Why:
* There was a small bug that was preventing form errors from being shown
while entering the configuration data for OIDC/Google IDPs. It was due
to a nested changeset not having an `action` set.
Closes#3048
the way we were checking for subdomains in the gateways completely
broke, didn't detect it before because the deployed staging version for
gateways is too old.
~~Added a few CI tests so this doesn't' happen again.~~ seems like
github runners [doesn't support pinging the outside
world](https://github.com/actions/runner-images/issues/1519) so I'm
putting that off for now.
- [x] make sure that session cookie for client is stored separately from
session cookie for the portal (will close#2647 and #2032)
- [x] #2622
- [ ] #2501
- [ ] show identity tokens and allow rotating/deleting them (#2138)
- [ ] #2042
- [ ] use Tokens context for Relays and Gateways to remove duplication
- [x] #2823
- [ ] Expire LiveView sockets when subject is expired
- [ ] Service Accounts UI is ambiguous now because of token identity and
actual token shown
- [ ] Limit subject permissions based on token type
Closes#2924. Now we extend the lifetime for client tokens, but not for
browsers.
* Remove PostHog from product
* Remove PostHog from website
* Add Mixpanel to website
Why? PostHog is a bit too much overhead for simple analytics for us for
now, and some of the bugs we hit prevented us from using certain
workflows.
We are still tracking `ping` events from legacy instances in PostHog.
* Sort clients list by `last_seen_at` desc. This handles the `online?`
case too. Before, they were sorted by `asc` which made it hard to see
which recent clients were connected
* Scope the client log filename by account slug and actor name so it's
easier to find.
This PR changes the protocol and adds support for DNS subdomains, now
when a DNS resource is added all its subdomains are automatically
tunneled too. Later we will add support for `*.domain` or `?.domain` but
currently there is an Apple split tunnel implementation limitation which
is too labor-intensive to fix right away.
Fixes#2661
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Why:
* When using the Email Auth Provider (a.k.a. Magic Link), a mistyped
email address when adding a new identity or signing up could allow an
unauthorized person access to your Firezone account. To help prevent
this, an email confirmation field has been added during signup and
during identity creation in the portal.
Why:
* Self-hosted Relays are not going to be apart of the beta release, so
hiding the functionality in the portal will allow the user not to get
confused about a feature they aren't able to use.
Closes#2178
Updates user-facing terminology to `One-Time Password` to more
accurately reflect this sign in method and match docs more consistently
Refs #2688
Refs #2021
Why:
* As sites are created, the default behavior right now is to route
traffic through whichever path is easiest/fastest. This commit adds the
ability to allow the admin to choose a routing policy for a given site.
The idea is to allow users to explicitly name them so they are easier to
identify in the UI.
@thomaseizinger we will need to add an optional `FIREZONE_NAME`
environment variable for the relays and send it along with other
attributes when you connect to a WebSocket.
Why:
* The traffic filter functionality is not quite ready in the system as a
whole, so the web UI will give the ability to hide the section of the
forms to allow for a better end user experience.
Why:
* Some sections of the UI were still displaying `TODO` and needed to be
hidden for beta release, so a feature flag was created. Also, the
'Flows' are not ready to be utilized in the UI at this time, so a
feature flag was created to hide any mention of 'Flows'.
Bumps [argon2_elixir](https://github.com/riverrun/argon2_elixir) from
3.2.1 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/riverrun/argon2_elixir/blob/master/CHANGELOG.md">argon2_elixir's
changelog</a>.</em></p>
<blockquote>
<h2>v4.0.0 (2023-10-07)</h2>
<ul>
<li>Enhancements
<ul>
<li>updated default configuration values in line with RFC9106</li>
</ul>
</li>
</ul>
<h2>v3.2.0 (2023-08-26)</h2>
<ul>
<li>Bug fixes
<ul>
<li>fixed Windows build for Erlang 26</li>
</ul>
</li>
</ul>
<h2>v3.1.0 (2021-03-23)</h2>
<ul>
<li>
<p>Enhancements</p>
<ul>
<li>added support for building on SunOS (Illumos / Solaris)</li>
</ul>
</li>
<li>
<p>Changes</p>
<ul>
<li>updated documentation and README</li>
<li>updated dialyxir dependency</li>
</ul>
</li>
</ul>
<h2>v3.0.0 (2021-01-20)</h2>
<ul>
<li>Enhancements
<ul>
<li>updated default memory cost and parallelism values
<ul>
<li>memory cost (m_cost) is now 16 (64 MiB) and parallelism is now
2</li>
</ul>
</li>
</ul>
</li>
<li>Changes
<ul>
<li>moved <code>gen_salt</code> to the <code>Base</code> module</li>
</ul>
</li>
</ul>
<h2>v2.4.1 (2021-01-19)</h2>
<ul>
<li>Changes
<ul>
<li>updated documentation and README</li>
</ul>
</li>
</ul>
<h2>v2.4.0 (2021-01-09)</h2>
<ul>
<li>Enhancements
<ul>
<li>updated Makefile to be more robust, especially for Nerves users</li>
</ul>
</li>
</ul>
<h2>v2.3.0 (2020-03-01)</h2>
<ul>
<li>Changes
<ul>
<li>using Comeonin v5.3, which changes <code>add_hash</code> so that it
does NOT set the password to nil</li>
</ul>
</li>
</ul>
<h2>v2.2.0 (2020-01-15)</h2>
<ul>
<li>Enhancements
<ul>
<li>Updated documentation - in line with updates to Comeonin v5.2</li>
</ul>
</li>
</ul>
<h2>v2.0.0 (2019-02-12)</h2>
<ul>
<li>Enhancements</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7be71a877b"><code>7be71a8</code></a>
feat: update defaults</li>
<li>See full diff in <a
href="https://github.com/riverrun/argon2_elixir/compare/v3.2.1...v4.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Why:
* After further discussion around the Client DNS settings, it was
decided that keeping both `type` and `address` would be easier to help
with validation and parsing. At the moment, only IP DNS servers are
accepted, but placeholders for `DNS over TLS` and `DNS over HTTPS` have
been created.
