4bdf34719d
Add upstream_oauth2.providers.[].client_secret_file config option ( #4882 )
2025-11-18 11:29:21 +01:00
a20cd1d3b8
Automatic merge back to main ( #5235 )
2025-11-11 12:07:40 +01:00
b5a0834faa
Add upstream_oauth2.providers.[].client_secret_file config option
...
This patch factors out the previously introduced config
wrapper for client secrets to also use it for upstream oauth
providers.
See a7e7c3caa1
2025-11-08 16:10:19 +01:00
eeb5d61fe0
Don't extract the parent context if the span is disabled
2025-11-07 13:37:26 +01:00
2a3ea458b3
Fix spurious "Failed to set parent context on span" error
...
This would happen when the `info` log level is surpressed, and therefore
the request span would not be enabled and fail to set the parent OTEL
context.
2025-11-07 11:34:42 +01:00
db2288b4f3
Remove the nullable transform from the policies schemas
2025-11-07 11:11:41 +01:00
3d3412ab55
Remove the nullable transformation for the config schema.
2025-11-07 11:08:59 +01:00
c7bed3e30d
Merge branch 'main' into quenting/schemars-0.9
2025-11-07 10:59:56 +01:00
a35cb76c41
Remove the nullable transform
2025-11-07 10:53:46 +01:00
e2490688a5
Merge remote-tracking branch 'origin/main' into quenting/schemars-0.9
2025-11-06 17:34:43 +01:00
eda3eecc3e
Fix another broken link in the rustdocs
2025-11-06 10:11:22 +00:00
9566dc49b6
Fix broken link in rustdoc
2025-11-06 09:20:20 +00:00
f633e4251e
Merge branch 'main' into rei/templatecheck_todisk
2025-10-30 13:52:33 +00:00
e5183f600b
Fix comment and change delimiter to =
2025-10-30 13:51:33 +00:00
16ec04eb95
Change the format of SampleIdentifiers and don't make a subdir per locale
2025-10-30 12:06:09 +00:00
eeeec358c7
Downgrade to SemiStrict in production
2025-10-28 17:20:49 +00:00
647c8e703a
For branding: use none instead of undefined
2025-10-28 15:51:34 +00:00
7a24a22498
Introduce SampleIdentifiers to stably track samples
...
and use these in output filenames
2025-10-24 17:14:00 +01:00
763e236a0b
cli: templates check: allow rendering to --out-dir
2025-10-24 15:43:19 +01:00
72f9a1f65b
template macro: generate function for all checks
2025-10-24 15:03:22 +01:00
4af582a1c4
template macro: return rendered samples
2025-10-24 14:47:02 +01:00
ceaac6154c
templates: Be strict about undefined variables
...
We shouldn't have any reason to use undefined variables in MAS, so
silently printing as empty strings (etc) seems undesirable.
This will also be helpful for operators with custom templates, since
then they will notice their templates being broken.
2025-10-24 14:27:35 +01:00
a01c0af73e
fix up test that relied on it being broken
2025-10-23 16:02:19 +01:00
f020cce619
Fix UNIQUE constraint on active personal access tokens per session
2025-10-23 15:01:39 +01:00
0d28304c11
Revoke personal sessions when users are deactivated ( #5181 )
...
Revoke both personal sessions that are owned by, and acting as, the deactivated user.
Owned by because: it doesn't make sense for a deactivated user to be able to control themselves or other users, so them having active personal sessions is just confusing.
Acting as because: current precedent is that deactivated users are not controllable, even by admins.
To uphold this, the admin API is also fixed to stop allowing the creation of personal sessions for deactivated users.
2025-10-22 14:53:56 +01:00
3d80097bae
Merge branch 'main' into rei/pat_devicesync
2025-10-22 14:27:40 +01:00
409f35476a
Remove stale comment
2025-10-22 14:23:18 +01:00
80feaffe16
Add comments for the filters
2025-10-22 14:22:10 +01:00
54c025f333
Use is_valid_actor
2025-10-22 14:20:55 +01:00
e648c8ecc3
Merge branch 'main' into rei/pat_revoke_on_deactivate
2025-10-22 14:18:17 +01:00
95bc20e440
When adding personal session, upsert devices synchronously
2025-10-22 14:03:21 +01:00
e5a54f2d68
Restructure user validity check
2025-10-22 13:29:53 +01:00
84450a7bfb
remove redundant #[source]
2025-10-22 13:29:45 +01:00
c8ed12512e
Relax the validity check of the token actor
2025-10-22 13:15:12 +01:00
f51747a666
Check validity of token owner
2025-10-22 13:04:39 +01:00
a7d83540c2
Pass through the TokenFormatError
2025-10-22 12:59:49 +01:00
42f6664396
When adding or revoking personal sessions, schedule needed device syncs
2025-10-22 11:50:27 +01:00
c74150f8df
Accept PATs on the Admin API
2025-10-22 11:37:04 +01:00
b23a35a214
Rename record_personal_session function
2025-10-22 11:37:04 +01:00
c5756d4d7f
Don't allow creating personal sessions for deactivated users
2025-10-22 11:31:17 +01:00
7d5e9b863d
Revoke personal sessions on user deactivation
2025-10-22 11:27:10 +01:00
be40e1bed7
Add revoke_bulk for personal sessions storage
2025-10-22 11:27:10 +01:00
eeba7e192c
Personal Sessions: add create, list, get, revoke, regenerate Admin APIs ( #5141 )
...
Introduces some admin API endpoints for Personal Sessions.
- add: Creates a personal session along with its first personal access token, returning both. This is currently the only way to get a personal access token.
- get: Shows the information about a personal session
- list: Shows many personal sessions
- revoke: Revokes a personal session, so it can't be used anymore
- regenerate: Revoke the active personal access token for a session and issue a new one to replace it.
2025-10-22 11:20:02 +01:00
8fb0caf06a
fixup! Add expires filter to personal sessions list
2025-10-21 11:30:11 +01:00
db3dcce753
use axum_extract's version of Query everywhere
2025-10-21 11:30:11 +01:00
a0c55835df
fixup! Make expires_in u32 and (on regenerate) not default to the same as last time
2025-10-21 11:21:00 +01:00
d516b3dee3
Add scope filter to personal sessions list
2025-10-21 11:03:04 +01:00
6102a4b672
Use Option<Ulid> in schemars
2025-10-21 10:16:36 +01:00
ba9fc3513c
Make expires_in u32 and (on regenerate) not default to the same as last time
2025-10-21 10:13:32 +01:00
52c04c173f
Add expires filter to personal sessions list
2025-10-21 10:10:14 +01:00
Quentin Gliech