Commit Graph

83 Commits

Author SHA1 Message Date
Victor Lyuboslavsky
722a206115
Fix 500 return code for several endpoints. (#14859)
Fixed 500 return code from several endpoints.

/api/v1/fleet/perform_required_password_reset
- Now returns 403 when Authorization token is missing

/api/v1/fleet/hosts_summary
- Now returns 400 when low_disk_space parameter is invalid

/api/v1/fleet/demologin
- Now returns 403

/api/v1/fleet/sessions/*
- Now returns 400 on invalid input

#12274

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2023-11-02 12:32:34 -05:00
gillespi314
9c123ddd2b
Add integration tests for host disk encryption details (#14636) 2023-10-19 09:23:42 -05:00
gillespi314
484550a620
Add host mdm disk encryption detail to host details API response (#14623) 2023-10-18 15:39:23 -05:00
Roberto Dip
540f8b9657
Bring MDM hotfixes to main (#14494)
This brings the hotfixes in https://github.com/fleetdm/fleet/pull/14433
for https://github.com/fleetdm/confidential/issues/3922 and
https://github.com/fleetdm/confidential/issues/https://github.com/fleetdm/fleet/issues/3904

---------

Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
2023-10-13 08:49:11 -03:00
Martin Angers
7cbcb94720
Return os settings of host even if only Windows MDM is enabled (#14469)
#14383 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
 (tested the fix with my reproduction setup)
2023-10-12 09:31:10 -03:00
Roberto Dip
9ffa11c25d
Feat: saved scripts (#14409)
For #9537
2023-10-10 19:00:45 -03:00
Marcos Oviedo
f0d77ab3db
Merging Bitlocker feature branch (#14350)
This relates to #12577

---------

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2023-10-06 19:04:33 -03:00
gillespi314
38bf87b0a0
Preserve pending status for DEP-assigned hosts that are deleted in Fleet (#14073) 2023-09-22 16:50:43 -05:00
Lucas Manuel Rodriguez
eb8349567c
Fix performance regressions in hosts APIs (#14036)
#13926 

I re-added the old queries back and we are now using them when not using
pagination or if the page size is larger than 100 (UI always uses
per_page=50)

TODO: We need to run actual load tests with high number of hosts (50k
hosts with 140 policies each)

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-22 05:19:02 -03:00
Gabriel Hernandez
327f216edb
Feat api get script results (#13701)
relates to #13306

implements the GET `scripts/results/{id}` endpoint.

API docs @ https://github.com/fleetdm/fleet/pull/13720
2023-09-05 17:38:53 -03:00
gillespi314
37fb4b0dab
Add fleetctl run-script command (#13622) 2023-09-05 14:14:09 -05:00
Martin Angers
cbc3f32e9d
Adjust response payload, messages and validations for /scripts/run/* endpoints. (#13607) 2023-08-31 09:08:50 -05:00
Tim Lee
74ccff8161
13433 host query optimization (#13451) 2023-08-23 10:34:55 -06:00
Martin Angers
de32faefdb
Add /scripts/run and scripts/run/sync API endpoints to run scripts (part 1) (#13417) 2023-08-21 14:47:19 -04:00
Gabriel Hernandez
b4ee1c58b5
update OSversion service method to not search on for no team (#13127)
relates to #12986

This is a fix for a case where the `os_versions` endpoint was returning
a 404 when searching for `no teams`.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
2023-08-08 13:30:29 +01:00
gillespi314
8cc7d38300
Mark "verifying" or "verified" MDM profiles as "failed" if osquery cannot confirm they are installed (#12414) 2023-06-21 13:00:49 -05:00
Martin Angers
68fa60c54d
Add a transferred_hosts activity when hosts are transferred to a new team (#12287) 2023-06-14 08:15:05 -04:00
Martin Angers
7b1b392627
Implement worker jobs that update/re-assign setup assistants on changes (#11630) 2023-05-15 14:06:09 -04:00
Roberto Dip
5c487890ca
add an endpoint to get an aggregate summary of bootstrap packages (#11156)
Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
2023-04-22 10:23:38 -05:00
Lucas Manuel Rodriguez
1603ee0ea8
/api/_version_/fleet/hosts to return bad request instead of server error when passing invalid mdm_enrollment_status (#11242)
#10880

I was not able to reproduce other 500s in `/api/_version_/fleet/hosts`
other than the one fixed in the PR.

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-19 18:43:15 -03:00
Martin Angers
b6e10eb6da
Update host MDM profile status to pending in response to triggering events (#10443) 2023-03-27 14:43:01 -04:00
Juan Fernandez
5c465549e7
Bug 10631: Updated SearchHost authorization action (#10655)
Updated authorization on 'host/search' endpoint so that logged in users can list hosts.
2023-03-21 15:29:59 -04:00
gillespi314
b2e35d12cf
Report MDM profile status pending when user action required for disk encryption settings (#10606) 2023-03-20 15:22:57 -05:00
Roberto Dip
f04ff27180
Prevent user action in profiles managed by Fleet (#10559)
related to https://github.com/fleetdm/fleet/issues/10547,
https://github.com/fleetdm/fleet/issues/10549,
https://github.com/fleetdm/fleet/issues/10550 and
https://github.com/fleetdm/fleet/issues/10552 this prevents user
interaction with fleet-managed profiles, including:

- batch actions
- individual POST/UPDATE/DELETE actions
- listing

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
2023-03-17 18:52:30 -03:00
Lucas Manuel Rodriguez
3757aace08
Add UUID to Fleet errors and clean up error msgs (#10411)
#8129 

Apart from fixing the issue in #8129, this change also introduces UUIDs
to Fleet errors. To be able to match a returned error from the API to a
error in the Fleet logs. See
https://fleetdm.slack.com/archives/C019WG4GH0A/p1677780622769939 for
more context.

Samples with the changes in this PR:
```
curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d ''
{
  "message": "Bad request",
  "errors": [
    {
      "name": "base",
      "reason": "Expected JSON Body"
    }
  ],
  "uuid": "a01f6e10-354c-4ff0-b96e-1f64adb500b0"
}
```
```
curl -k -H "Authorization: Bearer $TEST_TOKEN" -H 'Content-Type:application/json' "https://localhost:8080/api/v1/fleet/sso" -d 'asd'
{
  "message": "Bad request",
  "errors": [
    {
      "name": "base",
      "reason": "json decoder error"
    }
  ],
  "uuid": "5f716a64-7550-464b-a1dd-e6a505a9f89d"
}
```
```
curl -k -X GET -H "Authorization: Bearer badtoken" "https://localhost:8080/api/latest/fleet/teams"
{
  "message": "Authentication required",
  "errors": [
    {
      "name": "base",
      "reason": "Authentication required"
    }
  ],
  "uuid": "efe45bc0-f956-4bf9-ba4f-aa9020a9aaaf"
}
```
```
curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}'
{
  "message": "Authorization header required",
  "errors": [
    {
      "name": "base",
      "reason": "Authorization header required"
    }
  ],
  "uuid": "57f78cd0-4559-464f-9df7-36c9ef7c89b3"
}
```
```
curl -k -X PATCH -H "Authorization: Bearer $TEST_TOKEN" "https://localhost:8080/api/latest/fleet/users/14" -d '{"name": "Manuel2", "password": "what", "new_password": "p4ssw0rd.12345"}'
{
  "message": "Permission Denied",
  "uuid": "7f0220ad-6de7-4faf-8b6c-8d7ff9d2ca06"
}
```

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-13 13:44:06 -03:00
Martin Angers
0d6b9b98d4
Add mdm.macos_settings disk encryption fields to the response of GET /hosts/{id} and device. (#10371) 2023-03-08 15:42:23 -05:00
gillespi314
66bd7a7fb8
Reconcile API integration for MDM profile statuses in host details (#10045)
Fixes issues found during manual QA of integration for #10034 and #10019
2023-02-23 10:27:00 -03:00
gillespi314
e31fc889f1
Add MDM profiles to host detail in API responses (#10034)
Issue #9599 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-02-22 16:26:06 -06:00
Roberto Dip
7cd581866a
add API endpoint to see disk encryption key (#9713)
https://github.com/fleetdm/fleet/issues/8708
2023-02-08 20:20:23 -03:00
Lucas Manuel Rodriguez
34b62cc43e
Fix panic in hosts/{id}/mdm endpoint when host does not have MDM data (#9123) 2022-12-27 16:22:37 -03:00
Lucas Manuel Rodriguez
19ad7cc637
Set interface for response types (#9121)
* Set interface for response types

* Fix TestEndpointer test
2022-12-27 11:26:59 -03:00
Gabriel Hernandez
3c136e3f47
Add MDM Card to Windows and All Dashboards and change mdm data source on host details page (#8960) 2022-12-16 15:12:11 -06:00
Martin Angers
472c8bafb3
Refactor license so it is stored in the context (#8544) 2022-11-15 09:08:05 -05:00
Frank Sievertsen
baa1ddc0f2
Add MDM detection for windows and mdm endpoints (#8479) 2022-11-01 18:22:07 +01:00
Frank Sievertsen
e54f066266
Add display_name to more results (#8204)
* Make HostResponses with one dedicated function only
* more display_name for Hosts
2022-10-14 11:14:18 -03:00
Roberto Dip
4042f8d826
add browser-related security headers to HTML responses (#8180)
related to #8031, this adds the following headers to HTML responses:

- Strict-Transport-Security: informs browsers that the site should only
  be accessed using HTTPS, and that any future attempts to access it
  using HTTP should automatically be converted to HTTPS.
- X-Frames-Options: disallows embedding the UI in other sites via
  <frame>, <iframe>, <embed> or <object>, which can prevent attacks like
  clickjacking.
- X-Content-Type-Options: prevents browsers from trying to guess the MIME
  type which can cause browsers to transform non-executable content into
  executable content.
- Referrer-Policy: prevents leaking the origin of the referrer in the
  Referer.

additionally, this ensures we set `X-Content-Type-Options` for CSV and
installer responses.
2022-10-12 10:19:21 -03:00
Frank Sievertsen
23199c3d83
Add missing display_name to getHostEndpoint (#8174) 2022-10-11 17:00:32 -04:00
Frank Sievertsen
e9f7066d87
7135 host display name (#7873) 2022-10-08 08:57:46 -04:00
Martin Angers
5477acb688
Add low_disk_space_count property to GET /host_summary (#7872) 2022-09-21 15:56:17 -04:00
Martin Angers
db24cf32fa
Add new low_disk_space URL parameter to the GET /hosts endpoint (and GET /hosts/count) (#7853) 2022-09-21 15:16:31 -04:00
Martin Angers
478b4d3f69
Validate team and appconfig payloads, with dry-run and force modes (#7731) 2022-09-19 13:53:44 -04:00
Martin Angers
aa0102d6b6
Remove aggregate host counts from GET /hosts responses (#7510) 2022-09-06 10:34:06 -04:00
Martin Angers
f602ea3446
Provide Munki issues for MacOS hosts (#7280) 2022-08-29 14:40:16 -04:00
gillespi314
7fb109e6b3
Handle errors for duplicate os records (#7294) 2022-08-22 14:34:00 -05:00
Martin Angers
b891e0d7f7
Add mdm solution payload to GET /hosts response when filtering by mdm_id (#7198) 2022-08-15 12:57:25 -04:00
gillespi314
90f57f4849
Enhance API endpoints with host operating systems info (#7154) 2022-08-12 14:23:25 -05:00
Martin Angers
c8cdddf0ea
Update /macadmins endpoints to include MDM name and aggregate count (#7137) 2022-08-10 15:15:01 -04:00
gillespi314
0312454f4c
Modify host battery health returned by GET /hosts/:id (#6782) 2022-07-20 21:16:03 -05:00
Martin Angers
539be8ee09
Add battery info in host details response (#6394) 2022-06-28 14:11:49 -04:00
gillespi314
44f902218c
Improve live query UX (#5749) 2022-06-10 13:29:45 -05:00