OPNSense/core 7201883src/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php PrivController.php, src/opnsense/mvc/app/library/OPNsense/Auth Base.php

by Franco Fichtner on ⎇
src: style sweep
DeltaFile
+5-6src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+2-4src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/PrivController.php
+3-3src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/GroupController.php
+1-3src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes/UidField.php
+1-3src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes/GidField.php
+2-2src/opnsense/mvc/app/library/OPNsense/Auth/Base.php
+14-218 files not shown
+16-3214 files

OPNSense/core 6603fb7src/opnsense/scripts/firmware health.sh config.sh

by Franco Fichtner on ⎇
firmware: hide PIPEFILE, LOCKFILE; some minor tweaks
DeltaFile
+45-45src/opnsense/scripts/firmware/health.sh
+22-2src/opnsense/scripts/firmware/config.sh
+12-12src/opnsense/scripts/firmware/check.sh
+9-14src/opnsense/scripts/firmware/reinstall.sh
+4-10src/opnsense/scripts/firmware/upgrade.sh
+4-9src/opnsense/scripts/firmware/update.sh
+96-927 files not shown
+119-11513 files

OPNSense/core 78cf96csrc/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php, src/opnsense/mvc/app/views/OPNsense/Auth user.volt

by Ad Schellevis via GitHub on ⎇
System: Access: migrate Users and Groups to MVC/API (#8046)

* System: Access: Groups - in preperation for https://github.com/opnsense/core/issues/7904, add support for comma separated member lists.

If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g.

        <member>1</member>
        <member>12</member>

will convert to:

        <member>1,12</member>

using this commit we support both for areas where these are being read.

* System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)

* add initial boilerplate
* unpack `<priv/>` field on first access

    [65 lines not shown]
DeltaFile
+0-1,077src/www/system_usermanager.php
+0-476src/www/system_groupmanager.php
+0-293src/www/system_usermanager_addprivs.php
+244-0src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+239-0src/opnsense/mvc/app/views/OPNsense/Auth/user.volt
+0-197src/www/system_usermanager_import_ldap.php
+483-2,04338 files not shown
+2,625-2,34944 files

OPNSense/core 3a78880. plist

by Ad Schellevis on ⎇
plist
DeltaFile
+29-4plist
+29-41 files

OPNSense/core e83c60bsrc/opnsense/mvc/app/library/OPNsense/Auth Base.php

by Ad Schellevis on ⎇
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)

o align "policy change for %s unlink group" with master (unlink when duplicates exists)
DeltaFile
+3-1src/opnsense/mvc/app/library/OPNsense/Auth/Base.php
+3-11 files

OPNSense/core cd9adb1src/opnsense/mvc/app/library/OPNsense/Auth AuthenticationFactory.php LDAP.php, src/opnsense/mvc/app/models/OPNsense/Auth User.xml

by Ad Schellevis on ⎇
System: Access: Users - remove userDNmap support as it belonged to the import https://github.com/opnsense/core/issues/7904
DeltaFile
+0-30src/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php
+0-10src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+0-1src/opnsense/mvc/app/models/OPNsense/Auth/User.xml
+0-413 files

OPNSense/core a6fe2fasrc/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php, src/opnsense/mvc/app/views/OPNsense/Auth user.volt

by Ad Schellevis on ⎇
System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)

* add initial boilerplate
* unpack `<priv/>` field on first access
* unpack '<apikeys/>' field on first access and implement key actions into ApiKeyField
* add apikey grid in user management view
* change isset() to !empty() for users disabled flag in backend code
* move user atributes into dialog
* hook PrivField type to \OPNsense\Core\ACL()
* refactor Auth/API to use new User class
* otp seed logic  with simple api call to generate new seeds and some JS glue for the frontend
* uid autonumber field
* language selector using get_locale_list() via configd (cached)
* add StoreB64Field field for authorizedkeys so we can keep the field contents backwards compatible.
* ExpiresField for custom date parsing, supporting previous input formats as well.
* group membership using a volatile custom field type, controller is responisble for persisting the configuration data to avoid entanglement between models
* add button which links to most likely user certs (based on commonname), to avoid all sorts of magic to reflect certs back into the usermanager.
* add getUserPrivs() to model so we can fetch a full list of privs for a user
* show user icons, long this might be less relevant

    [10 lines not shown]
DeltaFile
+0-1,077src/www/system_usermanager.php
+0-476src/www/system_groupmanager.php
+0-293src/www/system_usermanager_addprivs.php
+256-0src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+236-0src/opnsense/mvc/app/views/OPNsense/Auth/user.volt
+0-197src/www/system_usermanager_import_ldap.php
+492-2,04334 files not shown
+2,522-2,26740 files

OPNSense/core 1171fbasrc/opnsense/service/conf/actions.d actions_auth.conf

by Franco Fichtner via Ad Schellevis on ⎇
Update src/opnsense/service/conf/actions.d/actions_auth.conf
DeltaFile
+0-2src/opnsense/service/conf/actions.d/actions_auth.conf
+0-21 files

OPNSense/core dffb616src/opnsense/mvc/app/controllers/OPNsense/Auth/Api PrivController.php

by Ad Schellevis on ⎇
System: Access: Privileges - fix updating groups dropping privileges for https://github.com/opnsense/core/pull/8046
DeltaFile
+8-5src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/PrivController.php
+8-51 files

OPNSense/core 68bd3cfsrc/opnsense/mvc/app/library/OPNsense/Auth Base.php

by Ad Schellevis on ⎇
System: Access: Groups - in preperation for https://github.com/opnsense/core/issues/7904, add support for comma separated member lists.

If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g.

        <member>1</member>
        <member>12</member>

will convert to:

        <member>1,12</member>

using this commit we support both for areas where these are being read.
DeltaFile
+7-11src/opnsense/mvc/app/library/OPNsense/Auth/Base.php
+7-111 files

OPNSense/core 56b4e8fsrc/opnsense/mvc/app/models/OPNsense/Core/ACL ACL.xml

by Ad Schellevis on ⎇
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046), review comments
DeltaFile
+4-4src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
+4-41 files

OPNSense/core a33837bsrc/opnsense/service/conf/actions.d actions_auth.conf

by Franco Fichtner via Ad Schellevis on ⎇
Update src/opnsense/service/conf/actions.d/actions_auth.conf
DeltaFile
+1-0src/opnsense/service/conf/actions.d/actions_auth.conf
+1-01 files

OPNSense/core 9f409dasrc/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php

by Ad Schellevis on ⎇
System: Access: Users - hook group model for https://github.com/opnsense/core/issues/7904
DeltaFile
+17-23src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+17-231 files

OPNSense/core eeb434fsrc/opnsense/mvc/app/controllers/OPNsense/Auth/forms dialogGroup.xml, src/opnsense/mvc/app/views/OPNsense/Auth user.volt priv.volt

by Ad Schellevis on ⎇
System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)

review comments from @Monviech

* "Create and Download API Key for this user" refresh apikeys bootgrid
* "Users" bootgrid, add some columns
* rename "Username" to "Group Name" in group edit
* Disable sorting the bootgrid by "Users" and "Groups" as these are aggregated/formatted columns
DeltaFile
+4-1src/opnsense/mvc/app/views/OPNsense/Auth/user.volt
+2-2src/opnsense/mvc/app/views/OPNsense/Auth/priv.volt
+1-1src/opnsense/mvc/app/controllers/OPNsense/Auth/forms/dialogGroup.xml
+7-43 files

OPNSense/core a55284fsrc/opnsense/mvc/app/models/OPNsense/Core/ACL ACL.xml

by Ad Schellevis on ⎇
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)

replace page-system-groupmanager-addprivs with page-system-usermanager-addprivs
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
+2-21 files

OPNSense/core 979fa8asrc/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php, src/opnsense/mvc/app/models/OPNsense/Auth User.php

by Ad Schellevis on ⎇
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)

refactor add user event so it utilizes our new model instead of direct config access, while performing the operation, also make sure we lock/unlock the config.xml
DeltaFile
+30-27src/opnsense/scripts/auth/add_user.php
+32-0src/opnsense/mvc/app/models/OPNsense/Auth/User.php
+1-23src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+63-503 files

OPNSense/core 3dfbc4fsrc/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php GroupController.php

by Ad Schellevis on ⎇
System: Access: Users - add some safety fences to prevent accidental removal of rights https://github.com/opnsense/core/issues/7904
DeltaFile
+18-2src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+11-0src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/GroupController.php
+29-22 files

OPNSense/core ae97263src/opnsense/mvc/app/library/OPNsense/Auth TOTP.php

by Franco Fichtner on ⎇
system: fix TOTP regression
DeltaFile
+1-1src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
+1-11 files

OPNSense/core b41ccdcsrc/opnsense/mvc/app/library/OPNsense/Auth API.php Base.php

by Franco Fichtner on ⎇
Revert "Authentication: add a "time-loop" around authentication for failed attempts, closes https://github.com/opnsense/core/issues/8031"

This reverts commit bd0ade90cbe36e3015d8486c7447a28362658aa2.
DeltaFile
+24-21src/opnsense/mvc/app/library/OPNsense/Auth/API.php
+0-32src/opnsense/mvc/app/library/OPNsense/Auth/Base.php
+1-1src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
+1-1src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
+1-1src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
+27-565 files

OPNSense/core f36aacfsrc/opnsense/scripts/firmware connection.sh config.sh

by Franco Fichtner on ⎇
firmware: use REQUEST to print a TLS/CRL usage hint

Also create output_text and output_cmd to allow for neater
firmware scripts with less duplication and use it in the
connectivity audit.
DeltaFile
+12-12src/opnsense/scripts/firmware/connection.sh
+15-0src/opnsense/scripts/firmware/config.sh
+27-122 files

OPNSense/core 724984fsrc/opnsense/mvc/app/models/OPNsense/Core/ACL ACL.xml

by Ad Schellevis on ⎇
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)

replace page-system-groupmanager-addprivs with page-system-usermanager-addprivs
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
+2-21 files

OPNSense/core cf1c45fsrc/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php, src/opnsense/mvc/app/models/OPNsense/Auth User.php

by Ad Schellevis on ⎇
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)

refactor add user event so it utilizes our new model instead of direct config access, while performing the operation, also make sure we lock/unlock the config.xml
DeltaFile
+30-27src/opnsense/scripts/auth/add_user.php
+32-0src/opnsense/mvc/app/models/OPNsense/Auth/User.php
+1-23src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+63-503 files

OPNSense/core 98c78d1src/opnsense/mvc/app/library/OPNsense/Auth Base.php

by Ad Schellevis on ⎇
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)

o align "policy change for %s unlink group" with master (unlink when duplicates exists)
DeltaFile
+3-1src/opnsense/mvc/app/library/OPNsense/Auth/Base.php
+3-11 files

OPNSense/core 24cb0adsrc/opnsense/mvc/app/library/OPNsense/Auth AuthenticationFactory.php LDAP.php, src/opnsense/mvc/app/models/OPNsense/Auth User.xml

by Ad Schellevis on ⎇
System: Access: Users - remove userDNmap support as it belonged to the import https://github.com/opnsense/core/issues/7904
DeltaFile
+0-30src/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php
+0-10src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+0-1src/opnsense/mvc/app/models/OPNsense/Auth/User.xml
+0-413 files

OPNSense/core 0687a4csrc/opnsense/mvc/app/controllers/OPNsense/Auth/forms dialogGroup.xml, src/opnsense/mvc/app/views/OPNsense/Auth user.volt priv.volt

by Ad Schellevis on ⎇
System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)

review comments from @Monviech

* "Create and Download API Key for this user" refresh apikeys bootgrid
* "Users" bootgrid, add some columns
* rename "Username" to "Group Name" in group edit
* Disable sorting the bootgrid by "Users" and "Groups" as these are aggregated/formatted columns
DeltaFile
+4-1src/opnsense/mvc/app/views/OPNsense/Auth/user.volt
+2-2src/opnsense/mvc/app/views/OPNsense/Auth/priv.volt
+1-1src/opnsense/mvc/app/controllers/OPNsense/Auth/forms/dialogGroup.xml
+7-43 files

OPNSense/core d6f6b6asrc/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php, src/opnsense/mvc/app/views/OPNsense/Auth user.volt

by Ad Schellevis on ⎇
System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)

* add initial boilerplate
* unpack `<priv/>` field on first access
* unpack '<apikeys/>' field on first access and implement key actions into ApiKeyField
* add apikey grid in user management view
* change isset() to !empty() for users disabled flag in backend code
* move user atributes into dialog
* hook PrivField type to \OPNsense\Core\ACL()
* refactor Auth/API to use new User class
* otp seed logic  with simple api call to generate new seeds and some JS glue for the frontend
* uid autonumber field
* language selector using get_locale_list() via configd (cached)
* add StoreB64Field field for authorizedkeys so we can keep the field contents backwards compatible.
* ExpiresField for custom date parsing, supporting previous input formats as well.
* group membership using a volatile custom field type, controller is responisble for persisting the configuration data to avoid entanglement between models
* add button which links to most likely user certs (based on commonname), to avoid all sorts of magic to reflect certs back into the usermanager.
* add getUserPrivs() to model so we can fetch a full list of privs for a user
* show user icons, long this might be less relevant

    [10 lines not shown]
DeltaFile
+0-1,077src/www/system_usermanager.php
+0-476src/www/system_groupmanager.php
+0-293src/www/system_usermanager_addprivs.php
+256-0src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+236-0src/opnsense/mvc/app/views/OPNsense/Auth/user.volt
+0-197src/www/system_usermanager_import_ldap.php
+492-2,04334 files not shown
+2,522-2,26740 files

OPNSense/core 169ccb4src/opnsense/service/conf/actions.d actions_auth.conf

by Franco Fichtner via Ad Schellevis on ⎇
Update src/opnsense/service/conf/actions.d/actions_auth.conf
DeltaFile
+0-2src/opnsense/service/conf/actions.d/actions_auth.conf
+0-21 files

OPNSense/core b083a66src/opnsense/mvc/app/controllers/OPNsense/Auth/Api UserController.php GroupController.php

by Ad Schellevis on ⎇
System: Access: Users - add some safety fences to prevent accidental removal of rights https://github.com/opnsense/core/issues/7904
DeltaFile
+18-2src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+11-0src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/GroupController.php
+29-22 files

OPNSense/core 910ec67src/opnsense/mvc/app/models/OPNsense/Core/ACL ACL.xml

by Ad Schellevis on ⎇
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046), review comments
DeltaFile
+4-4src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
+4-41 files

OPNSense/core 3b6dc6esrc/opnsense/service/conf/actions.d actions_auth.conf

by Franco Fichtner via Ad Schellevis on ⎇
Update src/opnsense/service/conf/actions.d/actions_auth.conf
DeltaFile
+1-0src/opnsense/service/conf/actions.d/actions_auth.conf
+1-01 files