Commit Graph

1760 Commits

Author SHA1 Message Date
06055af361 Super user invites (#483)
This PR brings user invites logic to the Management service
via HTTP API. 
The POST /users/ API endpoint creates a new user in the Idp
and then in the local storage. 
Once the invited user signs ups, the account invitation is redeemed.
There are a few limitations.
This works only with an enabled IdP manager.
Users that already have a registered account can't be invited.
v0.9.8
2022-10-13 18:26:31 +02:00
abd1230a69 Disable uninstall message when upgrade is silent (#505)
Fix a problem with $INSTDIR pointing to subfolder
2022-10-13 15:00:39 +02:00
f7de12daf8 Support custom redirect URIs (#499) 2022-10-12 12:25:46 +02:00
c49fb0c40c Get windows version from registry (#502)
Avoid problems with localization by retrieving
version information from registry

Return a default 0.0.0.0 if operation fails
2022-10-12 12:25:33 +02:00
6e9a162877 Seticon only when status changes (#504)
* Seticon only when status changes

This prevents a memory leak with the systray lib
when setting the icon every 2 seconds causes a large memory consumption

see https://github.com/getlantern/systray/issues/135

* Use fork with permanent fix
2022-10-12 12:25:06 +02:00
b4e03f4616 Feature/add nameservers API endpoint (#491)
Add nameservers endpoint and Open API definition

updated open api generator cli
2022-10-10 11:06:54 +02:00
369a7ef345 Add SSO MFA demo gif (#489) 2022-10-10 11:06:25 +02:00
c88e6a7342 Run tests only on branch main and on pull requests (#492)
* Use reusable workflow and control push and pr test exec

* use format

* use path ref

* Run tests on push to main and on PRs
2022-10-03 00:17:16 +05:00
2cd9b11e7d Add DNS nameserver support to management (#484)
Add DNS package and Nameserver group objects

Add CRUD operations for Nameserver Groups to account manager

Add Routes and Nameservers to Account Copy method

Run docker tests with timeout and serial flags
2022-09-30 16:47:11 +05:00
93d20e370b Add incoming routing rules (#486)
add an income firewall rule for each routing pair
the pair for the income rule has inverted
source and destination
v0.9.7
2022-09-30 14:39:15 +05:00
878ca6db22 Check if domain from claim is valid (#485)
If domain is invalid we call GetAccountByUserOrAccountId
2022-09-29 13:51:18 +05:00
2033650908 Remove IdP client secret validation v0.9.6 2022-09-26 18:58:14 +02:00
34c1c7d901 Add hostname, userID, ui version to the HTTP API peer response (#479) v0.9.5 2022-09-26 18:02:45 +02:00
051fd3a4d7 Fix Management and Signal gRPC client stream leak (#482) 2022-09-26 18:02:20 +02:00
af69a48745 Support user role update (#478) 2022-09-23 14:18:42 +02:00
68ff97ba84 Parse and received provider proper error message (#476) 2022-09-23 14:18:29 +02:00
c5705803a5 Output plain NetBird IPv4 in status command (#474) v0.9.4 2022-09-22 09:25:52 +02:00
7e1ae448e0 Add extra logging to Sync and Login requests 2022-09-22 09:25:31 +02:00
518a2561a2 Add auto-assign groups to the User API (#467) 2022-09-22 09:06:32 +02:00
c75ffd0f4b Update ICE library (#471) 2022-09-20 11:40:18 +02:00
e4ad6174ca Improve module load (#470)
* Add additional check for needed kernel modules

* Check if wireguard and tun modules are loaded

If modules are loaded return true, otherwise attempt to load them

* fix state check

* Add module function tests

* Add test execution in container

* run client package tests on docker

* add package comment to new file

* force entrypoint

* add --privileged flag

* clean only if tables where created

* run from within the directories
v0.9.3
2022-09-15 01:26:11 +05:00
6de313070a Always return empty auto_groups if previously were nil (#468) v0.9.2 2022-09-13 17:19:03 +02:00
cd7d1a80c9 Assign groups to peers when registering with the setup key (#466) 2022-09-13 13:39:46 +02:00
be7d829858 Add SetupKey auto-groups property (#460) 2022-09-11 23:16:40 +02:00
ed1872560f Use the client network for log errors (#455) v0.9.1 2022-09-07 18:26:59 +02:00
de898899a4 update slack invite tittle 2022-09-05 18:44:04 +02:00
b63ec71aed Check if login stream was canceled before printing warn (#451) v0.9.0 2022-09-05 17:44:26 +02:00
1012172f04 Add routing peer support (#441)
Handle routes updates from management

Manage routing firewall rules

Manage peer RIB table

Add get peer and get notification channel from the status recorder

Update interface peers allowed IPs
2022-09-05 09:06:35 +02:00
788bb00ef1 Fix service install when sysV service bin exists (#450) v0.8.12 2022-09-05 08:56:07 +02:00
4e5ee70b3d Load WgPort from config file and exchange via signal (#449)
Added additional common blacklisted interfaces

Updated the signal protocol to pass the peer port and netbird version

Co-authored-by: braginini <bangvalo@gmail.com>
2022-09-02 19:33:35 +02:00
f1c00ae543 Update service library with rcS init system support (#447) v0.8.11 2022-09-02 14:03:02 +02:00
553a13588b Free up gRPC client resources on errors (#448) 2022-09-01 18:28:45 +02:00
586c0f5c3d Log remote address when not registered (#445) 2022-08-27 17:55:05 +02:00
c13f0b9f07 Use select for turn credentials and peers update (#443)
Also, prevent peer update when SSH is the same
2022-08-27 12:57:03 +02:00
dd4ff61b51 Do not autoload authissuer for the IDPManager config (#442) 2022-08-25 09:24:24 +02:00
e3657610bc Avoid pulling in management code in client (#437)
Avoid management code import for the legacy port value, hardcoding it
instead (it's literally spelled out in a comment below as well).
v0.8.10
2022-08-24 16:30:40 +02:00
e8733a37af Update scripts for the self-hosted Oauth 2.0 Device Auth Grant support (#439)
Support Oauth 2.0 Device Auth Grant in the
self-hosted scripts.
2022-08-24 14:37:18 +02:00
3def84b111 Support Generic OAuth 2.0 Device Authorization Grant (#433)
Support Generic OAuth 2.0 Device Authorization Grant
as per RFC specification https://www.rfc-editor.org/rfc/rfc8628.
The previous version supported only Auth0 as an IDP backend.
This implementation enables the Interactive SSO Login feature 
for any IDP compatible with the specification, e.g., Keycloak.
2022-08-23 15:46:12 +02:00
47add9a9c3 Don't create index if peer is empty (#435)
When checking for existing prefix routes
Return nil if peer is empty
2022-08-23 11:09:56 +02:00
09312b3e6d Add Network ID and rename Prefix to Network (#432)
Adding network ID will allow us to group

Renaming Prefix with Network
will keep things more clear and Consistent
v0.8.9
2022-08-22 14:10:24 +02:00
762a26dcea Fix Register/Deregister race on Signal (#431)
This PR fixes a race condition that happens
when agents connect to a Signal stream, multiple
times within a short amount of time. Common on
slow and unstable internet connections.
Every time an agent establishes a new connection
to Signal, Signal creates a Stream and writes an entry
to the registry of connected peers storing the stream.
Every time an agent disconnects, Signal removes the
stream from the registry.
Due to unstable connections, the agent could detect
a broken connection, and attempt to reconnect to Signal.
Signal will override the stream, but it might detect
the old broken connection later, causing peer deregistration.
It will deregister the peer leaving the client thinking
it is still connected, rejecting any messages.
2022-08-22 12:21:19 +02:00
000ea72aec Add routing Rest API support (#428)
Routing API will allow us to list, create, update, and delete routes.
2022-08-20 19:11:54 +02:00
4b34a6d6df Add routing support to management service (#424)
Management will receive and store routes that are associated with a peer ID.
The routes are distributed to peers according to their ACLs.
2022-08-18 18:22:15 +02:00
c39cd2f7b0 Support new properties for OIDC auth (#426)
This PR updates infrastructure_scripts to support
self-hosted setup with a generic OIDC provider.
v0.8.8
2022-08-17 21:44:20 +02:00
6dc3e8ca90 Enable HTTP/2 when loading TLS config from file (#423)
When creating TLSConfig from provided certificate file, the HTTP/2 support is not enabled.
It works with Certmanager because it adds h2 support.
We enable it the same way when creating TLSConfig from files.
v0.8.7
2022-08-15 19:36:00 +02:00
245863cd51 Update docker-compose to reflect new ports (#411) v0.8.6 2022-08-05 22:41:57 +02:00
14e322d3f7 Handle CORS requests before authentication (#413)
This helps our FE to get proper request responses
2022-08-05 22:41:04 +02:00
1be8c16e34 Decrease log level on peer status remove (#410) 2022-08-01 17:52:22 +02:00
851de3fd4e Output NetBird daemon and CLI versions on status command (#408) 2022-08-01 12:42:45 +02:00
c13288781f Fix checksum conflict and version injection (#409)
custom name_template for darwin ui release checksum file

fix darwin ui version injection to correct path
2022-08-01 12:20:30 +02:00