Changed concept User to Admin

[charming-wicket-5502]

No description provided.

[Copilot]

Pull request overview

This PR renames the administrative “User” concept to “Admin” across the auth server, updating API routes, middleware, database schema, tests, and documentation to reflect the new terminology.

Changes:

• Replace /users/* CRUD + realm-membership endpoints with /admins/* equivalents and introduce admin_endpoints.rs.
• Rename auth middleware/extension extraction from UserAuth + user_from_request to AdminAuth + admin_from_request.
• Rename persisted DB structures from user/user_realms to admin/admin_realms across SQLite/Postgres/MySQL implementations and update client/test/docs accordingly.

Reviewed changes

Copilot reviewed 29 out of 29 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
server/tests.md	Updates test plan section headings/endpoint paths for /admins (still contains outdated test names).
server/src/tests/super_admin_api.rs	Switches tests to Admin model and *admin* client calls (helper naming still says test_user).
server/src/tests/mod.rs	Renames test module from user_api to admin_api.
server/src/tests/admin_api.rs	Renames integration tests and client calls to /admins (some comments/messages still reference User/UserAuth).
server/src/server/endpoints/user_endpoints.rs	Removes legacy /users endpoint implementation.
server/src/server/endpoints/totp_endpoints.rs	Uses admin_from_request for realm-admin authorization checks.
server/src/server/endpoints/super_admins_endpoints.rs	Uses admin_from_request and updates log/error wording to admin terminology.
server/src/server/endpoints/realms_endpoints.rs	Uses admin_from_request for credential-management authorization.
server/src/server/endpoints/mod.rs	Exposes admin_endpoints and adds admin_from_request helper returning Admin.
server/src/server/endpoints/admin_endpoints.rs	New /admins CRUD + realm membership endpoints with exclusive-ownership checks.
server/src/server/auth_server.rs	Rewires scopes from /users to /admins and middleware from UserAuth to AdminAuth.
server/src/middleware/mod.rs	Renames exported middleware module to admin_auth.
server/src/middleware/admin_auth.rs	Renames middleware to load/inject Admin via find_admins_by_auth_scheme.
server/src/lib.rs	Re-exports Admin from models and removes User export.
server/src/database/trait.rs	Renames trait CRUD methods and lookup to Admin equivalents; bootstrap creates seeded admin via create_admin.
server/src/database/impls/sqlite.rs	Renames tables/joins/queries to admin + admin_realms (no migration path included).
server/src/database/impls/postgres.rs	Same as sqlite for Postgres schema and queries.
server/src/database/impls/mysql.rs	Same as sqlite for MySQL schema and queries.
server/documentation/two_factor_authentication.md	Updates terminology and code snippets from User to Admin.
server/documentation/index.md	Updates glossary/terminology to Admin (minor grammar issue remains).
server/documentation/client_library.md	Updates client guide to Admin APIs (TOC link + sample code issue remains).
server/documentation/authorization_and_administration.md	Updates authorization model docs to Admin (diagram still references UserAuth/User.realms).
server/documentation/authentication_flows.md	Updates terminology to Admin (diagrams still reference UserAuth/find_users_by_auth_scheme).
server/documentation/api_reference.md	Renames “User Administration” to “Admin Administration” and updates paths (role/status-code details still inconsistent with implementation).
server/authorization.md	Updates terminology to Admin (still references find_users_by_auth_scheme/user_from_request).
client/src/models/mod.rs	Exports Admin instead of User.
client/src/models/base.rs	Renames User struct to Admin and updates helper methods.
client/src/lib.rs	Re-exports Admin in public API.
client/src/client/auth_client.rs	Renames user-management methods/endpoints to admin equivalents (/admins/*).

Comments suppressed due to low confidence (4)

server/documentation/authorization_and_administration.md:91

• The authorization decision-flow diagram still references UserAuth middleware and User.realms, but the implementation has been renamed to AdminAuth and Admin.realms. Please update the mermaid diagram text so it matches the current types and middleware.

```mermaid
flowchart TD
    A[Incoming request] --> B{Authenticated?\nUserAuth middleware}
    B -- No --> Z[HTTP 401 Unauthorized]
    B -- Yes --> C{Endpoint category}

    C -- "Super-admin-only\n/admin/realm POST|PUT|DELETE\n/admins GET\n/admin/userpass GET" --> D{is_super_admin?}
    D -- No --> E[HTTP 403 Forbidden]
    D -- Yes --> F[Proceed]

    C -- "Realm-scoped\n/realms/{realm}/…\n/admin/realm/{id} GET\n/sessions/…" --> G{"can_administer_realm\n(realm)?"}
    G -- No --> E
    G -- Yes --> F

    C -- "Admin CRUD\n/admins/admin POST|GET|PUT|DELETE" --> SA{is_super_admin?}
    SA -- Yes --> F
    SA -- No --> OWN{"target.realms non-empty\nAND all realms in target\nadministered by requester?"}
    OWN -- No --> E
    OWN -- Yes --> PUTCHECK{"PUT only:\nbody.realms non-empty\nAND all new realms\nadministered by requester?"}
    PUTCHECK -- No --> E
    PUTCHECK -- Yes --> F

    C -- "GET /admin/realms" --> H{is_super_admin?}
    H -- Yes --> I[Return all realms]
    H -- No --> J["Return only realms in\nUser.realms list"]

**server/src/tests/admin_api.rs:296**
* This section still refers to `/users/*` endpoints and an unauthenticated `list_users` call, but the test now exercises `/admins` via `list_admins_as_super_admin()`. Please update the docstring and assertion message to match the renamed endpoints/methods, otherwise failures will be confusing to interpret.
**server/src/tests/admin_api.rs:1147**
* This test’s comments still describe `UserAuth`/`find_users_by_auth_scheme` and `/users` endpoints, but the server now uses `AdminAuth`/`find_admins_by_auth_scheme` and `/admins`. Please update these comments to reflect the renamed middleware and routes so the security-property being asserted remains clear.
**server/src/tests/super_admin_api.rs:40**
* The helper is still named `test_user` but now constructs an `Admin`. Renaming it to `test_admin` (and updating nearby comments that say “User record”) would reduce confusion, especially since there is also a separate `admin_api` test module that already uses `test_admin`.

fn test_user(id: &str) -> Admin {
Admin {
id: id.to_string(),
realms: vec![],
userpass: None,
jwt: None,
fido2: None,
digital_credentials: None,
client_certificate: None,
totp_enabled: None,
totp_secret: None,
totp_auth_url: None,
}

</details>



---

💡 <a href="/Cosmian/authentication/new/main?filename=.github/instructions/*.instructions.md" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Add Copilot custom instructions</a> for smarter, more guided reviews. <a href="https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Learn how to get started</a>.

[fmontaigne]

Suggestions

• Use tanstack query or similar to isolate API interaction logic and handle loading and error states
• Be careful when using the "&&"" shortcut for conditional rendering as it can lead to strange renders in bad cases. Easy workaround it to cast the condition to a boolean with !! for example
• Current tests are broken on my local installation at least (18 failed)
• Some MD files probably needs to be removed or cleaned

[charming-wicket-5502]

Created an issue for tanstack, I'm not familiar with the library and will take into account at a later date to not block the MR.

Made changes requested. Created issue for more long term changes. Tests should be passing now.