Client elevation by jmattheis · Pull Request #952 · gotify/server

jmattheis · 2026-04-18T11:03:17Z

step-up.webm

Fixes #944

codecov · 2026-04-18T11:09:50Z

Codecov Report

❌ Patch coverage is 66.66667% with 56 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.01%. Comparing base (6e588f3) to head (ef36e75).
⚠️ Report is 17 commits behind head on master.

Files with missing lines	Patch %	Lines
api/oidc.go	7.14%	39 Missing ⚠️
api/client.go	61.90%	5 Missing and 3 partials ⚠️
api/user.go	60.00%	3 Missing and 1 partial ⚠️
auth/authentication.go	92.10%	1 Missing and 2 partials ⚠️
api/session.go	92.30%	1 Missing ⚠️
router/router.go	85.71%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #952      +/-   ##
==========================================
- Coverage   75.69%   75.01%   -0.69%     
==========================================
  Files          61       61              
  Lines        2786     2886     +100     
==========================================
+ Hits         2109     2165      +56     
- Misses        523      566      +43     
- Partials      154      155       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

eternal-flame-AD · 2026-04-19T11:41:17Z

I am traveling rn, will take a look probably Tuesday!

This uses a single struct for the authentication. This prevents further re-requesting of the already requested data.

eternal-flame-AD · 2026-04-22T12:28:20Z

+	clientElevated := g.Group("")
+	{
+		clientElevated.Use(authentication.RequireElevatedClient)
+		clientElevated.POST("/client:elevate", clientHandler.ElevateClient)


Maybe /client/:id/elevate is more REST-y?

I've got this from here: https://google.aip.dev/136 though I'm not sure how common this actually is. I don't really have a preference, do you have one?

PS: Thanks for the review!

It's okay, I prefer using REST as that matches as the current "vibe" of designs, but I'm not going to insist on it.

I've changed this to /client/:id/elevate, you're right, this is more consistent with other apis e.g. /application/:id/image.

The types aren't needed, and are provided by the package.

jmattheis requested a review from a team as a code owner April 18, 2026 11:03

jmattheis added 6 commits April 19, 2026 19:21

test: use iotest.ErrReader

85b9051

fix: unify authentication context

681b9e2

This uses a single struct for the authentication. This prevents further re-requesting of the already requested data.

fix: prevent duplicate requests for apps / clients

410571d

fix: add client elevatedUntil

58677b3

fix: return client id and elevatedUntil on /current/user

c256025

fix: enforce elevated authentication

a874448

jmattheis force-pushed the oidc-next branch from 706e464 to 6bec417 Compare April 19, 2026 17:24

jmattheis added 4 commits April 19, 2026 19:43

feat: add elevation dialog to protected actions

5305174

fix: elevate session on login

624ab65

feat: display elevation in the clients page

96116db

test: elevation

be5283a

jmattheis force-pushed the oidc-next branch from 6bec417 to be5283a Compare April 19, 2026 17:44

eternal-flame-AD reviewed Apr 22, 2026

View reviewed changes

jmattheis added 5 commits April 22, 2026 20:10

fix: use auth functions instead of booleans

3c51158

fixup! feat: display elevation in the clients page

1e2a113

fixup! fix: enforce elevated authentication

e9ca916

fix: unset elevated until if in the past

a5fc2bc

fix: minutes granularity for client elevation

0ac515f

The types aren't needed, and are provided by the package.

eternal-flame-AD previously approved these changes Apr 25, 2026

View reviewed changes

fix: /client:elevate to /client/:id/elevate

ef36e75

jmattheis dismissed eternal-flame-AD’s stale review via ef36e75 April 26, 2026 10:41

jmattheis mentioned this pull request Apr 26, 2026

Gotify 3.0.0 checklist #955

Open

8 tasks

jmattheis merged commit 9e5a6b5 into master Apr 26, 2026
2 of 4 checks passed

jmattheis deleted the oidc-next branch April 26, 2026 10:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Client elevation#952

Client elevation#952
jmattheis merged 16 commits intomasterfrom
oidc-next

jmattheis commented Apr 18, 2026

Uh oh!

codecov Bot commented Apr 18, 2026 •

edited

Loading

Uh oh!

eternal-flame-AD commented Apr 19, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

eternal-flame-AD Apr 22, 2026

Uh oh!

jmattheis Apr 22, 2026 •

edited

Loading

Uh oh!

eternal-flame-AD Apr 25, 2026

Uh oh!

jmattheis Apr 26, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

jmattheis commented Apr 18, 2026

Uh oh!

codecov Bot commented Apr 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

eternal-flame-AD commented Apr 19, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

eternal-flame-AD Apr 22, 2026

Choose a reason for hiding this comment

Uh oh!

jmattheis Apr 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

eternal-flame-AD Apr 25, 2026

Choose a reason for hiding this comment

Uh oh!

jmattheis Apr 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

codecov Bot commented Apr 18, 2026 •

edited

Loading

jmattheis Apr 22, 2026 •

edited

Loading

jmattheis Apr 26, 2026 •

edited

Loading