New datastore methods are introduced for creating/updating
distributed query campaigns, as well as determining the active
distributed queries for a given host.
The endpoint is only active if there are no users in the datastore.
While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}`
for #378
A new datastore interface is needed for buffering incoming distributed query results to be sent to the client. This PR attempts to define and implement that interface.
It is intended that the ReadChannel() method be used by the goroutine that will push query results down a websocket to the client. Passing the results through this channel will allow that goroutine to perform a select on both the channel and the websocket, in order to properly handle IO.
* Adds loadAll action to redux entity config
* API Client get invites
* Add invites to the user management page
* Updates user block styles on user management page
* Submit modal form on enter
* Modify details form styles
* Enter submits edit user form
* Removes unused admin dashboard page
* API Client - revoke invites
* Delete invite entities in redux
* Revoke invites from admin manage users page
* Show success flash message after user invite is revoked
- Introduce kolide.ListOptions to store pagination params (in the future it can
also store ordering/filtering params)
- Refactor service/datastore methods to take kolide.ListOptions
- Implement pagination
- Introduce a new pattern for defining/ingesting detail queries
- Add many relevant host details:
- Platform
- osquery Version
- Memory
- Hostname
- UUID
- OS Version
- Uptime
- Primary interface MAC
- Primary interface IP
- Fix parsing for inconsistent JSON schema returned from osquery
- Tests
This PR reorganizes a bunch of the files in datastore such that all datastore implementations are consistently broken up into multiple files. Additionally, the datastore tests follow a similar pattern and can easily be applied to any complete datastore implementation.
- Establish a pattern for host authentication
- Establish a pattern for error JSON
- Add transport and make endpoint functions
- Fix discovered bugs + update tests
This PR is the beginning of distributed query work. For now we are focusing on using the distributed query subsystem to retrieve the basic configuration information (currently just platform), and run the label queries.
A mockable clock interface is also added to the service struct, allowing us to inject a clock as a dependency, and write unit tests that can control the time.
Return well formatted authentication errors to the client
Log the reason for an error serveside but return a masked/generic reason to the client
Assert go errors by behavior rather than type.
* i like how I wrote this to never call svc direcly
* rename func
* apparently not everywhere
* add service method for authenticated user
* oops forgot to check this in
If AccessedAt is left in the zero value, MySQL will complain with the following
error: Error 1292: Incorrect datetime value: '0000-00-00' for column 'accessed_at' at row 1. Now we initialize AccessedAt when creating a new
session.
Closes#144#145#160
Implements PATCH method on user and endpoint middleware for authnz
Implements `reset_password` (with token) and `forgot_password` endpoints
Added godoc comments for UserService interface
Shift to using testify/assert in test code
Multiple fixes/changes to the UserService API
This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer.
* renamed NeedsPasswordReset field for clarity
This field was not obvious when it should be set or checked. This makes it a bit more obious.
The property should only be set if the password request was requested by an admin.
Having this property checked should
- invalidate current user auth token
- force user to reset password on their next login
- NOT send a password reset email
* add GravatarURL property
we considered uploading and storing an image url in the future as well
* Add a user property to save the user's job role/position
* osquery services via go-kit
* Visual Studio Code configurations
* create query and pack endpoints
* organizing files more scalably
* modify query and pack endpoints
* delete query and pack endpoints
* get query and pack endpoints
* get all queries and packs endpoints
* add and remove queries from packs
* test stubs
* removing some indirection
* query service tests
* service pack tests
* transport tests
* adding config file flag back
* organizing package kolide
* get queries in pack endpoint
* run tests on 1.7?
* no 1.7 image :(
* typo in circle.yml
- Added all required methods for a UserService
- Added authentication handlers `/api/login` and `/api/logout`
- Added authMiddleware for authentication for `/api/v1/kolide` path
- Added authorization middleware for each endoint
- Added validation middleware for validating API inputs
- Began work on logging middleware
* tests for auth endpoints
* create user test and fatals instead of panics
* more tests
* remove init viper config setting
* stubbing
* more tests
* more tests
* organizing auth and users files
* rest of auth tests
* password reset tests
* renaming campaign to email
* moving session management code to the new kolide/datastore pattern
* removing global configuration variables in favor of config
* moving email operations to package kolide
* moving app to server
* using http.ListenAndServeTLS instead of a method on *gin.Engine
* remove the kolide.go dependency on gin
