78cf96c579
* System: Access: Groups - in preperation for https://github.com/opnsense/core/issues/7904, add support for comma separated member lists. If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g. <member>1</member> <member>12</member> will convert to: <member>1,12</member> using this commit we support both for areas where these are being read. * System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904) * add initial boilerplate * unpack `<priv/>` field on first access * unpack '<apikeys/>' field on first access and implement key actions into ApiKeyField * add apikey grid in user management view * change isset() to !empty() for users disabled flag in backend code * move user atributes into dialog * hook PrivField type to \OPNsense\Core\ACL() * refactor Auth/API to use new User class * otp seed logic with simple api call to generate new seeds and some JS glue for the frontend * uid autonumber field * language selector using get_locale_list() via configd (cached) * add StoreB64Field field for authorizedkeys so we can keep the field contents backwards compatible. * ExpiresField for custom date parsing, supporting previous input formats as well. * group membership using a volatile custom field type, controller is responisble for persisting the configuration data to avoid entanglement between models * add button which links to most likely user certs (based on commonname), to avoid all sorts of magic to reflect certs back into the usermanager. * add getUserPrivs() to model so we can fetch a full list of privs for a user * show user icons, long this might be less relevant * add addApiKeyAction() to create a new api key for a user (by name) * download new api key from user view * implement hashing when setting a new (or scrabled) password * use new "auth sync user" event to trigger local user db changes * in API authenticator keep createKey and dropKey as stubs to the new model implementation * prevent removal of "system" users (root) * hook ACL and Menu * add Group administration using the same logic as users * cleanup unused * add System: Access: Privileges to manage and change user and group privileges * System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904) review comments from @Monviech * "Create and Download API Key for this user" refresh apikeys bootgrid * "Users" bootgrid, add some columns * rename "Username" to "Group Name" in group edit * Disable sorting the bootgrid by "Users" and "Groups" as these are aggregated/formatted columns * System: Access: Privileges - fix updating groups dropping privileges for https://github.com/opnsense/core/pull/8046 * System: Access: Users - hook group model for https://github.com/opnsense/core/issues/7904 * System: Access: Users - add some safety fences to prevent accidental removal of rights https://github.com/opnsense/core/issues/7904 * Update src/opnsense/service/conf/actions.d/actions_auth.conf * Update src/opnsense/service/conf/actions.d/actions_auth.conf * System: Access: Users - remove userDNmap support as it belonged to the import https://github.com/opnsense/core/issues/7904 * System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046), review comments * System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046) o align "policy change for %s unlink group" with master (unlink when duplicates exists) * System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046) refactor add user event so it utilizes our new model instead of direct config access, while performing the operation, also make sure we lock/unlock the config.xml * System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046) replace page-system-groupmanager-addprivs with page-system-usermanager-addprivs * plist --------- Co-authored-by: Franco Fichtner <franco@opnsense.org>
OPNsense GUI and system management
The OPNsense project invites developers to start contributing to the code base. For your own purposes or – even better – to join us in creating the best open source firewall available.
The build process has been designed to make it easy for anyone to build and write code. The main outline of the new codebase is available at:
https://docs.opnsense.org/development/architecture.html
Our aim is to gradually evolve to a new codebase instead of using a big bang approach into something new.
Build tools
To create working software like OPNsense you need the sources and the tools to build it. The build tools for OPNsense are freely available.
Notes on how to build OPNsense can be found in the tools repository:
https://github.com/opnsense/tools
Contribute
You can contribute to the project in many ways, e.g. testing functionality, sending in bug reports or creating pull requests directly via GitHub. Any help is always very welcome!
You can learn more about contributing on CONTRIBUTING.md.
License
OPNsense is and will always be available under the 2-Clause BSD license:
https://opensource.org/licenses/BSD-2-Clause
Every contribution made to the project must be licensed under the same conditions in order to keep OPNsense truly free and accessible for everybody.
Makefile targets
The repository offers a couple of targets that either tie into tools.git build processes or are aimed at fast development.
make package
A package of the current state of the repository can be created using this target. It may require several packages to be installed. The target will try to assist in case of failure, e.g. when a missing file needs to be fetched from an external location.
Several OPTIONS exist to customise the package, e.g.:
- CORE_DEPENDS: a list of required dependencies for the package
- CORE_DEPENDS_ARCH: a list of special -required packages
- CORE_ORIGIN: sets a FreeBSD compatible package/ports origin
- CORE_COMMENT: a short description of the package
- CORE_MAINTAINER: email of the package maintainer
- CORE_WWW: web url of the package
- CORE_NAME: sets a package name
Options are passed in the following form:
# make package CORE_NAME=my_new_name
In general, options are either set to sane defaults or automatically detected at runtime.
make update
Update will pull the latest commits from the current branch from the upstream repository.
make upgrade
Upgrade will run the package build and replace the currently installed package in the system.
make collect
Fetch changes from the running system for all known files.
make lint
Run several syntax checks on the repository. This is recommended before issuing a pull request on GitHub.
make style
Run the PSR12 and PEP8 style checks on MVC PHP code and Python,
respectively.
For php code you will need to have phpcs and phpcbf installed.
You can use the package php-codesniffer on Debian/Ubuntu.
Python code will require pycodestyle.
For easier development you may want to use an OPNsense VM and install
the os-debug plugin that will offer the necessary tools.
make sweep
Run Linux Kernel cleanfile whitespace sanitiser on all files.