diff --git a/docs/Contributing/API-for-contributors.md b/docs/Contributing/API-for-contributors.md index 8e42d4480b..170ff1c8ea 100644 --- a/docs/Contributing/API-for-contributors.md +++ b/docs/Contributing/API-for-contributors.md @@ -2755,27 +2755,6 @@ Signals the Fleet server to send a webbook request with the device UUID and seri --- -#### Trigger FileVault key escrow - -Sends a signal to Fleet Desktop to initiate a FileVault key escrow. This is useful for setting the escrow key initially as well as in scenarios where a token rotation is required. **Requires Fleet Premium license** - -`POST /api/v1/fleet/device/{token}/rotate_encryption_key` - -##### Parameters - -| Name | Type | In | Description | -| ----- | ------ | ---- | ---------------------------------- | -| token | string | path | The device's authentication token. | - -##### Example - -`POST /api/v1/fleet/device/abcdef012456789/rotate_encryption_key` - -##### Default response - -`Status: 204` - - ### Report an agent error Notifies the server about an agent error, resulting in two outcomes: diff --git a/frontend/pages/hosts/details/DeviceUserPage/DeviceUserPage.tsx b/frontend/pages/hosts/details/DeviceUserPage/DeviceUserPage.tsx index 91e9292dd9..189c8ae488 100644 --- a/frontend/pages/hosts/details/DeviceUserPage/DeviceUserPage.tsx +++ b/frontend/pages/hosts/details/DeviceUserPage/DeviceUserPage.tsx @@ -42,7 +42,6 @@ import PolicyDetailsModal from "../cards/Policies/HostPoliciesTable/PolicyDetail import AutoEnrollMdmModal from "./AutoEnrollMdmModal"; import ManualEnrollMdmModal from "./ManualEnrollMdmModal"; import OSSettingsModal from "../OSSettingsModal"; -import ResetKeyModal from "./ResetKeyModal"; import BootstrapPackageModal from "../HostDetailsPage/modals/BootstrapPackageModal"; import { parseHostSoftwareQueryParams } from "../cards/Software/HostSoftware"; import SelfService from "../cards/Software/SelfService"; @@ -90,7 +89,6 @@ const DeviceUserPage = ({ const [isPremiumTier, setIsPremiumTier] = useState(false); const [showInfoModal, setShowInfoModal] = useState(false); const [showEnrollMdmModal, setShowEnrollMdmModal] = useState(false); - const [showResetKeyModal, setShowResetKeyModal] = useState(false); const [refetchStartTime, setRefetchStartTime] = useState(null); const [showRefetchSpinner, setShowRefetchSpinner] = useState(false); const [orgLogoURL, setOrgLogoURL] = useState(""); @@ -248,10 +246,6 @@ const DeviceUserPage = ({ setShowEnrollMdmModal(!showEnrollMdmModal); }, [showEnrollMdmModal, setShowEnrollMdmModal]); - const toggleResetKeyModal = useCallback(() => { - setShowResetKeyModal(!showResetKeyModal); - }, [showResetKeyModal, setShowResetKeyModal]); - const togglePolicyDetailsModal = useCallback( (policy: IHostPolicy) => { setShowPolicyDetailsModal(!showPolicyDetailsModal); @@ -361,7 +355,6 @@ const DeviceUserPage = ({ host.mdm.macos_settings?.action_required ?? null } onTurnOnMdm={toggleEnrollMdmModal} - onResetKey={toggleResetKeyModal} /> {showInfoModal && } {showEnrollMdmModal && renderEnrollMdmModal()} - {showResetKeyModal && ( - - )} )} {!!host && showPolicyDetailsModal && ( diff --git a/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/ResetKeyModal.tsx b/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/ResetKeyModal.tsx deleted file mode 100644 index e9fe2b3f05..0000000000 --- a/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/ResetKeyModal.tsx +++ /dev/null @@ -1,70 +0,0 @@ -import React from "react"; - -import Button from "components/buttons/Button"; -import Modal from "components/Modal"; -import mdmAPI from "services/entities/mdm"; -import { useQuery } from "react-query"; -import Spinner from "components/Spinner"; -import DataError from "components/DataError"; - -interface IResetKeyModalProps { - onClose: () => void; - deviceAuthToken: string; -} - -const baseClass = "reset-key-modal"; - -const ResetKeyModal = ({ - onClose, - deviceAuthToken, -}: IResetKeyModalProps): JSX.Element => { - const { isLoading: isLoadingResetDEKey, error: errorResetDEKey } = useQuery( - ["resetDEkey", deviceAuthToken], - () => mdmAPI.resetEncryptionKey(deviceAuthToken), - { refetchOnWindowFocus: false } - ); - - const renderModalBody = () => { - if (isLoadingResetDEKey) { - return ; - } - if (errorResetDEKey) { - return ; - } - - return ( -
-
    -
  1. - Wait 30 seconds for the Reset disk encryption key pop up to - open. -
    2. -
  2. - In the popup, enter the password you use to login to your Mac. -
    3. -
  3. - Close this window and select Refetch on your My device page. - This tells your organization that you reset your key. -
    4. -
-
- -
-
- ); - }; - return ( - - {renderModalBody()} - - ); -}; - -export default ResetKeyModal; diff --git a/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/_styles.scss b/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/_styles.scss deleted file mode 100644 index f40c1f1c1d..0000000000 --- a/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/_styles.scss +++ /dev/null @@ -1,10 +0,0 @@ -.reset-key-modal { - ol { - padding-left: 0; - } - - li { - margin-bottom: $pad-large; - list-style: number inside; - } -} diff --git a/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/index.ts b/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/index.ts deleted file mode 100644 index 3cd713ee62..0000000000 --- a/frontend/pages/hosts/details/DeviceUserPage/ResetKeyModal/index.ts +++ /dev/null @@ -1 +0,0 @@ -export { default } from "./ResetKeyModal"; diff --git a/frontend/pages/hosts/details/DeviceUserPage/components/DeviceUserBanners/DeviceUserBanners.tests.tsx b/frontend/pages/hosts/details/DeviceUserPage/components/DeviceUserBanners/DeviceUserBanners.tests.tsx index dc7a052653..cd3f28c01b 100644 --- a/frontend/pages/hosts/details/DeviceUserPage/components/DeviceUserBanners/DeviceUserBanners.tests.tsx +++ b/frontend/pages/hosts/details/DeviceUserPage/components/DeviceUserBanners/DeviceUserBanners.tests.tsx @@ -6,8 +6,7 @@ import DeviceUserBanners from "./DeviceUserBanners"; describe("Device User Banners", () => { const turnOnMdmExpcetedText = /Mobile device management \(MDM\) is off\./; - const logoutDiskEncryptExpectedText = /Disk encryption: Log out of your device or restart to turn on disk encryption\./; - const resetKeyDiskEncryptExpcetedText = /Disk encryption: Reset your disk encryption key\./; + const resetKeyDiskEncryptExpcetedText = /Disk encryption: Log out of your device or restart it to safeguard your data in case your device is lost or stolen\./; it("renders the turn on mdm banner correctly", () => { render( @@ -19,28 +18,11 @@ describe("Device User Banners", () => { diskEncryptionStatus={null} diskEncryptionActionRequired={null} onTurnOnMdm={noop} - onResetKey={noop} /> ); expect(screen.getByText(turnOnMdmExpcetedText)).toBeInTheDocument(); }); - it("renders the logout for disk encrpytion banner correctly", () => { - render( - - ); - expect(screen.getByText(logoutDiskEncryptExpectedText)).toBeInTheDocument(); - }); - it("renders the reset key for disk encryption banner correctly", () => { render( { diskEncryptionStatus="action_required" diskEncryptionActionRequired="rotate_key" onTurnOnMdm={noop} - onResetKey={noop} /> ); expect( @@ -59,28 +40,6 @@ describe("Device User Banners", () => { ).toBeInTheDocument(); }); - it("renders only one banner in a priority order", () => { - // set up to render logout disk encryption banner, which is 2nd in priority - render( - - ); - - expect(screen.queryByText(turnOnMdmExpcetedText)).not.toBeInTheDocument(); - expect(screen.getByText(logoutDiskEncryptExpectedText)).toBeInTheDocument(); - expect( - screen.queryByText(resetKeyDiskEncryptExpcetedText) - ).not.toBeInTheDocument(); - }); - it("renders no banner correctly", () => { // setup so mdm is not enabled and configured. render( @@ -92,13 +51,12 @@ describe("Device User Banners", () => { diskEncryptionStatus={null} diskEncryptionActionRequired={null} onTurnOnMdm={noop} - onResetKey={noop} /> ); expect(screen.queryByText(turnOnMdmExpcetedText)).not.toBeInTheDocument(); expect( - screen.queryByText(logoutDiskEncryptExpectedText) + screen.queryByText(resetKeyDiskEncryptExpcetedText) ).not.toBeInTheDocument(); expect( screen.queryByText(resetKeyDiskEncryptExpcetedText) diff --git a/frontend/pages/hosts/details/DeviceUserPage/components/DeviceUserBanners/DeviceUserBanners.tsx b/frontend/pages/hosts/details/DeviceUserPage/components/DeviceUserBanners/DeviceUserBanners.tsx index 9cc5e3256a..028165648f 100644 --- a/frontend/pages/hosts/details/DeviceUserPage/components/DeviceUserBanners/DeviceUserBanners.tsx +++ b/frontend/pages/hosts/details/DeviceUserPage/components/DeviceUserBanners/DeviceUserBanners.tsx @@ -15,7 +15,6 @@ interface IDeviceUserBannersProps { diskEncryptionStatus: DiskEncryptionStatus | null; diskEncryptionActionRequired: MacDiskEncryptionActionRequired | null; onTurnOnMdm: () => void; - onResetKey: () => void; } const DeviceUserBanners = ({ @@ -26,7 +25,6 @@ const DeviceUserBanners = ({ diskEncryptionStatus, diskEncryptionActionRequired, onTurnOnMdm, - onResetKey, }: IDeviceUserBannersProps) => { const isMdmUnenrolled = mdmEnrollmentStatus === "Off" || mdmEnrollmentStatus === null; @@ -37,11 +35,6 @@ const DeviceUserBanners = ({ const showTurnOnMdmBanner = hostPlatform === "darwin" && isMdmUnenrolled && mdmEnabledAndConfigured; - const showDiskEncryptionLogoutRestart = - diskEncryptionBannersEnabled && - diskEncryptionStatus === "action_required" && - diskEncryptionActionRequired === "log_out"; - const showDiskEncryptionKeyResetRequired = diskEncryptionBannersEnabled && diskEncryptionStatus === "action_required" && @@ -53,12 +46,6 @@ const DeviceUserBanners = ({ ); - const resetKeyButton = ( - - ); - const renderBanner = () => { if (showTurnOnMdmBanner) { return ( @@ -68,19 +55,14 @@ const DeviceUserBanners = ({ your device up to date so you don't have to. ); - } else if (showDiskEncryptionLogoutRestart) { + } + + if (showDiskEncryptionKeyResetRequired) { return ( - Disk encryption: Log out of your device or restart to turn on disk - encryption. Then, select Refetch. This prevents - unauthorized access to the information on your device. - - ); - } else if (showDiskEncryptionKeyResetRequired) { - return ( - - Disk encryption: Reset your disk encryption key. This lets your - organization help you unlock your device if you forget your password. + Disk encryption: Log out of your device or restart it to safeguard + your data in case your device is lost or stolen. After, select{" "} + Refetch to clear this banner. ); } diff --git a/frontend/pages/hosts/details/HostDetailsPage/components/HostDetailsBanners/HostDetailsBanners.tsx b/frontend/pages/hosts/details/HostDetailsPage/components/HostDetailsBanners/HostDetailsBanners.tsx index ea3110af9b..89632164b0 100644 --- a/frontend/pages/hosts/details/HostDetailsPage/components/HostDetailsBanners/HostDetailsBanners.tsx +++ b/frontend/pages/hosts/details/HostDetailsPage/components/HostDetailsBanners/HostDetailsBanners.tsx @@ -79,8 +79,7 @@ const HostDetailsBanners = ({ {showDiskEncryptionUserActionRequired && ( Disk encryption: Requires action from the end user. Ask the end user - to follow Disk encryption instructions on their{" "} - My device page. + to log out of their device or restart it. )} diff --git a/frontend/services/entities/mdm.ts b/frontend/services/entities/mdm.ts index a5b7409922..f8cae4461f 100644 --- a/frontend/services/entities/mdm.ts +++ b/frontend/services/entities/mdm.ts @@ -83,10 +83,6 @@ export interface IGetMdmCommandResultsResponse { } const mdmService = { - resetEncryptionKey: (token: string) => { - const { DEVICE_USER_RESET_ENCRYPTION_KEY } = endpoints; - return sendRequest("POST", DEVICE_USER_RESET_ENCRYPTION_KEY(token)); - }, unenrollHostFromMdm: (hostId: number, timeout?: number) => { const { HOST_MDM_UNENROLL } = endpoints; return sendRequest( diff --git a/frontend/utilities/endpoints.ts b/frontend/utilities/endpoints.ts index 235029bf70..92553ada42 100644 --- a/frontend/utilities/endpoints.ts +++ b/frontend/utilities/endpoints.ts @@ -31,9 +31,6 @@ export default { `/${API_VERSION}/fleet/device/${token}/software`, DEVICE_SOFTWARE_INSTALL: (token: string, softwareTitleId: number) => `/${API_VERSION}/fleet/device/${token}/software/install/${softwareTitleId}`, - DEVICE_USER_RESET_ENCRYPTION_KEY: (token: string): string => { - return `/${API_VERSION}/fleet/device/${token}/rotate_encryption_key`; - }, DEVICE_USER_MDM_ENROLLMENT_PROFILE: (token: string): string => { return `/${API_VERSION}/fleet/device/${token}/mdm/apple/manual_enrollment_profile`; },