150be9b36a
Create missing indexes for all the foreign keys in the database. ( #4385 )
2025-04-14 16:03:28 +02:00
48843dba5a
Clear the session cookie on logout from the GraphQL API ( #4328 )
2025-04-14 15:52:18 +02:00
744bb2c372
Lookup usernames case insensitively ( #4378 )
2025-04-14 15:51:59 +02:00
bd737342b9
Always ask for consent, never for reauth ( #4386 )
2025-04-14 15:51:48 +02:00
58551c9a62
Handle the case where there are multiple users with the same username, but with a different casing.
2025-04-11 15:38:28 +02:00
521aff9134
build(deps): bump vergen-gitcl from 1.0.7 to 1.0.8
...
Bumps [vergen-gitcl](https://github.com/rustyhorde/vergen ) from 1.0.7 to 1.0.8.
- [Release notes](https://github.com/rustyhorde/vergen/releases )
- [Commits](https://github.com/rustyhorde/vergen/compare/vergen_git2_1.0.7...vergen_gix_1.0.8 )
---
updated-dependencies:
- dependency-name: vergen-gitcl
dependency-version: 1.0.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-11 13:26:03 +00:00
26dcba6feb
Remove the complete handler, make it go through the consent page
2025-04-11 15:04:34 +02:00
e22016f85c
Remove the reauth view
2025-04-11 13:35:59 +02:00
cf732ac8f0
Always ask for consent, never for reauth
...
Now that we have deduplicated clients, we're in this weird situation
where authorization grants just… go through.
This is because 4 years ago, I designed it to support prompt=consent and
prompt=none, but that never ended up being used/mentioned in the MSCs.
We also had support for max_age, but that required reauthing, which
doesn't work well with upstream providers.
So this removes support for prompt=consent|none and max_age, and makes
sure we always go through the consent page.
Lots of code deleted, yay!
2025-04-10 19:57:45 +02:00
7012fd3855
Also lowercase the username when checking if it exists.
2025-04-10 18:45:13 +02:00
b5ed17dbff
Lookup usernames case insensitively
2025-04-10 18:36:43 +02:00
c861856dff
Create missing indexes for all the foreign keys in the database.
2025-04-10 18:32:40 +02:00
77e954e475
correct format and translation
2025-04-10 17:57:58 +02:00
f2a47f9a88
add login by email + feature flag
2025-04-10 17:57:58 +02:00
06e72cabe8
build(deps): bump vergen-gitcl from 1.0.5 to 1.0.7
...
Bumps [vergen-gitcl](https://github.com/rustyhorde/vergen ) from 1.0.5 to 1.0.7.
- [Release notes](https://github.com/rustyhorde/vergen/releases )
- [Commits](https://github.com/rustyhorde/vergen/commits/vergen_git2_1.0.7 )
---
updated-dependencies:
- dependency-name: vergen-gitcl
dependency-version: 1.0.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-10 10:19:21 +00:00
001dcbec16
build(deps): bump psl from 2.1.98 to 2.1.99 ( #4368 )
2025-04-09 13:34:21 +02:00
2b81c8a42e
Admin API for adding and removing upstream oauth links ( #4255 )
2025-04-09 13:33:16 +02:00
7c4a9bf5be
Handle the correct conflict
2025-04-09 07:27:04 +00:00
ae2fe1cb3f
Separate spans
2025-04-08 16:54:35 +00:00
7f4e97535b
Use serde_json::Error::is_data() to distinguish error kinds
2025-04-08 18:12:46 +02:00
e238395325
Allow requests to the compat login endpoint without a Content-Type header
...
Fixes #4340
2025-04-08 16:42:04 +02:00
8480e4c948
build(deps): bump psl from 2.1.98 to 2.1.99
...
Bumps [psl](https://github.com/addr-rs/psl ) from 2.1.98 to 2.1.99.
- [Release notes](https://github.com/addr-rs/psl/releases )
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.98...v2.1.99 )
---
updated-dependencies:
- dependency-name: psl
dependency-version: 2.1.99
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-08 14:03:28 +00:00
7a11f21bf1
Support database poolers: clean up LISTEN/NOTIFY state when opening a connection
...
This should resolve the following issue:
encountered unexpected or invalid data: execute: unexpected message: NotificationResponse (sqlx_postgres::connection::executor:361)
2025-04-08 13:24:55 +02:00
d310f48a7e
compat login: support using client-provided device ID ( #4342 )
2025-04-07 08:52:29 +02:00
12b316198e
Expose more Sentry configuration ( #4352 )
2025-04-07 08:50:27 +02:00
fa69cdc15c
Record auth related metrics ( #4301 )
2025-04-07 08:49:28 +02:00
a9721c224b
clippy fix
2025-04-07 07:45:40 +01:00
6e375ccfc1
Fix doc comment
2025-04-07 08:31:58 +02:00
31ccd5448e
Properly record the queries in two spans
2025-04-07 08:21:36 +02:00
65f4c4dc6c
Added Discord to default upstream oauth2 providers, regenerated config schema
2025-04-06 23:21:12 +06:00
e776d652d9
Fix Clippy lints introduced by Rust 1.86
2025-04-06 16:18:27 +02:00
073ca959a9
Upgrade bcrypt to 0.17.0
2025-04-06 10:53:43 +02:00
1520b1f94d
Update opa-wasm to 0.1.5
2025-04-06 10:51:47 +02:00
799f80e6ad
Upgrade OpenTelemetry to 0.29.0
2025-04-06 10:33:01 +02:00
eb0cb941c0
Check that sample rates are in range in the config
2025-04-05 23:20:08 +02:00
5bcc1ec011
Allow setting the OTLP tracing sample rate
2025-04-05 23:19:50 +02:00
bb34e9a6b5
Allow setting the Sentry environment & sample rates
...
Also record the version in the Sentry release field.
2025-04-05 23:19:16 +02:00
a73cb1c2fb
UNFINISHED: finish active sessions when replacing a device
2025-04-04 17:52:08 +01:00
1f2eccc645
compat login (sso): support using client-provided device_id
2025-04-04 16:25:01 +01:00
77b04ef1d4
Clear the session cookie on logout from the GraphQL API
2025-04-01 16:11:54 +02:00
a6418d1949
build(deps): bump pest_derive from 2.7.15 to 2.8.0 ( #4314 )
2025-03-31 16:51:24 +02:00
5b18dabb03
build(deps): bump socket2 from 0.5.8 to 0.5.9 ( #4315 )
2025-03-31 16:51:01 +02:00
5c16cf8f6b
build(deps): bump psl from 2.1.97 to 2.1.98
...
Bumps [psl](https://github.com/addr-rs/psl ) from 2.1.97 to 2.1.98.
- [Release notes](https://github.com/addr-rs/psl/releases )
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.97...v2.1.98 )
---
updated-dependencies:
- dependency-name: psl
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-31 13:36:58 +00:00
16dea0d389
build(deps): bump socket2 from 0.5.8 to 0.5.9
...
Bumps [socket2](https://github.com/rust-lang/socket2 ) from 0.5.8 to 0.5.9.
- [Release notes](https://github.com/rust-lang/socket2/releases )
- [Changelog](https://github.com/rust-lang/socket2/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/socket2/commits )
---
updated-dependencies:
- dependency-name: socket2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-31 13:36:09 +00:00
e85bcf971e
build(deps): bump pest_derive from 2.7.15 to 2.8.0
...
Bumps [pest_derive](https://github.com/pest-parser/pest ) from 2.7.15 to 2.8.0.
- [Release notes](https://github.com/pest-parser/pest/releases )
- [Commits](https://github.com/pest-parser/pest/compare/v2.7.15...v2.8.0 )
---
updated-dependencies:
- dependency-name: pest_derive
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-31 13:35:46 +00:00
f300eca3ee
syn2mas: Track skipped entities in the syn2mas progress ( #4225 )
2025-03-28 14:58:58 +01:00
33a9e85ff8
build(deps): bump pest from 2.7.15 to 2.8.0 ( #4297 )
2025-03-28 14:56:38 +01:00
5b11f88b26
build(deps): bump psl from 2.1.96 to 2.1.97
...
Bumps [psl](https://github.com/addr-rs/psl ) from 2.1.96 to 2.1.97.
- [Release notes](https://github.com/addr-rs/psl/releases )
- [Commits](https://github.com/addr-rs/psl/compare/v2.1.96...v2.1.97 )
---
updated-dependencies:
- dependency-name: psl
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-28 13:21:23 +00:00
f72ff850ce
Record metrics for upstream OAuth 2.0 logins and registrations
2025-03-26 23:14:52 +01:00
86a1261b6d
Record metrics for upstream OAuth 2.0 callbacks
2025-03-26 23:14:52 +01:00
Quentin Gliech