**Related issue:** Resolves#14401
this updates the mechanism of storing the auth token for a user that is
used for making requests and validating a user session. We change the
storage from local storage to a cookie. This allow a bit more security
and prepares for a future change where we will allow the browser to
handle setting and passing the auth token in the request.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Fixes#33291
Fix an issue where the abm terms expiry banner was not removed after the
expired token was deleted.
Also added a tooltip to the expired abm token name table cell
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
## For #25032
<img width="1792" alt="Screenshot 2025-01-07 at 6 50 39 PM"
src="https://github.com/user-attachments/assets/17a63b3d-a983-433a-a3c4-6c66dbb08fce"
/>
- Add new `include_ui_settings` query param to `GET` `/me` calls
- Use new `settings` in response to set settings into UI context
- On hosts page, use that context, if present, to set which columns are
hidden. Fallback to a default set of hidden columns.
- When updating visible columns, persist preference via `PATCH` to
`/users/:id` with a new `settings` payload
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## #22661
- Update `FlashMessage` behavior to, by default, hide itself when the
user performs any URL-changing navigation
- Add `persistOnPageChange` option to `renderFlash` API and associated
notification context and reducer logic, allowing override of this
behavior on a per-call basis
- Ensure proper order of evaluation of URL changes and render flash
action dispatches on the event loop
- Clean up legacy unused "undo"-related arguments and logic
- Allow the user to click in the same horizontal dimension as a flash
message
- Other misc. cleanup and refactoring
[Demo - messages hidden on page (any URL)
change](https://www.loom.com/share/1e884b6ba11c4b59bc74f51df3690131?sid=9b53e78b-6535-4541-b676-377760366cf4)
- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
> Related issue: #9956
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Roberto Dip <rroperzh@gmail.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Dante Catalfamo <43040593+dantecatalfamo@users.noreply.github.com>
Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
relates to #20784
this fixes an issue where the app-wide warning banners were not loading
on the first-page load.
> NOTE: I changed the fetch method for the data needed for the app-wide
banners (e.g. abm, apns, vpp token data) to use react-query `useQuery`
method as it follows our usual pattern for `GET` requests in components.
To enable this, I moved up the react-query query client wrapper in the
`AppWrapper component in `/frontend/router/index.tsx` file. This also
gives us better control of when/how often this request is initiated.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18119
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] Added/updated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Jacob Shandling <61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## Addresses #15692https://github.com/fleetdm/fleet/assets/61553566/373df35f-0de5-4c71-84fc-c181a0a5dd07
- Also addresses title not being updated by the Software page due to new
routes and hard-coded paths that no longer matched the new routes
- Also make this area more flexible to avoid these kinds of bugs in the
future
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## Addresses #12968https://www.loom.com/share/37aaaa36936b47079ff3088c3430e36b?sid=c249306b-a32e-4a33-be83-aae2d13c98aa
- Improve the implementation of error reporting by `sendRequest` to
handle when AxiosError information is being provided in different fields
(`response`, `message`, `code`, or nowhere), as opposed to relying on
only the `response` field, which is empty in some (including this)
situations
- Using the more fine-grained reporting above, exempt `Request aborted`
errors when fetching a user's data, which is what occurs here, from
triggering a token clear and login page redirect.
- Use dedicated token handling utilities everywhere
## Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
* create a MainContent and SidePanelContent containers for layout
this creates these two new components for handling layout more cleanly. It also allows us to put in common components into main layout, like sandbox expiration notification
* use MainContent and SidePanelContent in current pages
this brings in the two new components and wraps the page contents in these. This also allowed us to clean up and remove unused/no needed styling code
* add MainContent component to user settings page and clean up user settings component
this cleans up the user settings page to follow the panel convention we have as well as adds the MainContent component to this page
* add MainContent component to team pages
* update Sandbox gate to render optional component when in sandbox mode and add to MainContent
* add call to sandbox api to get expiry time
this adds a conditional call when the user is in sandbox mode to get the expiry time of the instance
* fix sticky elements on settings pages to work with sandbox expiry message
* fix e2e test after MainContent refactor
* all login methods no longer use redux
* removed redux from registration
* redirect user from registration
* removed redux from sso invite
* removed redundant component
* refactored user settings page
* removed redux from logout
* cleaned up unused redux calls
* lint fixes
* removed test
* removed old config interface
* fixed registration bug
* team permission fix
* removed remaining redux references from pages - #4436
* better way to set config
* base logic to handle rendering a notification without redux
* removed dispatches for new flash mesage triggers
* query page wrapper is no longer needed
* refactored confirm invite page to remove redux
* refactored email token redirect to functional and typescript
* refactored pack composer page to functional and typescript
* clean up
* lint fixes
* tests no longer needed
* fixed confirm sso invite test
* test fix
* fixed test
* fixed tests
* removed redux from flash on rebased pages
* Allow sort by more than one key
* forcing 404 page where entity ids do not exist
* refactored error boundary; handling 404s now
* added 403 overlay; refactored auth wrappers
* fixed test for maintainer
* more efficient fetches; test fixes
* clarify comment
* clean up
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
* Update Context API to contain enrollSecret
* Update e2e tests with generate installer modal
* Edge case with empty Team showing Generate Installer CTA
