Resolves#33762 & #38094
Added a new `alternative-browser-host` global config property for Fleet Desktop, if set, Fleet Desktop will use it over the `--fleet-desktop-alternative-browser-host` env variable to open any Fleet Desktop related links (i.e. My Device, etc).
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #35459
# Details
This PR adds front-end tests for:
* `<SoftwareSummaryCard>`
* Smoke-test of basic functionality (showing the software title and
type, showing an icon)
* Action dropdown options for various kinds of software
* `<EditAutoUpdateConfigModal>`
* Options for auto-updates (enable button, maintenance window
validation)
* Targets ("All hosts" and "Custom" values and validation)
* Form submission (ensuring the API receives the expected payload for
various permutations of the form)
The `<TargetLabelSelector>` component has its own tests so we don't go
through it thoroughly here, just integration tests with the new
component. Conversely the `<SoftwareDetailsSummary>` component _doesn't_
have its own tests, and could use some, but in this instance we're just
concerned with how it integrates with the software summary card (that
is, how the passed-in software title affects the Actions dropdown).
## Testing
- [X] Added/updated automated tests
---------
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Nico <32375741+nulmete@users.noreply.github.com>
**Related issue:** Resolves#36689
<img width="1840" height="1196" alt="Screenshot 2025-12-15 at 5 08
02 PM"
src="https://github.com/user-attachments/assets/4f491c80-403f-4188-8cab-552e997c6e9c"
/>
<img width="1840" height="1196" alt="Screenshot 2025-12-15 at 5 09
18 PM"
src="https://github.com/user-attachments/assets/b6e4d9ad-40c1-45c3-8b77-e14d17a2bc7e"
/>
<img width="1840" height="1196" alt="Screenshot 2025-12-15 at 5 09
22 PM"
src="https://github.com/user-attachments/assets/661beee2-3ee2-4269-ab0b-ca070c1a40b8"
/>
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added comprehensive Android certificate management in OS Settings with
create, list, and delete operations
* Integrated certificate management with premium tier gating and MDM
enablement checks
* Supports team-scoped certificates with pagination controls
* Includes validation for certificate names and certificate authority
selection
* **Refactor**
* Generalized heading component to support multiple entity types beyond
configuration profiles
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#35058
- Open the Query save or save-as-new-ing flows in the UI even when a
syntax error is found in the Query's SQL.
- Continue blocking save when the query is empty
- Update tests
- JS –> TS housekeeping
<img width="1162" height="1248" alt="Screenshot 2025-12-02 at 4 31
47 PM"
src="https://github.com/user-attachments/assets/23b4e70d-f104-4b0e-b316-c03fb6492f59"
/>
<img width="1162" height="1248" alt="Screenshot 2025-12-02 at 4 31
50 PM"
src="https://github.com/user-attachments/assets/5b5ad0b7-36f0-4c5e-a2ff-e9665263c8f1"
/>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
* "invalid" according to Fleet's UI. Though we make efforts to fix false
negatives here as we become aware of them, that parsing is imperfectly
aligned with SQL that osquery considers valid
I don't know if this works (didn't check the component interface to see
what props it takes, so will leave that to up to the reviewer of this PR
to edit and complete, if you please wouldn't mind. Also if you're aware
of other areas we can make this improvement to the email field, such as
signup and in the password recovery flow, then would you please make
those changes?)
Goal: I'm trying to improve the mobile web experience and get handset
devices like iPhones to open the email keyboard and _not_ capitalize the
first letter you type when logging in.
To do that, we need the generated HTML to use `type="email"`. For
example, to look like this:
78ee32fd58/website/views/pages/entrance/login.ejs (L19)
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Jacob Shandling <jacob@shandling.dev>
**Related issue:** Fixes#32902
This changes the error message swift dialog popup for macos mdm
migration. it will not correctly show file protocol URLs and makes the
"Contact IT" the primary button action on this popup.
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] QA'd all new/changed functionality manually
## fleetd/orbit/Fleet Desktop
- [x] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [x] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
---------
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
**Related issue:** Fixes#32902
This allows file protocol urls when setting a support URL via the UI.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
resolves#32686
this adds the ability for users to resend profiles in the OS Settings
modal on the my device page.
This also changes which profiles can resend. Now only macos hosts
.mobileconfig profiles can be resent
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
for #31876
# Details
This PR updates the validation for password requirements to be
consistent in all places, and to show more specific error messages when
the entered password does not meet the requirements.
Previously the `valid_password` helper just returned a boolean
indicating whether a password was valid. It now returns an object with
`isValid`, `error` and `error_code` so that different types of password
issues can be surfaced. This allows us to continue having a single
source of truth for password validation, while providing more helpful
error messages when a password doesn't meet our criteria.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually
- [X] First time setup (adding the initial user)
- [X] Add user in settings -> manage users
- [X] Changer user password in settings -> manage users
- [X] Password reset form
for #30109
# Details
This PR fixes an issue in our current SQL parsing library that was
causing queries like this to be marked invalid:
```
SELECT * FROM table_name WHERE column_name LIKE '\_%' ESCAPE '\'
```
This is valid in SQLite because the `\` is not considered an escape
character by default. From [the SQLite
docs](https://www.sqlite.org/lang_expr.html) (see section 3 "Literal
Values (Constants)"; emphasis mine):
> A string constant is formed by enclosing the string in single quotes
('). A single quote within the string can be encoded by putting two
single quotes in a row - as in Pascal. C-style escapes using the
backslash character are not supported because they are not standard SQL.
# Use of forked code
Part of the fix for this was [submitted as a PR to the node-sql-parser
library](https://github.com/taozhi8833998/node-sql-parser/pull/2496) we
now use, and merged. I then found that another fix was needed, which I
submitted as [a separate
PR](https://github.com/taozhi8833998/node-sql-parser/pull/2512). As
these fixes have yet to be made part of an official release of the
library, I made a fork off of the release we were using (5.3.10) and
bundled the necessary build artifacts with Fleet. We have an [ADR
proposing the use of submodules for this
purpose](https://github.com/fleetdm/fleet/pull/31079); I'm happy to
implement that instead if we approve that, although for a front-end
module with a build step it's a bit more complicated. Hopefully this
code will be released in `node-sql-parser` soon and we can revert back
to using the dependency.
Here is the [full set of
changes](https://github.com/taozhi8833998/node-sql-parser/compare/master...sgress454:node-sql-parser:5.3.10-plus).
# Checklist for submitter
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
Fixes#30063
This fixes an issue added in the
[PR](https://github.com/fleetdm/fleet/pull/29968) where the user was not
able to reenable the end user migration form.
I've also added improved a11y attributes to the slider component,
ensured we are functionally disabling the form controls during gitops
mode and not just visually, and updated/added tests for the
EndUserMigrationSection component.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Added/updated automated tests
- [x] Manual QA for all new/changed functionality
For #26366
# Checklist for submitter
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
# Details
This PR fixes an issue where the SQL parser in the UI doesn't recognize
window functions like `OVER()` and marks the SQL as having syntax
errors. The fix here is to update to a more modern parsing library. This
involved updating some AST-parsing code we have for determining which
tables are used in a query, for the purposes of feeding autocomplete and
determining query compatibility.
# Testing
I tested this with the query mentioned in #26366 in Chrome, Firefox and
Safari on MacOS. I also added new unit tests for our SQL helper
functions.
# Notes
During testing I discovered that we were bundling two versions of the
ACE editor into our frontend package. By upgrading one version by a
couple of patches to make the two dependencies equal, we chop out ~300k
from our bundle.
For #23243
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated automated tests
- [ ] A detailed QA plan exists on the associated ticket (if it isn't
there, work with the product group's QA engineer to add it)
- [x] Manual QA for all new/changed functionality
## Details
This PR updates the policy Manage Automations modals to support
pagination. Previously, these modals received a list of policies from
the main Manage Policies page, which is itself paginated, so that a user
could only add automations to whatever policies were currently listed on
the Manage Automations page. This PR does some refactoring via the
creation of a new PaginatedList component which:
* accepts a `fetchPage` property it can call to get a page of data,
* renders the data in a list with checkboxes and optional custom markup
(e.g. dropdowns)
* keeps track of changed ("dirty") items in the list, even across page
changes
* allows parent components to access the list of dirty items via a React
`ref`
For this specific use case, there's also a new `PoliciesPaginatedList`
which implements the `fetchPage` for getting a page of policies, and
adds Save and Cancel buttons. Each of the updated modals uses
`PoliciesPaginatedList` to replace its current code for rendering
policies in a list, and delegates much of the logic around change
tracking to the new components.
## For #26229 – Part 1
- This PR contains the core abstractions, routes, API updates, and types
for GitOps mode in the UI. Since this work will touch essentially every
part of the Fleet UI, it is ripe for merge conflicts. To mitigate such
conflicts, I'll be merging this work in a number of iterative PRs. ~To
effectively gate any of this work from showing until it is all merged to
`main`, [this commit](feedbb2d4c) hides
the settings section that allows enabling/disabling this setting,
effectively feature flagging the entire thing. In the last of these
iterative PRs, that commit will be reverted to engage the entire
feature. For testing purposes, reviewers can `git revert
feedbb2d4c25ec2e304e1f18d409cee62f6752ed` locally~ The new settings
section for this feature is feature flagged until all PRs are merged -
to show the setting section while testing, run `ALLOW_GITOPS_MODE=true
NODE_ENV=development yarn run webpack --progress --watch` in place of
`make generate-dev`
- Changes file will be added and feature flag removed in the last PR
- [x] Settings page with routing, form, API integration (hidden until
last PR)
- [x] Activities
- [x] Navbar indicator
- Apply GOM conditional UI to:
- [x] Manage enroll secret modal: .5
- Controls >
- [x] Scripts:
- Setup experience >
- [x] Install software > Select software modal
- [x] OS Settings >
- [x] Custom settings
- [x] Disk encryption
- [x] OS Updates
2/18/25, added to this PR:
- [x] Controls > Setup experience > Run script
- [x] Software >
- [x] Manage automations modal
- [x] Add software >
- [x] App Store (VPP)
- [x] Custom package
- [x] Queries
- [x] Manage
- [x] Automations modal
- [x] New
- [x] Edit
- [x] Policies
- [x] Manage
- [x] New
- [x] Edit
- Manage automations
- [x] Calendar events
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
