Misha Bragin
d409219b51
Don't create setup keys on new account ( #972 )
2023-06-27 17:17:24 +02:00
Givi Khojanashvili
8b619a8224
JWT Groups support ( #966 )
...
Get groups from the JWT tokens if the feature enabled for the account
2023-06-27 18:51:05 +04:00
Bethuel
58cfa2bb17
Add Google Workspace IdP ( #949 )
...
Added integration with Google Workspace user directory API.
2023-06-20 19:15:36 +02:00
Maycon Santos
09ca2d222a
Update the API description with the correct API state ( #958 )
2023-06-16 18:26:50 +02:00
Zoltan Papp
481465e1ae
Feature/android dns ( #943 )
...
Support DNS feature on mobile systems
---------
Co-authored-by: Givi Khojanashvili <gigovich@gmail.com>
2023-06-12 14:43:55 +02:00
Givi Khojanashvili
803bbe0fff
Fix validation for ACL policy rules ports ( #938 )
2023-06-07 08:57:43 +02:00
Misha Bragin
8817765aeb
Add comment clarifying AddPeer race check ( #927 )
2023-06-02 18:04:24 +02:00
Bethuel
51502af218
Support IDP manager configuration with configure.sh ( #843 )
...
support IDP management configuration using configure.sh script
Add initial Zitadel configuration script
2023-06-02 17:34:36 +02:00
Misha Bragin
612ae253fe
Reject adding peer if already exists with the pub key ( #925 )
2023-06-02 17:32:55 +02:00
Pascal Fischer
5028450133
add examples
2023-06-02 01:50:15 +02:00
Pascal Fischer
2dcfa1efa3
fix summary
2023-06-02 01:32:48 +02:00
Pascal Fischer
75fbaf811b
update openapi
2023-06-02 01:09:18 +02:00
Givi Khojanashvili
293499c3c0
Extend protocol and firewall manager to handle old management ( #915 )
...
* Extend protocol and firewall manager to handle old management
* Send correct empty firewall rules list when delete peer
* Add extra tests for firewall manager and uspfilter
* Work with inconsistent state
* Review note
* Update comment
2023-05-31 19:04:38 +02:00
Zoltan Papp
45a6263adc
Feature/android route notification ( #868 )
...
Add new feature to notify the user when new client route has arrived.
Refactor the initial route handling. I move every route logic into the route
manager package.
* Add notification management for client rules
* Export the route notification for Android
* Compare the notification based on network range instead of id.
2023-05-31 18:25:24 +02:00
pascal-fischer
e87647c853
Merge pull request #913 from netbirdio/feature/add_selfhosted_metrics_for_pat_and_service_user
...
Add selfhosted metrics for PATs and service users
2023-05-31 14:41:34 +02:00
Pascal Fischer
9e045479cc
fix pats counting
2023-05-30 19:44:40 +02:00
Pascal Fischer
fe596c38c6
update rules count
2023-05-30 19:36:09 +02:00
Pascal Fischer
6fd13f563e
use new policy-rule object
2023-05-30 19:09:16 +02:00
Pascal Fischer
22e81f493b
fix metric creation from maps
2023-05-30 19:07:00 +02:00
Pascal Fischer
51f780dae9
initialize maps
2023-05-30 18:53:23 +02:00
Pascal Fischer
f164fad2c2
add some more metrics
2023-05-30 18:49:50 +02:00
Pascal Fischer
452b045bb0
expose service users metrics
2023-05-30 16:40:48 +02:00
Givi Khojanashvili
874c290205
Exclude second last IP from allocation to use it in the Fake DNS ( #912 )
2023-05-30 18:26:44 +04:00
Pascal Fischer
7a9b05c56d
add selfhosted metric for pat and service users
2023-05-30 16:22:34 +02:00
Bethuel
79736197cd
Read config from generic configs ( #909 )
2023-05-29 16:01:04 +02:00
Givi Khojanashvili
ba7a39a4fc
Feat linux firewall support ( #805 )
...
Update the client's engine to apply firewall rules received from the manager (results of ACL policy).
2023-05-29 16:00:18 +02:00
Bethuel
2eb9a97fee
Add Okta IdP ( #859 )
2023-05-29 14:52:04 +02:00
Bethuel
49c71b9b9d
Add Authentik IdP ( #897 )
2023-05-29 14:35:30 +02:00
Bethuel
3bebbe0409
Refactor IdP Config Structure ( #879 )
2023-05-29 13:48:19 +02:00
Pascal Fischer
7bdb0dd358
merge openapi with version from docs repo
2023-05-26 15:32:52 +02:00
Misha Bragin
f66574b094
Count only successful HTTP request durations ( #886 )
2023-05-22 16:26:36 +02:00
Misha Bragin
48265b32f3
Measure write requests separately from read requests ( #880 )
2023-05-19 16:56:15 +02:00
Misha Bragin
03a42de5a0
Add telemetry to measure app durations ( #878 )
2023-05-19 11:42:25 +02:00
Maycon Santos
48a8b52740
Avoid storing account if no peer meta or expiration change ( #875 )
...
* Avoid storing account if no peer meta or expiration change
* remove extra log
* Update management/server/peer.go
Co-authored-by: Misha Bragin <bangvalo@gmail.com>
* Clarify why we need to skip account update
---------
Co-authored-by: Misha Bragin <bangvalo@gmail.com>
2023-05-18 19:31:35 +02:00
Misha Bragin
6e9f7531f5
Track user block/unblock activity event ( #865 )
2023-05-17 09:54:20 +02:00
Pascal Fischer
873abc43bf
move into separate package
2023-05-16 12:57:56 +02:00
Pascal Fischer
2fef52b856
remove dependency to external base62 package and create own methods in utils
2023-05-16 12:44:26 +02:00
Bethuel
2570363861
fix assign correct issuer url to auth0 AuthIssuer
2023-05-12 18:07:11 +03:00
Misha Bragin
e3d2b6a408
Block user through HTTP API ( #846 )
...
The new functionality allows blocking a user in the Management service.
Blocked users lose access to the Dashboard, aren't able to modify the network map,
and all of their connected devices disconnect and are set to the "login expired" state.
Technically all above was achieved with the updated PUT /api/users endpoint,
that was extended with the is_blocked field.
2023-05-11 18:09:36 +02:00
Bethuel
2c50d7af1e
Automatically load IdP OIDC configuration ( #847 )
2023-05-11 15:14:00 +02:00
pascal-fischer
e4c28f64fa
Fix user cache lookup filtering for service users ( #849 )
2023-05-10 19:27:17 +02:00
Bethuel
f4ec1699ca
Add Zitadel IdP ( #833 )
...
Added intergration with Zitadel management API.
Use the steps in zitadel.md for configuration.
2023-05-05 19:27:28 +02:00
Bethuel
873b56f856
Add Azure Idp Manager ( #822 )
...
Added intergration with Azure IDP user API.
Use the steps in azure-ad.md for configuration:
cb03373f8f/docs/integrations/identity-providers/self-hosted/azure-ad.md
2023-05-03 14:51:44 +02:00
pascal-fischer
59372ee159
API cleanup ( #824 )
...
removed all PATCH endpoints
updated path parameters for all endpoints
removed not implemented endpoints for api doc
minor description updates
2023-05-03 00:15:25 +02:00
pascal-fischer
08db5f5a42
Merge pull request #831 from netbirdio/fix/issue_with_account_creation_after_auth_refactor
...
FIx account creation issue after auth refactor
2023-05-02 19:14:54 +02:00
pascal-fischer
88678ef364
Merge pull request #808 from bcmmbaga/main
...
Add support for refreshing signing keys on expiry
2023-05-02 17:17:09 +02:00
Pascal Fischer
f1da4fd55d
using old isAdmin function to create account
2023-05-02 16:49:29 +02:00
Zoltan Papp
7f5e1c623e
Use forked Wireguard-go for custom bind ( #823 )
...
Update go version to 1.20
Use forked wireguard-go repo because of custom Bind implementation
2023-04-27 17:50:45 +02:00
pascal-fischer
6fec0c682e
Merging full service user feature into main ( #819 )
...
Merging full feature branch into main.
Adding full support for service users including backend objects, persistence, verification and api endpoints.
2023-04-22 12:57:51 +02:00
Bethuel
45224e76d0
fallback to olde keys if failing to fetch refreshed keys
2023-04-21 13:34:52 +03:00
Bethuel
90c8cfd863
synchronize access to the signing keys
2023-04-19 17:11:38 +03:00
Zoltan Papp
4616bc5258
Add route management for Android interface ( #801 )
...
Support client route management feature on Android
2023-04-17 11:15:37 +02:00
Bethuel
f7196cd9a5
refactoring
2023-04-15 03:44:42 +03:00
Bethuel
53d78ad982
make variable unexported
2023-04-14 13:16:01 +03:00
Bethuel
9f352c1b7e
validate keys for idp's with key rotation mechanism
2023-04-14 12:20:34 +03:00
Bethuel
a89808ecae
initialize jwt validator with keys rotation state
2023-04-14 12:17:28 +03:00
Bethuel
c6190fa2ba
add use-key-cache-headers flag to management command
2023-04-13 20:19:04 +03:00
Givi Khojanashvili
0343c5f239
Rollback simple ACL rules processing. ( #803 )
2023-04-12 09:39:17 +02:00
Misha Bragin
251f2d7bc2
Pass newly generated ID to network map when adding peer ( #800 )
2023-04-11 14:28:22 +02:00
Maycon Santos
306e02d32b
Update calculate server state ( #796 )
...
Refactored updateServerStates and calculateState
added some checks to ensure we are not sending connecting on context canceled
removed some state updates from the RunClient function
2023-04-10 18:22:25 +02:00
pascal-fischer
8375491708
Merge pull request #778 from netbirdio/fix/consistent_time_format_for_pat
...
fix/use_utc_for_time_operations
2023-04-10 18:11:41 +02:00
Pascal Fischer
6aba28ccb7
remove UTC from some not store related operations
2023-04-10 10:54:23 +02:00
Maycon Santos
32b345991a
Support remote scope and use id token configuration ( #784 )
...
Some IDP requires different scope requests and
issue access tokens for different purposes
This change allow for remote configurable scopes
and the use of ID token
2023-04-05 17:46:34 +02:00
Maycon Santos
fe1ea4a2d0
Check multiple audience values ( #781 )
...
Some IDP use different audience for different clients.
This update checks HTTP and Device authorization flow audience values.
---------
Co-authored-by: Givi Khojanashvili <gigovich@gmail.com>
2023-04-04 16:40:56 +02:00
Pascal Fischer
489892553a
use UTC everywhere in server
2023-04-03 15:09:35 +02:00
Pascal Fischer
b05e30ac5a
do not use UTC for time to stay consistent
2023-04-03 12:44:55 +02:00
pascal-fischer
769388cd21
Merge pull request #776 from netbirdio/feature/activity_events_for_pat
...
feature/activity_events_for_pat
2023-04-03 12:27:51 +02:00
pascal-fischer
c54fb9643c
Merge pull request #774 from netbirdio/feature/add_pat_middleware
...
Feature/add pat middleware
2023-04-03 12:09:11 +02:00
Givi Khojanashvili
5dc0ff42a5
Fix broken auto-generated Rego rule ( #769 )
...
Default Rego policy generated from the rules in some cases is broken.
This change fixes the Rego template for rules to generate policies.
Also, file store load constantly regenerates policy objects from rules.
It allows updating/fixing of the default Rego template during releases.
2023-04-01 12:02:08 +02:00
Pascal Fischer
45badd2c39
add event store to user tests
2023-04-01 11:11:30 +02:00
Pascal Fischer
d3de035961
error responses always lower case + duplicate error response fix
2023-04-01 11:04:21 +02:00
Pascal Fischer
b2da0ae70f
add activity events on PAT creation and deletion
2023-03-31 17:41:22 +02:00
Pascal Fischer
931c20c8fe
fix test name
2023-03-31 12:45:10 +02:00
Pascal Fischer
2eaf4aa8d7
add test for auth middleware
2023-03-31 12:44:22 +02:00
Pascal Fischer
110067c00f
change order for access control checks and aquire account lock after global lock
2023-03-31 12:03:53 +02:00
Pascal Fischer
32c96c15b8
disable linter errors by comment
2023-03-31 10:30:05 +02:00
Pascal Fischer
ca1dc5ac88
disable access control for token endpoint
2023-03-30 19:03:44 +02:00
Pascal Fischer
ce775d59ae
revert codacy
2023-03-30 18:59:35 +02:00
Pascal Fischer
f273fe9f51
revert codacy
2023-03-30 18:54:55 +02:00
Pascal Fischer
e08af7fcdf
codacy
2023-03-30 17:46:21 +02:00
Pascal Fischer
454240ca05
comments for codacy
2023-03-30 17:32:44 +02:00
Pascal Fischer
1343a3f00e
add test + codacy
2023-03-30 16:43:39 +02:00
Pascal Fischer
2a79995706
fix linter
2023-03-30 16:22:15 +02:00
Pascal Fischer
e869882da1
fix merge
2023-03-30 16:14:51 +02:00
Pascal Fischer
6c8bb60632
fix merge
2023-03-30 16:06:46 +02:00
Pascal Fischer
4d7029d80c
Merge branch 'main' into feature/add_pat_middleware
...
# Conflicts:
# management/server/grpcserver.go
# management/server/http/middleware/jwt.go
2023-03-30 16:06:21 +02:00
pascal-fischer
909f305728
Merge pull request #766 from netbirdio/feature/add_rest_endpoints_for_pat
...
Feature/add rest endpoints for pat
2023-03-30 15:55:48 +02:00
Pascal Fischer
5e2f66d591
fix codacy
2023-03-30 15:23:24 +02:00
Pascal Fischer
a7519859bc
fix test
2023-03-30 14:15:44 +02:00
Pascal Fischer
9b000b89d5
Merge branch 'feature/add_rest_endpoints_for_pat' into feature/add_pat_middleware
...
# Conflicts:
# management/server/mock_server/account_mock.go
2023-03-30 14:02:58 +02:00
Pascal Fischer
5c1acdbf2f
move validation into account manager + func for get requests
2023-03-30 13:58:44 +02:00
Pascal Fischer
db3a9f0aa2
refactor jwt token validation and add PAT to middleware auth
2023-03-30 10:54:09 +02:00
Pascal Fischer
ecc4f8a10d
fix Pat handler test
2023-03-29 19:13:01 +02:00
Pascal Fischer
03abdfa112
return empty object on all handlers instead of empty string
2023-03-29 18:46:40 +02:00
Pascal Fischer
9746a7f61a
remove debug logs
2023-03-29 18:27:01 +02:00
Pascal Fischer
4ec6d5d20b
remove debug logs
2023-03-29 18:23:10 +02:00
Pascal Fischer
3bab745142
last_used can be nil
2023-03-29 17:46:09 +02:00
Pascal Fischer
0ca3d27a80
update account mock
2023-03-29 15:25:44 +02:00
Pascal Fischer
c5942e6b33
store hashed token base64 encoded
2023-03-29 15:21:53 +02:00
Pascal Fischer
726ffb5740
add comments for exported functions
2023-03-29 15:06:54 +02:00
Pascal Fischer
42ba0765c8
fix linter
2023-03-28 14:54:06 +02:00
Pascal Fischer
514403db37
use object instead of plain token for create response + handler test
2023-03-28 14:47:15 +02:00
Pascal Fischer
6a75ec4ab7
fix http error codes
2023-03-27 17:42:05 +02:00
Pascal Fischer
b66e984ddd
set limits for expiration
2023-03-27 17:28:24 +02:00
Pascal Fischer
c65a934107
refactor to use name instead of description
2023-03-27 16:28:49 +02:00
Pascal Fischer
9e74f30d2f
fix delete token parameter lookup
2023-03-27 15:19:19 +02:00
Maycon Santos
a27fe4326c
Add JWT middleware validation failure log ( #760 )
...
We will log the middleware log now, but in the next
releases we should provide a generic error that can be
parsed by the dashboard.
2023-03-23 18:26:41 +01:00
Misha Bragin
e6292e3124
Disable peer expiration of peers added with setup keys ( #758 )
2023-03-23 17:47:53 +01:00
Maycon Santos
628b497e81
Adjustments for the change server flow ( #756 )
...
Check SSO support by calling the internal.GetDeviceAuthorizationFlowInfo
Rename LoginSaveConfigIfSSOSupported to SaveConfigIfSSOSupported
Receive device name as input for setup-key login
have a default android name when no context value is provided
log non parsed errors from management registration calls
2023-03-23 16:35:06 +01:00
Bethuel
8f66dea11c
Add Keycloak Idp Manager ( #746 )
...
Added intergration with keycloak user API.
2023-03-23 14:54:31 +01:00
Pascal Fischer
de8608f99f
add rest endpoints and update openapi doc
2023-03-21 16:02:19 +01:00
pascal-fischer
9c5adfea2b
Merge pull request #745 from netbirdio/feature/pat_persistence
...
PAT persistence
2023-03-21 14:38:24 +01:00
Pascal Fischer
8e4710763e
use single line return for SaveAccount
2023-03-21 14:02:34 +01:00
Pascal Fischer
82af60838e
use "ok" convention for check variables throughout files_store
2023-03-21 14:00:59 +01:00
Pascal Fischer
311b67fe5a
change error messages
2023-03-21 13:56:31 +01:00
Pascal Fischer
94d39ab48c
improve style for tests
2023-03-21 13:34:48 +01:00
Pascal Fischer
41a47be379
add function comments, implement account mock functions and added error handling in tests
2023-03-20 16:38:17 +01:00
Pascal Fischer
e30def175b
switch PATs to map and add deletion
2023-03-20 16:14:55 +01:00
Pascal Fischer
e1ef091d45
remove unnecessary string conversion
2023-03-20 12:08:01 +01:00
pascal-fischer
511ba6d51f
Delete pat_handler.go
2023-03-20 11:47:54 +01:00
Pascal Fischer
b852198f67
codacy and lint hints
2023-03-20 11:44:12 +01:00
Zoltan Papp
747797271e
Fix connstate indication ( #732 )
...
Fix the status indication in the client service. The status of the
management server and the signal server was incorrect if the network
connection was broken. Basically the status update was not used by
the management and signal library.
2023-03-16 17:22:36 +01:00
Pascal Fischer
628a201e31
fix PAT array split
2023-03-16 16:59:32 +01:00
Pascal Fischer
453643683d
add method to account mock
2023-03-16 16:44:05 +01:00
Pascal Fischer
b8cab2882b
storing and retrieving PATs
2023-03-16 15:57:44 +01:00
Pascal Fischer
3b42d5e48a
fix imports after merge
2023-03-16 11:59:12 +01:00
pascal-fischer
f8db5742b5
Merge branch 'main' into feature/add_PAT_generation
2023-03-16 11:36:43 +01:00
Pascal Fischer
bc3cec23ec
use slice copy
2023-03-16 11:32:55 +01:00
Zoltan Papp
292ee260ad
Add version info command to signal server ( #739 )
...
Add version command to signal and management servers.
The version information will be filled during build time.
2023-03-15 07:54:51 +01:00
Givi Khojanashvili
2a1efbd0fd
Don't drop Rules from file storage after migration to Policies ( #741 )
...
Rego policy migration clears the rules property of the file storage, but it does not allow rollback management upgrade, so this changes pre-saves rules in the file store and updates it from the policies.
2023-03-15 09:42:40 +04:00
Givi Khojanashvili
3bfa26b13b
Feat rego default policy ( #700 )
...
Converts rules to Rego policies and allow users to write raw policies to set up connectivity and firewall on the clients.
2023-03-13 18:14:18 +04:00
Misha Bragin
221934447e
Send remote agents updates when peer re-authenticates ( #737 )
...
When peer login expires, all remote peers are updated to exclude the peer from connecting.
Once a peer re-authenticates, the remote peers are not updated.
This peer fixes the behavior.
2023-03-10 17:39:29 +01:00
Misha Bragin
9ce8056b17
Use global login expiration setting when sending network map ( #731 )
...
Peers were considered expired and not sent to remote peers
when global expiration was disabled.
2023-03-09 11:24:42 +01:00
Pascal Fischer
62de082961
fix account test
2023-03-08 12:21:44 +01:00
Pascal Fischer
c4d9b76634
add comment for exported const
2023-03-08 12:09:22 +01:00
Pascal Fischer
b4bb5c6bb8
use const and do array copy
2023-03-08 11:54:10 +01:00
Pascal Fischer
2b1965c941
switch secret generation to use lib
2023-03-08 11:36:03 +01:00
Pascal Fischer
83e7e30218
store hashedToken as string
2023-03-08 11:30:09 +01:00
Misha Bragin
ed4f90b6aa
Report offline peers to agents ( #728 )
...
The peer login expiration ACL check introduced in #714
filters out peers that are expired and agents receive a network map
without that expired peers.
However, the agents should see those peers in status "Disconnected".
This PR extends the Agent <-> Management protocol
by introducing a new field OfflinePeers
that contain expired peers. Agents keep track of those and display
then just in the Status response.
2023-03-07 10:17:25 +01:00
Pascal Fischer
ed470d7dbe
add comments for exported functions
2023-03-06 14:46:04 +01:00
Pascal Fischer
cb8abacadd
extend User Copy function
2023-03-06 14:01:18 +01:00
Pascal Fischer
bcac5f7b32
fixed some namings
2023-03-06 13:51:32 +01:00
Pascal Fischer
95d87384ab
fixed some namings
2023-03-06 13:49:07 +01:00
Misha Bragin
e914adb5cd
Move Login business logic from gRPC API to Accountmanager ( #713 )
...
The Management gRPC API has too much business logic
happening while it has to be in the Account manager.
This also needs to make more requests to the store
through the account manager.
2023-03-03 18:35:38 +01:00
Pascal Fischer
2f2d45de9e
updated PAT struct to only use user id instead of user
2023-03-03 16:37:39 +01:00
Pascal Fischer
b3f339c753
improved code for token checksum calc
2023-03-03 14:51:33 +01:00
Pascal Fischer
e0fc779f58
add id to the PAT
2023-03-02 16:19:31 +01:00
Misha Bragin
fe22eb3b98
Check peer expiration after ACL check ( #714 )
...
Bug 1: When calculating the network map, peers added by a setup key
were falling under expiration logic while they shouldn't.
Bug 2: Peers HTTP API didn't return expired peers for non-admin users
because of the expired peer check in the ACL logic.
The fix applies peer expiration checks outside of the ACL logic.
2023-03-02 12:45:10 +01:00
Pascal Fischer
69be2a8071
add generating token (only frame for now, actual token is only dummy)
2023-03-01 20:12:04 +01:00
Misha Bragin
1bda8fd563
Remove stale peer indices when getting peer by key after removing ( #711 )
...
When we delete a peer from an account, we save the account in the file store.
The file store maintains peerID -> accountID and peerKey -> accountID indices.
Those can't be updated when we delete a peer because the store saves the whole account
without a peer already and has no access to the removed peer.
In this PR, we dynamically check if there are stale indices when GetAccountByPeerPubKey
and GetAccountByPeerID.
2023-03-01 12:11:32 +01:00