* feat(internal-auth): ability to set minimum password length [EE-3175]
* pass props to react component
* fixes + WIP slider
* fix slider updating + add styles
* remove nested ternary
* fix slider updating + add remind me later button
* add length to settings + value & onchange method
* finish my account view
* fix slider updating
* slider styles
* update style
* move slider in
* update size of slider
* allow admin to browse to authentication view
* use feather icons instead of font awesome
* feat(settings): add colors to password rules
* clean up tooltip styles
* more style changes
* styles
* fixes + use requiredLength in password field for icon logic
* simplify logic
* simplify slider logic and remove debug code
* use required length for logic to display pwd length warning
* fix slider styles
* use requiredPasswordLength to determine if password is valid
* style tooltip based on theme
* reset skips when password is changed
* misc cleanup
* reset skips when required length is changed
* fix formatting
* fix issues
* implement some suggestions
* simplify logic
* update broken test
* pick min password length from DB
* fix suggestions
* set up min password length in the DB
* fix test after migration
* fix formatting issue
* fix bug with icon
* refactored migration
* fix typo
* fixes
* fix logic
* set skips per user
* reset skips for all users on length change
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
* EE-2705 restrict registry edit options for different registry type
* EE-2705 quay and azure registry should not disable authentication
* EE-2705 Resolve conflict
* Initial extension build
* Add auto login
fix auto auth
add some message
Add extension version
Double attempt to login
Add auto login from jwt check
Add autologin on logout
revert sidebar
Catch error 401 to relogin
cleanup login
Add password generator
Hide User block and collapse sidebar by default
hide user box and toggle sidebar
remove defailt dd
Integrate extension to portainer
Move extension to build
remove files from ignore
Move extension folder
fix alpine
try to copy folder
try add
Change base image
move folder extension
ignore folder build
Fix
relative path
Move ext to root
fix image name
versioned index
Update extension on same image
Update mod
* fix kubeshell baseurl
* Fix kube shell
* move build and remove https
* Tidy mod
* Remove space
* Fix hash test
* Password manager
* change to building locally
* Restore version variable and add local install command
* fix local dev image + hide users & auth
* Password manageListen on locahost onlyr
* FIxes base path
* Hide only username
* Move default to constants
* Update app/portainer/components/PageHeader/HeaderContent.html
Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com>
* fix 2 failing FE tests [EE-2938]
* remove password autogeneration from v1
* fix webhooks
* fix docker container console and attach
* fix default for portainer IP
* update meta, dockerfile and makefile for new ver
* fix basepath in kube and docker console
* revert makefile changes
* add icon back
* Add remote short cut command
* make local methods the default
* default to 0.0.0 for version for local development
* simplify make commands
* small build fixes
* resolve conflicts
* Update api/filesystem/write.go
Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com>
* use a more secure default pass
Co-authored-by: itsconquest <william.conquest@portainer.io>
Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com>
* fix(edge-jobs): HTTP 404 on file upload
* fix(edge-jobs): state 'edge job' in message on edge job removal instead of 'stack'
* fix(api/edge-jobs): save changes on edge-jobs update
* feat(password) EE-2690 enforce strong password policy
* feat(password) EE-2690 disable create user button if password is not valid
* feat(password) EE-2690 show force password change warning only when week password is detected
* feat(password) EE-2690 prevent users leave account page by clicking add access token button
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* EE-2128 take agent_sceret into account
* EE-2128 align output code
* EE-2128 fix copy command error
* EE-2128 align code
* EE-2128 fix typo
* Update endpoint.html
remove glint auto changes
* EE-2128 Format html with Prettier
* EE-2128 Adjust UI for dark mode and adopt AGENT_SECRET on k8s automatically
* EE-2128 fix bug created by merge
* EE-2128 Move the initailization of AGENT_SECRET to main.go
* EE-2128 read AGENT_SECRET when settings is initializing
* feat(app/registries): add name uniqueness validation on registry creation
* feat(api/registry): enforce name uniqueness on registry creation
* feat(api/registry): enforce name uniqueness on registry update
* feat(app/registry): enforce name uniqueness on registry update
* feat(registries): allow non-admin users to see environment registries
* remove unused function
* fix error message
* fix test
* fix imports order
* feat(registry): check access first, add parameters name
* use registryID
* fix(sidebar): allow standard users to see endpoint registries view
Co-authored-by: LP B <xAt0mZ@users.noreply.github.com>
This PR solves the issue that the Portainer instance will be always accessible in certain cases, like `restart: always` setting with docker run, even if the administrator is not created in the first 5 minutes.
The solution is that the user will be redirected to a timeout page when any actions, such as refresh the page and click button, are made after administrator initialisation window(5 minutes) timeout.
* refactor(azure/aci): migrate sidebar to react [EE-2569]
* add test files
* add story
* fix(sidebar): get styles from sidebar
* make suggested changes + update icon story
* use template in second story + change some english
* use camel case in test
* use icon instead of span
* refactor(types): use existing environmentid type
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
* refactor(http): parse axios errors (#6325)
* refactor(home): use endpoint-list as react component [EE-1814] (#6060)
* refactor(home): use endpoint-list as react component
fix(home): add missing features and refactors
- kubebutton
- group name
- poll when endpoint is off
- state management
refactor(endpoints): use stat component
fix(endpoints): add space between items
refactor(endpoints): move stats to components
refactor(endpoints): fetch time
refactor(home): move logic
refactor(home): move fe render logic
refactor(settings): use vanilla js for publicSettings
refactor(kube): remove angular from kube config service
feat(home): add kubeconfig button
feat(home): send analytics when opening kubeconfig modal
fix(home): memoize footer
refactor(home): use react-query for loading
fix(home): show correct control for kubeconfig modal
refactor(home): use debounce
refactor(home): use new components
refactor(home): replace endpoints with environments
refactor(home): move endpoint-list component to home
fix(home): show group name
refactor(home): use switch for environment icon
fix(kubeconfig): fix default case
refactor(axios): use parse axios error
refactor(home): use link components for navigate
fix(home): align azure icon
refactor(home): refactor stats
refactor(home): export envstatusbadge
refactor(home): remove unused bindings
* chore(home): write tests for edge indicator
* chore(home): basic stories for environment item
* style(settings): reformat
* fix(environments): add publicurl
* refactor(home): use table components
* refactor(datatables): merge useSearchBarState
* refactor(home): fetch group in env item
* chore(tests): basic tests
* chore(home): test when no envs
* refactor(tags): use axios for tagService
* refactor(env-groups): use axios for getGroups
* feat(app): ui-state context provider
* refactor(home): create MotdPanel
* refactor(app): create InformationPanel
* feat(endpoints): fetch number of total endpoints
* refactor(app): merge hooks
* refactor(home): migrate view to react [EE-1810]
fixes [EE-1810]
refactor(home): wip use react view
feat(home): show message if no endpoints
refactor(home): show endpoint list
refactor(home): don't use home to manage link
refactor(home): move state
refactor(home): check if edge using util
refactor(home): move inf panels
chore(home): tests
refactor(home): load groups and tags in env-item
refactor(settings): revert publicSettings change
refactor(home): move confirm snapshot method
* fix(home): show tags
* fix(environments): handle missing snapshots
* fix(kube/volumes): fetch pesistent volume claims
* refactor(kube): remove use of endpointProvider
* refactor(endpoints): set current endpoint
* chore(home): add data-cy for tests
* chore(tests): mock axios-progress-bar
* refactor(home): move use env list to env module
* feat(app): sync home view changes with ee
* fix(home): sort page header
* fix(app): fix tests
* chore(github): use yarn cache
* refactor(environments): load list of groups
* chore(babel): remove auto 18n keys extraction
* chore(environments): fix tests
* refactor(k8s/application): use current endpoint
* fix(app/header): add margin to header
* refactor(app): remove unused types
* refactor(app): use rq onError handler
* refactor(home): wrap element with button
* fix(endpoints): fix broken style (release) [EE-2659]
* fix(endpoints): show margin under env var field [EE-2659]
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
* refactor(azure/aci): migrate dashboard view to react [EE-2189]
* move aggregate function to azure utils file
* fix type
* introduce dashboard item component
* add error notificatons
* hide resource groups widget if failed to load
* make dashboard a default export
* revert mistake
* refactor based on suggestions
* use object for error data instead of array
* return unused utils file
* move length calculations out of return statement
* only return first error of resource groups queries
* refactor imports/exports, fix bug with errors & add test
* WIP dashboard tests
* allow mocking multiple resource groups
* test for total number of resource groups
* update lock file to fix lint action issue
* finish dashboard tests
* dashboarditem story
* fix(auth): remove caching of user
* add option for link to dashboard item
* rename dashboard test case to match file
* remove optional link and update storybook
* create aria label based on already provided text
* change param name to be clearer
* fix(templates): EE-2117: show docker-compose app templates when in swarm mode and the user selects 'showContainers
Signed-off-by: Sven Dowideit <sven.dowideit@portainer.io>
* fix(templates): keep original behavior for standalone
* fix(templates): display all templates on Swarm
* refactor(templates): update method name
Co-authored-by: deviantony <anthony.lapenna@portainer.io>
* fix(settings): clear helm url if requested [EE-2494]
fix [EE-2494]
before this PR, helm url would clear when updating settings, if the helm url key wasn't provided.
in this PR, it will be changed only if required
* fix(settings): allow empty helm repo
* chore(deps): run yarn
* fix(settings): set helm repo url
* refactor(storidge): remove Storidge support from backend
* refactor(storidge): remove Storidge support from backend
* refactor(storidge): remove Storidge support from frontend
* refactor(app): create access-control-form react component [EE-2332]
fix [EE-2332]
* chore(tests): setup msw for async tests and stories
chore(sb): add msw support for storybook
* refactor(access-control): move loading into component
* fix(app): fix users and teams selector stories
* chore(access-control): write test for validation
* feat(webhook) EE-2125 add some helpers to registry utils
* feat(webhook) EE-2125 persist registryID when creating a webhook
* feat(webhook) EE-2125 send registry auth header when executing a webhook
* feat(webhook) EE-2125 send registryID to backend when creating a service with webhook
* feat(webhook) EE-2125 use the initial registry ID to create webhook on editing service screen
* feat(webhook) EE-2125 update webhook when update registry
* feat(webhook) EE-2125 add endpoint of update webhook
* feat(webhook) EE-2125 code cleanup
* feat(webhook) EE-2125 fix a typo
* feat(webhook) EE-2125 fix circle import issue with unit test
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* fix(k8s/ingress): ensure new ports are only added to ingress only if app is published via ingress
* refactor(k8s/ingress): removed deleted ports of ingress in a single pass
* feat(access-token): Multi-auth middleware support EE-1891 (#5936)
* AnyAuth middleware initial implementation with tests
* using mux.MiddlewareFunc instead of custom definition
* removed redundant comments
* - ExtractBearerToken bouncer func made private
- changed helm token handling functionality to use jwt service to convert token to jwt string
- updated tests
- fixed helm list broken test due to missing token in request context
* rename mwCheckAuthentication -> mwCheckJWTAuthentication
* - introduce initial api-key auth support using X-API-KEY header
- added tests to validate x-api-key request header presence
* updated core mwAuthenticatedUser middleware to support multiple auth paradigms
* - simplified anyAuth middleware
- enforcing authmiddleware to implement verificationFunc interface
- created tests for middleware
* simplify bouncer
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
* feat(api-key): user-access-token generation endpoint EE-1889 EE-1888 EE-1895 (#6012)
* user-access-token generation endpoint
* fix comment
* - introduction of apikey service
- seperation of repository from service logic - called in handler
* fixed tests
* - fixed api key prefix
- added tests
* added another test for digest matching
* updated swagger spec for access token creation
* api key response returns raw key and struct - easing testability
* test for api key prefix length
* added another TODO to middleware
* - api-key prefix rune -> string (rune does not auto-encode when response sent back to client)
- digest -> pointer as we want to allow nil values and omit digest in responses (when nil)
* - updated apikey struct
- updated apikey service to support all common operations
- updated apikey repo
- integration of apikey service into bouncer
- added test for all apikey service functions
- boilerplate code for apikey service integration
* - user access token generation tests
- apiKeyLookup updated to support query params
- added api-key tests for query params
- added api-key tests for apiKeyLookup
* get and remove access token handlers
* get and remove access token handler tests
* - delete user deletes all associated api keys
- tests for this functionality
* removed redundant []byte cast
* automatic api-key eviction set within cache for 1 hour
* fixed bug with loop var using final value
* fixed service comment
* ignore bolt error responses
* case-insensitive query param check
* simplified query var assignment
* - added GetAPIKey func to get by unique id
- updated DeleteAPIKey func to not require user ID
- updated tests
* GenerateRandomKey helper func from github.com/gorilla/securecookie moved to codebase
* json response casing for api-keys fixed
* updating api-key will update the cache
* updated golang LRU cache
* using hashicorps golang-LRU cache for api keys
* simplified jwt check in create user access token
* fixed api-key update logic on cache miss
* Prefix generated api-keys with `ptr_` (#6067)
* prefix api-keys with 'ptr_'
* updated apikey description
* refactor
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
* helm list test refactor
* fixed user delete test
* reduce test nil pointer errors
* using correct http 201 created status code for token creation; updated tests
* fixed swagger doc user id path param for user access token based endpoints
* added api-key security openapi spec to existing jwt secured endpoints (#6091)
* fixed flaky test
* apikey datecreated and lastused attrs converted to unix timestamp
* feat(user): added access token datatable. (#6124)
* feat(user): added access token datatable.
* feat(tokens): only display lastUsed time when it is not the default date
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/components/datatables/access-tokens-datatable/accessTokensDatatableController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/services/api/userService.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* feat(improvements): proposed datatable improvements to speed up dev time (#6138)
* modal code update
* updated datatable filenames, updated controller to be default class export
* fix(access-token): code improvement.
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* feat(apikeys): create access token view initial implementation EE-1886 (#6129)
* CopyButton implementation
* Code component implementation
* ToolTip component migration to another folder
* TextTip component implementation - continued
* form Heading component
* Button component updated to be more dynamic
* copybutton - small size
* form control pass tip error
* texttip small text
* CreateAccessToken react feature initial implementation
* create user access token angularjs view implementation
* registration of CreateAccessToken component in AngularJS
* user token generation API request moved to angular service, method passed down instead
* consistent naming of access token operations; clustered similar code together
* any user can add access token
* create access token page routing
* moved code component to the correct location
* removed isadmin check as all functionality applicable to all users
* create access token angular view moved up a level
* fixed PR issues, updated PR
* addressed PR issues/improvements
* explicit hr for horizontal line
* fixed merge conflict storybook build breaking
* - apikey test
- cache test
* addressed testing issues:
- description validations
- remove token description link on table
* fix(api-keys): user role change evicts user keys in cache EE-2113 (#6168)
* user role change evicts user api keys in cache
* EvictUserKeyCache -> InvalidateUserKeyCache
* godoc for InvalidateUserKeyCache func
* additional test line
* disable add access token button after adding token to prevent spam
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
* feat(logs): added orange border to export button.
* fix(ldap): fixed connectivity check radio button alignment issue
* fix(be-feature): added box shadow to limited feature border
* fix(be-feature): fixed hide internal auth toggle issue.
* feat(ldap): added isLimitedFeatureSelfContained config to ldap-custom-admin-group and test-login components
* feat(auth): moved save settings button in auth page to a component.
* feat(oauth): use saveSettingsButton component in oauth
* feat(oauth): use saveSettingsButton component in internal auth
* feat(oauth): use saveSettingsButton component in MS active directory auth
* feat(oauth): use saveSettingsButton component in ldap auth
* feat(auth): added new component to index.js
* removed css inline styles.
* feat(ad): added disable check method to ad auth.
* feat(ldap): moved save settings disable method to parent component
* removed inline styles.
* fix(ldap): fixed test login misalignment issue
* fix(ldap): pass isLdapFormValid function from page component
* fix(ldap): made the toggle button in custom admin group orange when it's limited to CE.
* fix(auth): fixed save setting button in Microsoft Active Directory auth
* fix(ldap): made the assign admin toggle bright orange
* remove unuse component from ce (#5930)
* update wording to Change Window
Co-authored-by: Richard Wei <54336863+WaysonWei@users.noreply.github.com>
Co-authored-by: waysonwei <degui.wei@gmail.com>
* fix(helm): allow clearing global helm repo EE-1965
* fix(helm): show hint if global helm repo is blank EE-1965
* fix(helm): skip loading charts if repo is blank EE-1965
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* fix(registry) EE-1861 improve registry selection (#5899)
* fix(registry) EE-1861 hide anonymous dockerhub registry if user has an authenticated one
* fix(registry) EE-1861 pick up a best match dockerhub registry
* fix(registry) EE-1861 set the anonymous registry as default if it is shown
* fix(registry) EE-1861 refactor how to match registry
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* fix(registry) EE-1861 fail to select registry with same name
* fix(registry) EE-1861 show registry modal when pull and push image
* fix(registry) EE-1861 cleanup code
Co-authored-by: Simon Meng <simon.meng@portainer.io>