feat: add user account verification #2190
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I suspect that people who self-host the server would also want the option to reset passwords. And the ability for the servwr to send emails is a pre-req for that, isn't it? But maybe I am wrong. |
|
If they're hosting it themselves, it's possible without email infrastructure - which is frustrating to maintain, or costs money. From the last time I asked, most people host instances either just for themselves, or for a very small number of people. I've had to reset maybe 20 accounts, out of about 10,000. It's unlikely most people self hosting will run into the same issues, and I've put this off for as long as possible. We're just now reaching numbers where it's required. Again though, like my PR said; should anyone self hosting actually want this, then it's possible. If they're happy to use Postmark, then they can use this as-is. I'm just not at the point where I'm willing to write or maintain features that nobody actually requires or uses. |
|
Personally I don't need it. But I have seen that people use applications in an interesting fashion. e.g. look at the vaultwarden project. It was supposed to be a bw compatible solution for "personal" use. However, people use it in companies for hundreds and thousands of users. I can imagine that the people who use vw in that fashion would also use atuin the same way. On the other side, who knows, maybe they just open a PR against atuin to add the option to specify an SMTP server. My comment was rather meant to emphasize how popular atuin has become. |
1 task
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Dec 28, 2024
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [atuinsh/atuin](https://github.com/atuinsh/atuin) | minor | `v18.3.0` -> `v18.4.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>atuinsh/atuin (atuinsh/atuin)</summary> ### [`v18.4.0`](https://github.com/atuinsh/atuin/releases/tag/v18.4.0) [Compare Source](atuinsh/atuin@v18.3.0...v18.4.0) #### Theme system Thanks to [@​philtweir](https://github.com/philtweir), we now have a theming system! It's too much to write about here, so see the section in the docs: https://docs.atuin.sh/guide/theming/ #### Default changes With this release, some defaults have changed. The most obvious will likely be the switch to the compact UI style + inline rendering This can be reverted by setting style = "full" inline_height = 0 Read more here: atuinsh/atuin#2249 #### `atuin wrapped` See your stats for 2024 with `atuin wrapped`  #### Build changes Thanks to [@​senekor](https://github.com/senekor), we no longer require protoc available at build time, and instead use `protox` ##### Bug Fixes - *(crate)* Add missing description ([#​2106](atuinsh/atuin#2106)) - *(crate)* Add description to daemon crate ([#​2107](atuinsh/atuin#2107)) - *(daemon)* Add context to error when unable to connect ([#​2394](atuinsh/atuin#2394)) - *(deps)* Pin tiny_bip to 1.0.0 until breaking change resolved ([#​2412](atuinsh/atuin#2412)) - *(docker)* Update Dockerfile ([#​2369](atuinsh/atuin#2369)) - *(history)* Logic for store_failed=false ([#​2284](atuinsh/atuin#2284)) - *(mail)* Incorrect alias and error logs ([#​2346](atuinsh/atuin#2346)) - *(mail)* Enable correct tls features for postmark client ([#​2347](atuinsh/atuin#2347)) - *(theme)* Restore original colours ([#​2339](atuinsh/atuin#2339)) - *(themes)* Restore default theme, refactor ([#​2294](atuinsh/atuin#2294)) - *(tui)* Press ctrl-a twice should jump to beginning of line ([#​2246](atuinsh/atuin#2246)) - *(tui)* Don't panic when search result is empty and up is pressed ([#​2395](atuinsh/atuin#2395)) - Cargo binstall config ([#​2112](atuinsh/atuin#2112)) - Unitless sync_frequence = 0 not parsed by humantime ([#​2154](atuinsh/atuin#2154)) - Some --help comments didn't show properly ([#​2176](atuinsh/atuin#2176)) - Ensure we cleanup all tables when deleting ([#​2191](atuinsh/atuin#2191)) - Add idx cache unique index ([#​2226](atuinsh/atuin#2226)) - Idx cache inconsistency ([#​2231](atuinsh/atuin#2231)) - Ambiguous column name ([#​2232](atuinsh/atuin#2232)) - Atuin-daemon optional dependency ([#​2306](atuinsh/atuin#2306)) - Windows build error ([#​2321](atuinsh/atuin#2321)) - Codespell config still references the ui ([#​2330](atuinsh/atuin#2330)) - Remove dbg! macro ([#​2355](atuinsh/atuin#2355)) - Disable mail by default, resolve [#​2404](atuinsh/atuin#2404) ([#​2405](atuinsh/atuin#2405)) - Time offset display in `atuin status` ([#​2433](atuinsh/atuin#2433)) - Disable the actuated mirror on the x86 docker builder ([#​2443](atuinsh/atuin#2443)) ##### Documentation - *(README)* Fix broken link ([#​2206](atuinsh/atuin#2206)) - Streamline readme ([#​2203](atuinsh/atuin#2203)) - Update quickstart install command ([#​2205](atuinsh/atuin#2205)) ##### Features - *(bash/blesh)* Hook into BLE_ONLOAD to resolve loading order issue ([#​2234](atuinsh/atuin#2234)) - *(client)* Add filter mode enablement and ordering configuration ([#​2430](atuinsh/atuin#2430)) - *(daemon)* Follow XDG_RUNTIME_DIR if set ([#​2171](atuinsh/atuin#2171)) - *(history)* Filter out various environment variables containing potential secrets ([#​2174](atuinsh/atuin#2174)) - *(tui)* Configurable prefix character ([#​2157](atuinsh/atuin#2157)) - *(tui)* Customizable Themes ([#​2236](atuinsh/atuin#2236)) - *(tui)* Fixed preview height option ([#​2286](atuinsh/atuin#2286)) - Use cargo-dist installer from our install script ([#​2108](atuinsh/atuin#2108)) - Add user account verification ([#​2190](atuinsh/atuin#2190)) - Add GitLab PAT to secret patterns ([#​2196](atuinsh/atuin#2196)) - Add several other GitHub access token patterns ([#​2200](atuinsh/atuin#2200)) - Add npm, Netlify and Pulumi tokens to secret patterns ([#​2210](atuinsh/atuin#2210)) - Allow advertising a fake version to clients ([#​2228](atuinsh/atuin#2228)) - Monitor idx cache consistency before switching ([#​2229](atuinsh/atuin#2229)) - Ultracompact Mode (search-only) ([#​2357](atuinsh/atuin#2357)) - Right Arrow to modify selected command ([#​2453](atuinsh/atuin#2453)) - Provide additional clarity around key management ([#​2467](atuinsh/atuin#2467)) - Add `atuin wrapped` ([#​2493](atuinsh/atuin#2493)) ##### Miscellaneous Tasks - *(build)* Compile protobufs with protox ([#​2122](atuinsh/atuin#2122)) - *(ci)* Do not run current ci for ui ([#​2189](atuinsh/atuin#2189)) - *(ci)* Codespell again ([#​2332](atuinsh/atuin#2332)) - *(install)* Use posix sh, not bash ([#​2204](atuinsh/atuin#2204)) - *(nix)* De-couple atuin nix build from nixpkgs rustc version ([#​2123](atuinsh/atuin#2123)) - Add installer e2e tests ([#​2110](atuinsh/atuin#2110)) - Remove unnecessary proto import ([#​2120](atuinsh/atuin#2120)) - Update to rust 1.78 - Add audit config, ignore RUSTSEC-2023-0071 ([#​2126](atuinsh/atuin#2126)) - Setup dependabot for the ui ([#​2128](atuinsh/atuin#2128)) - Cargo and pnpm update ([#​2127](atuinsh/atuin#2127)) - Update to rust 1.79 ([#​2138](atuinsh/atuin#2138)) - Update to cargo-dist 0.16, enable attestations ([#​2156](atuinsh/atuin#2156)) - Do not use package managers in installer ([#​2201](atuinsh/atuin#2201)) - Enable record sync by default ([#​2255](atuinsh/atuin#2255)) - Remove ui directory ([#​2329](atuinsh/atuin#2329)) - Update to rust 1.80 ([#​2344](atuinsh/atuin#2344)) - Update rust to `1.80.1` ([#​2362](atuinsh/atuin#2362)) - Enable inline height and compact by default ([#​2249](atuinsh/atuin#2249)) - Update to rust 1.82 ([#​2432](atuinsh/atuin#2432)) - Update cargo-dist ([#​2471](atuinsh/atuin#2471)) ##### Performance - *(search)* Benchmark smart sort ([#​2202](atuinsh/atuin#2202)) - Create idx cache table ([#​2140](atuinsh/atuin#2140)) - Write to the idx cache ([#​2225](atuinsh/atuin#2225)) ##### Testing - Add env ATUIN_TEST_LOCAL_TIMEOUT to control test timeout of SQLite ([#​2337](atuinsh/atuin#2337)) #### Install atuin 18.4.0 ##### Install prebuilt binaries via shell script ```sh curl --proto '=https' --tlsv1.2 -LsSf https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-installer.sh | sh ``` #### Download atuin 18.4.0 | File | Platform | Checksum | |--------|----------|----------| | [atuin-aarch64-apple-darwin.tar.gz](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-aarch64-apple-darwin.tar.gz.sha256) | | [atuin-x86\_64-apple-darwin.tar.gz](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-x86\_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-x86\_64-apple-darwin.tar.gz.sha256) | | [atuin-aarch64-unknown-linux-gnu.tar.gz](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-aarch64-unknown-linux-gnu.tar.gz) | ARM64 Linux | [checksum](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-aarch64-unknown-linux-gnu.tar.gz.sha256) | | [atuin-x86\_64-unknown-linux-gnu.tar.gz](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-x86\_64-unknown-linux-gnu.tar.gz) | x64 Linux | [checksum](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-x86\_64-unknown-linux-gnu.tar.gz.sha256) | | [atuin-aarch64-unknown-linux-musl.tar.gz](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-aarch64-unknown-linux-musl.tar.gz) | ARM64 MUSL Linux | [checksum](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-aarch64-unknown-linux-musl.tar.gz.sha256) | | [atuin-x86\_64-unknown-linux-musl.tar.gz](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-x86\_64-unknown-linux-musl.tar.gz) | x64 MUSL Linux | [checksum](https://github.com/atuinsh/atuin/releases/download/v18.4.0/atuin-x86\_64-unknown-linux-musl.tar.gz.sha256) | #### Verifying GitHub Artifact Attestations The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the [GitHub CLI](https://cli.github.com/manual/gh_attestation_verify): ```sh gh attestation verify <file-path of downloaded artifact> --repo atuinsh/atuin ``` You can also download the attestation from [GitHub](https://github.com/atuinsh/atuin/attestations) and verify against that directly: ```sh gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation> ``` #### New Contributors - [@​senekor](https://github.com/senekor) made their first contribution in atuinsh/atuin#2122 - [@​injust](https://github.com/injust) made their first contribution in atuinsh/atuin#2166 - [@​davidolrik](https://github.com/davidolrik) made their first contribution in atuinsh/atuin#2196 - [@​julienp](https://github.com/julienp) made their first contribution in atuinsh/atuin#2210 - [@​eth3lbert](https://github.com/eth3lbert) made their first contribution in atuinsh/atuin#2246 - [@​philtweir](https://github.com/philtweir) made their first contribution in atuinsh/atuin#2236 - [@​lucacome](https://github.com/lucacome) made their first contribution in atuinsh/atuin#2257 - [@​JRGould](https://github.com/JRGould) made their first contribution in atuinsh/atuin#2284 - [@​jaxvanyang](https://github.com/jaxvanyang) made their first contribution in atuinsh/atuin#2337 - [@​cultpony](https://github.com/cultpony) made their first contribution in atuinsh/atuin#2369 - [@​Reverier-Xu](https://github.com/Reverier-Xu) made their first contribution in atuinsh/atuin#2433 - [@​bboynton97](https://github.com/bboynton97) made their first contribution in atuinsh/atuin#2453 - [@​pamburus](https://github.com/pamburus) made their first contribution in atuinsh/atuin#2430 **Full Changelog**: atuinsh/atuin@v18.3.0...v18.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44My4zIiwidXBkYXRlZEluVmVyIjoiMzkuODMuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
|
Hi, I'm the main maintainer of the Debian atuin package. It's been a nice experience packaging and using it in Debian. Following the release of 18.4.0, however, we see the postmark crate introduced as dependency. This PR did give a reason, but not a strong one from Debian's perspective as a distro. Postmark is a nice provider, I kinda like it, but we don't quite like introducing a package supporting only a specific service into Debian. Plus, as of writing it's only used by atuin-server (as seen on crates.io), which is an indicator for the likelihood of low maintenance. Maybe this is a point in the direction of general sending aka SMTP, if the demand ever arises. There's lettre for that. I'll have to patch the functionality out for now, due to both the reasons above, and the absence of the postmark crate in Debian which means additional screening period (known as the NEW queue). |
|
Nice to hear it's been easy to package! Totally makes sense. I don't see this being needed or useful for any deployment beyond api.atuin.sh for now, and will happily consider general SMTP if the demand is there. I'm separately considering moving away from Postmark for what we use, so if that happens we'll likely support SMTP in a future release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add
atuin account verifyfor verifying the user account email addressThis is not required, and so far has no real benefit. It can be used in a follow up for resetting passwords.
We've used Postmark for the forum for a long while now, and I'm super happy with it. Verified emails is only really beneficial for Atuin Cloud, so I'm not currently considering a generic SMTP server approach. Happy to do so if people want it, but I'd rather not maintain something nobody is using.
Checks