Commit Graph

12 Commits

Author SHA1 Message Date
Martin Angers
478b4d3f69
Validate team and appconfig payloads, with dry-run and force modes (#7731) 2022-09-19 13:53:44 -04:00
Roberto Dip
69f8f2a73b
add API endpoints to retrieve pre-built installers (#6672)
Rel: #6365, this adds a new endpoint to check and download pre-built installers.
2022-07-18 13:44:30 -03:00
Martin Angers
7bfe93f5d7
Include an error code as query string in /sso/callback response in case of failure (#6286) 2022-06-21 09:04:50 -04:00
Tomas Touceda
1fdcb1bfc2
Error early if email already exists (#4363)
* Error early if email already exists

* Update changes/issue-4361-mail-change-should-error

Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>

* Fix test

* Lint fixes

* Fix another test

* Also check for invites

* Improve error checks

* Update comment

* Update tests

* Fix test

Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
2022-02-28 09:34:44 -03:00
Tomas Touceda
d9f34b2c19
Issue 1840 bulk delete hosts (#2268)
* wp

* Add test by ids

* Add changes file

* Update docs and remove unneeded return values

* Address review comments

* Improve integration tests

* Use TearDownTest
2021-09-29 13:13:23 -03:00
Zach Wasserman
417ef2c9b6
Refactor teams service methods (#910)
- Move team-related service methods to `ee/server/service`.
- Instantiate different service on startup based on license key.
- Refactor service errors into separate package.
- Add support for running E2E tests in both Core and Basic tiers.
2021-05-31 17:07:51 -07:00
Zach Wasserman
12d292164f
Add rate-limiting to login and password reset (#543)
Prevent abuse of these endpoints with rate limiting backed by Redis. The
limits assigned should be appropriate for almost any Fleet deployment.

Closes #530
2021-03-26 11:23:29 -07:00
Zach Wasserman
fb9706912d
Prevent user enumeration (#533)
- Return same error in all cases for login endpoint.
- Log error details in server logs.
- Make most login errors take ~1s to prevent timing attacks.
- Don't return forgot password errors.
- Log password errors in server logs.
- Make most forgot password requests take ~1s to prevent timing attacks.

Fixes #531
2021-03-24 19:36:30 -07:00
Mike Arpaia
9d21cbdb8a removing license code (#1551) 2017-09-01 10:42:46 -06:00
John Murphy
146ee18c62 Fix for bug #1236 (#1244) 2017-02-17 01:02:49 +08:00
John Murphy
a1a0c91876 Licensing (#1123) 2017-02-03 04:30:59 +08:00
Victor Vrantchan
52a932bc6b Validate password requirements (#962)
Add validation for user password creation/reset
 - at least 7 chars
 - 1 number
 - 1 symbol 

consolidated service errors to a single file.
2017-01-15 18:23:09 -05:00