window: password edit: add opt-in confirmation-password field
For when the product UI using this component wants to show an extra
confirmation field where the user that executes the password change,
have to confirm their own password.
Reported-by: Wouter Arts <security@wth-security.nl> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
[ TL: use already included CBind mixin instead of constructor ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Tue, 19 Mar 2024 08:51:38 +0000 (09:51 +0100)]
utils: api request: defer masking after layout
Since recently (not sure when exactly), the 'load()' method of the
edit window did not correctly mask the window anymore
The reason seems to be that the API2Request tries to mask the
component before it's rendered, and that did never work correctly.
Instead of simply calling `setLoading`, test if the component is
rendered, and if not, mask it after it has finished it's layout.
Since we cannot guarantee that there is only one API2Request with the
waitMsgTarget set to it, nor that the 'afterlayout' and api call
responses come in a specific order, we count the loads, and only
ever unmask the component when the counter reaches zero again.
Since we're strictly in non-async code here and JavaScript is
single-threaded, this should not result in a data race.
certificates: removal prompt: don't display name if there is no name
The default certificate does not have a name, which caused this to
display an undefined text in the prompt.
Reported-by: Dietmar Maurer <dietmar@proxmox.com> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
[ TL: drop useless instance of calling format, keep arrow-fn ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Wed, 6 Mar 2024 14:04:24 +0000 (15:04 +0100)]
edit window: add optional custom submit options
sometimes it's necessary or handy to add custom options to the submit
api call (e.g. timeout). So just expose a `submitOptions` where users
of the edit window can put their custom options.
dns: update comment to avoid coupling to downstream dependency
Not much of use, better comment why this exist, other products could
change or new ones get added with new semantic used there too, so the
previous comment would be guaranteed to become outdated rather sooner
than later.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Fri, 1 Mar 2024 09:03:40 +0000 (10:03 +0100)]
dns: optionally send delete for optional values
pbs only deletes the optional values here when they are sent with the
'delete' parameter, in contrast to pve/pmg that don't have a delete
parameter currently and always use the parameters as source of truth.
So to handle that, optionally set deleteEmpty if set from outside
Thomas Lamprecht [Wed, 28 Feb 2024 10:34:42 +0000 (11:34 +0100)]
form: combo grid: clarify that showClearTrigger cannot actively hide them
As getting a good setting name is a bit hard here, the current one
might me interpreted such that setting it to false will always hide
the trigger, but that's not the case, this is mostly a "force show
trigger even if allowBlank is set to false", and that's a bit of a
long name ;-)
So just add a comment and reevaluate if this really causes confusion.
While at it simplify the boolean expression to make it shorter and
easier to read.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Lukas Wagner [Wed, 28 Feb 2024 10:00:58 +0000 (11:00 +0100)]
combogrid: add 'showClearTrigger' config
This allows one configure the clear trigger to be shown, even if
'allowBlank' is set false. This can be useful if one has a
non-editable combogrid where the value is set to something not
present in the store. Example: Match rule editing, one selects
a backup job to be match. If the backup job is removed and the match
rule edit window is opened again, then the old, deleted value cannot
be removed from the combogrid if there is no clear trigger.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Tue, 27 Feb 2024 13:23:24 +0000 (14:23 +0100)]
datetimefield: fix changing date to end of month from short months
When selecting a new date, we get a date object from the currently
selected date before the change. If that month has less days than what
was selected for the new month, `setDate` will wrap that to the
following month since the old month is still selected there.
For example:
select any date in april (has 30 days)
then select the 31th of january
this will actually select the 1st of january since we first get
Thomas Lamprecht [Mon, 15 Jan 2024 17:15:06 +0000 (18:15 +0100)]
i18n: use correct ISO 639-1 code for Korean with backward compat
recently the proxmox-i18n repo got a fix where we moved the files for
Korean to the correct language code, i.e., from previously wrong used
kr (Kanuri) to the correct ko (Korean).
This loads the correct ExtJS locale and is less confusing for our
Korean speakers, but we still want a clean transition for those that
have still the 'kr' value set in their language cookie.
Note that this transition only happens when the user opens the
language selector, as otherwise we do not have the product-specific
cookie name available, so a better transition would need to happen in
the per-product UIs.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
by doing a cbind of isCreate to the top-level widget so that cbind in
the nested widgets for deleteEmpty works.
In the GUI, when a sendmail/smtp target is edited and either
'Additional Recipients' or 'Recipients' is completely removed (only
possible if the other field contains a value), parameter deletion did
not work properly. After applying the changes, the old value would
still be in place.
Fiona Ebner [Mon, 20 Nov 2023 14:53:56 +0000 (15:53 +0100)]
notification matcher: fix inverted match modes
The 'not' prefix is already stripped in the set() method of the view
model's 'rootMode' and not present anymore when updating the store.
The information about whether the mode is inverted or not is present
in the 'invert' data member.
Lukas Wagner [Tue, 14 Nov 2023 12:59:53 +0000 (13:59 +0100)]
notification ui: add column for 'origin'
This column shows whether a matcher/target was provided as a built-in
default config or if it was created by the user. For built-ins, it
also shows whether the built-in settings have been changed.
To reset a built-in entry to its defaults, one can simply delete it.
For best UX, the 'delete' button should change its text to 'reset
defaults' when a built-in target/matcher is selected. This will be
added in another patch.
Lukas Wagner [Tue, 14 Nov 2023 12:59:52 +0000 (13:59 +0100)]
notification ui: add enable checkbox for targets/matchers
Add a 'enable' checkbox for targets and matchers in their edit
windows. Also show a new 'enable' column in the overview panel.
The parameter in the config is actually called 'disable', so
the UI needs to invert the setting in the appropriate
on{Get,Set}Values hooks.
Lukas Wagner [Tue, 14 Nov 2023 12:59:51 +0000 (13:59 +0100)]
panel: notification: add gui for SMTP endpoints
This new endpoint configuration panel is embedded in the existing
EndpointEditBase dialog window. This commit also factors out some of
the non-trivial common form elements that are shared between the new
panel and the already existing SendmailEditPanel into a separate panel
EmailRecipientPanel.
Lukas Wagner [Tue, 14 Nov 2023 12:59:50 +0000 (13:59 +0100)]
noficiation: matcher edit: make 'field' an editable combobox
For now with fixed options that are shared between most notification
events - later, once we have a notification registry, this should be
filled dynamically.
Lukas Wagner [Tue, 14 Nov 2023 12:59:49 +0000 (13:59 +0100)]
notification ui: unprotected mailto-root target
A default notification config will now be created in pve-manager's
postinst hook - which is not magic in any way and can be modified
and deleted as desired.
Lukas Wagner [Tue, 14 Nov 2023 12:59:48 +0000 (13:59 +0100)]
notification: matcher: add UI for matcher editing
This modifies the old filter edit window in the following ways:
- Split content into multiple panels
- Name and comment in the first tab
- Match rules in a tree-structure in the second tab
- Targets to notify in the third tab
Thomas Lamprecht [Fri, 17 Nov 2023 14:00:30 +0000 (15:00 +0100)]
form: displaye-edit: add one of the two missing returns
the other one _should_ not be problematic, as field-container itself
isn't picked up as a "real" field itself, but we might bind to that
somewhere, where enabling could break this.
The editable one seems to not be used yet, according to Dominik, so
fix that now already.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 16 Nov 2023 15:21:52 +0000 (16:21 +0100)]
api-viewer: implement basic oneOf support
for parameters only for now, also only implement the basic use case we
want to have currently: use in section config apis where we have more
than one type.
we could improve upon that, e.g. by properly grouping the type relevant
options, and also implementing that for return types.
we have to initialize the value of a combogrid to something (else extjs
does not initialize everything in the object *sometimes* for yet unknown
reasons), but the empty string is wrong.
we already have at least two places where we set the default value to []
(namely NodeSelector and ha GroupSelector) with the comment:
// set default value to empty array, else it inits it with
// null and after the store load it is an empty array,
// triggering dirtychange
so it makes sense to always set it to that by default. This only ever is
relevant when the combogrid has `allowBlank: true`, since if it does not
it's either invalid (and thus "dirty") or it has a selected value anyway
this should make the manual setting of
value: [],
unnecessary in the child classes. We can even remove it direcly in the
NetworkSelector.
Aaron Lauterer [Tue, 22 Aug 2023 09:04:56 +0000 (11:04 +0200)]
DiskList: render osdid-list if present
Render all OSD IDs in 'osdid-list' if the parameter is present.
It is possible to have multiple OSD daemons on a disk. We want to list
them all in the UI.
Fall back to the 'osdid' parameter if 'osdid-list' is not available.
We check rec.data['osdid-list'] against its general truthiness as it
might not be present at all or null.
Christian Ebner [Wed, 9 Aug 2023 10:55:27 +0000 (12:55 +0200)]
fix #4442: Extend LogView for firewall datetime filtering
Extends the current panels date filtering capability to date-time
based filtering, and adds a config option to switch between livemode
and filter mode, analogous to the JournalView panel.
The `submitFormat` config is introduced to adapt the formatting of
params values for their corresponding api calls.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Christian Ebner [Wed, 9 Aug 2023 10:55:26 +0000 (12:55 +0200)]
fix #4442: adapt DateTimeField to be more declarative
Reworks the current implementation of the DateTimeField to be more
declarative by using a ViewModel and data bindings as well as formulas,
in order to reduce code and unwanted complexity.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Lukas Wagner [Mon, 9 Oct 2023 14:15:16 +0000 (16:15 +0200)]
panel: sendmail edit: don't translate 'Proxmox VE' in author field
The default value is determined by the backend and is never
translated (which does not make sense any way for a product name).
This was likely just a copy/paste mistake from other from fields.
parser: split checking IMG and A tags, make the latter more strict
Split the logic so that each tag is handled explicitly on it's own
if-else branch, which is now safer to do as we default to
allow-only-http-like.
Also address a recently introduced regression from the implementation
of the #4756 where any user that could edit notes could use
javascript: script-urls for XSS purpose to prepare a link that could
leak private user information when another user clicked on it, at
least if they omitted basic sanity checks by looking at the URL
displayed by the browser before.
We have to override a false-positive triggered by a eslint heuristic,
a simple string compression should be always safe.
Fixes: 5cbbb9c ("fix #4756: markdown notes: allow any valid URL for a tags") Reported-by: Hieu Dang Cong <HieuDC5@fpt.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
parser: make it clearer that we mark HTTP-like URLs always as safe
we should make this controllable by the user for images, while modern
browser are quite safe w.r.t. not transmitting to much info on cross
origin requests, it still might be nicer if they have some control
over this.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Having a default-remove boolean flag is making it easier to get this
right and decouple the if-branches that check if something is OK
(which may get more complex in the future) from the actual handling of
the result by always removing the href attribute if not explicitly
told otherwise.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
auth: ldap: openid: use proxmoxtextfield for comment
The regular `textfield` does not support the `deleteEmpty`
setting. Thus, if no comment was entered the configuration
would still end up with an empty `comment` key:
ldap: foo
server ....
bind-dn ...
comment
Fixed by switching over to `proxmoxtextfield`, which properly
deletes empty keys.
Filip Schauer [Wed, 30 Aug 2023 11:57:44 +0000 (13:57 +0200)]
fix #4531: acme plugins: correct change detection of dirty form fields
Fix the ACME plugin edit form only detecting dirtychanges once the
value of a textfield was dirtied and then changed back to the
original.
This behaviour is caused as we cannot reuse the field's
resetOriginalValue method, due to that cause breakage here, e.g., if
the value was edited, then another plugin (without a schema) gets
selected, and then one would switch back again to the previous plugin,
it would cause the (actually still dirty) value to get registered as
new original one by mistake.
So the fix here is to keep the manual originalValue tracking, but add
the missing call to checkDirty after setting the originalValue to
refresh the dirty flag.
Fixes: 45708891 ("ui: add ACMEPluginEdit window") from pve-manager Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
[TL: record reason for originalValue handling & sligthly reword ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Lukas Wagner [Thu, 3 Aug 2023 12:17:14 +0000 (14:17 +0200)]
notification: add gui for sendmail notification endpoints
This commit adds a new panel 'NotificationConfigView' that is supposed
to be embedded in the datacenter configuration side-bar.
This new view lists all notification endpoints, allowing to
add/modify/delete/test them.
Furthermore, this commits adds the dialog for adding/modifying
sendmail endpoints. The dialog is 'plugin-in' based, meaning that it
consists of a base window (EndpointEditBase) and a panel that holds
the actual fields for the endpoint type configuration. This will show
be beneficial once the GUI for other endpoint types is added.
Amin Vakil [Thu, 3 Aug 2023 01:04:13 +0000 (04:34 +0330)]
fix #4874: improve error message for invalid hostname
Current error message is not correct because having underscores in
domain names are perfectly valid, although it's not acceptable at host
names, so it should be changed to "This is not a valid hostname".
https://www.ietf.org/rfc/rfc1123.txt section 2.1 "Host Names and Numbers"
https://www.rfc-editor.org/rfc/rfc2181#section-11
Signed-off-by: Amin Vakil <info@aminvakil.com>
[TL: s/Host /host/ once more, reflow msg with 70cc & reword subject] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Sterz [Mon, 26 Jun 2023 09:39:16 +0000 (11:39 +0200)]
window: ldap auth edit forbid specifying a bind_dn without a password
this commit enforces passwords when using an non-anonymous bind.
hence, it removes the possibility of configuring unauthenticated binds
and brings the gui in-line with the backend.
window: addtotp: Increase the size of the quiet zone
It is recommended that the quiet zone has the width of 4 blocks, since
each block is around 4 pixels each, we need a margin of 16 pixels and a
size of 256 + 2 * 16 pixels.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
Fiona Ebner [Fri, 16 Jun 2023 13:42:35 +0000 (15:42 +0200)]
apt repositories: add production ready warnings for Ceph repositories
Could've been done for the test repository already, but now that there
is a split between no-subscription and enterprise it becomes even more
relevant.
Reported-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Fiona Ebner [Fri, 9 Jun 2023 14:16:25 +0000 (16:16 +0200)]
apt repositories: fix typo for getting the default unknown text
Could lead to a type error with classifyOrigin when there is a
repository that doesn't have an InRelease file and cannot be detected
as Debian/Proxmox origin from its URL. For me, it triggered with the
element.io repository after changing to bookworm (which currently
doesn't exist yet) and running apt update.
tfa: improve UX for recovery keys and when none are left
If we get an empty challenge, tell the user to contact an
administrator as it means no 2nd factors and no recovery
keys are available.
Currently if only 1 key was available and it had a high ID,
we'd show something like: "Recovery keys available: 9,
Warning, less than 4 keys available."
Let's start off with the warning, and then be explicit about
the IDs.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fiona Ebner [Mon, 5 Jun 2023 15:43:12 +0000 (17:43 +0200)]
apt repositories: detect mixed suites before major upgrade
Usually, differing suites already produce warnings/errors, but before
a major upgrade the current and the next suite are both valid. Mixing
them is an issue though.
Max Carrara [Wed, 15 Mar 2023 16:26:27 +0000 (17:26 +0100)]
toolkit/utils: set SameSite attr of auth cookie to 'strict'
Overrides 'Ext.util.Cookies', optionally allowing the SameSite
attribute of cookies to be defined. Using this override, the SameSite
attribute of the auth cookie is now set to 'strict', prohibiting the
cookie from being sent along in cross-site sub-requests or when the
user navigates to a different site.
Signed-off-by: Max Carrara <m.carrara@proxmox.com>