# Gateways
- [x] When Gateway Group is deleted all gateways should be disconnected
- [x] When Gateway Group is updated (eg. routing) broadcast to all
affected gateway to disconnect all the clients
- [x] When Gateway is deleted it should be disconnected
- [x] When Gateway Token is revoked all gateways that use it should be
disconnected
# Relays
- [x] When Relay Group is deleted all relays should be disconnected
- [x] When Relay is deleted it should be disconnected
- [x] When Relay Token is revoked all gateways that use it should be
disconnected
# Clients
- [x] Remove Delete Client button, show clients using the token on the
Actors page (#2669)
- [x] When client is deleted disconnect it
- [ ] ~When Gateway is offline broadcast to the Clients connected to it
it's status~
- [x] Persist `last_used_token_id` in Clients and show it in tokens UI
# Resources
- [x] When Resource is deleted it should be removed from all gateways
and clients
- [x] When Resource connection is removed it should be deleted from
removed gateway groups
- [x] When Resource is updated (eg. traffic filters) all it's
authorizations should removed
# Authentication
- [x] When Token is deleted related sessions are terminated
- [x] When an Actor is deleted or disabled it should be disconnected
from browser and client
- [x] When Identity is deleted it's sessions should be disconnected from
browser and client
- [x] ^ Ensure the same happens for identities during IdP sync
- [x] When IdP is disabled act like all actors for it are disabled?
- [x] When IdP is deleted act like all actors for it are deleted?
# Authorization
- [x] When Policy is created clients that gain access to a resource
should get an update
- [x] When Policy is deleted we need to all authorizations it's made
- [x] When Policy is disabled we need to all authorizations it's made
- [x] When Actor Group adds or removes a user, related policies should
be re-evaluated
- [x] ^ Ensure the same happens for identities during IdP sync
# Settings
- [x] Re-send init message to Client when DNS settings change
# Code
- [x] Crear way to see all available topics and messages, do not use
binary topics any more
---------
Co-authored-by: conectado <gabrielalejandro7@gmail.com>
Bumps [plug_cowboy](https://github.com/elixir-plug/plug_cowboy) from
2.6.1 to 2.6.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-plug/plug_cowboy/blob/master/CHANGELOG.md">plug_cowboy's
changelog</a>.</em></p>
<blockquote>
<h2>v2.6.2</h2>
<h3>Enhancements</h3>
<ul>
<li>Fix warnings on Elixir v1.15+</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9b9151e501"><code>9b9151e</code></a>
Release v2.6.2</li>
<li><a
href="3960916cf0"><code>3960916</code></a>
Fix calls to deprecated Logger.warn/2 (<a
href="https://redirect.github.com/elixir-plug/plug_cowboy/issues/94">#94</a>)</li>
<li>See full diff in <a
href="https://github.com/elixir-plug/plug_cowboy/compare/v2.6.1...v2.6.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ex_cldr_numbers](https://github.com/elixir-cldr/cldr_numbers)
from 2.32.3 to 2.32.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-cldr/cldr_numbers/releases">ex_cldr_numbers's
releases</a>.</em></p>
<blockquote>
<h2>Cldr Numbers version 2.32.4</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Fix formatting a number when a currency is specified but the format
has no currency symbol. Closes <a
href="https://redirect.github.com/kipcole9/money/issues/162">ex_money
162</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-cldr/cldr_numbers/blob/main/CHANGELOG.md">ex_cldr_numbers's
changelog</a>.</em></p>
<blockquote>
<h2>Cldr Numbers v2.32.4</h2>
<p>This is the changelog for Cldr v2.32.4 released on January 18th,
2023. For older changelogs please consult the release tag on <a
href="https://github.com/elixir-cldr/cldr_numbers/tags">GitHub</a></p>
<h3>Bug Fixes</h3>
<ul>
<li>Fix formatting a number when a currency is specified but the format
has no currency symbol. Closes <a
href="https://redirect.github.com/kipcole9/money/issues/162">ex_money
162</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2dbb8a4630"><code>2dbb8a4</code></a>
Fix formatting number with currency but format has no currency
symbol</li>
<li><a
href="86d70c1243"><code>86d70c1</code></a>
Fix changelog version</li>
<li>See full diff in <a
href="https://github.com/elixir-cldr/cldr_numbers/compare/v2.32.3...v2.32.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Before, any user logging into via the OIDC connector would need to have
an identity created beforehand with their known `sub` id. This presented
a chicken-and-egg scenario where this was only populated in the
`Identity Providers` settings flow by an admin, preventing regular users
from signing in.
With this change, Admins can now create identities for actors and
specify an `email` address or `sub` claim value to match against for
incoming authentications to the connector.
This will allow end-users to authenticate with the configured OIDC
connector.
Fixes#3308
Why:
* The Sites edit page was toggling the routing option in the page on and
off every time a change to the page was made (i.e. every time something
was clicked or typed). This was causing the Site to not be editable in
certain situations. It ended up being because the form field value being
set was not consistently the same type. It would come back as either an
atom or a string, but the radio button input was only checking for
atoms.
Fixes: #3239
- [x] Introduce api_client actor type and code to create and
authenticate using it's token
- [x] Unify Tokens usage for Relays and Gateways
- [x] Unify Tokens usage for magic links
Closes#2367
Ref #2696
Bumps [phoenix_html](https://github.com/phoenixframework/phoenix_html)
from 3.3.3 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/phoenixframework/phoenix_html/blob/main/CHANGELOG.md">phoenix_html's
changelog</a>.</em></p>
<blockquote>
<h2>v4.0.0 (2023-12-19)</h2>
<p>This version removes deprecated functionality and moved all HTML
helpers to a separate library. HTML Helpers are no longer used in new
apps from Phoenix v1.7. Older applications who wish to maintain
compatibility, add <code>{:phoenix_html_helpers, "~>
1.0"}</code> to your <code>mix.exs</code> and then replace
<code>use Phoenix.HTML</code> in your applications by:</p>
<pre lang="elixir"><code>import Phoenix.HTML
import Phoenix.HTML.Form
use PhoenixHTMLHelpers
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0687606d16"><code>0687606</code></a>
Release v4.0.0</li>
<li><a
href="3d7cc4ed0d"><code>3d7cc4e</code></a>
Improve to_form/4 coverage</li>
<li><a
href="071dd38489"><code>071dd38</code></a>
More tests</li>
<li><a
href="478d310fd7"><code>478d310</code></a>
Update description</li>
<li><a
href="0be2c6f1fa"><code>0be2c6f</code></a>
Prepare v4.0</li>
<li><a
href="ec3764e02f"><code>ec3764e</code></a>
Improve docs</li>
<li><a
href="06e9840407"><code>06e9840</code></a>
Fix tests</li>
<li>See full diff in <a
href="https://github.com/phoenixframework/phoenix_html/compare/v3.3.3...v4.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [credo](https://github.com/rrrene/credo) from 1.7.2 to 1.7.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rrrene/credo/blob/master/CHANGELOG.md">credo's
changelog</a>.</em></p>
<blockquote>
<h2>1.7.3</h2>
<ul>
<li><code>Credo.Check.Readability.AliasOrder</code> now supports a
<code>:sort_method</code> parameter</li>
<li><code>Credo.Check.Readability.PredicateFunctionNames</code> received
fixes</li>
<li><code>Credo.Check.Warning.MissedMetadataKeyInLoggerConfig</code>
received fixes</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="79807d2e12"><code>79807d2</code></a>
Bump version to 1.7.3</li>
<li><a
href="b2dedd617c"><code>b2dedd6</code></a>
Update CHANGELOG</li>
<li><a
href="484f24c06d"><code>484f24c</code></a>
Fix false positive in MissedMetadataKeyInLoggerConfig</li>
<li><a
href="16b47debe5"><code>16b47de</code></a>
Merge pull request <a
href="https://redirect.github.com/rrrene/credo/issues/1103">#1103</a>
from bradhanks/credo</li>
<li><a
href="ab10d78245"><code>ab10d78</code></a>
refactoring opp: [F] ↗ is more efficient than</li>
<li><a
href="c30a1a5ed0"><code>c30a1a5</code></a>
Remove old TODO comments re: front-loading</li>
<li><a
href="491f8d5a46"><code>491f8d5</code></a>
Fix false positive on
Credo.Check.Readability.PredicateFunctionNames</li>
<li><a
href="bb43348af7"><code>bb43348</code></a>
Merge branch 'kybishop-case-sensitive-alias-order'</li>
<li><a
href="a1b6609ffe"><code>a1b6609</code></a>
Clean up code changes</li>
<li><a
href="f9ece54cbf"><code>f9ece54</code></a>
Merge branch 'case-sensitive-alias-order' of github.com:kybishop/credo
into k...</li>
<li>Additional commits viewable in <a
href="https://github.com/rrrene/credo/compare/v1.7.2...v1.7.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [mix_audit](https://github.com/mirego/mix_audit) from 2.1.1 to
2.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/mirego/mix_audit/blob/main/CHANGELOG.md">mix_audit's
changelog</a>.</em></p>
<blockquote>
<h2>2.1.2 (2024-01-08)</h2>
<ul>
<li>Add better support for Elixir 1.16, thank you <a
href="https://github.com/cgrothaus"><code>@cgrothaus</code></a>! (<a
href="https://redirect.github.com/mirego/mix_audit/pull/26">#26</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="449e7abd4b"><code>449e7ab</code></a>
v2.1.2</li>
<li><a
href="6b5d0d598e"><code>6b5d0d5</code></a>
Support Elixir 1.16 in call to <code>Code.string_to_quoted/2</code></li>
<li><a
href="d6523a600a"><code>d6523a6</code></a>
Add Elixir 1.16 in GitHub Actions workflows</li>
<li><a
href="ca9d2d27e4"><code>ca9d2d2</code></a>
Upgrade version in README.md</li>
<li><a
href="ba57a3cd97"><code>ba57a3c</code></a>
Remove unsupported versions from CI workflow</li>
<li>See full diff in <a
href="https://github.com/mirego/mix_audit/compare/v2.1.1...v2.1.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Why:
* There was a small bug that was preventing form errors from being shown
while entering the configuration data for OIDC/Google IDPs. It was due
to a nested changeset not having an `action` set.
Closes#3048
Why:
* When navigating around the portal, the title in the browser tab would
not show the accurate title of the current page. This commit adds
`page_title` to all pages. The value of the page title has been
choosen to correspond with the portal's left hand nav menu.
Additional:
* Along with the page titles, the `vertical_table` component was updated
to make the left hand headers use a class of `w-1/5` for consistency
across pages and to move the info a little further left on each page to
try and align it closer with other info on the page.
Here's an example of before and after:
<img width="1060" alt="before"
src="https://github.com/firezone/firezone/assets/2646332/6c56b550-98a5-4331-b1d3-c65ed9e24330">
<img width="1058" alt="after"
src="https://github.com/firezone/firezone/assets/2646332/c4753fee-ddea-4c67-9d5e-5b924260ea20">
the way we were checking for subdomains in the gateways completely
broke, didn't detect it before because the deployed staging version for
gateways is too old.
~~Added a few CI tests so this doesn't' happen again.~~ seems like
github runners [doesn't support pinging the outside
world](https://github.com/actions/runner-images/issues/1519) so I'm
putting that off for now.
- [x] make sure that session cookie for client is stored separately from
session cookie for the portal (will close#2647 and #2032)
- [x] #2622
- [ ] #2501
- [ ] show identity tokens and allow rotating/deleting them (#2138)
- [ ] #2042
- [ ] use Tokens context for Relays and Gateways to remove duplication
- [x] #2823
- [ ] Expire LiveView sockets when subject is expired
- [ ] Service Accounts UI is ambiguous now because of token identity and
actual token shown
- [ ] Limit subject permissions based on token type
Closes#2924. Now we extend the lifetime for client tokens, but not for
browsers.
- Fix permissions and caps on each start
- Fixes incompatibility with some systemd versions that barf at the
inline `ExecStartPre`
- Fixes erroneous error printed by iptables
- Fixes masquerading not working for wireless interfaces
- Single-step systemd copy-paste command
- Fixes#2944
- Fixes#3124
- Fixes#3112
Tested on CentOS 7 and Ubuntu 22.04
Why:
* The previous font being used in the portal (Source Sans Pro) did not
have multiple weights available, which meant that the `font-*` classes
on all html tags were not being used. Switching to Source Sans 3
allows all but 1 (`font-thin` or `100` is not present) of the Tailwind
font sizes to be used.
Closes#2893
* Remove PostHog from product
* Remove PostHog from website
* Add Mixpanel to website
Why? PostHog is a bit too much overhead for simple analytics for us for
now, and some of the bugs we hit prevented us from using certain
workflows.
We are still tracking `ping` events from legacy instances in PostHog.
