* feat(go): add user schema;
* feat(go): migrate to user schema;
* feat(go): add audit fields;
* feat(go): remove unused fields from the network model;
* feat(go): add network schema;
* feat(go): migrate to network schema;
* refactor(go): add comment to clarify migration logic;
* fix(go): test failures;
* fix(go): test failures;
* feat(go): change membership table to store memberships at all scopes;
* feat(go): add schema for access grants;
* feat(go): remove nameservers from new networks table; ensure db passed for schema functions;
* feat(go): set max conns for sqlite to 1;
* fix(go): issues updating user account status;
* refactor(go): remove converters and access grants;
* refactor(go): add json tags in schema models;
* refactor(go): rename file to migrate_v1_6_0.go;
* refactor(go): add user groups and user roles tables; use schema tables;
* refactor(go): inline get and list from schema package;
* refactor(go): inline get network and list users from schema package;
* fix(go): staticcheck issues;
* fix(go): remove test not in use; fix test case;
* fix(go): validate network;
* fix(go): resolve static checks;
* fix(go): new models errors;
* fix(go): test errors;
* fix(go): handle no records;
* fix(go): add validations for user object;
* fix(go): set correct extclient status;
* fix(go): test error;
* feat(go): make schema the base package;
* feat(go): add host schema;
* feat(go): use schema host everywhere;
* feat(go): inline get host, list hosts and delete host;
* feat(go): use non-ptr value;
* feat(go): use save to upsert all fields;
* feat(go): use save to upsert all fields;
* feat(go): save turn endpoint as string;
* feat(go): check for gorm error record not found;
* fix(go): test failures;
* fix(go): update all network fields;
* fix(go): update all network fields;
* feat(go): add paginated list networks api;
* feat(go): add paginated list users api;
* feat(go): add paginated list hosts api;
* feat(go): add pagination to list groups api;
* fix(go): comment;
* fix(go): implement marshal and unmarshal text for custom types;
* fix(go): implement marshal and unmarshal json for custom types;
* fix(go): just use the old model for unmarshalling;
* fix(go): implement marshal and unmarshal json for custom types;
* feat(go): remove paginated list networks api;
* feat(go): use custom paginated response object;
* fix(go): ensure default values for page and per_page are used when not passed;
* fix(go): rename v1.6.0 to v1.5.1;
* fix(go): check for gorm.ErrRecordNotFound instead of database.IsEmptyRecord;
* fix(go): use host id, not pending host id;
* feat(go): add filters to paginated apis;
* feat(go): add filters to paginated apis;
* feat(go): remove check for max username length;
* feat(go): add filters to count as well;
* feat(go): use library to check email address validity;
* feat(go): ignore pagination if params not passed;
* fix(go): pagination issues;
* fix(go): check exists before using;
* fix(go): remove debug log;
* fix(go): use gorm err record not found;
* fix(go): use gorm err record not found;
* fix(go): use user principal name when creating pending user;
* fix(go): use schema package for consts;
* fix(go): prevent disabling superadmin user;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): swap is admin and is superadmin;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): remove dead code block;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837937
* fix(go): incorrect message when trying to disable self;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2928837934
* fix(go): use correct header;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): return after error response;
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): use correct order of params;
https://github.com/gravitl/netmaker/pull/3910#discussion_r2929593036
* fix(go): set default values for page and page size; use v2 instead of /list;
* Update logic/auth.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* Update schema/user_roles.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): syntax error;
* fix(go): set default values when page and per_page are not passed or 0;
* fix(go): use uuid.parse instead of uuid.must parse;
* fix(go): review errors;
* fix(go): review errors;
* Update controllers/user.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* Update controllers/user.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-163: fix errors:
* Update db/types/options.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* fix(go): persist return user in event;
* Update db/types/options.go
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* NM-163: duplicate lines of code
* NM-163: fix(go): fix missing return and filter parsing in user controller
- Add missing return after error response in updateUserAccountStatus
to prevent double-response and spurious ext-client side-effects
- Use switch statements in listUsers to skip unrecognized
account_status and mfa_status filter values
* fix(go): check for both min and max page size;
* fix(go): enclose transfer superadmin in transaction;
* fix(go): review errors;
* fix(go): remove free tier checks;
* fix(go): review fixes;
---------
Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com>
Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
Co-authored-by: tenki-reviewer[bot] <262613592+tenki-reviewer[bot]@users.noreply.github.com>
* user mgmt models
* define user roles
* define models for new user mgmt and groups
* oauth debug log
* initialize user role after db conn
* print oauth token in debug log
* user roles CRUD apis
* user groups CRUD Apis
* additional api checks
* add additional scopes
* add additional scopes url
* add additional scopes url
* rm additional scopes url
* setup middlleware permission checks
* integrate permission check into middleware
* integrate permission check into middleware
* check for headers for subjects
* refactor user role models
* refactor user groups models
* add new user to pending user via RAC login
* untracked
* allow multiple groups for an user
* change json tag
* add debug headers
* refer network controls form roles, add debug headers
* refer network controls form roles, add debug headers
* replace auth checks, add network id to role model
* nodes handler
* migration funcs
* invoke sync users migration func
* add debug logs
* comment middleware
* fix get all nodes api
* add debug logs
* fix middleware error nil check
* add new func to get username from jwt
* fix jwt parsing
* abort on error
* allow multiple network roles
* allow multiple network roles
* add migration func
* return err if jwt parsing fails
* set global check to true when accessing user apis
* set netid for acls api calls
* set netid for acls api calls
* update role and groups routes
* add validation checks
* add invite flow apis and magic links
* add invited user via oauth signup automatically
* create invited user on oauth signup, with groups in the invite
* add group validation for user invite
* update create user handler with new role mgmt
* add validation checks
* create user invites tables
* add error logging for email invite
* fix invite singup url
* debug log
* get query params from url
* get query params from url
* add query escape
* debug log
* debug log
* fix user signup via invite api
* set admin field for backward compatbility
* use new role id for user apis
* deprecate use of old admin fields
* deprecate usage of old user fields
* add user role as service user if empty
* setup email sender
* delete invite after user singup
* add plaform user role
* redirect on invite verification link
* fix invite redirect
* temporary redirect
* fix invite redirect
* point invite link to frontend
* fix query params lookup
* add resend support, configure email interface types
* fix groups and user creation
* validate user groups, add check for metrics api in middleware
* add invite url to invite model
* migrate rac apis to new user mgmt
* handle network nodes
* add platform user to default role
* fix user role migration
* add default on rag creation and cleanup after deletion
* fix rac apis
* change to invite code param
* filter nodes and hosts based on user network access
* extend create user group req to accomodate users
* filter network based on user access
* format oauth error
* move user roles and groups
* fix get user v1 api
* move user mgmt func to pro
* add user auth type to user model
* fix roles init
* remove platform role from group object
* list only platform roles
* add network roles to invite req
* create default groups and roles
* fix middleware for global access
* create default role
* fix nodes filter with global network roles
* block selfupdate of groups and network roles
* delete netID if net roles are empty
* validate user roles nd groups on update
* set extclient permission scope when rag vpn access is set
* allow deletion of roles and groups
* replace _ with - in role naming convention
* fix failover middleware mgmt
* format oauth templates
* fetch route temaplate
* return err if user wrong login type
* check user groups on rac apis
* fix rac apis
* fix resp msg
* add validation checks for admin invite
* return oauth type
* format group err msg
* fix html tag
* clean up default groups
* create default rag role
* add UI name to roles
* remove default net group from user when deleted
* reorder migration funcs
* fix duplicacy of hosts
* check old field for migration
* from pro to ce make all secondary users admins
* from pro to ce make all secondary users admins
* revert: from pro to ce make all secondary users admins
* make sure downgrades work
* fix pending users approval
* fix duplicate hosts
* fix duplicate hosts entries
* fix cache reference issue
* feat: configure FRONTEND_URL during installation
* disable user vpn access when network roles are modified
* rm vpn acces when roles or groups are deleted
* add http to frontend url
* revert crypto version
* downgrade crytpo version
* add platform id check on user invites
---------
Co-authored-by: the_aceix <aceixsmartx@gmail.com>
* add superadmin role, apis to create superadmin user
* apis to attach and remove user from remote access gateways
* add api to list user's remote client has gateway clients
* remove code related user groups
* remove networks and groups from user model
* refactor user CRUD operations
* fix network permission test
* add superadmin to authorize func
* remove user network and groups from cli
* api to transfer superadmin role
* add api to list users on a ingress gw
* restrict user access to resources on server
* deny request from remote access client if extclient is already created
* fix user tests
* fix static checks
* fix static checks
* add limits to extclient create handler
* set username to superadmin on if masterkey is used
* allow creation of extclients using masterkey
* add migration func to assign superadmin role for existing admin user
* check for superadmin on migration if users are present
* allowe masterkey to extcleint apis
* check ownerid
* format error, on jwt token verification failure return unauthorized rather than forbidden
* user update fix
* move user remote functionality to ee
* fix update user api
* security patch
* initalise ee user handlers
* allow user to use master key to update any user
* use slog
* fix auth user test
* table headers
* remove user role, it's covered in middleware
* setuser defaults fix
* model changes
* additional fields for extclient create
* add DNS to extclient config
* extclient name checks
* update extclient
* nmctl extclient
* final tweaks
* review comments
* add extclientdns to node on ingress creation
* fix to add ingress dns to api (#2296)
---------
Co-authored-by: Aceix <aceixsmartX@gmail.com>
Abhishek Kondur