409f35476a
Remove stale comment
2025-10-22 14:23:18 +01:00
be40e1bed7
Add revoke_bulk for personal sessions storage
2025-10-22 11:27:10 +01:00
eeba7e192c
Personal Sessions: add create, list, get, revoke, regenerate Admin APIs ( #5141 )
...
Introduces some admin API endpoints for Personal Sessions.
- add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
- get: Shows the information about a personal session
- list: Shows many personal sessions
- revoke: Revokes a personal session, so it can't be used anymore
- regenerate: Revoke the active personal access token for a session and issue a new one to replace it.
2025-10-22 11:20:02 +01:00
52c04c173f
Add expires filter to personal sessions list
2025-10-21 10:10:14 +01:00
78b010d3f6
find_active_by_session: take &PersonalSession
2025-10-21 09:43:46 +01:00
893e4265c3
Implement activity tracking for personal sessions
2025-10-20 17:23:31 +01:00
98c765cf6b
storage: include PATs alongside personal sessions
2025-10-20 14:33:30 +01:00
34b3462a47
storage: introduce find_active_for_session for PATs
2025-10-20 13:06:41 +01:00
277e8e84b0
Take access_token by ref in add
2025-10-09 13:00:19 +01:00
72d3ea851b
Support OAuth2 clients as owners of personal sessions
2025-10-07 19:54:59 +01:00
b6d8cdbfee
Add filters for personal sessions
2025-10-07 19:54:59 +01:00
6dfa0e34da
Add personal access token and session storage
2025-10-07 19:54:59 +01:00
5e0f70c66e
storage: make the edges in pages include cursors
2025-09-29 14:46:28 +02:00
a7e56b3849
Admin API filter to search users by username
2025-09-15 14:12:31 +02:00
1e1dfdadc2
Allow filtering guest/non-guest users
2025-09-15 12:51:06 +02:00
6a1d67f452
Merge remote-tracking branch 'origin/main' into feat/login_hint_with_email
2025-08-18 16:43:00 +02:00
6a2492e70b
Fix a few clippy lints, mostly in doc comments
2025-08-18 10:34:28 +02:00
a75ca69ed0
move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model : format
2025-07-31 12:35:56 +02:00
d65b70d0dc
move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model : correct documentation
2025-07-31 12:34:01 +02:00
c314802fcd
move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model
2025-07-31 11:17:33 +02:00
d807975137
Decouple (un)locking from (re/de)activation
...
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.
Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
2025-07-16 14:17:01 -04:00
6c1afee13d
Separate active state from lock state in admin API
...
- Allow the admin API to deactivate a user without locking it, and to
unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
option is used only by the admin API which doesn't use a job.
2025-07-16 14:17:01 -04:00
a8b8c8e31c
Add admin API endpoint to reactivate user
2025-07-16 14:17:01 -04:00
e2aad08006
Miscellaneous housekeeping ( #4735 )
2025-07-16 18:53:59 +02:00
57af270ffa
Allow running jobs from the job queue in tests ( #4775 )
2025-07-11 14:47:23 +02:00
4227341857
Make the task State::clock() return a &dyn Clock instead of a BoxClock
2025-07-09 17:20:03 +02:00
0405e952af
Make email address lookups case-insensitive
2025-07-08 18:01:20 +02:00
8d6621f00e
Log out oauth & compat sessions when receiving a backchannel logout request
2025-07-04 16:27:10 +02:00
e245cd831f
Compose filters for batch logging out of browser sessions
...
Instead of having to load all authentication sessions in memory, we
allow composing browser session filters with a upstream auth sessions
filter
2025-07-04 16:27:10 +02:00
ae06e4b512
storage: allow filtering browser sessions by which upstream session
...
authd them
2025-07-04 16:27:10 +02:00
e28ffccc3a
Backchannel logout behavior settings on upstream providers
2025-07-04 16:27:10 +02:00
835b1b5f58
Allow filtering upstream sessions by sub and sid claims
2025-07-04 16:27:09 +02:00
db65a702a7
storage: list and count methods for upstream oauth sessions
2025-07-04 16:27:09 +02:00
1c6c6ff8fa
Record the decoded ID token claims on upstream auth sessions
2025-07-04 16:27:09 +02:00
925a41e6a1
Fix rogue invalid characters inside doc comments.
...
Signed-off-by: Jason Volk <jason@zemos.net >
2025-06-30 17:06:58 +00:00
c3707c13ae
Add license headers in most files that missed them
2025-06-12 11:01:07 +02:00
3d96dc9d47
Update license headers to match the actual license
2025-06-12 10:32:16 +02:00
97e83e1467
Define all the dependencies at the workspace level
2025-06-10 14:25:38 +02:00
52942ee94e
Admin API to edit registration tokens
2025-06-05 18:22:16 +02:00
c8f2a2146c
Admin API to un-revoke a user registration token.
2025-06-05 16:56:42 +02:00
62cad6a210
List and count methods on the UserRegistrationTokenRepository
2025-06-03 17:42:53 +02:00
ccb971d3d3
Data model and repository for user registration tokens
2025-06-03 17:42:52 +02:00
e9589ae17e
Don't hold database connections open when talking to the homeserver ( #4527 )
2025-05-09 09:13:42 +02:00
626c9be760
Move the pool acquisition metric logic to the PgRepositoryFactory
2025-05-07 17:09:20 +02:00
03bad37070
Introduce a RepositoryFactory
2025-05-07 17:00:49 +02:00
5d58d9df7c
Don't generate and send a nonce for non-OIDC-compliant auth requests
2025-05-07 15:34:27 +02:00
096ce6037d
Add a configuration for forwarding the login hint to the upstream provider.
2025-05-06 17:50:33 +01:00
8bfe2d2092
Allow setting custom names on sessions ( #4459 )
2025-04-30 15:32:25 +02:00
9cfecaf5db
Insert client_name when upserting statically registered clients ( #4417 )
2025-04-30 11:50:49 +02:00
9a660b211a
storage: methods to set the sessions human name
2025-04-25 16:55:30 +02:00
Olivier 'reivilibre