Why:
* When using the Email Auth Provider (a.k.a. Magic Link), a mistyped
email address when adding a new identity or signing up could allow an
unauthorized person access to your Firezone account. To help prevent
this, an email confirmation field has been added during signup and
during identity creation in the portal.
Doing a first pass over documentation and minor UI cleanup. This PR
isn't meant to represent the final state of launch docs, but instead
something that will unblock #2685 and #2675Fixes#2729
Why:
* Self-hosted Relays are not going to be apart of the beta release, so
hiding the functionality in the portal will allow the user not to get
confused about a feature they aren't able to use.
Closes#2178
Updates user-facing terminology to `One-Time Password` to more
accurately reflect this sign in method and match docs more consistently
Refs #2688
Refs #2021
Why:
* As sites are created, the default behavior right now is to route
traffic through whichever path is easiest/fastest. This commit adds the
ability to allow the admin to choose a routing policy for a given site.
Small bug fix in the Resource index view. All the entries in the `SITES`
column were linking to the sites index, rather than an individual site
show page.
Closes: #2624
The only exception for this is IdP redirect URL's that must be
configured on a third-party system, we will keep using ID's for them so
that if slug changes users don't need to go and reconfigured all the
IdPs.
This was confusing - people can be thinking that they create a user
account for their organization while IRL they will be creating a
Firezone account.
Closes#2583
The idea is to allow users to explicitly name them so they are easier to
identify in the UI.
@thomaseizinger we will need to add an optional `FIREZONE_NAME`
environment variable for the relays and send it along with other
attributes when you connect to a WebSocket.
Why:
* The traffic filter functionality is not quite ready in the system as a
whole, so the web UI will give the ability to hide the section of the
forms to allow for a better end user experience.
I noticed that you still can go to the old resources view from Policies
page and there were two ways to fix that:
1. Change many-to-many connection between sites and resources to
one-to-many, which means we will change domain model and drop multi-site
load balancing feature;
2. Change the templates not to hide the old views but rather make them
complimentary by accepting `site_id` query param, which slightly changed
their behavior, so that it's the same view from sites and policies, just
without a way to access Resources index page (unless future feature flag
is enabled).
This PR implements (2).
Why:
* Some sections of the UI were still displaying `TODO` and needed to be
hidden for beta release, so a feature flag was created. Also, the
'Flows' are not ready to be utilized in the UI at this time, so a
feature flag was created to hide any mention of 'Flows'.
Bumps [argon2_elixir](https://github.com/riverrun/argon2_elixir) from
3.2.1 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/riverrun/argon2_elixir/blob/master/CHANGELOG.md">argon2_elixir's
changelog</a>.</em></p>
<blockquote>
<h2>v4.0.0 (2023-10-07)</h2>
<ul>
<li>Enhancements
<ul>
<li>updated default configuration values in line with RFC9106</li>
</ul>
</li>
</ul>
<h2>v3.2.0 (2023-08-26)</h2>
<ul>
<li>Bug fixes
<ul>
<li>fixed Windows build for Erlang 26</li>
</ul>
</li>
</ul>
<h2>v3.1.0 (2021-03-23)</h2>
<ul>
<li>
<p>Enhancements</p>
<ul>
<li>added support for building on SunOS (Illumos / Solaris)</li>
</ul>
</li>
<li>
<p>Changes</p>
<ul>
<li>updated documentation and README</li>
<li>updated dialyxir dependency</li>
</ul>
</li>
</ul>
<h2>v3.0.0 (2021-01-20)</h2>
<ul>
<li>Enhancements
<ul>
<li>updated default memory cost and parallelism values
<ul>
<li>memory cost (m_cost) is now 16 (64 MiB) and parallelism is now
2</li>
</ul>
</li>
</ul>
</li>
<li>Changes
<ul>
<li>moved <code>gen_salt</code> to the <code>Base</code> module</li>
</ul>
</li>
</ul>
<h2>v2.4.1 (2021-01-19)</h2>
<ul>
<li>Changes
<ul>
<li>updated documentation and README</li>
</ul>
</li>
</ul>
<h2>v2.4.0 (2021-01-09)</h2>
<ul>
<li>Enhancements
<ul>
<li>updated Makefile to be more robust, especially for Nerves users</li>
</ul>
</li>
</ul>
<h2>v2.3.0 (2020-03-01)</h2>
<ul>
<li>Changes
<ul>
<li>using Comeonin v5.3, which changes <code>add_hash</code> so that it
does NOT set the password to nil</li>
</ul>
</li>
</ul>
<h2>v2.2.0 (2020-01-15)</h2>
<ul>
<li>Enhancements
<ul>
<li>Updated documentation - in line with updates to Comeonin v5.2</li>
</ul>
</li>
</ul>
<h2>v2.0.0 (2019-02-12)</h2>
<ul>
<li>Enhancements</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7be71a877b"><code>7be71a8</code></a>
feat: update defaults</li>
<li>See full diff in <a
href="https://github.com/riverrun/argon2_elixir/compare/v3.2.1...v4.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [phoenix_ecto](https://github.com/phoenixframework/phoenix_ecto)
from 4.4.2 to 4.4.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/phoenixframework/phoenix_ecto/blob/main/CHANGELOG.md">phoenix_ecto's
changelog</a>.</em></p>
<blockquote>
<h2>v4.4.3</h2>
<ul>
<li>Enhancements
<ul>
<li>Support Phoenix.HTML ~> 4.0</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bb07b9f346"><code>bb07b9f</code></a>
Release v4.4.3</li>
<li><a
href="4bab96d4ff"><code>4bab96d</code></a>
Support Phoenix.HTML v4.0</li>
<li><a
href="428fecb8c6"><code>428fecb</code></a>
Update deps, closes <a
href="https://redirect.github.com/phoenixframework/phoenix_ecto/issues/168">#168</a></li>
<li><a
href="ccf253b7cc"><code>ccf253b</code></a>
Fix typo in html.ex (<a
href="https://redirect.github.com/phoenixframework/phoenix_ecto/issues/167">#167</a>)</li>
<li>See full diff in <a
href="https://github.com/phoenixframework/phoenix_ecto/compare/v4.4.2...v4.4.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [floki](https://github.com/philss/floki) from 0.35.1 to 0.35.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/philss/floki/blob/main/CHANGELOG.md">floki's
changelog</a>.</em></p>
<blockquote>
<h2>[0.35.2] - 2023-10-25</h2>
<h3>Fixed</h3>
<ul>
<li>Enable usage of IO data by removing a guard for binaries in the main
parser module.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="172c8e3d6a"><code>172c8e3</code></a>
Release v0.35.2</li>
<li><a
href="c2a71bc5ce"><code>c2a71bc</code></a>
Bump dialyxir from 1.4.1 to 1.4.2 (<a
href="https://redirect.github.com/philss/floki/issues/495">#495</a>)</li>
<li><a
href="944c00f290"><code>944c00f</code></a>
Rollback guard that requires only binary for parsing</li>
<li><a
href="03c2b5ac37"><code>03c2b5a</code></a>
Bump ex_doc from 0.30.8 to 0.30.9 (<a
href="https://redirect.github.com/philss/floki/issues/494">#494</a>)</li>
<li><a
href="c611523e78"><code>c611523</code></a>
Bump ex_doc from 0.30.7 to 0.30.8 (<a
href="https://redirect.github.com/philss/floki/issues/493">#493</a>)</li>
<li>See full diff in <a
href="https://github.com/philss/floki/compare/v0.35.1...v0.35.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [dialyxir](https://github.com/jeremyjh/dialyxir) from 1.4.1 to
1.4.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jeremyjh/dialyxir/blob/master/CHANGELOG.md">dialyxir's
changelog</a>.</em></p>
<blockquote>
<h2>[1.4.2] - 2023-10-21</h2>
<h3>Changed</h3>
<ul>
<li>Revert minimum required Elixir version back to 1.6.</li>
<li>Improved performance in calculating Umbrella dependencies.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7d4653cf6e"><code>7d4653c</code></a>
Merge pull request <a
href="https://redirect.github.com/jeremyjh/dialyxir/issues/522">#522</a>
from jeremyjh/jh-bump-ver-1.4.2</li>
<li><a
href="fd4edbd6ed"><code>fd4edbd</code></a>
Bump versions & changelog for release.</li>
<li><a
href="e030c51967"><code>e030c51</code></a>
Merge pull request <a
href="https://redirect.github.com/jeremyjh/dialyxir/issues/521">#521</a>
from solar05/patch-1</li>
<li><a
href="2cdb1603ce"><code>2cdb160</code></a>
Update README example</li>
<li><a
href="f15b991d86"><code>f15b991</code></a>
Merge pull request <a
href="https://redirect.github.com/jeremyjh/dialyxir/issues/519">#519</a>
from David-Klemenc/then</li>
<li><a
href="c76d540c5a"><code>c76d540</code></a>
chore: remove then to be compatible with elixir 1.11</li>
<li><a
href="b4167c06e3"><code>b4167c0</code></a>
Merge pull request <a
href="https://redirect.github.com/jeremyjh/dialyxir/issues/518">#518</a>
from peek-travel/deps-tree-perf-improvements</li>
<li><a
href="c407d7c488"><code>c407d7c</code></a>
Improve performance of algorithm to determine project deps</li>
<li>See full diff in <a
href="https://github.com/jeremyjh/dialyxir/compare/1.4.1...1.4.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [flowbite](https://github.com/themesberg/flowbite) from 1.8.1 to
2.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/themesberg/flowbite/releases">flowbite's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<p>This update introduces a new instance manager feature that allows you
manage all of the interactive components from a single place. This is
useful if you want to programmatically show or hide a modal, popover, or
tooltip. This also works if you use the data attributes interface.</p>
<p>This change introduces a few breaking changes to the JavaScript API
when creating objects:</p>
<ul>
<li>new <code>$carouselEl</code> HTML element when creating a
<code>Carousel</code> object as the first parameter</li>
<li>new <code>$accordion</code> HTML element when creating a
<code>Accordion</code> object as the first parameter</li>
<li>new <code>$tabsEl</code> HTML element when creating a
<code>Tabs</code> object as the first parameter</li>
</ul>
<p>The breaking changes do not apply to the data attributes interface,
only for objects created programmatically via JavaScript.</p>
<p>Learn more about the new <a
href="https://flowbite.com/docs/getting-started/javascript/">JavaScript
API on the docs</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="59d0bab06a"><code>59d0bab</code></a>
Merge pull request <a
href="https://redirect.github.com/themesberg/flowbite/issues/680">#680</a>
from themesberg/instances</li>
<li><a
href="e195124d91"><code>e195124</code></a>
chore(versioning): bump to <code>v2.0.0</code></li>
<li><a
href="1671b62826"><code>1671b62</code></a>
docs(quickstart): reference JavaScript page in the introduction and
quickstar...</li>
<li><a
href="807cfb4353"><code>807cfb4</code></a>
refactor(instances): automatically override instances with the same ID
when c...</li>
<li><a
href="3c2c5acb08"><code>3c2c5ac</code></a>
chore(package): update Twitter links</li>
<li><a
href="92d61c27e6"><code>92d61c2</code></a>
docs(javascript): update version to <code>2.0</code></li>
<li><a
href="a74ca06424"><code>a74ca06</code></a>
docs(general): fix grammar typo</li>
<li><a
href="4f472b8202"><code>4f472b8</code></a>
docs(general): fix commented previews and update changelog to v2.0</li>
<li><a
href="2d0936908f"><code>2d09369</code></a>
docs(tabs): document the new parameter for the Tabs class</li>
<li><a
href="ac7bac8b89"><code>ac7bac8</code></a>
docs(general): fix milliseconds typo</li>
<li>Additional commits viewable in <a
href="https://github.com/themesberg/flowbite/compare/v1.8.1...v2.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Changelog
- Updates connlib parameter API_URL (formerly known under different
names as `CONTROL_PLANE_URL`, `PORTAL_URL`, `PORTAL_WS_URL`, and
friends) to be configured as an "advanced" or "hidden" feature at
runtime so that we can test production builds on both staging and
production.
- Makes `AUTH_BASE_URL` configurable at runtime too
- Moves `CONNLIB_LOG_FILTER_STRING` to be configured like this as well
and simplifies its naming
- Fixes a timing attack bug on Android when comparing the `csrf` token
- Adds proper account ID validation to Android to prevent invalid URL
parameter strings from being saved and used
- Cleans up a number of UI / view issues on Android regarding typos,
consistency, etc
- Hides vars from from the `relay` CLI we may not want to expose just
yet
- `get_device_id()` is flawed for connlib components -- SMBios is rarely
available. Data plane components now require a `FIREZONE_ID` now instead
to use for upserting.
Fixes#2482Fixes#2471
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
Purely visual changes in this PR. No functionality is changed, aside
from the code blocks no longer containing html tags when copied using
the "copy to clipboard" icon.
* Button primary color has been updated
* Corner radius on buttons, input fields, etc... has been reduced
* Code blocks have been updated
