57 commits

Author	SHA1	Message	Date
Iván Ovejero	6485ca0a4b	refactor(core): Enforce filename casing in cli package (no-changelog) (#10594)	2024-08-28 17:57:46 +02:00
कारतोफ्फेलस्क्रिप्ट™	ab9835126e	refactor(core): Use @/databases/ instead of @db/ (no-changelog) (#10573)	2024-08-27 17:24:20 +02:00
Iván Ovejero	fd58a272e1	refactor(core): Standardize filename casing for controllers and databases (no-changelog) (#10564)	2024-08-27 16:44:32 +02:00
Iván Ovejero	f667b384c9	refactor(core): Standardize filenames in cli (no-changelog) (#10484) ... Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>	2024-08-22 11:10:37 +02:00
Iván Ovejero	42a0b594d6	fix(core): Fix user telemetry bugs (#10293)	2024-08-05 13:24:26 +02:00
Iván Ovejero	c0f3693e8a	refactor(core): Decouple user events from internal hooks (no-changelog) (#10292)	2024-08-05 12:07:42 +02:00
Iván Ovejero	aa0a470dce	refactor(core): Clean up event relays (no-changelog) (#10284)	2024-08-02 16:52:49 +02:00
Tomi Turtiainen	d6770b5fca	fix(core): Flush instance stopped event immediately (#10238)	2024-07-30 14:49:41 +03:00
Iván Ovejero	aba1c64500	refactor(core): Rename EventRelay to EventService (no-changelog) (#10110)	2024-07-19 12:55:38 +02:00
Iván Ovejero	199dff4fb3	refactor(core): Decouple event bus from internal hooks (no-changelog) (#9724)	2024-06-20 12:32:22 +02:00
कारतोफ्फेलस्क्रिप्ट™	5887ed6498	refactor(core): Extract all Auth-related User columns into a separate entity (#9557) ... Co-authored-by: Ricardo Espinoza <ricardo@n8n.io>	2024-05-31 09:40:19 +02:00
कारतोफ्फेलस्क्रिप्ट™	fc83005ba0	fix(core): Do not allow admins to delete the instance owner (#9489)	2024-05-22 16:23:40 +02:00
कारतोफ्फेलस्क्रिप्ट™	88b9a4070b	fix(core): Do not allow admins to generate password-reset links for instance owner (#9488)	2024-05-22 16:13:56 +02:00
Csaba Tuncsik	596c472ecc	feat: RBAC (#8922) ... Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>	2024-05-17 10:53:15 +02:00
कारतोफ्फेलस्क्रिप्ट™	5025d209ca	fix(core): All calls to plainToInstance should exclude extraneous values (no-changelog) (#9338)	2024-05-08 15:49:41 +02:00
Iván Ovejero	7b925ab871	refactor(core): Rename ActiveWorkflowRunner to ActiveWorkflowManager (no-changelog) (#9280)	2024-05-06 17:54:05 +02:00
कारतोफ्फेलस्क्रिप्ट™	db4a419c8d	refactor(core): Enforce authorization by default on all routes (no-changelog) (#8762)	2024-02-28 17:02:18 +01:00
कारतोफ्फेलस्क्रिप्ट™	2811f77798	refactor(core): Rename RequireGlobalScope to GlobalScope (no-changelog) (#8760)	2024-02-28 14:40:02 +01:00
कारतोफ्फेलस्क्रिप्ट™	56c8791aff	refactor(core): Remove all legacy auth middleware code (no-changelog) (#8755)	2024-02-28 13:12:28 +01:00
कारतोफ्फेलस्क्रिप्ट™	d6deceacde	refactor(core): Remove roleId indirection (no-changelog) (#8413)	2024-01-24 13:38:57 +01:00
Cornelius Suermann	d597c2ab29	feat: Extend collection of usage metrics during license renewal (no-changelog) (#8369) ... Co-authored-by: Iván Ovejero <ivov.src@gmail.com>	2024-01-22 12:29:28 +01:00
Tomi Turtiainen	9a1cc56806	fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) ... Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>	2024-01-17 17:08:50 +02:00
Iván Ovejero	23a4ac96c0	refactor(core): Continue moving typeorm operators to repositories (no-changelog) (#8212) ... Follow-up to: https://github.com/n8n-io/n8n/pull/8186	2024-01-05 13:06:24 +01:00
कारतोफ्फेलस्क्रिप्ट™	cfe9525dd4	fix(core): Better input validation for the changeRole endpoint (#8189) ... also refactored the code to 1. stop passing around `scope === 'global'`, since this code can be used only for changing globalRole. 2. leak less details when input validation fails. ## Review / Merge checklist - [x] PR title and summary are descriptive - [x] Tests included	2024-01-03 09:33:35 +01:00
Iván Ovejero	40c1eeeddd	refactor(core): Continue moving typeorm operators to repositories (no-changelog) (#8186) ... Follow-up to: #8163	2024-01-02 17:53:24 +01:00
कारतोफ्फेलस्क्रिप्ट™	f69ddcd796	refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ... ## Review / Merge checklist - [x] PR title and summary are descriptive	2023-12-27 11:50:43 +01:00
Iván Ovejero	a70a5076ee	refactor(core): Add telemetry for RBAC roles (#7969) ... Add telemetry for RBAC roles, see [requirements](https://linear.app/n8n/issue/PAY-1067/add-telemetry-events-for-adding-and-assigning-admin-users#comment-184619fe).	2023-12-13 12:22:11 +01:00
Csaba Tuncsik	dbd62a4992	feat: Introduce advanced permissions (#7844) ... This PR introduces the possibility of inviting new users with an `admin` role and changing the role of already invited users. Also using scoped permission checks where applicable instead of using user role checks. --------- Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: Alex Grozav <alex@grozav.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com>	2023-12-08 12:52:25 +01:00
Iván Ovejero	386bd61967	fix(core): Ensure inviter and invitee are set correctly in invite link (#7943) ... ## Summary Ensure inviter and invitee are set correctly in invite link ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or **Linear ticket**: > Important in order to close automatically and provide context to reviewers https://linear.app/n8n/issue/ADO-1494 ## Review / Merge checklist - [ ] PR title and summary are descriptive. **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > *(internal)* You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e).	2023-12-07 10:53:31 +01:00
Val	1cb92ffe16	feat: Replace owner checks with scope checks (no-changelog) (#7846) ... Github issue / Community forum post (link here to close automatically):	2023-11-29 14:48:36 +00:00
Iván Ovejero	476806ebb0	feat(core): Allow admin creation (#7837) ... https://linear.app/n8n/issue/PAY-1038	2023-11-29 13:55:41 +01:00
Val	a37f1cb0ba	feat: Add initial scope checks via decorators (#7737)	2023-11-28 11:41:34 +00:00
Iván Ovejero	1c6178759c	refactor(core): Reorganize error hierarchy in cli package (no-changelog) (#7839) ... Ensure all errors in `cli` inherit from `ApplicationError` to continue normalizing all the errors we report to Sentry Follow-up to: https://github.com/n8n-io/n8n/pull/7820	2023-11-28 10:19:27 +01:00
Iván Ovejero	9b87a596ca	fix(core): Ensure member and admin cannot be promoted to owner (#7830) ... https://linear.app/n8n/issue/PAY-985/add-user-role-modification-endpoint#comment-62355f6b	2023-11-27 17:35:58 +01:00
Iván Ovejero	7a86d36068	feat(core): Allow user role modification (#7797) ... https://linear.app/n8n/issue/PAY-985 ``` PATCH /users/:id/role unauthenticated user ✓ should receive 401 (349 ms) member ✓ should fail to demote owner to member (349 ms) ✓ should fail to demote owner to admin (359 ms) ✓ should fail to demote admin to member (381 ms) ✓ should fail to promote other member to owner (353 ms) ✓ should fail to promote other member to admin (377 ms) ✓ should fail to promote self to admin (354 ms) ✓ should fail to promote self to owner (371 ms) admin ✓ should receive 400 on invalid payload (351 ms) ✓ should receive 404 on unknown target user (351 ms) ✓ should fail to demote owner to admin (349 ms) ✓ should fail to demote owner to member (347 ms) ✓ should fail to promote member to owner (384 ms) ✓ should fail to promote admin to owner (350 ms) ✓ should be able to demote admin to member (354 ms) ✓ should be able to demote self to member (350 ms) ✓ should be able to promote member to admin (349 ms) owner ✓ should be able to promote member to admin (349 ms) ✓ should be able to demote admin to member (349 ms) ✓ should fail to demote self to admin (348 ms) ✓ should fail to demote self to member (354 ms) ```	2023-11-24 11:40:08 +01:00
Ricardo Espinoza	8e0ae3cf8c	refactor: Extract Invitation routes to InvitationController (no-changelog) (#7726) ... This PR: - Creates `InvitationController` - Moves `POST /users` to `POST /invitations` and move related test to `invitations.api.tests` - Moves `POST /users/:id` to `POST /invitations/:id/accept` and move related test to `invitations.api.tests` - Adjusts FE to use new endpoints - Moves all the invitation logic to the `UserService` --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>	2023-11-16 12:39:43 -05:00
Ricardo Espinoza	4020c14d59	refactor: Use POST /users to re-invite users (no-changelog) (#7714)	2023-11-15 06:40:57 -05:00
कारतोफ्फेलस्क्रिप्ट™	000e76e3b4	ci(core): Reduce memory usage in tests (part-2) (no-changelog) (#7671) ... This also gets rid of `Db.collection`, which was another source of circular dependencies.	2023-11-10 15:04:26 +01:00
कारतोफ्फेलस्क्रिप्ट™	60314248f4	fix(core): Make password-reset urls valid only for single-use (#7622)	2023-11-07 15:35:43 +01:00
कारतोफ्फेलस्क्रिप्ट™	05586a900d	refactor(core): Make Logger a service (no-changelog) (#7494)	2023-10-25 16:35:22 +02:00
कारतोफ्फेलस्क्रिप्ट™	55c6a1b0d3	fix(core): Do not return inviteAcceptUrl in response if email was sent (#7465)	2023-10-19 13:58:06 +02:00
Iván Ovejero	b716241b42	feat(core): Add filtering, selection and pagination to users (#6994) ... https://linear.app/n8n/issue/PAY-646	2023-08-28 16:13:17 +02:00
Iván Ovejero	87cf1d9c1b	refactor(core): Make controller constructors consistent (no-changelog) (#7015)	2023-08-25 13:23:22 +02:00
Ricardo Espinoza	2b7ba6fdf1	feat(core): Add MFA (#4767) ... https://linear.app/n8n/issue/ADO-947/sync-branch-with-master-and-fix-fe-e2e-tets --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>	2023-08-23 22:59:16 -04:00
Iván Ovejero	96a9de68a0	refactor(core): Move all user DB access to UserRepository (#6910) ... Prep for https://linear.app/n8n/issue/PAY-646	2023-08-22 15:58:05 +02:00
Iván Ovejero	e4f041815a	perf(core): Cache roles (#6803) ... * refactor: Create `RoleService` * refactor: Refactor to use service * refactor: Move `getUserRoleForWorkflow` * refactor: Clear out old `RoleService` * refactor: Consolidate utils into service * refactor: Remove unused methods * test: Add tests * refactor: Remove redundant return types * refactor: Missing utility * chore: Remove commented out bit * refactor: Make `Db.collections.Repository` inaccessible * chore: Cleanup * feat: Prepopulate cache * chore: Remove logging * fix: Account for tests where roles are undefined * fix: Restore `prettier.prettierPath` * test: Account for cache enabled and disabled * fix: Restore `Role` in `Db.collections` * refactor: Simplify by removing `orFail` * refactor: Rename for clarity * refactor: Use `cacheKey` for readability * refactor: Validate role before creation * refacator: Remove redundant `cache` prefix * ci: Lint fix * test: Fix e2e	2023-08-03 08:58:36 +02:00
Ricardo Espinoza	89f44021b9	fix(core): Use JWT as reset password token (#6714) ... * use jwt to reset password * increase expiration time to 1d * drop user id query string * refactor * use service instead of package in tests * sqlite migration * postgres migration * mysql migration * remove unused properties * remove userId from FE * fix test for users.api * move migration to the common folder * move type assertion to the jwt.service * Add jwt secret as a readonly property * use signData instead of sign in user.controller * remove base class * remove base class * add tests	2023-07-24 17:40:17 -04:00
OlegIvaniv	e5620ab1e4	feat(API): Implement users account quota guards (#6434) ... * feat(cli): Implement users account quota guards Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Remove comment Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Address PR comments - Getting `usersQuota` from `Settings` repo - Revert `isUserManagementEnabled` helper - Fix FE listing of users Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Refactor isWithinUserQuota getter and fix tests Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Revert testDb.ts changes Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Cleanup & improve types Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Fix duplicated method * Fix failing test * Remove `isUserManagementEnabled` completely Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Check for globalRole.name to determine if user is owner Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Fix unit tests Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Set isInstanceOwnerSetUp in specs * Fix SettingsUserView UM Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * refactor: License typings suggestions for users quota guards (#6636) refactor: License typings suggestions * Update packages/cli/src/Ldap/helpers.ts Co-authored-by: Iván Ovejero <ivov.src@gmail.com> * Update packages/cli/test/integration/shared/utils.ts Co-authored-by: Iván Ovejero <ivov.src@gmail.com> * Address PR comments Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Use 403 for all user quota related errors Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> --------- Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com>	2023-07-12 14:11:46 +02:00
Iván Ovejero	8c008f5d22	refactor(core)!: Remove basic-auth, external-jwt-auth, and no-auth options (#6362) ... Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>	2023-06-22 20:03:47 +02:00
Michael Auerswald	77e3f1551d	feat: Add manual login option and password reset link for SSO (#6328) ... * consolidate IUserSettings in workflow and add allowSSOManualLogin * add pw reset link to owners ui	2023-05-30 12:52:02 +02:00