106 Commits

Author SHA1 Message Date
Quentin Gliech fe622331a8 Admin API: allow listing and viewing of OAuth 2.0 clients (#5710) 2026-06-17 17:44:34 +02:00
Quentin Gliech 78036a933d Fix the compat session API definition in the admin API spec (#5714) 2026-06-17 17:42:31 +02:00
Quentin Gliech d33577cf4d Admin API: filter users based on client usage (#5707) 2026-06-17 17:12:56 +02:00
Quentin Gliech 9464ca8038 Merge branch 'main' into quenting/admin-api/session-time-filters 2026-06-17 17:01:02 +02:00
Quentin Gliech a8ffce8f13 Admin API: allow filtering OAuth 2.0 sessions by multiple clients (#5708) 2026-06-17 16:40:53 +02:00
Quentin Gliech 632d64d199 Per-provider registration token requirement (#5605) 2026-06-10 10:05:46 +02:00
Quentin Gliech 6c330ec72e Fix the compat session API definition in the admin API spec 2026-06-02 10:22:28 +02:00
Quentin Gliech 5104bb84d1 admin-api: filter OAuth2 client list by presence of active sessions 2026-06-01 17:30:16 +02:00
Quentin Gliech a5a957b0e3 admin-api: filter OAuth2 client list by grant type 2026-06-01 17:30:16 +02:00
Quentin Gliech 25a3e24d8c admin-api: expose grant_types on OAuth2 client model 2026-06-01 17:30:16 +02:00
Quentin Gliech b00af1b732 admin-api: add get endpoint for OAuth2 clients 2026-06-01 17:30:16 +02:00
Quentin Gliech 4d5e7c7984 admin-api: filter browser session list by last activity 2026-06-01 17:30:15 +02:00
Quentin Gliech bb4c8b66d3 admin-api: add list endpoint for OAuth2 clients 2026-06-01 17:30:15 +02:00
Quentin Gliech 77e84e7f86 admin-api: filter browser session list by creation time 2026-06-01 17:30:15 +02:00
Quentin Gliech 6a92be40d3 admin-api: filter compat session list by last activity 2026-06-01 17:30:15 +02:00
Quentin Gliech c5555b83b8 admin-api: filter compat session list by creation time 2026-06-01 17:30:15 +02:00
Quentin Gliech 31797b4b7c admin-api: filter OAuth2 session list by last activity 2026-06-01 17:30:15 +02:00
Quentin Gliech 45b0a59a09 admin-api: filter OAuth2 session list by creation time 2026-06-01 17:30:15 +02:00
Quentin Gliech ce68d63adb admin-api: allow filtering OAuth2 sessions by multiple clients
Make `filter[client]` on `GET /api/admin/v1/oauth2-sessions` repeatable
so admin tooling can fetch sessions belonging to a set of clients in
one request. The field on `FilterParams` changes from `Option<Ulid>`
to `Vec<Ulid>`; the struct was already extracted with
`axum_extra::extract::Query` so the repeated values are not silently
dropped.

Each client ULID is validated to exist (mirroring the previous
single-client `404` behaviour) before being passed to the new
`OAuth2SessionFilter::for_clients` storage filter. The `Display`
impl used to reconstruct cursor links now emits one
`filter[client]=…` segment per client so pagination preserves the
filter. The OpenAPI schema is regenerated via `misc/update.sh` and
now describes the parameter as an array.
2026-06-01 17:30:14 +02:00
Quentin Gliech 4be94f54bb admin-api: filter user list by presence of active OAuth2 session 2026-06-01 17:30:14 +02:00
Quentin Gliech ee9a7ccaef admin-api: filter user list by presence of active compat session
Adds `filter[has-active-compat-session]=true|false` to
`GET /api/admin/v1/users`. When `true` (resp. `false`), only users with
(resp. without) at least one active (non-finished) compatibility session
are returned.
2026-06-01 17:30:14 +02:00
Quentin Gliech be96582e9e admin-api: filter user list by active OAuth2 session with given clients
Adds `filter[active-oauth2-client]` to `GET /api/admin/v1/users`. The
filter is a repeatable ULID query parameter; the semantics are OR across
the supplied clients (a user matches if they have an active OAuth2
session belonging to any of them).

Each supplied client ID is validated up front: a missing client returns
404 (mirroring the pattern in `oauth2-sessions/list`).
2026-06-01 17:30:14 +02:00
defaultdino ba72443627 fix style, run update.sh and fix test for SiteConfig 2026-05-13 13:27:23 +02:00
mcalinghee a39edc9bd3 add displayname and avatar url when adding user with admin api 2026-05-09 14:33:58 +02:00
defaultdino 7342218175 fix provider.rs, format, and run update.sh 2026-04-03 19:22:57 +02:00
Quentin Gliech a35cb76c41 Remove the nullable transform 2025-11-07 10:53:46 +01:00
Quentin Gliech e2490688a5 Merge remote-tracking branch 'origin/main' into quenting/schemars-0.9 2025-11-06 17:34:43 +01:00
Olivier 'reivilibre dda3a498b3 (update JSONSchema) 2025-10-21 12:16:45 +01:00
Olivier 'reivilibre 1030ec9ea9 Add personal sessions admin API 2025-10-20 14:51:40 +01:00
Quentin Gliech cd39513d44 Add admin APIs to finish individual sessions (#5091) 2025-10-08 10:30:22 +02:00
Quentin Gliech e4844968d3 Add a configuration option to make email optional for password registration 2025-10-07 17:28:01 +02:00
Quentin Gliech 0a5d048deb Admin API to get the version of the service 2025-10-03 11:58:53 +02:00
Quentin Gliech b856c885e1 Admin API to finish a compatibility session 2025-09-30 16:50:37 +02:00
Quentin Gliech c512b7223d Admin API to finish an OAuth2 session 2025-09-30 16:50:37 +02:00
Quentin Gliech defb2cf0e0 Admin API to finish a user session 2025-09-30 15:53:18 +02:00
Quentin Gliech eb8a87c02c Admin API: make sure the meta fields are nullable 2025-09-30 13:23:54 +02:00
Quentin Gliech 38278fa453 Admin API: add endpoint to get an Upstream OAuth Provider by ID 2025-09-30 12:08:31 +02:00
Quentin Gliech 0d7144836e Merge remote-tracking branch 'origin/main' into quenting/admin-api/optional-count 2025-09-30 11:46:50 +02:00
Quentin Gliech afaa7c44aa Admin API: parameter to include total number of items
This allows removing the count calculation when not needed, or to skip
the list of items entirely.
2025-09-29 18:27:22 +02:00
Quentin Gliech 10a4c8e215 Admin API: add pagination cursors to list endpoints 2025-09-29 15:09:15 +02:00
Quentin Gliech 04758bee99 Admin API to list upstream OAuth 2.0 providers 2025-09-19 11:12:48 +02:00
Quentin Gliech a7e56b3849 Admin API filter to search users by username 2025-09-15 14:12:31 +02:00
Quentin Gliech 1e1dfdadc2 Allow filtering guest/non-guest users 2025-09-15 12:51:06 +02:00
Quentin Gliech 5d63ee2edf Surface the user guest flag in the admin API 2025-09-15 12:51:00 +02:00
Quentin Gliech f9f23fb12d Admin API to expose a few configuration values 2025-09-12 17:47:36 +02:00
Quentin Gliech 7e018a06aa Merge remote-tracking branch 'origin/main' into quenting/stable-api 2025-08-04 16:38:49 +02:00
Quentin Gliech b83c747f37 Allow skipping GDPR-erasure when deactivating a user through the admin API (#4744) 2025-07-17 09:15:25 +02:00
Andrew Ferrazzutti d807975137 Decouple (un)locking from (re/de)activation
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.

Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti 6c1afee13d Separate active state from lock state in admin API
- Allow the admin API to deactivate a user without locking it, and to
  unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
  option is used only by the admin API which doesn't use a job.
2025-07-16 14:17:01 -04:00
Andrew Ferrazzutti 13a21cc018 Update schema 2025-07-16 14:17:01 -04:00