From 69bb04d1e6634a38c7833d85ca7593ad0b63e4c8 Mon Sep 17 00:00:00 2001 From: mdecimus Date: Fri, 17 Jan 2025 16:54:22 +0100 Subject: [PATCH] Renamed principal revision to token revision --- CHANGELOG.md | 4 ++-- crates/common/src/auth/access_token.rs | 13 ++++++------- crates/common/src/auth/roles.rs | 4 ++-- crates/common/src/lib.rs | 2 +- crates/imap/src/op/acl.rs | 2 +- crates/jmap/src/api/management/principal.rs | 14 ++++++-------- crates/jmap/src/auth/acl.rs | 2 +- tests/src/jmap/auth_acl.rs | 4 ++-- 8 files changed, 21 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cfc142a8f..b923c34cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. This projec ## [0.11.2] - 2025-01-17 -To upgrade update the webadmin and then replace the `stalwart-mail` binary. +To upgrade replace the `stalwart-mail` binary and then upgrade to the latest web-admin. ### Added - Automatic revoking of access tokens when secrets, permissions, ACLs or group memberships change (#649). @@ -19,7 +19,7 @@ To upgrade update the webadmin and then replace the `stalwart-mail` binary. ### Fixed - Distributed locking issues in non-Redis stores (#1066). -- S3 incorrect backoff wait time. +- S3 incorrect backoff wait time after failures. - Panic parsing broken HTMLs. - Update CLI response serializer to v0.11.x (#1082). - Histogram bucket counts (#1079). diff --git a/crates/common/src/auth/access_token.rs b/crates/common/src/auth/access_token.rs index 98af24c2f..33e22b76b 100644 --- a/crates/common/src/auth/access_token.rs +++ b/crates/common/src/auth/access_token.rs @@ -28,7 +28,7 @@ use utils::map::{ vec_map::VecMap, }; -use crate::{Server, KV_PRINCIPAL_REVISION}; +use crate::{Server, KV_TOKEN_REVISION}; use super::{roles::RolePermissions, AccessToken, ResourceToken, TenantInfo}; @@ -201,7 +201,7 @@ impl Server { // Obtain current revision let principal_id = principal.id(); - let revision = self.fetch_principal_revision(principal_id).await; + let revision = self.fetch_token_revision(principal_id).await; match self .inner @@ -252,7 +252,7 @@ impl Server { } } - pub async fn increment_principal_revision(&self, changed_principals: ChangedPrincipals) { + pub async fn increment_token_revision(&self, changed_principals: ChangedPrincipals) { let mut nested_principals = Vec::new(); for (id, changed_principal) in changed_principals.iter() { @@ -335,8 +335,7 @@ impl Server { if let Err(err) = self .in_memory_store() .counter_incr( - KeyValue::with_prefix(KV_PRINCIPAL_REVISION, id.to_be_bytes(), 1) - .expires(30 * 86400), + KeyValue::with_prefix(KV_TOKEN_REVISION, id.to_be_bytes(), 1).expires(30 * 86400), false, ) .await @@ -347,11 +346,11 @@ impl Server { } } - pub async fn fetch_principal_revision(&self, id: u32) -> Option { + pub async fn fetch_token_revision(&self, id: u32) -> Option { match self .in_memory_store() .counter_get(KeyValue::<()>::build_key( - KV_PRINCIPAL_REVISION, + KV_TOKEN_REVISION, id.to_be_bytes(), )) .await diff --git a/crates/common/src/auth/roles.rs b/crates/common/src/auth/roles.rs index eecc26b38..ea7286d4f 100644 --- a/crates/common/src/auth/roles.rs +++ b/crates/common/src/auth/roles.rs @@ -35,7 +35,7 @@ impl Server { ROLE_ADMIN => Ok(ADMIN_PERMISSIONS.clone()), ROLE_TENANT_ADMIN => Ok(TENANT_ADMIN_PERMISSIONS.clone()), role_id => { - let revision = self.fetch_principal_revision(role_id).await; + let revision = self.fetch_token_revision(role_id).await; match self .inner @@ -118,7 +118,7 @@ impl Server { } role_id => { // Try with the cache - let revision = self.fetch_principal_revision(role_id).await; + let revision = self.fetch_token_revision(role_id).await; if let Some(role_permissions) = self .inner .cache diff --git a/crates/common/src/lib.rs b/crates/common/src/lib.rs index db6b15cdb..e72917e70 100644 --- a/crates/common/src/lib.rs +++ b/crates/common/src/lib.rs @@ -82,7 +82,7 @@ pub const KV_RATE_LIMIT_CONTACT: u8 = 7; pub const KV_RATE_LIMIT_HTTP_AUTHENTICATED: u8 = 8; pub const KV_RATE_LIMIT_HTTP_ANONYMOUS: u8 = 9; pub const KV_RATE_LIMIT_IMAP: u8 = 10; -pub const KV_PRINCIPAL_REVISION: u8 = 11; +pub const KV_TOKEN_REVISION: u8 = 11; pub const KV_REPUTATION_IP: u8 = 12; pub const KV_REPUTATION_FROM: u8 = 13; pub const KV_REPUTATION_DOMAIN: u8 = 14; diff --git a/crates/imap/src/op/acl.rs b/crates/imap/src/op/acl.rs index cc71f237e..9f9e3595d 100644 --- a/crates/imap/src/op/acl.rs +++ b/crates/imap/src/op/acl.rs @@ -371,7 +371,7 @@ impl Session { // Invalidate ACLs data.server - .increment_principal_revision(ChangedPrincipals::from_change( + .increment_token_revision(ChangedPrincipals::from_change( acl_account_id, Type::Individual, PrincipalField::EnabledPermissions, diff --git a/crates/jmap/src/api/management/principal.rs b/crates/jmap/src/api/management/principal.rs index 97e4c5cb1..bb254e487 100644 --- a/crates/jmap/src/api/management/principal.rs +++ b/crates/jmap/src/api/management/principal.rs @@ -183,7 +183,7 @@ impl PrincipalManager for Server { } // Increment revision - self.increment_principal_revision(result.changed_principals) + self.increment_token_revision(result.changed_principals) .await; Ok(JsonResponse::new(json!({ @@ -372,9 +372,7 @@ impl PrincipalManager for Server { { Ok(changed_principals) => { // Increment revision - server - .increment_principal_revision(changed_principals) - .await; + server.increment_token_revision(changed_principals).await; } Err(err) => { trc::error!(err.details("Failed to delete principal")); @@ -524,7 +522,7 @@ impl PrincipalManager for Server { } // Increment revision - self.increment_principal_revision(changed_principals).await; + self.increment_token_revision(changed_principals).await; Ok(JsonResponse::new(json!({ "data": (), @@ -653,7 +651,7 @@ impl PrincipalManager for Server { .await?; // Increment revision - self.increment_principal_revision(changed_principals).await; + self.increment_token_revision(changed_principals).await; Ok(JsonResponse::new(json!({ "data": (), @@ -753,7 +751,7 @@ impl PrincipalManager for Server { .await?; // Increment revision - self.increment_principal_revision(ChangedPrincipals::from_change( + self.increment_token_revision(ChangedPrincipals::from_change( access_token.primary_id(), Type::Individual, PrincipalField::Secrets, @@ -824,7 +822,7 @@ impl PrincipalManager for Server { .await?; // Increment revision - self.increment_principal_revision(changed_principals).await; + self.increment_token_revision(changed_principals).await; Ok(JsonResponse::new(json!({ "data": (), diff --git a/crates/jmap/src/auth/acl.rs b/crates/jmap/src/auth/acl.rs index f80425b5c..006e22322 100644 --- a/crates/jmap/src/auth/acl.rs +++ b/crates/jmap/src/auth/acl.rs @@ -415,7 +415,7 @@ impl AclMethods for Server { } } - self.increment_principal_revision(changed_principals).await; + self.increment_token_revision(changed_principals).await; } } diff --git a/tests/src/jmap/auth_acl.rs b/tests/src/jmap/auth_acl.rs index 536a54574..9c614e026 100644 --- a/tests/src/jmap/auth_acl.rs +++ b/tests/src/jmap/auth_acl.rs @@ -664,7 +664,7 @@ pub async fn test(params: &mut JMAPTest) { // Add John and Jane to the Sales group for name in ["jdoe@example.com", "jane.smith@example.com"] { server - .increment_principal_revision( + .increment_token_revision( server .core .storage @@ -768,7 +768,7 @@ pub async fn test(params: &mut JMAPTest) { // Remove John from the sales group server - .increment_principal_revision( + .increment_token_revision( server .core .storage