1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-11-01 19:07:38 +01:00
Commit Graph

33 Commits

Author SHA1 Message Date
Nuno Góis
d63b3c69fe
feat: adapt user logic to better adapt to SAs (#2917)
https://linear.app/unleash/issue/2-579/improve-user-like-behaviour-for-service-accounts-accounts-concept

<img width="803" alt="image"
src="https://user-images.githubusercontent.com/14320932/213011584-75870595-988d-49bc-a7bf-cd1ffd146bca.png">

Makes SAs behave more like users. 

Even though they share the same `users` database table, the `is_service`
column distinguishes them. This PR makes the distinction a bit less
obvious by not filtering out SAs for some methods in the user store,
returning both account types and their respective account type
information so we can handle them properly on the UI.

We felt like this was a good enough approach for now, and a decent
compromise to move SAs forward. In the future, we may want to make a
full refactor with the `accounts` concept in mind, which we've
experimented with in the
[accounts-refactoring](https://github.com/Unleash/unleash/tree/accounts-refactoring)
branches (both OSS and Enterprise).
 
https://github.com/Unleash/unleash/pull/2918 - Moves this a bit further,
by introducing the account service and store.
2023-01-18 12:12:44 +00:00
Nuno Góis
5086ec7921
remove feature flag: tokens last seen (#2673)
https://linear.app/unleash/issue/2-470/clean-up-flag
2022-12-12 14:32:35 +00:00
Nuno Góis
7ce38ffe89
feat: update seen_at pat column (#2516)
https://linear.app/unleash/issue/2-451/update-last-seen-column-for-pats
2022-11-30 08:10:31 +02:00
sjaanus
b071de6742
Add possibility to soft delete users (#2497)
Previously we hard deleted the users, but due to change requests and
possibly other features in future, we really want to hard-link user
table and have meaningful relationships.

But this means, when user is deleted, all linked data is also deleted.
**Workaround is to soft delete users and just clear users data and keep
the relationships alive for audit logs.**

This PR implements this feature.
2022-11-23 09:30:54 +02:00
sjaanus
d79ace57ec
Personal access token middleware (#2069)
* Middleware first version

* Middleware tests

* Add tests

* Finish middleware tests

* Add type for request

* Add flagresolver

* Fix snapshot

* Update flags and tests

* Put it back as default

* Update snapshot
2022-09-28 16:53:56 +03:00
Tymoteusz Czech
0086f2f19f
Fix: prevent password reset email flooding (#2076)
* fix: prevent password reset email flooding

* feat: add tests to user service for password reset
2022-09-28 10:24:43 +02:00
Christopher Kolstad
667fb9a8cf
fix: deletes all sessions for user on logout (#2071)
* fix: deletes all sessions for user on logout
2022-09-23 14:19:17 +02:00
olav
42d64c8803
feat: add CORS instance settings (#1957)
* feat: add CORS instance settings

* refactor: disallow arbitrary asterisks in CORS origins
2022-08-26 09:09:48 +02:00
olav
e013a72ddd
refactor: add missing tokenUserSchema fields (#1742) 2022-06-22 15:37:26 +02:00
olav
ab75d4085e
refactor: add schemas to user admin controller (#1692)
* refactor: add schemas to user admin controller

* refactor: remove unused SessionService

* refactor: fix search query type confusion

* refactor: add schemas to user controller (#1693)

* refactor: add schemas to user controller

* refactor: fix getAllUserSplashes method name

* refactor: name and email should not be required on create

* refactor: only some user fields may be updated

* refactor: should not require any fields on user update  (#1730)

* refactor: send 400 instead of 500 on missing username and email

* refactor: should not require any fields for user update

* refactor: note that earlier versions required name or email

* refactor: merge roleDescriptionSchema and roleSchema
2022-06-22 14:55:43 +02:00
Ivar Conradi Østhus
a50d0e2a21
fix: improve API error-handling (#1301)
Unleash is an API and it would simplyfy a lot of the specific
errors could carry the expected HTTP status code for this error.
This would eliminate the need for a gigantic switch/case in the
handle-errors function.
2022-01-26 13:45:22 +01:00
sighphyre
0c78980502
feat: custom project roles (#1220)
* wip: environment for permissions

* fix: add migration for roles

* fix: connect environment with access service

* feat: add tests

* chore: Implement scaffolding for new rbac

* fix: add fake store

* feat: Add api endpoints for roles and permissions list

* feat: Add ability to provide permissions when creating a role and rename environmentName to name in the list permissions datastructure

* fix: Make project roles resolve correctly against new environments permissions structure

* fix: Patch migration to also populate permission names

* fix: Make permissions actually work with new environments

* fix: Add back to get permissions working for editor role

* fix: Removed ability to set role type through api during creation - it's now always custom

* feat: Return permissions on get role endpoint

* feat: Add in support for updating roles

* fix: Get a bunch of tests working and delete a few that make no sense anymore

* chore: A few small cleanups - remove logging and restore default on dev server config

* chore: Refactor role/access stores into more logical domains

* feat: Add in validation for roles

* feat: Patch db migration to handle old stucture

* fix: migration for project roles

* fix: patch a few broken tests

* fix: add permissions to editor

* fix: update test name

* fix: update user permission mapping

* fix: create new user

* fix: update root role test

* fix: update tests

* feat: Validation now works when updating a role

* fix: Add in very barebones down migration for rbac so that tests work

* fix: Improve responses from role resolution - getting a non existant role will throw a NotFound error

* fix: remove unused permissions

* fix: add test for connecting roles and deleting project

* fix: add test for adding a project member with a custom role

* fix: add test for changing user role

* fix: add guard for deleting role if the role is in use

* fix: alter migration

* chore: Minor code cleanups

* chore: Small code cleanups

* chore: More minor cleanups of code

* chore: Trim some dead code to make the linter happy

* feat: Schema validation for roles

* fix: setup permission for variant

* fix: remove unused import

* feat: Add cascading delete for role_permissions when deleting a role

* feat: add configuration option for disabling legacy api

* chore: update frontend to beta version

* 4.6.0-beta.0

* fix: export default project constant

* fix: update snapshot

* fix: module pattern ../../lib

* fix: move DEFAULT_PROJECT to types

* fix: remove debug logging

* fix: remove debug log state

* fix: Change permission descriptions

* fix: roles should have unique name

* fix: root roles should be connected to the default project

* fix: typo in role-schema.ts

* fix: Role permission empty string for non environment type

* feat: new permission for moving project

* fix: add event for changeProject

* fix: Removing a user from a project will now check to see if that project has an owner, rather than checking if any project has an owner

* fix: add tests for move project

* fix: Add in missing create/delete tag permissions

* fix: Removed duplicate impl caused by multiple good samaritans putting it back in!

* fix: Trim out add tag permissions, for now at least

* chore: Trim out new add and delete tag permissions - we're going with update feature instead

* chore: update frontend

* 4.6.0-beta.1

* feat: Prevent editing of built in roles

* fix: Patch an issue where permissions for variants/environments didn't match the front end

* fix: lint

Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-01-13 11:14:17 +01:00
Ivar Conradi Østhus
559275129d
Fix/bcryptjs (#1239)
fixes: #1108
2022-01-06 20:43:57 +01:00
sighphyre
5a82d9be87
fix: Update updateUser code to reject empty emails (#1210)
* fix: Update updateUser code to reject empty emails

This fixes an issue where the updateUser call would allow null email
addresses, then update the email to null and then raise an exception,
leaving the db in a state where no user could be resolved.

* fix: remove username/email requirement in user.ts

Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2022-01-03 20:14:56 +01:00
Ivar Conradi Østhus
d8478dd928
feat: clean up events (#1089)
Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-11-12 13:15:51 +01:00
Ivar Conradi Østhus
4fb1bcb524
feat: Disable password based login (#1046)
This commit will introduce a new setting used to disbaled
simple password based authention.

The setting itself is an enterprise setting.
2021-10-29 10:25:42 +02:00
Ivar Conradi Østhus
41574e3938
fix: create admin users if enabled and zero users already 2021-10-12 21:39:57 +02:00
Ivar Conradi Østhus
bb47c19d4d
fix: only update name if not undefined 2021-08-25 12:43:42 +02:00
Ivar Conradi Østhus
8cbf378286
feat: sync fields when logging in via SSO (#916) 2021-08-23 12:11:29 +02:00
Christopher Kolstad
ff7be7696c
fix: Stores as typescript and with interfaces. (#902)
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
checketts
2f013bacbf
chore: Convert client metrics controller to typescript (#831)
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-06-24 19:22:12 +02:00
Ivar Conradi Østhus
0efc238fdb
fix: define root role by setting the name of the role (#823) 2021-04-30 13:25:24 +02:00
Christopher Kolstad
7cbe6bfcc1
fix: deletes sessions for user when user is removed (#810) 2021-04-29 10:54:11 +02:00
Ivar Conradi Østhus
df2e23c282
fix: refactor event types 2021-04-29 10:21:29 +02:00
Ivar Conradi Østhus
886e0bb008
feat: add user create/update/delete events (#807) 2021-04-27 20:47:11 +02:00
Christopher Kolstad
d0b17af770
fix: handle password being undefined when validating (#809) 2021-04-27 15:35:10 +02:00
Christopher Kolstad
578078e03f
fix: active sessions are now destroyed if auth/reset and auth/validate endpoints are used (#806) 2021-04-27 09:16:44 +02:00
Ivar Conradi Østhus
2874ae71b6
fix: change default admin password 2021-04-26 11:28:51 +02:00
Ivar Conradi Østhus
b0e6d8c363
fix: User should require a ID field set (#799) 2021-04-22 23:40:52 +02:00
Christopher Kolstad
240c6a77a1
Feat/options need types (#794)
feat: options are now typed

- This makes it easier to know what to send to unleash.start / unleash.create
- Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in.


Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-04-22 10:07:10 +02:00
Christopher Kolstad
b55c85783b
Reset token (#786)
feat: Add Reset token functionality

This allows admin users to create a reset token for other users. Thus allowing resetting their password.

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>

fixes: #778
2021-04-16 15:29:23 +02:00
Ivar Conradi Østhus
23ea21babf
fix: rename rbac roles. (#788)
* fix: rename rbac roles.

Root-roles:
- Admin
- Editor
- Viewer

Project roles:
- Owner
- Member

* Update src/lib/services/access-service.ts

* Update src/migrations/20210415173116-rbac-rename-roles.js

Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-04-16 10:45:15 +02:00
Ivar Conradi Østhus
9bd425c193
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00