Viewing a Resource created by an API client was crashing the view due to
the function creating the link to the actor not accounting for the API
client case.
Closes#6267
We were generating fake tokens when identity was not found but those had
empty ids so the code crashed. Now we fake the entire token and make
sure it's length is stable.
Why:
* Before the REST API is release to all Firezone users a closed beta
program will be run. Rather than blurring out the API Clients page for
users that are not apart of the closed beta program, a 'beta' page will
be shown that will allow users to request access to the closed beta.
Once the REST API is released to all accounts, all of this can be
removed.
Closes: #5920
### Screenshot
<img width="1445" alt="Screenshot 2024-07-24 at 6 55 36 PM"
src="https://github.com/user-attachments/assets/a09591bc-190c-4bd4-9716-9a74a0f09e0a">
Fixes a UX issue somewhat introduced by
https://github.com/firezone/firezone/pull/5870 where we changed behavior
to make the redirect consistent with other CRUD operations.
The behavior we had prior to
https://github.com/firezone/firezone/pull/5870 was to redirect to
Resource show, but feedback from customer (which makes sense) is that
you almost _always_ create a Policy after creating a Resource, so this
PR streamlines the hot path flow there.
This has occurred to a couple users in Discord as well, so by taking
them directly to policies/new it hopefully make clear the user needs to
create a Policy after creating a Resource.
This papercut occurred while customer was demo'ing Firezone to another
potential customer.
Fixes#5929
cc @jameswinegar
…idc users (#5127)
Currently we can only send a welcome email to oidc users who have
already logged in once. For manually provisionned oidc users, we can't.
This PR aims to solve this issue
---------
Co-authored-by: Antoine <antoinelabarussias@gmail.com>
You still can generate a link that will inject a text as long as it has
`@` in it - there is no good ways to validate emails other than just
check for that. The only *reliable* ways to fix that is to either remove
that text (making users more confused) or only show it if identity was
found (leaking the fact of it's existence).
Fixes#5270
- Relaxes the `NOT NULL` constraint because in Clients we already
account for empty address descriptions (by showing the address in its
place if missing). We may want to simply hide the Resource altogether if
the description is missing (based on user feedback). With a blank field,
we can differentiate between not entered vs entered an address.
- Updates help text a bit
```[tasklist]
- [x] Update docs with examples
```
<img width="772" alt="Screenshot 2024-06-06 at 12 01 48 PM"
src="https://github.com/firezone/firezone/assets/167144/523aa0ff-f30d-44cb-bb3c-5d5cda7236e6">
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
For oidc users, `provider_identifier` is an id and not the email of the
user.
Contributed by @Intuinewin
---------
Co-authored-by: Antoine <antoinelabarussias@gmail.com>
Why:
* JumpCloud directory sync was requested from customers. JumpCloud only
offers the ability to use it's API with an admin level access token that
is tied to a specific user within a given JumpCloud account. This would
require Firezone customers to give an access token with much more
permissions that needed for our directory sync. To avoid this, we've
decide to use WorkOS to provide SCIM support between JumpCloud and
WorkOS, which will allow Firezone to then easily and safely retrieve
JumpCloud directory info from WorkOS.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
- Fixes policy creation when `policy_conditions` is disabled
- Updates design so that items are a little more aligned and text has
more / consistent spacing around.
https://github.com/firezone/firezone/assets/167144/b9c29110-ae1c-4841-b999-a0da022f4a38
Test is failing though. Before sinking more time into this I wanted to
open this PR to get @AndrewDryga's input.
- Ensure IP address appears on newline always
- Dedicate 3/12 width for table columns that can contain IPv6 addresses
- Removes the `(IP)` parentheses because that makes it hard to
copy/paste the IP
Fixes#4992
Why:
* The new flow for creating an identity provider in Firezone allows the
user to not have to worry what features their plan has enabled. It will
allow the user to select which identity provider they use and will take
them to the appropriate form depending on the features they have enabled
on their plan.
## Screenshots
### Selecting an identity provider
<img width="937" alt="Screenshot 2024-05-14 at 11 53 17 AM"
src="https://github.com/firezone/firezone/assets/2646332/31337ad9-13c8-43a2-942c-adb0a951167c">
### New OIDC form when a custom provider is selected but IDP sync is not
enabled for account
<img width="903" alt="Screenshot 2024-05-14 at 11 54 58 AM"
src="https://github.com/firezone/firezone/assets/2646332/2e18d788-60c3-4fad-b749-351559a24aca">
- Makes the group badges a little easier on the eyes, and reduces their
size to improve layout flow a bit. Allows to more quickly identity
provider adapters at-a-glance.
- Fix group badge wrapping so that long group names don't flow into the
next table cell
Fixes#4905
<img width="1209" alt="Screenshot 2024-05-10 at 7 24 59 AM"
src="https://github.com/firezone/firezone/assets/167144/fba4190a-af0a-464a-b3b1-9e98505c59fb">
The sidebar was missing a conditional check when displaying the API
Clients link. This was only a bug in the sidebar UI as visiting the
actual API clients URL path showed a `404` as expected when the REST API
feature was disabled.
The client authentication had previously been using liveview and passing
params around using URL query params. One of the issues with using
liveview for this task was that there edge case issues on certain
clients with the websocket connection. Along with that, to have even
more security during the login process, the query param values that were
passed after the client was authenticated have been moved to an HTTP
cookie with very strict flags set.
The deep link redirection now uses a new HTTP endpoint that returns a
302 with the deep link as the location, which is triggered using a
`<meta http-equiv="refresh">` tag on the client.
`relays` will be removed from `prepare_connection` in a few weeks after
we release a version that reads them from `init` message. Keep in mind
technically `relays` list can be empty, it would be nice if clients
would log an error or show it in such cases.
Why:
* As work on the portal REST API has begun, there was a need to easily
provision API tokens to allow testing of the new API endpoints being
created. Adding the API Client UI allows for this to be done very easily
and will also be used once the API is ready to be consumed by customers.
Closes#2368
Why:
* When creating or editing an actor, the previous form had a
multi-select input that would list all groups in the account. In order
to select or deselect groups, you would need to hold down ctrl or cmd on
the keyboard and click a given group. This worked when there were a very
small number of groups, but if an account had a moderate number of
groups it became very difficult. Along with that, it was also easy to
accidentally forget to hold down ctrl/cmd and click a group, which would
clear all previously selected groups. This commit moves the group
selection out from the new/edit actor pages and creates a new actor
group edit page that allows a user to search for groups as well as
making it easy to select which group should be added or removed.
Fixes#4372
<img width="1008" alt="Screenshot 2024-04-03 at 1 37 25 AM"
src="https://github.com/firezone/firezone/assets/2646332/bca9163b-bbaf-49ef-b3b9-8c6770e8c307">
Why:
* When viewing an actor in the portal, all of the groups were listed in
the top info table. This works for a small number of groups, but becomes
difficult to use when an actor is in a large number of groups. This
commit moves that information to it's own `live_table` element so that
it's easier to parse and can be paginated.
