensuring backchannel logout propagation continues to work correctly.
2026-01-22 15:44:57 +01:00
0486c6e05d
Use the user_session_id on upstream authorisations for filtering instead
...
of authentications
This makes it one less table to read
2026-01-21 14:49:07 +01:00
766ff6c8f3
Implement cleanup job for email authentications
...
Add scheduled cleanup job that removes old user email authentications
after 7 days. Runs every hour.
2026-01-16 17:56:16 +01:00
2ae95e30ec
Implement cleanup job for user recovery sessions
...
Add scheduled cleanup job that removes old user recovery sessions after
7 days. Runs hourly.
Implementation uses ULID cursor-based pagination with no additional
indexes needed. Child tickets cascade-delete automatically.
2026-01-16 17:46:01 +01:00
e33f3f1e25
Cleanup old user registrations from the database
2026-01-14 14:01:10 +01:00
48a826fe4c
Remove imported unsupported threepids when deactivating a user
2026-01-08 15:33:50 +01:00
61ee8dae87
Fix test name
2025-11-27 16:05:13 +01:00
ac4f66920c
Store upstream OAuth sessions on user registrations
...
This will allow us creating user registrations from upstream OAuth auth
sessions
2025-11-21 19:31:37 +01:00
f7c8a28592
Allow completing user email authentications using an upstream session
...
This will let us push emails in user registrations using an upstream
session
2025-11-21 19:28:26 +01:00
5e0f70c66e
storage: make the edges in pages include cursors
2025-09-29 14:46:28 +02:00
a7e56b3849
Admin API filter to search users by username
2025-09-15 14:12:31 +02:00
1e1dfdadc2
Allow filtering guest/non-guest users
2025-09-15 12:51:06 +02:00
5d63ee2edf
Surface the user guest flag in the admin API
2025-09-15 12:51:00 +02:00
6a1d67f452
Merge remote-tracking branch 'origin/main' into feat/login_hint_with_email
2025-08-18 16:43:00 +02:00
6a2492e70b
Fix a few clippy lints, mostly in doc comments
2025-08-18 10:34:28 +02:00
c314802fcd
move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model
2025-07-31 11:17:33 +02:00
ea873577aa
Fix many clippy warnings
...
This is because the tracing-attributes update made clippy look at those
again. I've removed the `too_many_lines` lint, as it's not really useful
and we ignore it most of the time anyway.
2025-07-30 14:49:38 +02:00
d807975137
Decouple (un)locking from (re/de)activation
...
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.
Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
2025-07-16 14:17:01 -04:00
6c1afee13d
Separate active state from lock state in admin API
...
- Allow the admin API to deactivate a user without locking it, and to
unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
option is used only by the admin API which doesn't use a job.
2025-07-16 14:17:01 -04:00
a8b8c8e31c
Add admin API endpoint to reactivate user
2025-07-16 14:17:01 -04:00
0405e952af
Make email address lookups case-insensitive
2025-07-08 18:01:20 +02:00
e245cd831f
Compose filters for batch logging out of browser sessions
...
Instead of having to load all authentication sessions in memory, we
allow composing browser session filters with a upstream auth sessions
filter
2025-07-04 16:27:10 +02:00
ae06e4b512
storage: allow filtering browser sessions by which upstream session
...
authd them
2025-07-04 16:27:10 +02:00
3d96dc9d47
Update license headers to match the actual license
2025-06-12 10:32:16 +02:00
52942ee94e
Admin API to edit registration tokens
2025-06-05 18:22:16 +02:00
c8f2a2146c
Admin API to un-revoke a user registration token.
2025-06-05 16:56:42 +02:00
62cad6a210
List and count methods on the UserRegistrationTokenRepository
2025-06-03 17:42:53 +02:00
ccb971d3d3
Data model and repository for user registration tokens
2025-06-03 17:42:52 +02:00
062d554a6f
Avoid deadlocks when updating the last activity of sessions
2025-04-28 09:56:30 +02:00
0cfea60fa0
Don't parse the user agent unless we need to
2025-04-24 13:13:26 +02:00
744bb2c372
Lookup usernames case insensitively ( #4378 )
2025-04-14 15:51:59 +02:00
58551c9a62
Handle the case where there are multiple users with the same username, but with a different casing.
2025-04-11 15:38:28 +02:00
7012fd3855
Also lowercase the username when checking if it exists.
2025-04-10 18:45:13 +02:00
b5ed17dbff
Lookup usernames case insensitively
2025-04-10 18:36:43 +02:00
f2a47f9a88
add login by email + feature flag
2025-04-10 17:57:58 +02:00
b72b83665e
Repository method to deactivate a user.
2025-03-11 17:35:13 +01:00
6519d6c9ea
Add a deactivated_at flag on users
2025-03-11 17:35:13 +01:00
10276b05fc
Allow removing email addresses in bulk
2025-03-11 17:35:12 +01:00
7834221c22
Stop writing to the old email confirmation-related tables
...
This will allow to drop those old tables and fields in the next release
2025-03-11 17:35:12 +01:00
3d2b67a0b2
Upgrade to Rust 1.85 and edition 2024
2025-02-21 16:15:02 +01:00
dbb53160b6
Data model and storage layer for storing user registrations
2025-01-14 16:30:43 +01:00
0513f198d8
Rip out the email verification codes
...
This considers all user_emails as confirmed, and removes the verification code.
It will be replaced by a new email authentication code flow
2025-01-14 15:46:45 +01:00
75526ff0c4
storage: new email authentication codes
2025-01-13 17:00:30 +01:00
ee33e9c0fb
Remove the primary email address concept
2025-01-13 17:00:30 +01:00
9021ebee22
Upgrade to Rust 1.83.0 and fix new warnings
2024-12-05 17:32:49 +01:00
ed4b6c42a7
Remove (C)
2024-09-10 14:28:55 +02:00
Quentin Gliech