Merge branch 'sso-oidc' into 'next'

Single Sign-On via OIDC/OAuth2 (attempt #2) Closes #134 See merge request famedly/conduit!676
2025-06-27 16:35:59 +00:00 · 2024-11-04 01:22:43 +00:00 · 2024-11-04 01:22:43 +00:00 · da543a726e
commit da543a726e
parent e952522a39 67c23d6dd4
21 changed files with 1104 additions and 46 deletions
--- a/src/database/mod.rs
+++ b/src/database/mod.rs
@ -50,7 +50,6 @@ pub struct KeyValueDatabase {
    pub(super) userdeviceid_metadata: Arc<dyn KvTree>, // This is also used to check if a device exists
    pub(super) userid_devicelistversion: Arc<dyn KvTree>, // DevicelistVersion = u64
    pub(super) token_userdeviceid: Arc<dyn KvTree>,
-
    pub(super) onetimekeyid_onetimekeys: Arc<dyn KvTree>, // OneTimeKeyId = UserId + DeviceKeyId
    pub(super) userid_lastonetimekeyupdate: Arc<dyn KvTree>, // LastOneTimeKeyUpdate = Count
    pub(super) keychangeid_userid: Arc<dyn KvTree>,       // KeyChangeId = UserId/RoomId + Count
@ -64,6 +63,9 @@ pub struct KeyValueDatabase {

    pub(super) todeviceid_events: Arc<dyn KvTree>, // ToDeviceId = UserId + DeviceId + Count

+    pub(super) userid_providersubjectid: Arc<dyn KvTree>,
+    pub(super) providersubjectid_userid: Arc<dyn KvTree>,
+
    //pub uiaa: uiaa::Uiaa,
    pub(super) userdevicesessionid_uiaainfo: Arc<dyn KvTree>, // User-interactive authentication
    pub(super) userdevicesessionid_uiaarequest:
@ -298,6 +300,9 @@ impl KeyValueDatabase {
            userfilterid_filter: builder.open_tree("userfilterid_filter")?,
            todeviceid_events: builder.open_tree("todeviceid_events")?,

+            userid_providersubjectid: builder.open_tree("userid_providersubjectid")?,
+            providersubjectid_userid: builder.open_tree("providersubjectid_userid")?,
+
            userdevicesessionid_uiaainfo: builder.open_tree("userdevicesessionid_uiaainfo")?,
            userdevicesessionid_uiaarequest: RwLock::new(BTreeMap::new()),
            readreceiptid_readreceipt: builder.open_tree("readreceiptid_readreceipt")?,
@ -1050,6 +1055,8 @@ impl KeyValueDatabase {

        services().admin.start_handler();

+        services().sso.start_handler().await?;
+
        // Set emergency access for the conduit user
        match set_emergency_access() {
            Ok(pwd_set) => {