* send reset email
* migrate password reset to magic link
* finish up magic link
* add module doc for AuthEmail
* allow changing email and password
* update wording
* make credo happy
* add tests
* unwrap early
* add one more test
* renames
* add text alternative
* rename
* use bulma level
* disallow changing own email
* always pass down current user
* fix text email
cannot be heex
* Add brace back
Implements the OpenID Connect standard for SSO Authentication
which allows users to use any OpenID Connect provider for authentication
not just a predefined list of providers
User can add OIDC config settings to firezone.rb which will then
populate the AUTH_OIDC environment variable as a JSON string.
FZ_HTTP will use this environment variable to create
provider(s) to authenticate against
Additional notes:
- Updates .env.sample to include an example of a 'stringified' JSON
environment variable for setting AUTH_OIDC in development
- Add dep for 'openid_connect' and test dep for 'mox'
* add mailer
* setup configs
* only setup mailer if from_email is present
* Do not assume OUTBOUND_EMAIL_FROM exists
* update docs
* add usage of mailer as tests
* address comments
* Fixes for local development
A few issues that I ran into getting this up on my local machine.
I also made sure it works now properly on Github Codespaces which
will hopefully make it easier for devs to get started.
- Username/Pass docs updated to correct values
- Add runtime.exs and migrate releases.exs over to it as recommended by
Elixir 1.11 release notes
- Update Endpoint to allow for proxy passed headers if enabled with
PROXY_FORWARDED
- Add missing .env file section to CONTRIBUTION
- Add a sample .env file (.env.sample) to help getting started
- Update docs to show how to use Github Codespaces with an external
URL.
- Remove unused alias from dev (which I think doesn't work anyway due to
compile time restrictions, only in runtime or releases.exs)
- Ensure pre-commit is in path and available on devcontainer
- Simplify some docker commands, remove unneeded ports.
* Update runtime.exs with resolved conflicts
Co-authored-by: Mark Percival <m@mdp.im>
* Process wg show ... dump
* Add byte to human functions
* Passing tests
* Update stats
* drop session when signing out
* Start stats push service
* Sandbox config bool
* conver to int
* Found endpoint empty bug
* Fix use_site_ bugs
* Generate private keys client-side instead of on the Firezone server (#451)
* Rename events; add crypto lib
* seemingly working keygen
* Checkpoint
* Remove private key from devices; make tests pass
* Refactor auth to use simplified new router helper
* Fix js bundle
* Refactor event listeners into their own file
* Refactor settings
* Fix JS
* Working live views in unprivileged sections
* Rough draft working
* Checkpoint before fixing tests
* Tests passing
* Max devices per user configuration option (#471)
* Max tunnels per user configuration option
* Clean up remaining tunnel references
* Replace local auth system with Ueberauth / Guardian (#475)
* Checkpoint working authentication
* Working admin and unprivileged auth using Guardian
* Remove Sessions cruft
* More cleanup
* load new secrets
* Remove firezone tmp dirs
* Okta and Google Oauth (#485)
* working oauth!
* Remove keycloak; working google
* Ensure nil to_s
* Passing tests
* Add compile-time prod config
* Fix live_view typo
* Revert key_ttl to vpn_session_duration
* print logs after first configure
* Use get_env/1 for fetching optional config vars
* Disable telemetry from config
* miss the to_s
* Fix sign in page
* add tunnel admin guide
* auth path
* Fix tests
* Device editing no more (#491)
