extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-10-05 09:42:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
976 Commits 112 Branches 189 Tags 206 MiB
48098c994d
Commit Graph

367 Commits

Author SHA1 Message Date
Misha Bragin
e3d2b6a408
Block user through HTTP API (#846) 
The new functionality allows blocking a user in the Management service.
Blocked users lose access to the Dashboard, aren't able to modify the network map,
and all of their connected devices disconnect and are set to the "login expired" state.

Technically all above was achieved with the updated PUT /api/users endpoint,
that was extended with the is_blocked field.
 2023-05-11 18:09:36 +02:00
Bethuel
2c50d7af1e
Automatically load IdP OIDC configuration (#847) 2023-05-11 15:14:00 +02:00
pascal-fischer
e4c28f64fa
Fix user cache lookup filtering for service users (#849) 2023-05-10 19:27:17 +02:00
Bethuel
f4ec1699ca
Add Zitadel IdP (#833) 
Added intergration with Zitadel management API.

Use the steps in zitadel.md for configuration.
 2023-05-05 19:27:28 +02:00
Bethuel
873b56f856
Add Azure Idp Manager (#822) 
Added intergration with Azure IDP user API.

Use the steps in azure-ad.md for configuration:
cb03373f8f/docs/integrations/identity-providers/self-hosted/azure-ad.md
 2023-05-03 14:51:44 +02:00
pascal-fischer
59372ee159
API cleanup (#824) 
removed all PATCH endpoints
updated path parameters for all endpoints
removed not implemented endpoints for api doc
minor description updates
 2023-05-03 00:15:25 +02:00
pascal-fischer
08db5f5a42
Merge pull request #831 from netbirdio/fix/issue_with_account_creation_after_auth_refactor 
FIx account creation issue after auth refactor
 2023-05-02 19:14:54 +02:00
pascal-fischer
88678ef364
Merge pull request #808 from bcmmbaga/main 
Add support for refreshing signing keys on expiry
 2023-05-02 17:17:09 +02:00
Pascal Fischer
f1da4fd55d using old isAdmin function to create account 2023-05-02 16:49:29 +02:00
Zoltan Papp
7f5e1c623e
Use forked Wireguard-go for custom bind (#823) 
Update go version to 1.20
Use forked wireguard-go repo because of custom Bind implementation
 2023-04-27 17:50:45 +02:00
pascal-fischer
6fec0c682e
Merging full service user feature into main (#819) 
Merging full feature branch into main.
Adding full support for service users including backend objects, persistence, verification and api endpoints.
 2023-04-22 12:57:51 +02:00
Bethuel
45224e76d0 fallback to olde keys if failing to fetch refreshed keys 2023-04-21 13:34:52 +03:00
Bethuel
90c8cfd863 synchronize access to the signing keys 2023-04-19 17:11:38 +03:00
Zoltan Papp
4616bc5258
Add route management for Android interface (#801) 
Support client route management feature on Android
 2023-04-17 11:15:37 +02:00
Bethuel
f7196cd9a5 refactoring 2023-04-15 03:44:42 +03:00
Bethuel
53d78ad982 make variable unexported 2023-04-14 13:16:01 +03:00
Bethuel
9f352c1b7e validate keys for idp's with key rotation mechanism 2023-04-14 12:20:34 +03:00
Bethuel
a89808ecae initialize jwt validator with keys rotation state 2023-04-14 12:17:28 +03:00
Bethuel
c6190fa2ba add use-key-cache-headers flag to management command 2023-04-13 20:19:04 +03:00
Givi Khojanashvili
0343c5f239
Rollback simple ACL rules processing. (#803) 2023-04-12 09:39:17 +02:00
Misha Bragin
251f2d7bc2
Pass newly generated ID to network map when adding peer (#800) 2023-04-11 14:28:22 +02:00
Maycon Santos
306e02d32b
Update calculate server state (#796) 
Refactored updateServerStates and calculateState

added some checks to ensure we are not sending connecting on context canceled

removed some state updates from the RunClient function
 2023-04-10 18:22:25 +02:00
pascal-fischer
8375491708
Merge pull request #778 from netbirdio/fix/consistent_time_format_for_pat 
fix/use_utc_for_time_operations
 2023-04-10 18:11:41 +02:00
Pascal Fischer
6aba28ccb7 remove UTC from some not store related operations 2023-04-10 10:54:23 +02:00
Maycon Santos
32b345991a
Support remote scope and use id token configuration (#784) 
Some IDP requires different scope requests and
issue access tokens for different purposes

This change allow for remote configurable scopes
and the use of ID token
 2023-04-05 17:46:34 +02:00
Maycon Santos
fe1ea4a2d0
Check multiple audience values (#781) 
Some IDP use different audience for different clients. 
This update checks HTTP and Device authorization flow audience values.



---------

Co-authored-by: Givi Khojanashvili <gigovich@gmail.com>
 2023-04-04 16:40:56 +02:00
Pascal Fischer
489892553a use UTC everywhere in server 2023-04-03 15:09:35 +02:00
Pascal Fischer
b05e30ac5a do not use UTC for time to stay consistent 2023-04-03 12:44:55 +02:00
pascal-fischer
769388cd21
Merge pull request #776 from netbirdio/feature/activity_events_for_pat 
feature/activity_events_for_pat
 2023-04-03 12:27:51 +02:00
pascal-fischer
c54fb9643c
Merge pull request #774 from netbirdio/feature/add_pat_middleware 
Feature/add pat middleware
 2023-04-03 12:09:11 +02:00
Givi Khojanashvili
5dc0ff42a5
Fix broken auto-generated Rego rule (#769) 
Default Rego policy generated from the rules in some cases is broken.
This change fixes the Rego template for rules to generate policies.

Also, file store load constantly regenerates policy objects from rules.
It allows updating/fixing of the default Rego template during releases.
 2023-04-01 12:02:08 +02:00
Pascal Fischer
45badd2c39 add event store to user tests 2023-04-01 11:11:30 +02:00
Pascal Fischer
d3de035961 error responses always lower case + duplicate error response fix 2023-04-01 11:04:21 +02:00
Pascal Fischer
b2da0ae70f add activity events on PAT creation and deletion 2023-03-31 17:41:22 +02:00
Pascal Fischer
931c20c8fe fix test name 2023-03-31 12:45:10 +02:00
Pascal Fischer
2eaf4aa8d7 add test for auth middleware 2023-03-31 12:44:22 +02:00
Pascal Fischer
110067c00f change order for access control checks and aquire account lock after global lock 2023-03-31 12:03:53 +02:00
Pascal Fischer
32c96c15b8 disable linter errors by comment 2023-03-31 10:30:05 +02:00
Pascal Fischer
ca1dc5ac88 disable access control for token endpoint 2023-03-30 19:03:44 +02:00
Pascal Fischer
ce775d59ae revert codacy 2023-03-30 18:59:35 +02:00
Pascal Fischer
f273fe9f51 revert codacy 2023-03-30 18:54:55 +02:00
Pascal Fischer
e08af7fcdf codacy 2023-03-30 17:46:21 +02:00
Pascal Fischer
454240ca05 comments for codacy 2023-03-30 17:32:44 +02:00
Pascal Fischer
1343a3f00e add test + codacy 2023-03-30 16:43:39 +02:00
Pascal Fischer
2a79995706 fix linter 2023-03-30 16:22:15 +02:00
Pascal Fischer
e869882da1 fix merge 2023-03-30 16:14:51 +02:00
Pascal Fischer
6c8bb60632 fix merge 2023-03-30 16:06:46 +02:00
Pascal Fischer
4d7029d80c Merge branch 'main' into feature/add_pat_middleware 
# Conflicts:
#	management/server/grpcserver.go
#	management/server/http/middleware/jwt.go
 2023-03-30 16:06:21 +02:00
pascal-fischer
909f305728
Merge pull request #766 from netbirdio/feature/add_rest_endpoints_for_pat 
Feature/add rest endpoints for pat
 2023-03-30 15:55:48 +02:00
Pascal Fischer
5e2f66d591 fix codacy 2023-03-30 15:23:24 +02:00
Pascal Fischer
a7519859bc fix test 2023-03-30 14:15:44 +02:00
Pascal Fischer
9b000b89d5 Merge branch 'feature/add_rest_endpoints_for_pat' into feature/add_pat_middleware 
# Conflicts:
#	management/server/mock_server/account_mock.go
 2023-03-30 14:02:58 +02:00
Pascal Fischer
5c1acdbf2f move validation into account manager + func for get requests 2023-03-30 13:58:44 +02:00
Pascal Fischer
db3a9f0aa2 refactor jwt token validation and add PAT to middleware auth 2023-03-30 10:54:09 +02:00
Pascal Fischer
ecc4f8a10d fix Pat handler test 2023-03-29 19:13:01 +02:00
Pascal Fischer
03abdfa112 return empty object on all handlers instead of empty string 2023-03-29 18:46:40 +02:00
Pascal Fischer
9746a7f61a remove debug logs 2023-03-29 18:27:01 +02:00
Pascal Fischer
4ec6d5d20b remove debug logs 2023-03-29 18:23:10 +02:00
Pascal Fischer
3bab745142 last_used can be nil 2023-03-29 17:46:09 +02:00
Pascal Fischer
0ca3d27a80 update account mock 2023-03-29 15:25:44 +02:00
Pascal Fischer
c5942e6b33 store hashed token base64 encoded 2023-03-29 15:21:53 +02:00
Pascal Fischer
726ffb5740 add comments for exported functions 2023-03-29 15:06:54 +02:00
Pascal Fischer
42ba0765c8 fix linter 2023-03-28 14:54:06 +02:00
Pascal Fischer
514403db37 use object instead of plain token for create response + handler test 2023-03-28 14:47:15 +02:00
Pascal Fischer
6a75ec4ab7 fix http error codes 2023-03-27 17:42:05 +02:00
Pascal Fischer
b66e984ddd set limits for expiration 2023-03-27 17:28:24 +02:00
Pascal Fischer
c65a934107 refactor to use name instead of description 2023-03-27 16:28:49 +02:00
Pascal Fischer
9e74f30d2f fix delete token parameter lookup 2023-03-27 15:19:19 +02:00
Maycon Santos
a27fe4326c
Add JWT middleware validation failure log (#760) 
We will log the middleware log now, but in the next
releases we should provide a generic error that can be
parsed by the dashboard.
 2023-03-23 18:26:41 +01:00
Misha Bragin
e6292e3124
Disable peer expiration of peers added with setup keys (#758) 2023-03-23 17:47:53 +01:00
Maycon Santos
628b497e81
Adjustments for the change server flow (#756) 
Check SSO support by calling the internal.GetDeviceAuthorizationFlowInfo

Rename LoginSaveConfigIfSSOSupported to SaveConfigIfSSOSupported

Receive device name as input for setup-key login

have a default android name when no context value is provided

log non parsed errors from management registration calls
 2023-03-23 16:35:06 +01:00
Bethuel
8f66dea11c
Add Keycloak Idp Manager (#746) 
Added intergration with keycloak user API.
 2023-03-23 14:54:31 +01:00
Pascal Fischer
de8608f99f add rest endpoints and update openapi doc 2023-03-21 16:02:19 +01:00
pascal-fischer
9c5adfea2b
Merge pull request #745 from netbirdio/feature/pat_persistence 
PAT persistence
 2023-03-21 14:38:24 +01:00
Pascal Fischer
8e4710763e use single line return for SaveAccount 2023-03-21 14:02:34 +01:00
Pascal Fischer
82af60838e use "ok" convention for check variables throughout files_store 2023-03-21 14:00:59 +01:00
Pascal Fischer
311b67fe5a change error messages 2023-03-21 13:56:31 +01:00
Pascal Fischer
94d39ab48c improve style for tests 2023-03-21 13:34:48 +01:00
Pascal Fischer
41a47be379 add function comments, implement account mock functions and added error handling in tests 2023-03-20 16:38:17 +01:00
Pascal Fischer
e30def175b switch PATs to map and add deletion 2023-03-20 16:14:55 +01:00
Pascal Fischer
e1ef091d45 remove unnecessary string conversion 2023-03-20 12:08:01 +01:00
pascal-fischer
511ba6d51f
Delete pat_handler.go 2023-03-20 11:47:54 +01:00
Pascal Fischer
b852198f67 codacy and lint hints 2023-03-20 11:44:12 +01:00
Zoltan Papp
747797271e
Fix connstate indication (#732) 
Fix the status indication in the client service. The status of the
management server and the signal server was incorrect if the network
connection was broken. Basically the status update was not used by
the management and signal library.
 2023-03-16 17:22:36 +01:00
Pascal Fischer
628a201e31 fix PAT array split 2023-03-16 16:59:32 +01:00
Pascal Fischer
453643683d add method to account mock 2023-03-16 16:44:05 +01:00
Pascal Fischer
b8cab2882b storing and retrieving PATs 2023-03-16 15:57:44 +01:00
Pascal Fischer
3b42d5e48a fix imports after merge 2023-03-16 11:59:12 +01:00
pascal-fischer
f8db5742b5
Merge branch 'main' into feature/add_PAT_generation 2023-03-16 11:36:43 +01:00
Pascal Fischer
bc3cec23ec use slice copy 2023-03-16 11:32:55 +01:00
Zoltan Papp
292ee260ad
Add version info command to signal server (#739) 
Add version command to signal and management servers.

The version information will be filled during build time.
 2023-03-15 07:54:51 +01:00
Givi Khojanashvili
2a1efbd0fd
Don't drop Rules from file storage after migration to Policies (#741) 
Rego policy migration clears the rules property of the file storage, but it does not allow rollback management upgrade, so this changes pre-saves rules in the file store and updates it from the policies.
 2023-03-15 09:42:40 +04:00
Givi Khojanashvili
3bfa26b13b
Feat rego default policy (#700) 
Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
 2023-03-13 18:14:18 +04:00
Misha Bragin
221934447e
Send remote agents updates when peer re-authenticates (#737) 
When peer login expires, all remote peers are updated to exclude the peer from connecting.
Once a peer re-authenticates, the remote peers are not updated.
This peer fixes the behavior.
 2023-03-10 17:39:29 +01:00
Misha Bragin
9ce8056b17
Use global login expiration setting when sending network map (#731) 
Peers were considered expired and not sent to remote peers
when global expiration was disabled.
 2023-03-09 11:24:42 +01:00
Pascal Fischer
62de082961 fix account test 2023-03-08 12:21:44 +01:00
Pascal Fischer
c4d9b76634 add comment for exported const 2023-03-08 12:09:22 +01:00
Pascal Fischer
b4bb5c6bb8 use const and do array copy 2023-03-08 11:54:10 +01:00
Pascal Fischer
2b1965c941 switch secret generation to use lib 2023-03-08 11:36:03 +01:00
Pascal Fischer
83e7e30218 store hashedToken as string 2023-03-08 11:30:09 +01:00