Commit Graph

113 Commits

Author SHA1 Message Date
Wolfgang Bumiller 9a7431e2e0 www: use TFA widgets from widget toolkit
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-11-17 09:44:55 +01:00
Dominik Csapak 8be69a8453 api/ui: allow zstd compression for new zpools
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-30 17:51:13 +02:00
Dominik Csapak afbf2e10f3 ui: datastore/Content: add 'Prune All' button
since the api call always starts a real worker, we cannot have a
preview. It would also be very hard to show that for all groups in a
non-confusing way. We reuse the pbsPruneInputPanel and add the dry-run
field there conditionally.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-16 11:42:09 +02:00
Dominik Csapak 01284de0b2 ui: window/Settings: add summarycolumns settings
like in pve

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-07-12 06:29:21 +02:00
Thomas Lamprecht 3006d70ebe ui: use Async tools from widget toolkit
The api2 one passes the whole response (for more flexibility) on
reject, so we need to adapt to that.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-09 16:53:12 +02:00
Fabian Ebner 3f5fbc5620 ui: datastore edit: make keep-last label like the others
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
2021-07-08 14:06:26 +02:00
Dominik Csapak 4708f4fc21 api2/config/datastore: change create datastore api call to a worker
so that longer running creates (e.g. a slow storage), does not
run in a timeout and we can follow its creation

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2021-06-04 09:02:05 +02:00
Dominik Csapak c9c07445b7 ui: window/SyncJobEdit: disable autoSelect for remote datastore
when changin the remote, there is a high chance that there are different
datastores, and if a user does not pay attention, now the first store
of the new remote is selected, instead of the one with the same name

disable autoSelect and let the user manually select a remote datastore

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-05-10 16:56:42 +02:00
Stefan Reiter 3b0321365b use FileBrowser from proxmox-widget-toolkit
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2021-04-13 08:44:48 +02:00
Thomas Lamprecht 6bc87d3952 ui: verification job: fix subject of edit window
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-03-28 16:57:00 +02:00
Thomas Lamprecht 04c1c68f31 ui: verify job: fix subject of edit window
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-03-28 16:45:45 +02:00
Thomas Lamprecht 5c4203b20c ui: webauthn registration: code cleanup long variable name
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-03-03 14:05:05 +01:00
Thomas Lamprecht 7f9eef1d47 ui: webauthn registration: adapt error messages
There are variuos hints that 'InvalidStateError' can be assumed to
come from an already registered token[0][1].

So indicate that more strongly, also omit the extra line and warning
triangle, there's already an error icon present.

[0]: step 2: https://w3c.github.io/webauthn/#sctn-registering-a-new-credential
[1]: step 3: https://w3c.github.io/webauthn/#sctn-op-make-cred

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-03-03 14:05:05 +01:00
Dominik Csapak 831c43c91b config/tfa: webauthn: disallow registering a token twice
by adding the existing credential id to the 'excludeCredentials' list

this prevents the browser from registering a token twice, which
lets authentication fail on some browser/token combinations
(e.g. onlykey/solokey+chromium)
while is seems this is currently a bug in chromium, in a future spec
update the underlying behaviour should be better defined, making this
an authenticator bug

also explicitly catch registering errors and show appropriate error messages

0: https://bugs.chromium.org/p/chromium/issues/detail?id=1087642

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-03-03 14:05:05 +01:00
Dominik Csapak b452e2df74 Revert "ui: window/Settings / WebAuthn: add browser setting for userVerificationo"
even if the options *could* be set in the frontend, the backend
actually has to do validation of those settings, thus we should not
make that a browser setting

additionally, having the value 'preferred' does not actually make sense,
since it does not add any security (the backend skips the
userverification check then)

This reverts commit aca4c2b5a9.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-03-03 14:05:05 +01:00
Dominik Csapak aca4c2b5a9 ui: window/Settings / WebAuthn: add browser setting for userVerificationo
some fido2/webauthn keys can have a pin, and the client can request
a mode for the user verification.

'default' (no value set), lets the browser/device decide if the user has to
enter the pin of the device
'discouraged' requests that the user should not need to enter the pin
'preferred' requests that the user should need to enter the pin (if possible)

since we use webauthn only as a 2nd factor, having the user enter
the device pin on login may seem too much hassle for some users, so
give them the option

since this is a client option anyway, do not save it in the backend, but
in the browser local storage

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-02-19 16:53:06 +01:00
Dominik Csapak 85eedfb78b ui: add browser settings window
mostly copied from pve (for now; will refactor when i add it to
pmg too (soon)) without the pve specific features like dashboard
storages

contains some eslint fixes comparing to pves window

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-02-19 16:52:50 +01:00
Dominik Csapak 5279ee745f api2/admin/datastore: accept "/" as path for root
makes more sense than sending "root'"

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2021-02-17 08:32:41 +01:00
Thomas Lamprecht 2ba64bed18 ui: tfa: fix emptyText for password
One needs to enter their password, not the one from the user one
adds/deletes TFA.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-02-03 10:36:18 +01:00
Oguz Bektas d43265b7f1 ui: add missing uri encoding in user edit and view
userid parameter needs to be properly encoded when shown on the browser

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-26 10:53:30 +01:00
Thomas Lamprecht aab9a26409 ui: cleanup order of declraing properties
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-21 15:09:22 +01:00
Thomas Lamprecht 958055a789 ui: fix on-parse use of global Proxmox.UserName
This is wrong most of the time, when not loading the web interface
with valid credentials, and thus some checks or defaults did not
evaluated correctly when the underlying value was only set later.

Needs to be set on component creation only, this can be done through
initComponent, even listeners, view controllers or cbind closures.

Use the latter, as all affected components already use cbind.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-21 15:08:46 +01:00
Thomas Lamprecht ac163a7c18 ui: tfa/totp: fix setting issuer in secret URL
it's recommended to set the issuer for both, the get parameter and
the initial issuer label prefix[0].

[0]: https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 16:27:02 +01:00
Wolfgang Bumiller 8ae6d28cd4 gui: enumerate recovery keys and list in 2nd factor window
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 13:51:23 +01:00
Thomas Lamprecht 492bc2ba63 ui: tfa/recovery: add print button to key info window
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:45:47 +01:00
Thomas Lamprecht 995492100a ui: tfa/recovery: fix copy button text, add icon
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:45:28 +01:00
Thomas Lamprecht 854319d88c ui: tfa/recovery: disallow to close key info window with ESC
to avoid accidental closing it

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:44:40 +01:00
Thomas Lamprecht 3189d05134 ui: tfa: specify which confirmation password is required
Clarify that the password of the user one wants to add TFA too is
required, which is not necessarily the one of the current logged in
user. Use an empty text for that.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:12:23 +01:00
Thomas Lamprecht b2a43b987c ui: tfa totp: whitespace and padding fix
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:10:16 +01:00
Dominik Csapak 646221cc29 ui: window/{AddWebauthn, TfaEdit}: fix spacing/border of the windows
the password field should not be indented differently than the rest of
the fields, and we never have a border on the panels

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-13 16:46:47 +01:00
Dominik Csapak b168a27f73 ui: window/AddTotp: fix spacing styling of form fields
by moving the lower fields into the form itself and dropping the padding

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-13 16:46:47 +01:00
Dominik Csapak a442bd9792 ui: window/AddTfaRecovery: fix style of TfaRecoveryShow window
to have a more similar layout/spacing to our other windows

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-13 16:46:47 +01:00
Dominik Csapak 884fec7735 ui: window/AddTfaRecovery: rewrite to a Proxmox.window.Edit
we can reuse the edit window from widget toolkit for the most part
this solves some spacing and layout issues and is less code

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-13 16:46:47 +01:00
Dominic Jäger 711d1f6fc3 ui: notify options: Remove gettext for root@pam
Translating root@pam is not useful, especially as the empty text symbolises the
default value.

Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
2021-01-12 11:41:24 +01:00
Dominik Csapak e422beec74 fix #3245: only use default schedule for new jobs
an empty schedule means 'none', so do not fill it with the default
in case we edit an existing job (like we do already for sync jobs)

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-12 10:26:59 +01:00
Wolfgang Bumiller 63fd8e58b2 gui: masks for: adding recovery and removals
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:13 +01:00
Wolfgang Bumiller 758a827c2d gui: add load mask during webauthn api calls
so that if we run into the 3s delay due to the wrong
password the window is properly masked

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:13 +01:00
Wolfgang Bumiller 5c48d0af1f tfa gui: fix adding recovery keys as user
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:22:32 +01:00
Wolfgang Bumiller fbeac4ea28 gui: tfa support
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:22:32 +01:00
Thomas Lamprecht 01f84fcce1 ui: datastore content: use our keep field for group pruning
sets some defaults and provides the clear trigger, so less code and
slightly nicer UX.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-21 19:52:03 +01:00
Dominik Csapak c0026563b0 make user properties deletable
by using our usual pattern for the update call

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-11-11 14:09:40 +01:00
Thomas Lamprecht 03e40aa4ee ui: datastore add: set default schedule
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-11 07:49:01 +01:00
Thomas Lamprecht be1d6cbcc6 ui: shorten automatic ID length a bit
Without hyphens, we had 20 hex digits, so ~80 bit which is probably overkill.
Use 12 (13 with hyphen), this is still 48 bit.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-11 07:40:23 +01:00
Fabian Grünbichler 10052ea644 remote.cfg: rename userid to 'auth-id'
and fixup config file on upgrades accordingly

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-11-10 13:25:24 +01:00
Aaron Lauterer 133de2dd1f ui: add/fix help buttons
added a few more help buttons were appropriate:

* GC and Prune schedule windows
* Create Directory window
* API Tokens, link directly to token section
* verify jobs window

Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
2020-11-10 11:51:03 +01:00
Thomas Lamprecht 5c64e83b1e ui: datastore: set onlineHelp for chaging group owner
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-10 09:53:05 +01:00
Thomas Lamprecht d89f91b538 ui: acl editor: disallow path editing for datastore permission views
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-10 08:19:17 +01:00
Dominik Csapak ab81bb13ad ui: make Sync/VerifyView and Edit usable without datastore
we want to use this panel again for a 'global' overview, without
any datastore preselected, so we have to handle that, and
adding a datastore selector in the editwindow

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-11-09 16:37:24 +01:00
Thomas Lamprecht 6d5803399b ui: add some onlineHelp reference uses for pruning
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-07 16:03:07 +01:00
Thomas Lamprecht d669a739b2 ui: datastore: backup owner change: fix layout
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-06 19:48:08 +01:00