- [x] Introduce api_client actor type and code to create and
authenticate using it's token
- [x] Unify Tokens usage for Relays and Gateways
- [x] Unify Tokens usage for magic links
Closes#2367
Ref #2696
Bumps [phoenix_html](https://github.com/phoenixframework/phoenix_html)
from 3.3.3 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/phoenixframework/phoenix_html/blob/main/CHANGELOG.md">phoenix_html's
changelog</a>.</em></p>
<blockquote>
<h2>v4.0.0 (2023-12-19)</h2>
<p>This version removes deprecated functionality and moved all HTML
helpers to a separate library. HTML Helpers are no longer used in new
apps from Phoenix v1.7. Older applications who wish to maintain
compatibility, add <code>{:phoenix_html_helpers, "~>
1.0"}</code> to your <code>mix.exs</code> and then replace
<code>use Phoenix.HTML</code> in your applications by:</p>
<pre lang="elixir"><code>import Phoenix.HTML
import Phoenix.HTML.Form
use PhoenixHTMLHelpers
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0687606d16"><code>0687606</code></a>
Release v4.0.0</li>
<li><a
href="3d7cc4ed0d"><code>3d7cc4e</code></a>
Improve to_form/4 coverage</li>
<li><a
href="071dd38489"><code>071dd38</code></a>
More tests</li>
<li><a
href="478d310fd7"><code>478d310</code></a>
Update description</li>
<li><a
href="0be2c6f1fa"><code>0be2c6f</code></a>
Prepare v4.0</li>
<li><a
href="ec3764e02f"><code>ec3764e</code></a>
Improve docs</li>
<li><a
href="06e9840407"><code>06e9840</code></a>
Fix tests</li>
<li>See full diff in <a
href="https://github.com/phoenixframework/phoenix_html/compare/v3.3.3...v4.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Why:
* There was a small bug that was preventing form errors from being shown
while entering the configuration data for OIDC/Google IDPs. It was due
to a nested changeset not having an `action` set.
Closes#3048
Why:
* When navigating around the portal, the title in the browser tab would
not show the accurate title of the current page. This commit adds
`page_title` to all pages. The value of the page title has been
choosen to correspond with the portal's left hand nav menu.
Additional:
* Along with the page titles, the `vertical_table` component was updated
to make the left hand headers use a class of `w-1/5` for consistency
across pages and to move the info a little further left on each page to
try and align it closer with other info on the page.
Here's an example of before and after:
<img width="1060" alt="before"
src="https://github.com/firezone/firezone/assets/2646332/6c56b550-98a5-4331-b1d3-c65ed9e24330">
<img width="1058" alt="after"
src="https://github.com/firezone/firezone/assets/2646332/c4753fee-ddea-4c67-9d5e-5b924260ea20">
the way we were checking for subdomains in the gateways completely
broke, didn't detect it before because the deployed staging version for
gateways is too old.
~~Added a few CI tests so this doesn't' happen again.~~ seems like
github runners [doesn't support pinging the outside
world](https://github.com/actions/runner-images/issues/1519) so I'm
putting that off for now.
- [x] make sure that session cookie for client is stored separately from
session cookie for the portal (will close#2647 and #2032)
- [x] #2622
- [ ] #2501
- [ ] show identity tokens and allow rotating/deleting them (#2138)
- [ ] #2042
- [ ] use Tokens context for Relays and Gateways to remove duplication
- [x] #2823
- [ ] Expire LiveView sockets when subject is expired
- [ ] Service Accounts UI is ambiguous now because of token identity and
actual token shown
- [ ] Limit subject permissions based on token type
Closes#2924. Now we extend the lifetime for client tokens, but not for
browsers.
- Fix permissions and caps on each start
- Fixes incompatibility with some systemd versions that barf at the
inline `ExecStartPre`
- Fixes erroneous error printed by iptables
- Fixes masquerading not working for wireless interfaces
- Single-step systemd copy-paste command
- Fixes#2944
- Fixes#3124
- Fixes#3112
Tested on CentOS 7 and Ubuntu 22.04
Why:
* The previous font being used in the portal (Source Sans Pro) did not
have multiple weights available, which meant that the `font-*` classes
on all html tags were not being used. Switching to Source Sans 3
allows all but 1 (`font-thin` or `100` is not present) of the Tailwind
font sizes to be used.
Closes#2893
Bumps [flowbite](https://github.com/themesberg/flowbite) from 2.2.0 to
2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/themesberg/flowbite/releases">flowbite's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<ul>
<li>relased new <a
href="https://flowbite.com/docs/forms/phone-input/">phone number
input</a> component</li>
<li>relased new <a
href="https://flowbite.com/docs/components/chat-bubble/">chat bubble</a>
component</li>
<li>updated <code>z-index</code> of the datepicker to allow usage with
modals and drawers</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21eb96b27e"><code>21eb96b</code></a>
chore(version): update to <code>v2.2.1</code></li>
<li><a
href="161b22a470"><code>161b22a</code></a>
docs(README): add new chat bubble component</li>
<li><a
href="59ced565f7"><code>59ced56</code></a>
Merge branch 'main' of <a
href="https://github.com/themesberg/flowbite">https://github.com/themesberg/flowbite</a>
into main</li>
<li><a
href="4af7a11b81"><code>4af7a11</code></a>
Fix background color on:hover for action button</li>
<li><a
href="2257c750de"><code>2257c75</code></a>
docs(chat bubble): add descriptions</li>
<li><a
href="1f4fe5c97d"><code>1f4fe5c</code></a>
Merge pull request <a
href="https://redirect.github.com/themesberg/flowbite/issues/725">#725</a>
from Manal-el/chat-bubble</li>
<li><a
href="74795781ba"><code>7479578</code></a>
docs(chat bubble): component preview example heights</li>
<li><a
href="7ffe541f2f"><code>7ffe541</code></a>
docs(chat bubble): add description to the URL sharing example</li>
<li><a
href="7d14d6b5f6"><code>7d14d6b</code></a>
feat(chat bubble): finish URL sharing example</li>
<li><a
href="fabb602b12"><code>fabb602</code></a>
docs(chat bubble): update heading titles</li>
<li>Additional commits viewable in <a
href="https://github.com/themesberg/flowbite/compare/v2.2.0...v2.2.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Why:
* When a new user and/or identity is created using the Email provider,
there is currently no way to notify the new user/identity automatically.
With this commit an email will now be sent to the newly added
user/identity upon successful creation. This will only be done for
identities created with the 'Email' provider.
<img width="621" alt="new_user_email"
src="https://github.com/firezone/firezone/assets/2646332/2e50baf0-34cf-4615-b7f9-30500aa58920">
---------
Signed-off-by: Brian Manifold <bmanifold@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Docker-based gateways won't have working IPv6 (good point @AndrewDryga),
so I started testing the systemd gateways more and found some issues I
fixed.
* Update default tab order for Deploy gateways page to prefer systemd
* Update unit file to run gateway as unprivileged user
* Remove dependency on `wget` in unit file
* Fix iptables logic so rules as re-created on reboot
* Use `/var/lib/firezone` instead of `/etc/firezone` for writing runtime
files (`/etc/` is often mounted read-only on hardened systems)
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
* Sort clients list by `last_seen_at` desc. This handles the `online?`
case too. Before, they were sorted by `asc` which made it hard to see
which recent clients were connected
* Scope the client log filename by account slug and actor name so it's
easier to find.
- Added google workspace docs at `/kb/authenticate/google`
- Updated in-product Provider creation form with more details and a link
to docs
- Fixed bg-color for unauthenticated layouts
---------
Co-authored-by: Brian Manifold <bmanifold@gmail.com>
* Fix numerous typos and grammar
* Align all next/continue action buttons to the right side of the form
* Rework the Gateway deploy page to be more readable and use consistent
colors
* Link to `Troubleshooting` guide for gateway deployments
* Add spacing between `:sections` so they stand out more
* Move help paragraphs into `:help`s
* Make links consistent to `text-accent-500` to match website/docs
(buttons unchanged)
* Add `warning` style button
More to come in further PRs
---------
Co-authored-by: Brian Manifold <bmanifold@gmail.com>
This PR changes the protocol and adds support for DNS subdomains, now
when a DNS resource is added all its subdomains are automatically
tunneled too. Later we will add support for `*.domain` or `?.domain` but
currently there is an Apple split tunnel implementation limitation which
is too labor-intensive to fix right away.
Fixes#2661
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Updated portal to make sure we use primary/accent/neutral in as many
places as possible.
Updated our neutral color palette to only have grayscale colors.
Also aliased the main colors (i.e. red/green/blue/yellow/orange) to use
an `fz_` prefix to allow for easier find/replace if needed, as well as
allowing easy customization of the colors later if needed.
Why:
* When using the Email Auth Provider (a.k.a. Magic Link), a mistyped
email address when adding a new identity or signing up could allow an
unauthorized person access to your Firezone account. To help prevent
this, an email confirmation field has been added during signup and
during identity creation in the portal.
Doing a first pass over documentation and minor UI cleanup. This PR
isn't meant to represent the final state of launch docs, but instead
something that will unblock #2685 and #2675Fixes#2729
