a01c0af73e
fix up test that relied on it being broken
2025-10-23 16:02:19 +01:00
f020cce619
Fix UNIQUE constraint on active personal access tokens per session
2025-10-23 15:01:39 +01:00
80feaffe16
Add comments for the filters
2025-10-22 14:22:10 +01:00
be40e1bed7
Add revoke_bulk for personal sessions storage
2025-10-22 11:27:10 +01:00
eeba7e192c
Personal Sessions: add create, list, get, revoke, regenerate Admin APIs ( #5141 )
...
Introduces some admin API endpoints for Personal Sessions.
- add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
- get: Shows the information about a personal session
- list: Shows many personal sessions
- revoke: Revokes a personal session, so it can't be used anymore
- regenerate: Revoke the active personal access token for a session and issue a new one to replace it.
2025-10-22 11:20:02 +01:00
52c04c173f
Add expires filter to personal sessions list
2025-10-21 10:10:14 +01:00
78b010d3f6
find_active_by_session: take &PersonalSession
2025-10-21 09:43:46 +01:00
893e4265c3
Implement activity tracking for personal sessions
2025-10-20 17:23:31 +01:00
01c89cd122
Delete owned PATs & personal sessions when pruning OAuth2 clients
2025-10-20 14:33:30 +01:00
353d23474c
When revoking a personal session, also revoke its PAT
2025-10-20 14:33:30 +01:00
98c765cf6b
storage: include PATs alongside personal sessions
2025-10-20 14:33:30 +01:00
34b3462a47
storage: introduce find_active_for_session for PATs
2025-10-20 13:06:41 +01:00
277e8e84b0
Take access_token by ref in add
2025-10-09 13:00:19 +01:00
72d3ea851b
Support OAuth2 clients as owners of personal sessions
2025-10-07 19:54:59 +01:00
9f7806163b
Enable session filter tests
2025-10-07 19:54:59 +01:00
b6d8cdbfee
Add filters for personal sessions
2025-10-07 19:54:59 +01:00
0619f83cc8
Add storage tests (with TODOs for unsupported functionality)
2025-10-07 19:54:59 +01:00
6dfa0e34da
Add personal access token and session storage
2025-10-07 19:54:59 +01:00
1519de2a17
Add tables for personal access tokens
2025-10-07 13:12:54 +01:00
5e0f70c66e
storage: make the edges in pages include cursors
2025-09-29 14:46:28 +02:00
a7e56b3849
Admin API filter to search users by username
2025-09-15 14:12:31 +02:00
1e1dfdadc2
Allow filtering guest/non-guest users
2025-09-15 12:51:06 +02:00
5d63ee2edf
Surface the user guest flag in the admin API
2025-09-15 12:51:00 +02:00
6a1d67f452
Merge remote-tracking branch 'origin/main' into feat/login_hint_with_email
2025-08-18 16:43:00 +02:00
a3d1148055
Fix a few more clippy lints
2025-08-18 10:45:20 +02:00
6a2492e70b
Fix a few clippy lints, mostly in doc comments
2025-08-18 10:34:28 +02:00
a55f26c53e
Merge branch 'main' into feat/login_hint_with_email
2025-08-05 17:02:14 +02:00
7e018a06aa
Merge remote-tracking branch 'origin/main' into quenting/stable-api
2025-08-04 16:38:49 +02:00
c314802fcd
move Clock/MockClock/SystemClock/BoxClock/BoxRng to mas-data-model
2025-07-31 11:17:33 +02:00
ea873577aa
Fix many clippy warnings
...
This is because the tracing-attributes update made clippy look at those
again. I've removed the `too_many_lines` lint, as it's not really useful
and we ignore it most of the time anyway.
2025-07-30 14:49:38 +02:00
d807975137
Decouple (un)locking from (re/de)activation
...
Unify the admin API, CLI, and GraphQL API in not having the unlock
command also reactivate, or the deactivate command also lock.
Still let the unlock command of the CLI and GraphQL API to also
reactivate the target user, albeit as a non-default option.
2025-07-16 14:17:01 -04:00
6c1afee13d
Separate active state from lock state in admin API
...
- Allow the admin API to deactivate a user without locking it, and to
unlock a user without reactivating it.
- Make unlock-and-reactivate flows unset the "deactivated_at" timestamp.
- Revert adding an "unlock" parameter on `ReactivateUserJob`, as the
option is used only by the admin API which doesn't use a job.
2025-07-16 14:17:01 -04:00
a8b8c8e31c
Add admin API endpoint to reactivate user
2025-07-16 14:17:01 -04:00
1c36430035
Automatic merge back to main ( #4781 )
2025-07-10 17:28:11 +02:00
620f214cb0
Split the migration in two parts, two transactions.
2025-07-09 15:10:53 +02:00
81efccffa9
Only apply the trigger on rows without the id_token_claims set
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-07-09 14:55:02 +02:00
9644a2b2f2
Backfill the id_token_claims column in the upstream_oauth_authorization_sessions table
2025-07-09 14:43:47 +02:00
0405e952af
Make email address lookups case-insensitive
2025-07-08 18:01:20 +02:00
8d6621f00e
Log out oauth & compat sessions when receiving a backchannel logout request
2025-07-04 16:27:10 +02:00
e245cd831f
Compose filters for batch logging out of browser sessions
...
Instead of having to load all authentication sessions in memory, we
allow composing browser session filters with a upstream auth sessions
filter
2025-07-04 16:27:10 +02:00
ae06e4b512
storage: allow filtering browser sessions by which upstream session
...
authd them
2025-07-04 16:27:10 +02:00
e28ffccc3a
Backchannel logout behavior settings on upstream providers
2025-07-04 16:27:10 +02:00
835b1b5f58
Allow filtering upstream sessions by sub and sid claims
2025-07-04 16:27:09 +02:00
db65a702a7
storage: list and count methods for upstream oauth sessions
2025-07-04 16:27:09 +02:00
1c6c6ff8fa
Record the decoded ID token claims on upstream auth sessions
2025-07-04 16:27:09 +02:00
fe75448660
storage: get both the stable & unstable scopes when looking for devices
2025-06-13 15:54:51 +02:00
c3707c13ae
Add license headers in most files that missed them
2025-06-12 11:01:07 +02:00
3d96dc9d47
Update license headers to match the actual license
2025-06-12 10:32:16 +02:00
97e83e1467
Define all the dependencies at the workspace level
2025-06-10 14:25:38 +02:00
52942ee94e
Admin API to edit registration tokens
2025-06-05 18:22:16 +02:00
Olivier 'reivilibre