Renamed principal revision to token revision

CHANGELOG.md

@@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. This projec
 
 ## [0.11.2] - 2025-01-17
 
-To upgrade update the webadmin and then replace the `stalwart-mail` binary.
+To upgrade replace the `stalwart-mail` binary and then upgrade to the latest web-admin.
 
 ### Added
 - Automatic revoking of access tokens when secrets, permissions, ACLs or group memberships change (#649).
@@ -19,7 +19,7 @@ To upgrade update the webadmin and then replace the `stalwart-mail` binary.
 
 ### Fixed
 - Distributed locking issues in non-Redis stores (#1066).
-- S3 incorrect backoff wait time.
+- S3 incorrect backoff wait time after failures.
 - Panic parsing broken HTMLs.
 - Update CLI response serializer to v0.11.x (#1082).
 - Histogram bucket counts (#1079).

crates/common/src/auth/access_token.rs

@@ -28,7 +28,7 @@ use utils::map::{
     vec_map::VecMap,
 };
 
-use crate::{Server, KV_PRINCIPAL_REVISION};
+use crate::{Server, KV_TOKEN_REVISION};
 
 use super::{roles::RolePermissions, AccessToken, ResourceToken, TenantInfo};
 
@@ -201,7 +201,7 @@ impl Server {
 
         // Obtain current revision
         let principal_id = principal.id();
-        let revision = self.fetch_principal_revision(principal_id).await;
+        let revision = self.fetch_token_revision(principal_id).await;
 
         match self
             .inner
@@ -252,7 +252,7 @@ impl Server {
         }
     }
 
-    pub async fn increment_principal_revision(&self, changed_principals: ChangedPrincipals) {
+    pub async fn increment_token_revision(&self, changed_principals: ChangedPrincipals) {
         let mut nested_principals = Vec::new();
 
         for (id, changed_principal) in changed_principals.iter() {
@@ -335,8 +335,7 @@ impl Server {
         if let Err(err) = self
             .in_memory_store()
             .counter_incr(
-                KeyValue::with_prefix(KV_PRINCIPAL_REVISION, id.to_be_bytes(), 1)
-                    .expires(30 * 86400),
+                KeyValue::with_prefix(KV_TOKEN_REVISION, id.to_be_bytes(), 1).expires(30 * 86400),
                 false,
             )
             .await
@@ -347,11 +346,11 @@ impl Server {
         }
     }
 
-    pub async fn fetch_principal_revision(&self, id: u32) -> Option<u64> {
+    pub async fn fetch_token_revision(&self, id: u32) -> Option<u64> {
         match self
             .in_memory_store()
             .counter_get(KeyValue::<()>::build_key(
-                KV_PRINCIPAL_REVISION,
+                KV_TOKEN_REVISION,
                 id.to_be_bytes(),
             ))
             .await

crates/common/src/auth/roles.rs

@@ -35,7 +35,7 @@ impl Server {
             ROLE_ADMIN => Ok(ADMIN_PERMISSIONS.clone()),
             ROLE_TENANT_ADMIN => Ok(TENANT_ADMIN_PERMISSIONS.clone()),
             role_id => {
-                let revision = self.fetch_principal_revision(role_id).await;
+                let revision = self.fetch_token_revision(role_id).await;
 
                 match self
                     .inner
@@ -118,7 +118,7 @@ impl Server {
                     }
                     role_id => {
                         // Try with the cache
-                        let revision = self.fetch_principal_revision(role_id).await;
+                        let revision = self.fetch_token_revision(role_id).await;
                         if let Some(role_permissions) = self
                             .inner
                             .cache

crates/common/src/lib.rs

@@ -82,7 +82,7 @@ pub const KV_RATE_LIMIT_CONTACT: u8 = 7;
 pub const KV_RATE_LIMIT_HTTP_AUTHENTICATED: u8 = 8;
 pub const KV_RATE_LIMIT_HTTP_ANONYMOUS: u8 = 9;
 pub const KV_RATE_LIMIT_IMAP: u8 = 10;
-pub const KV_PRINCIPAL_REVISION: u8 = 11;
+pub const KV_TOKEN_REVISION: u8 = 11;
 pub const KV_REPUTATION_IP: u8 = 12;
 pub const KV_REPUTATION_FROM: u8 = 13;
 pub const KV_REPUTATION_DOMAIN: u8 = 14;

crates/imap/src/op/acl.rs

@@ -371,7 +371,7 @@ impl<T: SessionStream> Session<T> {
 
             // Invalidate ACLs
             data.server
-                .increment_principal_revision(ChangedPrincipals::from_change(
+                .increment_token_revision(ChangedPrincipals::from_change(
                     acl_account_id,
                     Type::Individual,
                     PrincipalField::EnabledPermissions,

crates/jmap/src/api/management/principal.rs

@@ -183,7 +183,7 @@ impl PrincipalManager for Server {
                 }
 
                 // Increment revision
-                self.increment_principal_revision(result.changed_principals)
+                self.increment_token_revision(result.changed_principals)
                     .await;
 
                 Ok(JsonResponse::new(json!({
@@ -372,9 +372,7 @@ impl PrincipalManager for Server {
                             {
                                 Ok(changed_principals) => {
                                     // Increment revision
-                                    server
-                                        .increment_principal_revision(changed_principals)
-                                        .await;
+                                    server.increment_token_revision(changed_principals).await;
                                 }
                                 Err(err) => {
                                     trc::error!(err.details("Failed to delete principal"));
@@ -524,7 +522,7 @@ impl PrincipalManager for Server {
                         }
 
                         // Increment revision
-                        self.increment_principal_revision(changed_principals).await;
+                        self.increment_token_revision(changed_principals).await;
 
                         Ok(JsonResponse::new(json!({
                             "data": (),
@@ -653,7 +651,7 @@ impl PrincipalManager for Server {
                             .await?;
 
                         // Increment revision
-                        self.increment_principal_revision(changed_principals).await;
+                        self.increment_token_revision(changed_principals).await;
 
                         Ok(JsonResponse::new(json!({
                             "data": (),
@@ -753,7 +751,7 @@ impl PrincipalManager for Server {
                         .await?;
 
                     // Increment revision
-                    self.increment_principal_revision(ChangedPrincipals::from_change(
+                    self.increment_token_revision(ChangedPrincipals::from_change(
                         access_token.primary_id(),
                         Type::Individual,
                         PrincipalField::Secrets,
@@ -824,7 +822,7 @@ impl PrincipalManager for Server {
             .await?;
 
         // Increment revision
-        self.increment_principal_revision(changed_principals).await;
+        self.increment_token_revision(changed_principals).await;
 
         Ok(JsonResponse::new(json!({
             "data": (),

crates/jmap/src/auth/acl.rs

@@ -415,7 +415,7 @@ impl AclMethods for Server {
                 }
             }
 
-            self.increment_principal_revision(changed_principals).await;
+            self.increment_token_revision(changed_principals).await;
         }
     }
 

tests/src/jmap/auth_acl.rs

@@ -664,7 +664,7 @@ pub async fn test(params: &mut JMAPTest) {
     // Add John and Jane to the Sales group
     for name in ["jdoe@example.com", "jane.smith@example.com"] {
         server
-            .increment_principal_revision(
+            .increment_token_revision(
                 server
                     .core
                     .storage
@@ -768,7 +768,7 @@ pub async fn test(params: &mut JMAPTest) {
 
     // Remove John from the sales group
     server
-        .increment_principal_revision(
+        .increment_token_revision(
             server
                 .core
                 .storage