diff --git a/elixir/apps/domain/lib/domain/auth.ex b/elixir/apps/domain/lib/domain/auth.ex
index 95a2ef0e0..235efb27d 100644
--- a/elixir/apps/domain/lib/domain/auth.ex
+++ b/elixir/apps/domain/lib/domain/auth.ex
@@ -35,7 +35,8 @@ defmodule Domain.Auth do
true <- Validator.valid_uuid?(id) do
{preload, _opts} = Keyword.pop(opts, :preload, [])
- Provider.Query.by_id(id)
+ Provider.Query.all()
+ |> Provider.Query.by_id(id)
|> Authorizer.for_subject(Provider, subject)
|> Repo.fetch()
|> case do
diff --git a/elixir/apps/domain/lib/domain/auth/adapters/openid_connect.ex b/elixir/apps/domain/lib/domain/auth/adapters/openid_connect.ex
index 9c39e14f8..812c7e92a 100644
--- a/elixir/apps/domain/lib/domain/auth/adapters/openid_connect.ex
+++ b/elixir/apps/domain/lib/domain/auth/adapters/openid_connect.ex
@@ -33,7 +33,7 @@ defmodule Domain.Auth.Adapters.OpenIDConnect do
def identity_changeset(%Provider{} = _provider, %Ecto.Changeset{} = changeset) do
changeset
|> Domain.Validator.trim_change(:provider_identifier)
- |> Ecto.Changeset.put_change(:provider_state, %{})
+ |> Domain.Validator.copy_change(:provider_virtual_state, :provider_state)
|> Ecto.Changeset.put_change(:provider_virtual_state, %{})
end
diff --git a/elixir/apps/domain/lib/domain/auth/provider/changeset.ex b/elixir/apps/domain/lib/domain/auth/provider/changeset.ex
index 80135d7a4..6fa31d83c 100644
--- a/elixir/apps/domain/lib/domain/auth/provider/changeset.ex
+++ b/elixir/apps/domain/lib/domain/auth/provider/changeset.ex
@@ -68,7 +68,7 @@ defmodule Domain.Auth.Provider.Changeset do
def enable_provider(%Provider{} = provider) do
provider
|> change()
- |> put_default_value(:disabled_at, nil)
+ |> put_change(:disabled_at, nil)
end
def delete_provider(%Provider{} = provider) do
diff --git a/elixir/apps/domain/lib/domain/policies.ex b/elixir/apps/domain/lib/domain/policies.ex
index 1c961aa9b..161b7ae4c 100644
--- a/elixir/apps/domain/lib/domain/policies.ex
+++ b/elixir/apps/domain/lib/domain/policies.ex
@@ -70,6 +70,22 @@ defmodule Domain.Policies do
end
end
+ def disable_policy(%Policy{} = policy, %Auth.Subject{} = subject) do
+ with :ok <- Auth.ensure_has_permissions(subject, Authorizer.manage_policies_permission()) do
+ Policy.Query.by_id(policy.id)
+ |> Authorizer.for_subject(subject)
+ |> Repo.fetch_and_update(with: &Policy.Changeset.disable(&1, subject))
+ end
+ end
+
+ def enable_policy(%Policy{} = policy, %Auth.Subject{} = subject) do
+ with :ok <- Auth.ensure_has_permissions(subject, Authorizer.manage_policies_permission()) do
+ Policy.Query.by_id(policy.id)
+ |> Authorizer.for_subject(subject)
+ |> Repo.fetch_and_update(with: &Policy.Changeset.enable/1)
+ end
+ end
+
def delete_policy(%Policy{} = policy, %Auth.Subject{} = subject) do
required_permissions =
{:one_of, [Authorizer.manage_policies_permission()]}
diff --git a/elixir/apps/domain/lib/domain/policies/policy.ex b/elixir/apps/domain/lib/domain/policies/policy.ex
index c4babba2f..8bedfa1b9 100644
--- a/elixir/apps/domain/lib/domain/policies/policy.ex
+++ b/elixir/apps/domain/lib/domain/policies/policy.ex
@@ -11,6 +11,7 @@ defmodule Domain.Policies.Policy do
field :created_by, Ecto.Enum, values: ~w[identity]a
belongs_to :created_by_identity, Domain.Auth.Identity
+ field :disabled_at, :utc_datetime_usec
field :deleted_at, :utc_datetime_usec
timestamps()
end
diff --git a/elixir/apps/domain/lib/domain/policies/policy/changeset.ex b/elixir/apps/domain/lib/domain/policies/policy/changeset.ex
index 98dca1bee..8c64ffa43 100644
--- a/elixir/apps/domain/lib/domain/policies/policy/changeset.ex
+++ b/elixir/apps/domain/lib/domain/policies/policy/changeset.ex
@@ -24,6 +24,18 @@ defmodule Domain.Policies.Policy.Changeset do
|> changeset()
end
+ def disable(%Policy{} = policy, %Auth.Subject{}) do
+ policy
+ |> change()
+ |> put_default_value(:disabled_at, DateTime.utc_now())
+ end
+
+ def enable(%Policy{} = policy) do
+ policy
+ |> change()
+ |> put_change(:disabled_at, nil)
+ end
+
def delete(%Policy{} = policy) do
policy
|> change()
diff --git a/elixir/apps/domain/priv/repo/migrations/20231201165608_add_policies_disabled_fields.exs b/elixir/apps/domain/priv/repo/migrations/20231201165608_add_policies_disabled_fields.exs
new file mode 100644
index 000000000..153f29431
--- /dev/null
+++ b/elixir/apps/domain/priv/repo/migrations/20231201165608_add_policies_disabled_fields.exs
@@ -0,0 +1,9 @@
+defmodule Domain.Repo.Migrations.AddPoliciesDisabledFields do
+ use Ecto.Migration
+
+ def change do
+ alter table(:policies) do
+ add(:disabled_at, :utc_datetime_usec)
+ end
+ end
+end
diff --git a/elixir/apps/domain/test/domain/auth/adapters/google_workspace_test.exs b/elixir/apps/domain/test/domain/auth/adapters/google_workspace_test.exs
index fd48d5f0f..6ec1265cc 100644
--- a/elixir/apps/domain/test/domain/auth/adapters/google_workspace_test.exs
+++ b/elixir/apps/domain/test/domain/auth/adapters/google_workspace_test.exs
@@ -22,8 +22,17 @@ defmodule Domain.Auth.Adapters.GoogleWorkspaceTest do
end
test "puts default provider state", %{provider: provider, changeset: changeset} do
+ changeset =
+ Ecto.Changeset.put_change(changeset, :provider_virtual_state, %{
+ "userinfo" => %{"email" => "foo@example.com"}
+ })
+
assert %Ecto.Changeset{} = changeset = identity_changeset(provider, changeset)
- assert changeset.changes == %{provider_virtual_state: %{}}
+
+ assert changeset.changes == %{
+ provider_virtual_state: %{},
+ provider_state: %{"userinfo" => %{"email" => "foo@example.com"}}
+ }
end
test "trims provider identifier", %{provider: provider, changeset: changeset} do
diff --git a/elixir/apps/domain/test/domain/auth/adapters/openid_connect_test.exs b/elixir/apps/domain/test/domain/auth/adapters/openid_connect_test.exs
index 7640306b7..390bf3035 100644
--- a/elixir/apps/domain/test/domain/auth/adapters/openid_connect_test.exs
+++ b/elixir/apps/domain/test/domain/auth/adapters/openid_connect_test.exs
@@ -22,8 +22,17 @@ defmodule Domain.Auth.Adapters.OpenIDConnectTest do
end
test "puts default provider state", %{provider: provider, changeset: changeset} do
+ changeset =
+ Ecto.Changeset.put_change(changeset, :provider_virtual_state, %{
+ "userinfo" => %{"email" => "foo@example.com"}
+ })
+
assert %Ecto.Changeset{} = changeset = identity_changeset(provider, changeset)
- assert changeset.changes == %{provider_state: %{}, provider_virtual_state: %{}}
+
+ assert changeset.changes == %{
+ provider_virtual_state: %{},
+ provider_state: %{"userinfo" => %{"email" => "foo@example.com"}}
+ }
end
test "trims provider identifier", %{provider: provider, changeset: changeset} do
diff --git a/elixir/apps/domain/test/domain/auth_test.exs b/elixir/apps/domain/test/domain/auth_test.exs
index 23c7c11b4..7afcd3507 100644
--- a/elixir/apps/domain/test/domain/auth_test.exs
+++ b/elixir/apps/domain/test/domain/auth_test.exs
@@ -75,11 +75,12 @@ defmodule Domain.AuthTest do
assert fetch_provider_by_id("foo", subject) == {:error, :not_found}
end
- test "returns error when provider is deleted", %{account: account, subject: subject} do
+ test "returns deleted provider", %{account: account, subject: subject} do
provider = Fixtures.Auth.create_userpass_provider(account: account)
{:ok, _provider} = delete_provider(provider, subject)
- assert fetch_provider_by_id(provider.id, subject) == {:error, :not_found}
+ assert {:ok, fetched_provider} = fetch_provider_by_id(provider.id, subject)
+ assert fetched_provider.id == provider.id
end
test "returns provider", %{account: account, subject: subject} do
@@ -877,11 +878,12 @@ defmodule Domain.AuthTest do
subject: subject,
provider: provider
} do
- assert {:ok, provider} = enable_provider(provider, subject)
assert provider.disabled_at
+ assert {:ok, provider} = enable_provider(provider, subject)
+ assert is_nil(provider.disabled_at)
assert provider = Repo.get(Auth.Provider, provider.id)
- assert provider.disabled_at
+ assert is_nil(provider.disabled_at)
end
test "does not do anything when an provider is enabled twice", %{
diff --git a/elixir/apps/domain/test/domain/policies_test.exs b/elixir/apps/domain/test/domain/policies_test.exs
index de69daae6..66dfff8b5 100644
--- a/elixir/apps/domain/test/domain/policies_test.exs
+++ b/elixir/apps/domain/test/domain/policies_test.exs
@@ -341,6 +341,117 @@ defmodule Domain.PoliciesTest do
end
end
+ describe "disable_policy/2" do
+ setup context do
+ policy =
+ Fixtures.Policies.create_policy(
+ account: context.account,
+ subject: context.subject
+ )
+
+ Map.put(context, :policy, policy)
+ end
+
+ test "disables a given policy", %{
+ account: account,
+ subject: subject,
+ policy: policy
+ } do
+ other_policy = Fixtures.Policies.create_policy(account: account)
+
+ assert {:ok, policy} = disable_policy(policy, subject)
+ assert policy.disabled_at
+
+ assert policy = Repo.get(Policies.Policy, policy.id)
+ assert policy.disabled_at
+
+ assert other_policy = Repo.get(Policies.Policy, other_policy.id)
+ assert is_nil(other_policy.disabled_at)
+ end
+
+ test "does not do anything when an policy is disabled twice", %{
+ subject: subject,
+ account: account
+ } do
+ policy = Fixtures.Policies.create_policy(account: account)
+ assert {:ok, _policy} = disable_policy(policy, subject)
+ assert {:ok, policy} = disable_policy(policy, subject)
+ assert {:ok, _policy} = disable_policy(policy, subject)
+ end
+
+ test "does not allow to disable policies in other accounts", %{
+ subject: subject
+ } do
+ policy = Fixtures.Policies.create_policy()
+ assert disable_policy(policy, subject) == {:error, :not_found}
+ end
+
+ test "returns error when subject can not disable policies", %{
+ subject: subject,
+ policy: policy
+ } do
+ subject = Fixtures.Auth.remove_permissions(subject)
+
+ assert disable_policy(policy, subject) ==
+ {:error,
+ {:unauthorized,
+ [missing_permissions: [Policies.Authorizer.manage_policies_permission()]]}}
+ end
+ end
+
+ describe "enable_policy/2" do
+ setup context do
+ policy =
+ Fixtures.Policies.create_policy(
+ account: context.account,
+ subject: context.subject
+ )
+
+ {:ok, policy} = disable_policy(policy, context.subject)
+
+ Map.put(context, :policy, policy)
+ end
+
+ test "enables a given policy", %{
+ subject: subject,
+ policy: policy
+ } do
+ assert {:ok, policy} = enable_policy(policy, subject)
+ assert is_nil(policy.disabled_at)
+
+ assert policy = Repo.get(Policies.Policy, policy.id)
+ assert is_nil(policy.disabled_at)
+ end
+
+ test "does not do anything when an policy is enabled twice", %{
+ subject: subject,
+ policy: policy
+ } do
+ assert {:ok, _policy} = enable_policy(policy, subject)
+ assert {:ok, policy} = enable_policy(policy, subject)
+ assert {:ok, _policy} = enable_policy(policy, subject)
+ end
+
+ test "does not allow to enable policies in other accounts", %{
+ subject: subject
+ } do
+ policy = Fixtures.Policies.create_policy()
+ assert enable_policy(policy, subject) == {:error, :not_found}
+ end
+
+ test "returns error when subject can not enable policies", %{
+ subject: subject,
+ policy: policy
+ } do
+ subject = Fixtures.Auth.remove_permissions(subject)
+
+ assert enable_policy(policy, subject) ==
+ {:error,
+ {:unauthorized,
+ [missing_permissions: [Policies.Authorizer.manage_policies_permission()]]}}
+ end
+ end
+
describe "delete_policy/2" do
setup context do
policy =
diff --git a/elixir/apps/web/assets/js/hooks.js b/elixir/apps/web/assets/js/hooks.js
index 6a44cf0d8..45a226ec7 100644
--- a/elixir/apps/web/assets/js/hooks.js
+++ b/elixir/apps/web/assets/js/hooks.js
@@ -15,6 +15,18 @@ Hooks.Tabs = {
}
}
+Hooks.Refocus = {
+ mounted() {
+ this.el.addEventListener("click", (ev) => {
+ ev.preventDefault();
+ let target_id = ev.currentTarget.getAttribute("data-refocus");
+ let el = document.getElementById(target_id);
+ if (document.activeElement === el) return;
+ el.focus();
+ });
+ }
+}
+
Hooks.Copy = {
mounted() {
this.el.addEventListener("click", (ev) => {
@@ -31,14 +43,14 @@ Hooks.Copy = {
icon_cl.add("hero-clipboard-document-check");
icon_cl.add("text-green-500");
icon_cl.remove("hero-clipboard-document");
- content.innerHTML = "Copied"
+ if (content) { content.innerHTML = "Copied" }
});
setTimeout(() => {
icon_cl.remove("hero-clipboard-document-check");
icon_cl.remove("text-green-500");
icon_cl.add("hero-clipboard-document");
- content.innerHTML = "Copy"
+ if (content) { content.innerHTML = "Copy" }
}, 2000);
});
},
diff --git a/elixir/apps/web/assets/package.json b/elixir/apps/web/assets/package.json
index 028140d5c..bc3b37c2d 100644
--- a/elixir/apps/web/assets/package.json
+++ b/elixir/apps/web/assets/package.json
@@ -1,6 +1,6 @@
{
"dependencies": {
"@fontsource/source-sans-pro": "^5.0.8",
- "flowbite": "^2.1.1"
+ "flowbite": "^2.2.0"
}
}
diff --git a/elixir/apps/web/assets/pnpm-lock.yaml b/elixir/apps/web/assets/pnpm-lock.yaml
index 2e2f8b18a..14270a826 100644
--- a/elixir/apps/web/assets/pnpm-lock.yaml
+++ b/elixir/apps/web/assets/pnpm-lock.yaml
@@ -9,8 +9,8 @@ dependencies:
specifier: ^5.0.8
version: 5.0.8
flowbite:
- specifier: ^2.1.1
- version: 2.1.1
+ specifier: ^2.2.0
+ version: 2.2.0
packages:
@@ -22,8 +22,8 @@ packages:
resolution: {integrity: sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==}
dev: false
- /flowbite@2.1.1:
- resolution: {integrity: sha512-FkTwNXlfWRXUhSsiE9D4bEqLN8ywdunW2qOz1z7gN+Co7h9EQIJf/Fr4xgq1NJPFa+6MeMf08QLzviU7LqB/rQ==}
+ /flowbite@2.2.0:
+ resolution: {integrity: sha512-Eq0qWz4a5nlxaGuUcspzpu+8Ny0A7lKEJEKcuPpkdSoF8tWjbKeuVVgKk8/q10ZE9bhXh1GHBXdCsRxu0LZTNQ==}
dependencies:
'@popperjs/core': 2.11.8
mini-svg-data-uri: 1.4.4
diff --git a/elixir/apps/web/lib/web/auth.ex b/elixir/apps/web/lib/web/auth.ex
index 7ff426ab1..9aaca9310 100644
--- a/elixir/apps/web/lib/web/auth.ex
+++ b/elixir/apps/web/lib/web/auth.ex
@@ -70,6 +70,8 @@ defmodule Web.Auth do
client_auth_token: client_token,
client_csrf_token: client_csrf_token,
actor_name: subject.actor.name,
+ account_slug: subject.account.slug,
+ account_name: subject.account.name,
identity_provider_identifier: subject.identity.provider_identifier
}
|> Enum.reject(&is_nil(elem(&1, 1)))
diff --git a/elixir/apps/web/lib/web/components/core_components.ex b/elixir/apps/web/lib/web/components/core_components.ex
index 1aab8de38..14cb29adf 100644
--- a/elixir/apps/web/lib/web/components/core_components.ex
+++ b/elixir/apps/web/lib/web/components/core_components.ex
@@ -90,6 +90,31 @@ defmodule Web.CoreComponents do
"""
end
+ @doc """
+ Render an inlined copy-paste button to the right of the content block.
+
+ ## Examples
+
+ <.copy id="foo">
+ The lazy brown fox jumped over the quick dog.
+
+ """
+ attr :id, :string, required: true
+ attr :class, :string, default: ""
+ slot :inner_block, required: true
+ attr :rest, :global
+
+ def copy(assigns) do
+ ~H"""
+
+ <%= render_slot(@inner_block) %>
+
+ <.icon name="hero-clipboard-document" data-icon class="h-4 w-4" />
+
+
+ """
+ end
+
@doc """
Render a tabs toggle container and its content.
diff --git a/elixir/apps/web/lib/web/components/form_components.ex b/elixir/apps/web/lib/web/components/form_components.ex
index 055e9ba5d..6fc44f870 100644
--- a/elixir/apps/web/lib/web/components/form_components.ex
+++ b/elixir/apps/web/lib/web/components/form_components.ex
@@ -23,6 +23,7 @@ defmodule Web.FormComponents do
attr :id, :any, default: nil
attr :name, :any
attr :label, :string, default: nil
+ attr :prefix, :string, default: nil
attr :value, :any
attr :value_id, :any,
@@ -204,7 +205,51 @@ defmodule Web.FormComponents do
"""
end
- # All other inputs text, datetime-local, url, password, etc. are handled here...
+ def input(%{type: "text", prefix: prefix} = assigns) when not is_nil(prefix) do
+ ~H"""
+
+ <.label :if={not is_nil(@label)} for={@id}><%= @label %>
+
+ <.error :for={msg <- @errors} data-validation-error-for={@name}><%= msg %>
+
diff --git a/elixir/apps/web/lib/web/components/page_components.ex b/elixir/apps/web/lib/web/components/page_components.ex
index 1edd15898..14135abe0 100644
--- a/elixir/apps/web/lib/web/components/page_components.ex
+++ b/elixir/apps/web/lib/web/components/page_components.ex
@@ -38,7 +38,7 @@ defmodule Web.PageComponents do
slot :action, required: false, doc: "A slot for action to the right of the title"
- slot :content, required: true, doc: "A slot for content of the section" do
+ slot :content, required: false, doc: "A slot for content of the section" do
attr :flash, :any, doc: "The flash to be displayed above the content"
end
diff --git a/elixir/apps/web/lib/web/controllers/home_controller.ex b/elixir/apps/web/lib/web/controllers/home_controller.ex
index 7e4754e3a..f69dcdb96 100644
--- a/elixir/apps/web/lib/web/controllers/home_controller.ex
+++ b/elixir/apps/web/lib/web/controllers/home_controller.ex
@@ -2,7 +2,7 @@ defmodule Web.HomeController do
use Web, :controller
alias Domain.Accounts
- def home(conn, _params) do
+ def home(conn, params) do
{accounts, conn} =
with {:ok, recent_account_ids, conn} <- Web.Auth.list_recent_account_ids(conn),
{:ok, accounts} <- Accounts.list_accounts_by_ids(recent_account_ids) do
@@ -16,12 +16,22 @@ defmodule Web.HomeController do
_other -> {[], conn}
end
+ redirect_params =
+ take_non_empty_params(params, ["client_platform", "client_csrf_token"])
+
conn
|> put_layout(html: {Web.Layouts, :public})
- |> render("home.html", accounts: accounts)
+ |> render("home.html", accounts: accounts, redirect_params: redirect_params)
end
- def redirect_to_sign_in(conn, %{"account_id_or_slug" => account_id_or_slug}) do
- redirect(conn, to: ~p"/#{account_id_or_slug}")
+ def redirect_to_sign_in(conn, %{"account_id_or_slug" => account_id_or_slug} = params) do
+ redirect_params =
+ take_non_empty_params(params, ["client_platform", "client_csrf_token"])
+
+ redirect(conn, to: ~p"/#{account_id_or_slug}?#{redirect_params}")
+ end
+
+ defp take_non_empty_params(map, keys) do
+ map |> Map.take(keys) |> Map.reject(fn {_key, value} -> value in ["", nil] end)
end
end
diff --git a/elixir/apps/web/lib/web/controllers/home_html.ex b/elixir/apps/web/lib/web/controllers/home_html.ex
index 9a89186b2..5263bb426 100644
--- a/elixir/apps/web/lib/web/controllers/home_html.ex
+++ b/elixir/apps/web/lib/web/controllers/home_html.ex
@@ -21,25 +21,39 @@ defmodule Web.HomeHTML do
- <.account_button :for={account <- @accounts} account={account} />
+ <.account_button
+ :for={account <- @accounts}
+ account={account}
+ redirect_params={@redirect_params}
+ />
<.separator :if={@accounts != []} />
- <.form :let={f} for={%{}} action={~p"/"} class="space-y-4 lg:space-y-6">
+ <.form
+ :let={f}
+ for={%{}}
+ action={~p"/?#{@redirect_params}"}
+ class="space-y-4 lg:space-y-6"
+ >
<.input
field={f[:account_id_or_slug]}
type="text"
label="Account ID or Slug"
- placeholder={~s|As shown in your "Welcome to Firezone" email|}
+ prefix={url(~p"/")}
required
+ autofocus
/>
+
As shown in your "Welcome to Firezone" email
<.button class="w-full">
Go to Sign In page
-
+
Don't have an account?
Sign up here.
@@ -54,7 +68,7 @@ defmodule Web.HomeHTML do
def account_button(assigns) do
~H"""
-
diff --git a/elixir/apps/web/lib/web/live/policies/index.ex b/elixir/apps/web/lib/web/live/policies/index.ex
index b023245d8..77fa7d49f 100644
--- a/elixir/apps/web/lib/web/live/policies/index.ex
+++ b/elixir/apps/web/lib/web/live/policies/index.ex
@@ -42,6 +42,17 @@ defmodule Web.Policies.Index do
<%= policy.resource.name %>
+ <:col :let={policy} label="STATUS">
+ <%= if is_nil(policy.deleted_at) do %>
+ <%= if is_nil(policy.disabled_at) do %>
+ Active
+ <% else %>
+ Disabled
+ <% end %>
+ <% else %>
+ Deleted
+ <% end %>
+
<:empty>
diff --git a/elixir/apps/web/lib/web/live/policies/show.ex b/elixir/apps/web/lib/web/live/policies/show.ex
index 3df3050bc..fecef894b 100644
--- a/elixir/apps/web/lib/web/live/policies/show.ex
+++ b/elixir/apps/web/lib/web/live/policies/show.ex
@@ -38,6 +38,7 @@ defmodule Web.Policies.Show do
<.section>
<:title>
<%= @page_title %>: <%= @policy.id %>
+ (disabled)
(deleted)
<:action :if={is_nil(@policy.deleted_at)}>
@@ -45,6 +46,22 @@ defmodule Web.Policies.Show do
Edit Policy
+ <:action :if={is_nil(@policy.deleted_at)}>
+ <.button
+ :if={not is_nil(@policy.disabled_at)}
+ phx-click="enable"
+ data-confirm="Are you sure want to enable this policy?"
+ >
+ Enable Policy
+
+ <.button
+ :if={is_nil(@policy.disabled_at)}
+ phx-click="disable"
+ data-confirm="Are you sure want to disable this policy? All authorizations will be revoked and users can loose access to the resource."
+ >
+ Disable Policy
+
+
<:content>
<.vertical_table id="policy">
<.vertical_table_row>
@@ -157,12 +174,37 @@ defmodule Web.Policies.Show do
Delete Policy
- <:content>
"""
end
- def handle_event("delete", %{"id" => _policy_id}, socket) do
+ def handle_event("disable", _params, socket) do
+ {:ok, policy} = Policies.disable_policy(socket.assigns.policy, socket.assigns.subject)
+
+ policy = %{
+ policy
+ | actor_group: socket.assigns.policy.actor_group,
+ resource: socket.assigns.policy.resource,
+ created_by_identity: socket.assigns.policy.created_by_identity
+ }
+
+ {:noreply, assign(socket, policy: policy)}
+ end
+
+ def handle_event("enable", _params, socket) do
+ {:ok, policy} = Policies.enable_policy(socket.assigns.policy, socket.assigns.subject)
+
+ policy = %{
+ policy
+ | actor_group: socket.assigns.policy.actor_group,
+ resource: socket.assigns.policy.resource,
+ created_by_identity: socket.assigns.policy.created_by_identity
+ }
+
+ {:noreply, assign(socket, policy: policy)}
+ end
+
+ def handle_event("delete", _params, socket) do
{:ok, _} = Policies.delete_policy(socket.assigns.policy, socket.assigns.subject)
{:noreply, push_navigate(socket, to: ~p"/#{socket.assigns.account}/policies")}
end
diff --git a/elixir/apps/web/lib/web/live/settings/account.ex b/elixir/apps/web/lib/web/live/settings/account.ex
index 1139cc284..46c6c5dfe 100644
--- a/elixir/apps/web/lib/web/live/settings/account.ex
+++ b/elixir/apps/web/lib/web/live/settings/account.ex
@@ -24,7 +24,9 @@ defmodule Web.Settings.Account do
<.vertical_table_row>
<:label>Account Slug
- <:value><%= @account.slug %>
+ <:value>
+ <.copy id="account-slug"><%= @account.slug %>
+
diff --git a/elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/show.ex b/elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/show.ex
index 2b1f57a83..a8a00204a 100644
--- a/elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/show.ex
+++ b/elixir/apps/web/lib/web/live/settings/identity_providers/google_workspace/show.ex
@@ -29,29 +29,35 @@ defmodule Web.Settings.IdentityProviders.GoogleWorkspace.Show do
<.section>
<:title>
Identity Provider
<%= @provider.name %>
+
(disabled)
+
(deleted)
- <:action>
+ <:action :if={is_nil(@provider.deleted_at)}>
<.edit_button navigate={
~p"/#{@account}/settings/identity_providers/google_workspace/#{@provider.id}/edit"
}>
Edit
- <:action>
+ <:action :if={is_nil(@provider.deleted_at)}>
<%= if @provider.adapter_state["status"] != "pending_access_token" do %>
- <.button :if={not is_nil(@provider.disabled_at)} phx-click="enable">
+ <.button
+ :if={not is_nil(@provider.disabled_at)}
+ phx-click="enable"
+ data-confirm="Are you sure want to enable this provider?"
+ >
Enable Identity Provider
<.button
:if={is_nil(@provider.disabled_at)}
phx-click="disable"
- data-confirm="Are you sure want to disable this provider?"
+ data-confirm="Are you sure want to disable this provider? All authorizations will be revoked and actors won't be able to use it to access Firezone."
>
Disable Identity Provider
<% end %>
- <:action>
+ <:action :if={is_nil(@provider.deleted_at)}>
<.button
style="primary"
navigate={
@@ -96,7 +102,7 @@ defmodule Web.Settings.IdentityProviders.GoogleWorkspace.Show do
- <.danger_zone>
+ <.danger_zone :if={is_nil(@provider.deleted_at)}>
<:action>
<.delete_button
data-confirm="Are you sure want to delete this provider along with all related data?"
diff --git a/elixir/apps/web/lib/web/live/settings/identity_providers/openid_connect/show.ex b/elixir/apps/web/lib/web/live/settings/identity_providers/openid_connect/show.ex
index 9992b0547..c4b2826eb 100644
--- a/elixir/apps/web/lib/web/live/settings/identity_providers/openid_connect/show.ex
+++ b/elixir/apps/web/lib/web/live/settings/identity_providers/openid_connect/show.ex
@@ -28,8 +28,10 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Show do
<.section>
<:title>
Identity Provider
<%= @provider.name %>
+
(disabled)
+
(deleted)
- <:action>
+ <:action :if={is_nil(@provider.deleted_at)}>
<.edit_button navigate={
~p"/#{@account}/settings/identity_providers/openid_connect/#{@provider}/edit"
}>
@@ -37,21 +39,25 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Show do
- <:action>
- <.button :if={not is_nil(@provider.disabled_at)} phx-click="enable">
+ <:action :if={is_nil(@provider.deleted_at)}>
+ <.button
+ :if={not is_nil(@provider.disabled_at)}
+ phx-click="enable"
+ data-confirm="Are you sure want to enable this provider?"
+ >
Enable
- <:action>
+ <:action :if={is_nil(@provider.deleted_at)}>
<.button
:if={is_nil(@provider.disabled_at)}
phx-click="disable"
- data-confirm="Are you sure want to disable this provider?"
+ data-confirm="Are you sure want to disable this provider? All authorizations will be revoked and actors won't be able to use it to access Firezone."
>
Disable
- <:action>
+ <:action :if={is_nil(@provider.deleted_at)}>
<.button
style="primary"
navigate={
@@ -115,10 +121,7 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Show do
- <.section>
- <:title>
- Danger zone
-
+ <.danger_zone :if={is_nil(@provider.deleted_at)}>
<:action>
<.delete_button
data-confirm="Are you sure want to delete this provider along with all related data?"
@@ -127,8 +130,7 @@ defmodule Web.Settings.IdentityProviders.OpenIDConnect.Show do
Delete Identity Provider
- <:content>
-
+
"""
end
diff --git a/elixir/apps/web/lib/web/live/settings/identity_providers/system/show.ex b/elixir/apps/web/lib/web/live/settings/identity_providers/system/show.ex
index 3aa3899e7..9df83682a 100644
--- a/elixir/apps/web/lib/web/live/settings/identity_providers/system/show.ex
+++ b/elixir/apps/web/lib/web/live/settings/identity_providers/system/show.ex
@@ -31,15 +31,21 @@ defmodule Web.Settings.IdentityProviders.System.Show do
<.section>
<:title>
Identity Provider <%= @provider.name %>
+ (disabled)
+ (deleted)
- <:action>
- <.button :if={not is_nil(@provider.disabled_at)} phx-click="enable">
+ <:action :if={is_nil(@provider.deleted_at)}>
+ <.button
+ :if={not is_nil(@provider.disabled_at)}
+ phx-click="enable"
+ data-confirm="Are you sure want to enable this provider?"
+ >
Enable Identity Provider
<.button
:if={is_nil(@provider.disabled_at)}
phx-click="disable"
- data-confirm="Are you sure want to disable this provider?"
+ data-confirm="Are you sure want to disable this provider? All authorizations will be revoked and actors won't be able to use it to access Firezone."
>
Disable Identity Provider
@@ -74,10 +80,7 @@ defmodule Web.Settings.IdentityProviders.System.Show do
- <.section>
- <:title>
- Danger zone
-
+ <.danger_zone :if={is_nil(@provider.deleted_at)}>
<:action>
<.delete_button
data-confirm="Are you sure want to delete this provider along with all related data?"
@@ -86,8 +89,7 @@ defmodule Web.Settings.IdentityProviders.System.Show do
Delete Identity Provider
- <:content>
-
+
"""
end
diff --git a/elixir/apps/web/lib/web/live/sign_up.ex b/elixir/apps/web/lib/web/live/sign_up.ex
index 171c94675..48d9f1456 100644
--- a/elixir/apps/web/lib/web/live/sign_up.ex
+++ b/elixir/apps/web/lib/web/live/sign_up.ex
@@ -16,8 +16,8 @@ defmodule Web.SignUp do
embeds_one(:actor, Actors.Actor)
end
- def changeset(%Registration{} = registration, attrs) do
- registration
+ def changeset(attrs) do
+ %Registration{}
|> Ecto.Changeset.cast(attrs, [:email])
|> Ecto.Changeset.validate_required([:email])
|> Ecto.Changeset.validate_format(:email, ~r/.+@.+/)
@@ -35,7 +35,7 @@ defmodule Web.SignUp do
real_ip = Web.Auth.real_ip(socket)
changeset =
- Registration.changeset(%Registration{}, %{
+ Registration.changeset(%{
account: %{slug: "placeholder"},
actor: %{type: :account_admin_user}
})
@@ -44,9 +44,12 @@ defmodule Web.SignUp do
assign(socket,
form: to_form(changeset),
account: nil,
+ provider: nil,
user_agent: user_agent,
real_ip: real_ip,
- sign_up_enabled?: Config.sign_up_enabled?()
+ sign_up_enabled?: Config.sign_up_enabled?(),
+ account_name_changed?: false,
+ actor_name_changed?: false
)
{:ok, socket}
@@ -76,7 +79,12 @@ defmodule Web.SignUp do
<:item>
<.sign_up_form :if={@account == nil && @sign_up_enabled?} flash={@flash} form={@form} />
- <.welcome :if={@account && @sign_up_enabled?} account={@account} />
+ <.welcome
+ :if={@account && @sign_up_enabled?}
+ account={@account}
+ provider={@provider}
+ identity={@identity}
+ />
<.sign_up_disabled :if={!@sign_up_enabled?} />
@@ -101,41 +109,61 @@ defmodule Web.SignUp do
~H"""
- Your account has been created! Please check your email for sign in instructions.
+ Your account has been created!
+
Please check your email for sign in instructions.
-
+
- |
+ |
Account Name:
|
-
+ |
<%= @account.name %>
|
- |
+ |
Account Slug:
|
-
+ |
<%= @account.slug %>
|
+
+ |
+ Sign In URL:
+ |
+
+ <.link class="font-medium text-blue-600 hover:underline" navigate={~p"/#{@account}"}>
+ <%= url(~p"/#{@account}") %>
+
+ |
+
-
- Sign In URL
-
-
- <.link class="font-medium text-blue-600 hover:underline" navigate={~p"/#{@account.slug}"}>
- <%= "#{Web.Endpoint.url()}/#{@account.slug}" %>
-
-
+ <.form
+ for={%{}}
+ id="resend-email"
+ as={:email}
+ class="inline"
+ action={~p"/#{@account}/sign_in/providers/#{@provider}/request_magic_link"}
+ method="post"
+ >
+ <.input
+ type="hidden"
+ name="email[provider_identifier]"
+ value={@identity.provider_identifier}
+ />
+ <.submit_button class="w-full">
+ Sign In
+
+