pascal-fischer
f89c200ce9
Fix api Auth with PAT when a custom UserIDClaim is configured in management.json ( #1120 )
...
The API authentication with PATs was not considering different userIDClaim
that some of the IdPs are using.
In this PR we read the userIDClaim from the config file
instead of using the fixed default and only keep
it as a fallback if none in defined.
2023-09-01 18:09:59 +02:00
Maycon Santos
2541c78dd0
Use error level for JWT parsing error logs ( #1026 )
2023-07-22 17:56:27 +02:00
Misha Bragin
e3d2b6a408
Block user through HTTP API ( #846 )
...
The new functionality allows blocking a user in the Management service.
Blocked users lose access to the Dashboard, aren't able to modify the network map,
and all of their connected devices disconnect and are set to the "login expired" state.
Technically all above was achieved with the updated PUT /api/users endpoint,
that was extended with the is_blocked field.
2023-05-11 18:09:36 +02:00
Pascal Fischer
f1da4fd55d
using old isAdmin function to create account
2023-05-02 16:49:29 +02:00
pascal-fischer
6fec0c682e
Merging full service user feature into main ( #819 )
...
Merging full feature branch into main.
Adding full support for service users including backend objects, persistence, verification and api endpoints.
2023-04-22 12:57:51 +02:00
Pascal Fischer
6aba28ccb7
remove UTC from some not store related operations
2023-04-10 10:54:23 +02:00
Pascal Fischer
489892553a
use UTC everywhere in server
2023-04-03 15:09:35 +02:00
Pascal Fischer
d3de035961
error responses always lower case + duplicate error response fix
2023-04-01 11:04:21 +02:00
Pascal Fischer
931c20c8fe
fix test name
2023-03-31 12:45:10 +02:00
Pascal Fischer
2eaf4aa8d7
add test for auth middleware
2023-03-31 12:44:22 +02:00
Pascal Fischer
110067c00f
change order for access control checks and aquire account lock after global lock
2023-03-31 12:03:53 +02:00
Pascal Fischer
32c96c15b8
disable linter errors by comment
2023-03-31 10:30:05 +02:00
Pascal Fischer
ca1dc5ac88
disable access control for token endpoint
2023-03-30 19:03:44 +02:00
Pascal Fischer
f273fe9f51
revert codacy
2023-03-30 18:54:55 +02:00
Pascal Fischer
e08af7fcdf
codacy
2023-03-30 17:46:21 +02:00
Pascal Fischer
454240ca05
comments for codacy
2023-03-30 17:32:44 +02:00
Pascal Fischer
1343a3f00e
add test + codacy
2023-03-30 16:43:39 +02:00
Pascal Fischer
6c8bb60632
fix merge
2023-03-30 16:06:46 +02:00
Pascal Fischer
4d7029d80c
Merge branch 'main' into feature/add_pat_middleware
...
# Conflicts:
# management/server/grpcserver.go
# management/server/http/middleware/jwt.go
2023-03-30 16:06:21 +02:00
Pascal Fischer
db3a9f0aa2
refactor jwt token validation and add PAT to middleware auth
2023-03-30 10:54:09 +02:00
Maycon Santos
a27fe4326c
Add JWT middleware validation failure log ( #760 )
...
We will log the middleware log now, but in the next
releases we should provide a generic error that can be
parsed by the dashboard.
2023-03-23 18:26:41 +01:00
Givi Khojanashvili
3ec8274b8e
Feature: add custom id claim ( #667 )
...
This feature allows using the custom claim in the JWT token as a user ID.
Refactor claims extractor with options support
Add is_current to the user API response
2023-02-03 21:47:20 +01:00
Maycon Santos
0be46c083d
Generate validation certificate from mandatory JWK fields ( #614 )
...
When there is no X5c we will use N and E fields of
a JWK to generate the public RSA and a Pem certificate
2022-12-07 22:06:43 +01:00
Misha Bragin
509d23c7cf
Replace gRPC errors in business logic with internal ones ( #558 )
2022-11-11 20:36:45 +01:00
Misha Bragin
4321b71984
Hide content based on user role ( #541 )
2022-11-05 10:24:50 +01:00
Misha Bragin
6aa7a2c5e1
Hide setup key from non-admin users ( #539 )
2022-11-03 17:02:31 +01:00
Misha Bragin
84879a356b
Extract app metrics to a separate struct ( #520 )
2022-10-22 11:50:21 +02:00
Misha Bragin
ed2214f9a9
Add HTTP request/response totals to metrics ( #519 )
2022-10-22 10:07:13 +02:00
Misha Bragin
4f1f0df7d2
Add Open-telemetry support ( #517 )
...
This PR brings open-telemetry metrics to the
Management service.
The Management service exposes new HTTP endpoint
/metrics on 8081 port by default.
The port can be changed by specifying
--metrics-port PORT flag when starting the service.
2022-10-21 16:24:13 +02:00
Givi Khojanashvili
65069c1787
feat(ac): add access control middleware ( #321 )
2022-05-25 18:26:50 +02:00
Maycon Santos
fec3132585
Adding peer registration support to JWT ( #305 )
...
The management will validate the JWT as it does in the API
and will register the Peer to the user's account.
New fields were added to grpc messages in management
and client daemon and its clients were updated
Peer has one new field, UserID,
that will hold the id of the user that registered it
JWT middleware CheckJWT got a splitter
and renamed to support validation for non HTTP requests
Added test for adding new Peer with UserID
Lots of tests update because of a new field
2022-05-05 20:02:15 +02:00
Maycon Santos
38e3c9c062
Add cors headers ( #85 )
...
* disable EnableAuthOnOptions
* Setup basic cors headers
* feature: user cors lib
2021-08-16 11:29:57 +02:00
Mikhail Bragin
3c47a3c408
peer management HTTP API ( #81 )
...
* feature: create account for a newly registered user
* feature: finalize user auth flow
* feature: create protected API with JWT
* chore: cleanup http server
* feature: add UI assets
* chore: update react UI
* refactor: move account not exists -> create to AccountManager
* chore: update UI
* chore: return only peers on peers endpoint
* chore: add UI path to the config
* chore: remove ui from management
* chore: remove unused Docker comamnds
* docs: update management config sample
* fix: store creation
* feature: introduce peer response to the HTTP api
* fix: lint errors
* feature: add setup-keys HTTP endpoint
* fix: return empty json arrays in HTTP API
* feature: add new peer response fields
2021-08-12 12:49:10 +02:00
braginini
9f0c86c28e
refactor: move grpc and http APIs to separate packages
2021-08-07 13:51:17 +02:00