Why:
* The traffic filter functionality is not quite ready in the system as a
whole, so the web UI will give the ability to hide the section of the
forms to allow for a better end user experience.
I noticed that you still can go to the old resources view from Policies
page and there were two ways to fix that:
1. Change many-to-many connection between sites and resources to
one-to-many, which means we will change domain model and drop multi-site
load balancing feature;
2. Change the templates not to hide the old views but rather make them
complimentary by accepting `site_id` query param, which slightly changed
their behavior, so that it's the same view from sites and policies, just
without a way to access Resources index page (unless future feature flag
is enabled).
This PR implements (2).
Why:
* Some sections of the UI were still displaying `TODO` and needed to be
hidden for beta release, so a feature flag was created. Also, the
'Flows' are not ready to be utilized in the UI at this time, so a
feature flag was created to hide any mention of 'Flows'.
## Changelog
- Updates connlib parameter API_URL (formerly known under different
names as `CONTROL_PLANE_URL`, `PORTAL_URL`, `PORTAL_WS_URL`, and
friends) to be configured as an "advanced" or "hidden" feature at
runtime so that we can test production builds on both staging and
production.
- Makes `AUTH_BASE_URL` configurable at runtime too
- Moves `CONNLIB_LOG_FILTER_STRING` to be configured like this as well
and simplifies its naming
- Fixes a timing attack bug on Android when comparing the `csrf` token
- Adds proper account ID validation to Android to prevent invalid URL
parameter strings from being saved and used
- Cleans up a number of UI / view issues on Android regarding typos,
consistency, etc
- Hides vars from from the `relay` CLI we may not want to expose just
yet
- `get_device_id()` is flawed for connlib components -- SMBios is rarely
available. Data plane components now require a `FIREZONE_ID` now instead
to use for upserting.
Fixes#2482Fixes#2471
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
Purely visual changes in this PR. No functionality is changed, aside
from the code blocks no longer containing html tags when copied using
the "copy to clipboard" icon.
* Button primary color has been updated
* Corner radius on buttons, input fields, etc... has been reduced
* Code blocks have been updated
Why:
* After further discussion around the Client DNS settings, it was
decided that keeping both `type` and `address` would be easier to help
with validation and parsing. At the moment, only IP DNS servers are
accepted, but placeholders for `DNS over TLS` and `DNS over HTTPS` have
been created.
This PR lays the ground work for making all the liveview pages more
uniform in how they are laid out by creating and updating some of the
liveview components.
Why:
* The signup page was failing to allow signups due to a change in one of
the domain functions. This happened due to the UI not having tests for
the sign up page. The sign up page has been updated to use the new
domain function signature and has also had some tests added to hopefully
prevent regressions.
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Why:
* The previous Account DNS Settings page was only a static page. This
commit enables the form on the page to actually save and update the DNS
settings for a given account.
Getting some weird behavior with AppLinks. They don't seem to work upon
first use and require a few tries to function correctly.
Edit: Found the issue: Android Studio doesn't like when the Manifest
contains variables for AppLinks. I added a note in the Manifest.
@conectado To test Applinks are working correctly, you can use the App
Link Assistant:
<img width="930" alt="Screenshot 2023-09-28 at 11 15 11 PM"
src="https://github.com/firezone/firezone/assets/167144/e4bd4674-d562-44ec-bdb8-3a5f97250b84">
Then from there you can click "Test App Links":
<img width="683" alt="Screenshot 2023-09-28 at 11 15 30 PM"
src="https://github.com/firezone/firezone/assets/167144/f3dc8e0d-f58a-4a4b-9855-62472096dc9e">
Thanks to @devsnaked for the fix. Opening this to get the changes merged
more quickly.
Supersedes #2072
---------
Signed-off-by: Maximilly Moreira Gonçalves <max.ocw@gmail.com>
Co-authored-by: Maximilly Moreira <max.ocw@gmail.com>
Adds `active_path` to determine whether or not to highlight a sidebar
item.
~~Leaving as draft for now to allow @devsnaked to contribute. Edit: Will
use this PR as the base for @devsnaked's upcoming changes~~
Edit: fixes#2065
Why:
* The current account settings page shows the user profile info and
billing information. The billing system is not currently implemented and
can be hidden for the time being. As for the user profile information,
it was decided that it would probably be better to send the user to the
'Actors' show page for the currently logged in user.
<img width="1148" alt="new-account-settings-page"
src="https://github.com/firezone/firezone/assets/2646332/6aaabad0-038e-4b4c-8cfb-e2d669b54b53">
Why:
* Previously the New/Edit forms for Resources were not able to actually
create or update Resources. This commit enables those forms to create
and update a Resource.
---------
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Renaming it back to clients to reflect service accounts and headless
clients use cases in the terminology. Such a rename will be very painful
on live data so better if we do it early on.
---------
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
Why:
* The new and edit policy pages had previously only been pulling live
data from the DB, but had not been able to use the forms to create or
update policies. This commit allows the forms to function as intended.
Looks like it broke the staging WS connections. Getting a failure of
Liveview socket connection on `app.firez.one`:
```
insertId: 1o7nymzg12jh1k5
jsonPayload:
cos.googleapis.com/container_id: 89b4633e81432e43dfbaa3957324fd5ead3f2362737bac84648a8f839b6eb16c
cos.googleapis.com/container_name: klt-web-cpap
cos.googleapis.com/stream: stdout
message:
domain:
- elixir
erl_level: error
logging.googleapis.com/sourceLocation:
file: lib/phoenix/socket/transport.ex
function: Elixir.Phoenix.Socket.Transport.check_origin/5
line: 344
message: |+
Could not check origin for Phoenix.Socket transport.
Origin of the request: https://app.firez.one
This happens when you are attempting a socket connection to
a different host than the one configured in your config/
files. For example, in development the host is configured
to "localhost" but you may be trying to access it from
"127.0.0.1". To fix this issue, you may either:
1. update [url: [host: ...]] to your actual host in the
config file for your current environment (recommended)
2. pass the :check_origin option when configuring your
endpoint or when configuring the transport in your
UserSocket module, explicitly outlining which origins
are allowed:
check_origin: ["https://example.com",
"//another.com:888", "//other.com"]
severity: ERROR
time: '2023-08-26T21:24:36.002Z'
time: '2023-08-26T21:24:36.002628434Z'
logName: projects/firezone-staging/logs/cos_containers
receiveTimestamp: '2023-08-26T21:24:36.402398476Z'
resource:
labels:
instance_id: '8218473336234347240'
project_id: firezone-staging
zone: us-east1-d
type: gce_instance
timestamp: '2023-08-26T21:24:36.002628434Z'
```
The Sign Up page will allow users to create new organization accounts.
During sign-up, a randomly generated slug will be created for the
account and "magic link" will be set as the first identity provider to
allow the user to login to the newly created account.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
* Refactor sharedPreferences to only save the AccountId
* Update TeamId -> AccountId to match naming elsewhere
* Update JWT -> Token to avoid confusion; this token is **not** a valid
JWT and should be treated as an opaque token
* Update FFI `connect` to accept an optional file descriptor (int32) as
a first argument. This seemed to be the most straightforward way to pass
it to the tunnel stack. Retrieving it via callback is another option,
but retrieving return vars with the `jni` was more complex. We could
have used a similar approach that we did in the Apple client
(enumerating all fd's in the `new()` function until we found ours) but
this approach is [explicitly
documented/recommended](https://developer.android.com/reference/android/net/VpnService.Builder#establish())
by the Android docs so I figured it's not likely to break.
Additionally, there was a thread safety bug in the recent JNI callback
implementation that consistently crashed the VM with `JNI DETECTED ERROR
IN APPLICATION: use of invalid jobject...`. The fix was to use
`GlobalRef` which has the explicit purpose of outliving the `JNIEnv`
lifetime so that no `static` lifetimes need to be used.
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Pratik Velani <pratikvelani@gmail.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
Fixes a small bug where `client_platform` wasn't being added to the
redirect_params in the magic link auth flow, so the token form input was
never shown.
Also adds a `hidden` type input that omits the `class=` attribute and
`div` wrapper.
Feel free to build off this or close and open a more thorough fix if
this is not the desired approach.
