* Conditionally start WireGuard sandbox adapter if set in app env
* Use Live wg adapter module in dev, sandbox in test. fz_vpn supervised children from app env
* checkpoint
* Docker dev environment final root cause analysis
* Update CONTRIBUTING.md
* Update apps/fz_common/lib/fz_net.ex
Co-authored-by: Po Chen <chenpaul914@gmail.com>
Co-authored-by: Po Chen <chenpaul914@gmail.com>
* Add telemetry data for feature configs and other useful stats
* use conf helper in more places & unit tests for ping_data
* include db url setting, improve unit tests
* Update VPN Connection column with status tag, update docs explaining tags under authenticate section
* Fix events test warning
* Fix formatting
* Fix docs lint
* Move vpn status doc to fix doc lint
* Use div instead of label for tag root, update oidc language
* Refactor vpn status component for pr feedback
* use a component instead of a live one
* Update egress rules user guide with user scope ui
* Fix user scope description
* Update egress rules view with correct user scope text & corresponding doc img
* Revert previous doc text
* Replaces nftables rule management to use sets
Fixesfirezone/product#398
* Fix fz_wall not existing function
* Minor tidy up
* Refactor tests and projections
* Refactor fz_wall state to use map instead of tuple
* Minor fix
* Add optional user scope field to Rules UI
* Build a users map and use for rule list table
* Include current user in user scope options
* Add user scope tests to live rule view test
* Finish adding/removing scoped rule tests
* Add rules number field to user detail view with link to rules page
* Woops, forgot to define destination in remove scope test
* Only add rules path to user_details template for auth'd views.
* Use socket for rules_path router & remove user options logic from view
* Update fw rules guide to explain user scoped rules
* checkpoint
* Add and delete functions for multiple rules
* Update delete device to delete user rules
* Fix tests
* Improve testing
* Multiple suggested small improvments
* Swap call order on update device
* Fix rule deletion for users/devices
* Fix deletion for multiple rules
* Remove device deletion by pubkey
* Fix multiple rule deletion in case of handle change
* Optimize sql query for getting nftable spec rules
* Fix rule deletion when same daddr
* Fix rule deletion to account for whitespace at the start of line
* Improve rule duplicate error message
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
* segregate account form between admins and unprivileged users
* Disable magic_link, identity providers when local auth disabled
* Revert authentication.ex
* re-add logger require in fz_http Devices module
* fix interface test in fz_vpn
* Start GenServer dynamically on first use
* docs clarify
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
* Remove wireguard-tools from firezone
* Remove unused public key environment variable
* remove wg private keygen from omnibus config
* Move private key file management to Elixir
* cleanup perms, remove unused code
* Cleanup some more code, fix interface test
* fix functional test & refactor FzVpn.Interface.set
* update owner group on wg_private_key even if file is present
* Fix device config generation
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
* Refactor fz_vpn with Wireguardex library, tests failing and some more to go with the sandbox adapter
* fix dump test & static-analysis refactoring
* finish sandbox, dump test working
* add functional test for WireGuard calls
* remove leftover cli code from refactor
* remove unusued cli & config modules
* remove setcap recipe after app recipe to preserve setcap on beam
* PR feedback: Change Interface warnings to errors, code improvements, remove wg_path from config
* add tests for interface module & PR feedback
* update to Wireguardex 0.3.0
* delete extra line in test
* Switch WGAdapter live module to prod config instead of runtime
* Bump npm
* Bump deps for dependabot issues
* MFA (#660)
* 2fa wip
add encrypted map
gen schema
add nimble_totp
add module doc
add qrusty
bump base to enable use of qrusty
requires a newer version of glibc
Revert "add qrusty"
This reverts commit 27eaf7864ea98578186c53ed4c5f650e244e8ede.
cannot be used on bionic
add eqrcode
scaffold
extract renderQR
Revert "add eqrcode"
This reverts commit fe6f74f18f13dfcc92dbdace657d194e5536e164.
use frontend qr code generation
display MFA methods
add description
* wip
* finish mfa totp addition workflow
* use real user
* allow deleting authenticator
* use valid? and :since
* make credo happy
* use mfa
* make credo happy
* add account page for unprivileged users
* eof
* add unit tests
* add integration tests
* Workaround for SSH dropping by not using random port (#697)
* Bump npm
* Bump deps for dependabot issues
* Workaround for SSH dropping by not using random port
Fixes#478
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
* Update repo README (#700)
* update main readme
* add link
* update badges
* remove redundant copy
* Fix show-config to display current config (#703)
Fixes#553
* Minor MFA fixes (#704)
* Fix conflicting cache-control header (#706)
* Add manual refresh (#705)
* Add manual refresh
* Align button right
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
Co-authored-by: Po Chen <chenpaul914@gmail.com>
Co-authored-by: Gabi <gabriel@firezone.dev>
Co-authored-by: Jason G <52545545+gongjason@users.noreply.github.com>
