0486c6e05d
Use the user_session_id on upstream authorisations for filtering instead
...
of authentications
This makes it one less table to read
2026-01-21 14:49:07 +01:00
c4c85978fe
Add trigger and backfill for upstream OAuth user session tracking
...
Introduce a new trigger and a backfill migration to populate the
`user_session_id` column in `upstream_oauth_authorization_sessions`
based on `user_session_authentications`. This ensures historical data is
consistent and aids in backward compatibility.
2026-01-21 14:49:07 +01:00
3834cbc105
Add index on the user_session_id foreign key for upstream auth sessions
2026-01-21 14:49:07 +01:00
da164a8c43
Do not cleanup upstream OAuth sessions that may still be useful ( #5437 )
2026-01-21 13:20:38 +01:00
1bd11e7656
Disable cleanup of upstream OAuth sessions
...
This job is temporarily disabled due to pending database backfill work.
It will be re-enabled in a future release.
2026-01-21 12:28:19 +01:00
e095938da5
Only cleanup orphan upstream authorization sessions
...
This includes sessions that were never completed, and sessions where
user_session was cleaned up. This is to avoid breaking features like
OIDC Backchannel Logout after 30 days.
2026-01-21 12:25:42 +01:00
39adf61089
Track user session authenticated through upstream auth sessions
...
This will help us avoid clearing upstream authorization sessions that
might still be useful to keep around for OIDC Backchannel Logouts
2026-01-21 12:19:05 +01:00
1d536bca72
Consume upstream authorization sessions later in the user registration
...
flow
The main goal of this is to allow tracking user sessions authed by an
upstream authorization session, but this also has the nice side effect
of allowing 'going back' in browser history within the registration flow
2026-01-21 12:15:09 +01:00
65b223a27f
build(deps): bump @vector-im/compound-web from 8.3.1 to 8.3.5 in /frontend ( #5431 )
2026-01-20 16:41:46 +01:00
2defccf6f0
Update test snapshots
2026-01-20 16:34:22 +01:00
775cb13c23
Add support for the unstable prefix of MSC3824 ( #5434 )
2026-01-20 16:32:43 +01:00
c924ec24c9
Fix foreign key constraint when cleaning up upstream OAuth 2.0 links ( #5432 )
2026-01-20 16:30:41 +01:00
2662631be2
Handle deleted and invalid post-auth actions ( #5433 )
2026-01-20 16:23:54 +01:00
bf7d2b53a0
add unstable prefix for MSC3824
2026-01-20 15:34:47 +01:00
1fd5fb958f
Handle deleted and invalid post-auth actions
2026-01-20 14:42:02 +01:00
0d5cc65c52
Fix foreign key constraint when cleaning up upstream OAuth 2.0 links
...
https://sentry.tools.element.io/organizations/element/issues/11222736/
2026-01-20 14:29:27 +01:00
c5ce9d0307
Cleanup old completed jobs from the database ( #5427 )
2026-01-19 16:57:09 +01:00
980e2ef1f0
build(deps): bump @vector-im/compound-web in /frontend
...
Bumps [@vector-im/compound-web](https://github.com/element-hq/compound-web ) from 8.3.1 to 8.3.5.
- [Release notes](https://github.com/element-hq/compound-web/releases )
- [Commits](https://github.com/element-hq/compound-web/compare/v8.3.1...v8.3.5 )
---
updated-dependencies:
- dependency-name: "@vector-im/compound-web"
dependency-version: 8.3.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-19 15:52:41 +00:00
dbf3c351f4
Mark the next attempt foreign key as initially not valid
2026-01-19 15:44:22 +01:00
5116d104e7
Cleanup old upstream OAuth sessions and unlinked links ( #5426 )
2026-01-19 15:14:12 +01:00
ffdf22ac19
Cleanup old email authentications & account recoveries ( #5425 )
2026-01-19 15:12:02 +01:00
a41975da0e
Cleanup old OAuth grants ( #5424 )
2026-01-19 15:11:48 +01:00
7272813925
Implement cleanup job for queue jobs
...
Add scheduled cleanup job that removes old completed and failed queue
jobs after 30 days. Jobs are kept for debugging purposes.
Includes migration to change the next_attempt_id FK constraint from NO
ACTION to SET NULL, allowing cleanup of retry chains without breaking
foreign key constraints.
One caveat is that cleanup is based on their creation time, *not* when
they got completed/failed. This means that if the job takes a long time
(as in, several days) to get scheduled, it might get cleared as soon as
it runs. This is fine for now, we may want to revisit this if we start
scheduling jobs far in the future
2026-01-19 12:25:04 +01:00
a721302201
Implement cleanup jobs for upstream OAuth sessions and links
...
Add two cleanup jobs scheduled hourly:
1. Upstream OAuth authorization sessions - removes sessions after 30 days
2. Orphaned upstream OAuth links - removes links after 7 days where user_id IS NULL. These are links created during upstream OAuth 2.0 login but never associated with a user
2026-01-19 12:24:13 +01:00
eec86dab90
build(deps-dev): bump knip from 5.75.1 to 5.80.0 in /frontend ( #5403 )
2026-01-17 11:11:29 +01:00
e8d52e3670
build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.14 to 2.0.15 ( #5404 )
2026-01-17 11:05:29 +01:00
58caaeca58
build(deps-dev): bump knip from 5.75.1 to 5.80.0 in /frontend
...
Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip ) from 5.75.1 to 5.80.0.
- [Release notes](https://github.com/webpro-nl/knip/releases )
- [Commits](https://github.com/webpro-nl/knip/commits/knip@5.80.0/packages/knip )
---
updated-dependencies:
- dependency-name: knip
dependency-version: 5.80.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-17 10:04:47 +00:00
190fa2cdda
build(deps): bump the tanstack-router group in /frontend with 3 updates ( #5402 )
2026-01-17 11:04:07 +01:00
ee3ca1a605
build(deps): bump the i18next group across 1 directory with 3 updates ( #5412 )
2026-01-17 11:03:26 +01:00
766ff6c8f3
Implement cleanup job for email authentications
...
Add scheduled cleanup job that removes old user email authentications
after 7 days. Runs every hour.
2026-01-16 17:56:16 +01:00
2ae95e30ec
Implement cleanup job for user recovery sessions
...
Add scheduled cleanup job that removes old user recovery sessions after
7 days. Runs hourly.
Implementation uses ULID cursor-based pagination with no additional
indexes needed. Child tickets cascade-delete automatically.
2026-01-16 17:46:01 +01:00
0aaa9f79b4
Implement cleanup job for OAuth2 device code grants
...
Add cleanup job that removes device code grants older than 7 days.
Uses ULID cursor-based pagination for efficiency.
- Add cleanup method to OAuth2DeviceCodeGrantRepository
- Add CleanupOAuthDeviceCodeGrantsJob task
- Register handler and schedule to run hourly
2026-01-16 17:40:11 +01:00
53010538bc
Implement cleanup job for OAuth2 authorization grants
...
Add cleanup job that removes authorization grants older than 7 days.
Uses ULID cursor-based pagination for efficiency.
- Add cleanup method to OAuth2AuthorizationGrantRepository trait
- Add CleanupOAuthAuthorizationGrantsJob task
- Register handler and schedule to run hourly
2026-01-16 17:39:38 +01:00
4b50d306fe
build(deps): bump the tanstack-router group in /frontend with 3 updates
...
Bumps the tanstack-router group in /frontend with 3 updates: [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router ), [@tanstack/react-router-devtools](https://github.com/TanStack/router/tree/HEAD/packages/react-router-devtools ) and [@tanstack/router-plugin](https://github.com/TanStack/router/tree/HEAD/packages/router-plugin ).
Updates `@tanstack/react-router` from 1.145.7 to 1.145.11
- [Release notes](https://github.com/TanStack/router/releases )
- [Commits](https://github.com/TanStack/router/commits/v1.145.11/packages/react-router )
Updates `@tanstack/react-router-devtools` from 1.145.7 to 1.145.11
- [Release notes](https://github.com/TanStack/router/releases )
- [Commits](https://github.com/TanStack/router/commits/v1.145.11/packages/react-router-devtools )
Updates `@tanstack/router-plugin` from 1.145.10 to 1.145.11
- [Release notes](https://github.com/TanStack/router/releases )
- [Commits](https://github.com/TanStack/router/commits/v1.145.11/packages/router-plugin )
---
updated-dependencies:
- dependency-name: "@tanstack/react-router"
dependency-version: 1.145.11
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: tanstack-router
- dependency-name: "@tanstack/react-router-devtools"
dependency-version: 1.145.11
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: tanstack-router
- dependency-name: "@tanstack/router-plugin"
dependency-version: 1.145.11
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: tanstack-router
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-16 13:54:42 +00:00
ae5a42f08e
build(deps): bump the i18next group across 1 directory with 3 updates
...
Bumps the i18next group with 3 updates in the /frontend directory: [i18next](https://github.com/i18next/i18next ), [react-i18next](https://github.com/i18next/react-i18next ) and [i18next-cli](https://github.com/i18next/i18next-cli ).
Updates `i18next` from 25.7.3 to 25.7.4
- [Release notes](https://github.com/i18next/i18next/releases )
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md )
- [Commits](https://github.com/i18next/i18next/compare/v25.7.3...v25.7.4 )
Updates `react-i18next` from 16.5.1 to 16.5.2
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md )
- [Commits](https://github.com/i18next/react-i18next/compare/v16.5.1...v16.5.2 )
Updates `i18next-cli` from 1.34.1 to 1.35.0
- [Changelog](https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md )
- [Commits](https://github.com/i18next/i18next-cli/compare/v1.34.1...v1.35.0 )
---
updated-dependencies:
- dependency-name: i18next
dependency-version: 25.7.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: i18next
- dependency-name: react-i18next
dependency-version: 16.5.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: i18next
- dependency-name: i18next-cli
dependency-version: 1.35.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: i18next
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-16 13:54:38 +00:00
0cf7922475
Allow hourly cleanup jobs to run for longer ( #5422 )
2026-01-16 11:46:33 +01:00
d71d59dba2
Allow hourly cleanup jobs to run for longer
2026-01-16 11:25:28 +01:00
56e3a7812a
Cleanup finished compat sessions after 30 days ( #5419 )
2026-01-15 17:39:15 +01:00
edb6ba9606
Cleanup finished compat sessions after 30 days
2026-01-15 12:29:43 +01:00
c4e6724c97
Adjust the retention period for user registrations to 30 days ( #5417 )
2026-01-15 11:54:41 +01:00
4c93d6dedf
Adjust the retention period for user registrations to 30 days
2026-01-14 17:51:55 +01:00
0ef8822cfb
Cleanup old user registrations from the database ( #5415 )
2026-01-14 15:25:39 +01:00
e854393476
Add "Getting started" section with ESS reference to README ( #5416 )
2026-01-14 14:46:38 +01:00
de50791758
Keep the copyright info consistent with the rest
2026-01-14 14:36:06 +01:00
5e12d125ed
Add "Getting started" section with ESS reference to README
2026-01-14 14:33:54 +01:00
e33f3f1e25
Cleanup old user registrations from the database
2026-01-14 14:01:10 +01:00
b693d789ae
Remove imported unsupported threepids when deactivating a user ( #5406 )
2026-01-13 17:30:20 +01:00
70bb3c8bad
Automatic merge back to main ( #5414 )
2026-01-13 17:26:52 +01:00
5ab1db2765
Hard delete expired, revoked and consumed OAuth 2.0 tokens after some time ( #5409 )
2026-01-13 17:23:16 +01:00
0ed79f7c6d
Fix typo in comment
...
Co-authored-by: Olivier 'reivilibre' <oliverw@element.io >
2026-01-13 17:22:48 +01:00
Quentin Gliech