extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-10-05 09:42:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
976 Commits 112 Branches 189 Tags 206 MiB
48098c994d
Commit Graph

367 Commits

Author SHA1 Message Date
Bethuel Mmbaga
48098c994d
Handle authentication errors in PKCE flow (#1039) 
* handle authentication errors in PKCE flow

* remove shadowing and replace TokenEndpoint for PKCE config

---------

Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
 2023-07-31 14:22:38 +02:00
Bethuel Mmbaga
7794b744f8
Add PKCE authorization flow (#1012) 
Enhance the user experience by enabling authentication to Netbird using Single Sign-On (SSO) with any Identity Provider (IDP) provider. Current client offers this capability through the Device Authorization Flow, however, is not widely supported by many IDPs, and even some that do support it do not provide a complete verification URL.

To address these challenges, this pull request enable Authorization Code Flow with Proof Key for Code Exchange (PKCE) for client logins, which is a more widely adopted and secure approach to facilitate SSO with various IDP providers.
 2023-07-27 11:31:07 +02:00
Maycon Santos
76db4f801a
Record idp manager type (#1027) 
This allows to define priority on support different managers
 2023-07-22 19:30:59 +02:00
Maycon Santos
2541c78dd0
Use error level for JWT parsing error logs (#1026) 2023-07-22 17:56:27 +02:00
Yury Gargay
97b6e79809
Fix DefaultAccountManager GetGroupsFromTheToken false positive tests (#1019) 
This fixes the test logic creates copy of account with empty id and
re-pointing the indices to it.

Also, adds additional check for empty ID in SaveAccount method of FileStore.
 2023-07-22 15:54:08 +04:00
Bethuel Mmbaga
a4d830ef83
Fix Okta IDP device authorization (#1023) 
* hide okta netbird attributes fields

* fix: update full user profile
 2023-07-21 09:34:49 +02:00
pascal-fischer
9e540cd5b4
Merge pull request #1016 from surik/filestore-index-deletion-optimisation 
Do not persist filestore when deleting indices
 2023-07-20 18:07:33 +02:00
Givi Khojanashvili
e69ec6ab6a
Optimize ACL performance (#994) 
* Optimize rules with All groups

* Use IP sets in ACLs (nftables implementation)

* Fix squash rule when we receive optimized rules list from management
 2023-07-18 13:12:50 +04:00
Yury Gargay
7ddde41c92 Do not persist filestore when deleting indices 
As both TokenID2UserID and HashedPAT2TokenID are in-memory indices and
not stored in the file.
 2023-07-17 11:52:45 +02:00
Zoltan Papp
9c2c0e7934
Check links of groups before delete it (#1010) 
* Check links of groups before delete it

* Add delete group handler test

* Rename dns error msg

* Add delete group test

* Remove rule check

The policy cover this scenario

* Fix test

* Check disabled management grps

* Change error message

* Add new activity for group delete event
 2023-07-14 20:45:40 +02:00
Bethuel Mmbaga
bb9f6f6d0a
Add API Endpoint for Resending User Invitations in Auth0 (#989) 
* add request handler for sending invite

* add InviteUser method to account manager interface

* add InviteUser mock

* add invite user endpoint to user handler

* add InviteUserByID to manager interface

* implement InviteUserByID in all idp managers

* resend user invitation

* add invite user handler tests

* refactor

* user userID for sending invitation

* fix typo

* refactor

* pass userId in url params
 2023-07-03 12:20:19 +02:00
Maycon Santos
a366d9e208
Prevent sending nameserver configuration when peer is set as NS (#962) 
* Prevent sending nameserver configuration when peer is set as NS

* Add DNS filter tests
 2023-06-28 17:29:02 +02:00
Misha Bragin
d409219b51
Don't create setup keys on new account (#972) 2023-06-27 17:17:24 +02:00
Givi Khojanashvili
8b619a8224
JWT Groups support (#966) 
Get groups from the JWT tokens if the feature enabled for the account
 2023-06-27 18:51:05 +04:00
Bethuel
58cfa2bb17
Add Google Workspace IdP (#949) 
Added integration with Google Workspace user directory API.
 2023-06-20 19:15:36 +02:00
Maycon Santos
09ca2d222a
Update the API description with the correct API state (#958) 2023-06-16 18:26:50 +02:00
Zoltan Papp
481465e1ae
Feature/android dns (#943) 
Support DNS feature on mobile systems

---------

Co-authored-by: Givi Khojanashvili <gigovich@gmail.com>
 2023-06-12 14:43:55 +02:00
Givi Khojanashvili
803bbe0fff
Fix validation for ACL policy rules ports (#938) 2023-06-07 08:57:43 +02:00
Misha Bragin
8817765aeb
Add comment clarifying AddPeer race check (#927) 2023-06-02 18:04:24 +02:00
Bethuel
51502af218
Support IDP manager configuration with configure.sh (#843) 
support IDP management configuration using configure.sh script

Add initial Zitadel configuration script
 2023-06-02 17:34:36 +02:00
Misha Bragin
612ae253fe
Reject adding peer if already exists with the pub key (#925) 2023-06-02 17:32:55 +02:00
Pascal Fischer
5028450133 add examples 2023-06-02 01:50:15 +02:00
Pascal Fischer
2dcfa1efa3 fix summary 2023-06-02 01:32:48 +02:00
Pascal Fischer
75fbaf811b update openapi 2023-06-02 01:09:18 +02:00
Givi Khojanashvili
293499c3c0
Extend protocol and firewall manager to handle old management (#915) 
* Extend protocol and firewall manager to handle old management

* Send correct empty firewall rules list when delete peer

* Add extra tests for firewall manager and uspfilter

* Work with inconsistent state

* Review note

* Update comment
 2023-05-31 19:04:38 +02:00
Zoltan Papp
45a6263adc
Feature/android route notification (#868) 
Add new feature to notify the user when new client route has arrived.
Refactor the initial route handling. I move every route logic into the route
manager package.

* Add notification management for client rules
* Export the route notification for Android
* Compare the notification based on network range instead of id.
 2023-05-31 18:25:24 +02:00
pascal-fischer
e87647c853
Merge pull request #913 from netbirdio/feature/add_selfhosted_metrics_for_pat_and_service_user 
Add selfhosted metrics for PATs and service users
 2023-05-31 14:41:34 +02:00
Pascal Fischer
9e045479cc fix pats counting 2023-05-30 19:44:40 +02:00
Pascal Fischer
fe596c38c6 update rules count 2023-05-30 19:36:09 +02:00
Pascal Fischer
6fd13f563e use new policy-rule object 2023-05-30 19:09:16 +02:00
Pascal Fischer
22e81f493b fix metric creation from maps 2023-05-30 19:07:00 +02:00
Pascal Fischer
51f780dae9 initialize maps 2023-05-30 18:53:23 +02:00
Pascal Fischer
f164fad2c2 add some more metrics 2023-05-30 18:49:50 +02:00
Pascal Fischer
452b045bb0 expose service users metrics 2023-05-30 16:40:48 +02:00
Givi Khojanashvili
874c290205
Exclude second last IP from allocation to use it in the Fake DNS (#912) 2023-05-30 18:26:44 +04:00
Pascal Fischer
7a9b05c56d add selfhosted metric for pat and service users 2023-05-30 16:22:34 +02:00
Bethuel
79736197cd
Read config from generic configs (#909) 2023-05-29 16:01:04 +02:00
Givi Khojanashvili
ba7a39a4fc
Feat linux firewall support (#805) 
Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
 2023-05-29 16:00:18 +02:00
Bethuel
2eb9a97fee
Add Okta IdP (#859) 2023-05-29 14:52:04 +02:00
Bethuel
49c71b9b9d
Add Authentik IdP (#897) 2023-05-29 14:35:30 +02:00
Bethuel
3bebbe0409
Refactor IdP Config Structure (#879) 2023-05-29 13:48:19 +02:00
Pascal Fischer
7bdb0dd358 merge openapi with version from docs repo 2023-05-26 15:32:52 +02:00
Misha Bragin
f66574b094
Count only successful HTTP request durations (#886) 2023-05-22 16:26:36 +02:00
Misha Bragin
48265b32f3
Measure write requests separately from read requests (#880) 2023-05-19 16:56:15 +02:00
Misha Bragin
03a42de5a0
Add telemetry to measure app durations (#878) 2023-05-19 11:42:25 +02:00
Maycon Santos
48a8b52740
Avoid storing account if no peer meta or expiration change (#875) 
* Avoid storing account if no peer meta or expiration change

* remove extra log

* Update management/server/peer.go

Co-authored-by: Misha Bragin <bangvalo@gmail.com>

* Clarify why we need to skip account update

---------

Co-authored-by: Misha Bragin <bangvalo@gmail.com>
 2023-05-18 19:31:35 +02:00
Misha Bragin
6e9f7531f5
Track user block/unblock activity event (#865) 2023-05-17 09:54:20 +02:00
Pascal Fischer
873abc43bf move into separate package 2023-05-16 12:57:56 +02:00
Pascal Fischer
2fef52b856 remove dependency to external base62 package and create own methods in utils 2023-05-16 12:44:26 +02:00
Bethuel
2570363861 fix assign correct issuer url to auth0 AuthIssuer 2023-05-12 18:07:11 +03:00