This commit disables path-based app sharing by default. It is possible
for a workspace app on a path (not a subdomain) to make API requests to
the Coder API. When accessing your own workspace, this is not much of a
problem. When accessing a shared workspace app, the workspace owner
could include malicious javascript in the page that makes requests to
the Coder API on behalf of the visitor.
This vulnerability does not affect subdomain apps.
- Disables path-based app sharing by default. Previous behavior can be
restored using the `--dangerous-allow-path-app-sharing` flag which is
not recommended.
- Disables users with the site "owner" role from accessing path-based
apps from workspaces they do not own. Previous behavior can be
restored using the `--dangerous-allow-path-app-site-owner-access` flag
which is not recommended.
- Adds a flag `--disable-path-apps` which can be used by
security-conscious admins to disable all path-based apps across the
entire deployment. This check is enforced at app-access time, not at
template-ingest time.
* added AuditableGroup type
* added json tags
* Anonymizing gGroup struct
* adding support on the FE for nested group diffs
* added type for GroupMember
* Update coderd/database/modelmethods.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* Update coderd/database/modelmethods.go
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
* fetching group members in group.delete
* passing through right error
* broke out into util function and added tests
Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
- Deprecates the --experimental flag
- Adds a new flag --experiments which supports passing multiple comma-separated values or a wildcard value.
- Exposes a new endpoint /api/v2/experiments that returns the list of enabled experiments.
- Deprecates the field Features.Experimental in favour of this new API.
- Updates apidocgen to support type aliases (shoutout to @mtojek).
- Modifies apitypings to support generating slice types.
- Updates develop.sh to pass additional args after -- to $CODERD_SHIM.
* chore: More complete tracing for RBAC functions
* Add input.json as example rbac input for rego cli
The input.json is required to play with the rego cli and debug
the policy without golang. It is good to have an example to run
the commands in the readme.md
* Add span events to capture authorize and prepared results
* chore: Add prometheus metrics to rbac authorizer
* feat: enable enterprise users to specify a custom logo
This adds a field in deployment settings that allows users to specify
the URL to a custom logo that will display in the dashboard.
This also groups service banner into a new appearance settings page.
It adds a Fieldset component to allow for modular fields moving forward.
* Fix tests
* docs: audit, deploymentconfig, files, parameters
* Fix: mark as binary
* Fix: show format in docs
* Fix: use .swaggo
* Fix: swagger notice
* Swagger notice
* chore: Improve project-wide prettier formatting and ignored files
* chore: `Run make fmt/prettier`
* Fix gitignore for `.vscode` folder so that ! works
* Add comment in `.prettierrc.yaml` to explain `.editorconfig`
* Remove scripts/apidocgen/markdown-template/README.md
* Use `yq` for processing prettierrc, update lib.sh dependency check
* Add `yq` to Dockerfile and Nix
I'm not sure why this issue is common, but it seems to be
based on: https://github.com/coder/coder/issues/4551.
This improves the error messages to be unique,
and also fixes a small edge-case bug a user ran into.
* fix: No org admins until organizations are in the UI
Until organizations have management UI, we should not set any org
admins. This goes around the site wide perms transparently and
is confusing to users.
Default user is no longer an org admin, so the demotion test makes
no sense
* fix: Enable reconnectingpty loadtest and fix/improve logging
This commit re-enabled reconnectingpty loadtests after a logging
refactor of `(*agent).handleReconnectingPTY`. The reasons the tests were
flaking was that `logger.Error` was being called and `slogtest` failing
the test.
We could have set the option for `slogtest` to disable failing, but that
could hide real issues. The current approach improves reconnectingpty
logging overall and provides more insight into what's happening. It's
expected that reconnectingpty sessions fail after the agent is closed,
so calling `logger.Error` at that point is not wanted.
Ref: #5322
