141 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Echo	69d2e88bbd	feat: OIDC SSO provider support (Keycloak, Azure AD, custom) ... - Refactored azure_sso.rs to sso.rs with generic OIDC provider support - Added OIDC discovery URL lookup with 1hr TTL caching - Added PKCE for all providers, client_secret optional for public clients - Added /api/v1/auth/sso/login and /api/v1/auth/sso/callback routes - Added /api/v1/auth/azure/* backward-compatible routes - Added POST /settings/sso/discover and POST /settings/sso/test endpoints - Frontend: Provider dropdown (Keycloak/Azure AD/Custom OIDC) - Frontend: Auto-fill discovery URL for Keycloak - Frontend: Discover Endpoints and Test Connection buttons - Frontend: Dynamic SSO button based on provider display name - Made migration 014 idempotent with DO blocks and IF NOT EXISTS - Fixed debian/install to use /usr/local/bin/ for binaries - Fixed frontend file path in .deb package - Reset admin password on dev server - Fixed database permissions for oidc_config table	2026-05-13 13:32:24 +00:00
Echo	e3d8569b05	feat: include notification recipients in SMTP test email	2026-05-13 00:33:41 +00:00
Echo	3b3fd8b689	fix: remove duplicate audit integrity section and consolidate email settings into SMTP	2026-05-13 00:16:20 +00:00
Echo	c8b6b01dbc	fix: resolve settings save failure - boolean type mismatch and improve error messages	2026-05-13 00:07:46 +00:00
Echo	c8b1feee19	fix: make version display dynamic from package.json instead of hardcoded	2026-05-12 23:49:14 +00:00
Echo	010d384c6a	fix: add libfontconfig1-dev to CI workflow for fontconfig build dependency	2026-05-12 23:29:28 +00:00
Echo	1426ecffc2	chore: bump version to 0.1.4	2026-05-12 23:23:43 +00:00
Echo	04abb59961	fix: clarify SMTP vs email notification UX and save-before-test	2026-05-12 23:17:47 +00:00
Echo	9352dc8a02	fix: add libfontconfig1 dependency for plotters TTF font support	2026-05-12 21:25:39 +00:00
Echo	4b5a252fc9	fix: enable plotters TTF font support to prevent PDF chart panics	2026-05-12 21:18:13 +00:00
Echo	65847c6c90	fix: use FontFamily enum for plotters chart captions to prevent font panic	2026-05-12 21:06:49 +00:00
Echo	4c91e02e58	fix: cast compliance_pct to float8 and fix PDF generation crashes	2026-05-12 20:59:21 +00:00
Echo	a1852fd55a	fix: cast compliance_pct to numeric for PostgreSQL ROUND()	2026-05-12 20:10:21 +00:00
Echo	2bbc03b937	fix: resolve 6 reporting issues - SQL schema mismatches, duplicate type, UI dropdown, chart scale, CSV error handling ... 1. Compliance CSV/PDF: Replace non-existent pd.total_packages with jsonb_array_length(pd.installed_packages) and pd.pending_patches with pd.patch_count. Fix GROUP BY to match new columns. 2. Vulnerability CSV/PDF: Replace non-existent pd.cve_data with jsonb_array_elements on pd.available_patches JSONB, extracting cve_ids via nested lateral join. Replace pd.updated_at with pd.polled_at (actual column name). 3. TypeScript: Remove duplicate PollingConfig interface declaration in frontend/src/types/index.ts. 4. ReportsPage: Replace Group ID text field with Select dropdown populated from GET /api/v1/groups, showing group names instead of requiring UUID input. 5. PDF charts: Increase embed_image scale from 0.18 to 0.28 for better visibility on A4 landscape pages. 6. Vulnerability CSV: Remove invalid (no data) comment row on query failure; return header-only CSV instead to maintain valid CSV format.	2026-05-12 19:59:03 +00:00
Echo	4c300087f2	fix: Update build-package.sh VERSION to 0.1.3	2026-05-12 17:40:09 +00:00
Echo	13cabcea77	fix: Replace console.log with console.warn in MfaSetupPage for ESLint	2026-05-12 17:26:49 +00:00
Echo	f04565ead7	style: cargo fmt --all for v0.1.3 SSO changes	2026-05-12 17:14:48 +00:00
Echo	0fb804eefb	fix: Merge duplicate @mui/icons-material import in LoginPage	2026-05-12 17:05:48 +00:00
Echo	86a6c714d4	feat: Complete Azure SSO implementation (v0.1.3) ... - Add SSO session cleanup task (10-min expiry, 60s purge interval) - Change callback to redirect to frontend with tokens as query params - Add sso_callback_url to SecurityConfig with serde default - Add SsoCallbackPage.tsx for handling SSO callback redirects - Add /auth/sso/callback public route to App.tsx - Add Sign in with Microsoft Azure button to LoginPage - Replace insecure decode_jwt_payload with verify_id_token - Implement JWKS caching (1-hour TTL) and RSA signature verification - Validate iss, aud, exp claims on id_token - Add jsonwebtoken dependency to pm-web crate - Update config.example.toml with sso_callback_url setting - Add sso_callback_url to settings response (read-only from TOML)	2026-05-12 17:01:20 +00:00
Echo	08add28b80	fix: eslint-disable for useEffect deps in UsersPage	2026-05-07 19:14:21 +00:00
Echo	cc1214a963	feat: Phase 4 - password validation, force password reset flow, account lockout, QR code for MFA	2026-05-07 17:53:16 +00:00
Echo	b5b975e7e5	feat: Phase 3 - admin user management with edit, password reset, MFA disable, search/filter	2026-05-07 16:38:24 +00:00
Echo	5cf3125a2e	feat: Phase 2 - user profile page with self-service password change and MFA management	2026-05-07 16:32:55 +00:00
Echo	0a70afbbe9	feat: Phase 1 - user/password API extensions and auth route fix	2026-05-07 16:21:53 +00:00
Echo	42392ed9c7	fix: persist auth across refreshes with onFinishHydration and safety timeout	2026-05-07 13:39:14 +00:00
Echo	73df591cd3	fix: persist auth state across page refreshes using onRehydrateStorage	2026-05-07 02:59:09 +00:00
Echo	5e63245f65	fix: add SPA fallback route to prevent F5 refresh crash	2026-05-07 02:23:21 +00:00
Echo	f0bd431779	fix: postinst auto-restart services on upgrade and build-package.sh version sync ... - debian/postinst: auto-restart patch-manager-web and patch-manager-worker on upgrade (not fresh install) - debian/postinst: list pending database migrations after upgrade - scripts/build-package.sh: update debian/control Version from VERSION variable to ensure dpkg handles upgrades correctly - tasks/lessons.md: added lessons about service restarts and version sync	2026-05-07 00:55:34 +00:00
Echo	3ebdedda65	chore: bump version to 0.1.2	2026-05-06 21:43:29 +00:00
Echo	0279caf5d2	feat: add target_host_id to service health checks ... - Add target_host_id column to host_health_checks table (nullable UUID FK) - Allow service checks to query a different host agent - Backend models, API routes, and poller updated - Frontend: host selector dropdown for service checks - Validation: target host must exist and be healthy - FK ON DELETE SET NULL: revert to own host if target deleted	2026-05-06 21:38:42 +00:00
Echo	4889ab5d0a	docs: add ESLint lesson to lessons.md	2026-05-06 17:48:08 +00:00
Echo	8bef562dbc	fix: ESLint errors and update git hooks to include ESLint ... - HostDetailPage.tsx: fix eqeqeq (!= to !==) - HostsPage.tsx: merge duplicate @mui/icons-material imports - PatchDeploymentPage.tsx: merge duplicate @mui/icons-material imports - pre-commit hook: add ESLint check - pre-push hook: add ESLint check	2026-05-06 17:46:10 +00:00
Echo	6481899cb5	chore: bump version to 0.1.1	2026-05-06 16:27:15 +00:00
Echo	0e9cb1c915	fix: add HealthCheckListResponse type to match API response structure ... - Added HealthCheckListResponse type { checks: [...], total: number } - Updated healthChecksApi.list() return type to HealthCheckListResponse - Fixed HostDetailPage to use res.data?.checks instead of Array.isArray - Added Target column to health checks table - Added git pre-commit/pre-push hooks to prevent format CI failures - Updated lessons.md	2026-05-06 16:18:29 +00:00
Echo	12d640e5de	style: cargo fmt --all to fix CI format check	2026-05-06 03:57:01 +00:00
Echo	3d9b2d4917	fix: health checks list not showing - API returns {checks:[...]} not array ... - Fixed data extraction: use res.data?.checks instead of Array.isArray(res.data) - Added Target column to health checks table showing service_name or URL - Matches the pattern used by maintenance windows (res.data?.windows)	2026-05-06 03:51:40 +00:00
Echo	00cdadafce	fix: use host() to strip CIDR mask from inet column in cert IP SANs ... The ip_address column is PostgreSQL inet type. When cast to text (ip_address::text), it includes the CIDR mask (e.g., 192.168.0.166/32). Rust IpAddr::parse() fails on CIDR notation, so the IP SAN was silently skipped in server certificates. Fix: use host(ip_address) in SQL queries to strip the CIDR mask, returning just the IP address (e.g., 192.168.0.166). Affected endpoints: - POST /hosts/:id/certificates (issue_client_cert) - POST /hosts/:id/certificates/reissue (reissue_host_cert)	2026-05-06 03:03:10 +00:00
Echo	ee33ba5740	feat: setup.sh generates CA-signed web cert instead of self-signed ... - Generate internal CA (ECDSA P-256, 10-year validity) if not present - Sign web server cert with internal CA (1-year validity) - Add SANs for hostname, short hostname, localhost, and host IP - Add EKU: serverAuth to web cert - pm-ca will load existing CA on startup - Simplify host cert section to only show agent deployment files	2026-05-06 02:08:01 +00:00
Echo	812b23d2d0	fix: simplify host cert section to only show agent deployment files ... - Remove client cert/key from KeyDisplayDialog on host detail page - Bundle download now only contains ca.crt, server.crt, server.key - Rename bundle to {hostname}-agent-certs.zip - Remove standalone client cert download button - Update dialog title and warning text - The main Certificates page still has all certs available	2026-05-06 01:58:32 +00:00
Echo	5914c9b297	feat: all-inclusive agent cert bundle - server cert + client cert + CA root in one issuance	2026-05-06 01:29:25 +00:00
Echo	aa0cb9ab3c	feat: cert bundle download with CA root, re-issue endpoint, and enhanced cert UI	2026-05-05 23:06:48 +00:00
Echo	d59597b732	feat: add Issue Certificate button and dialog to HostDetailPage	2026-05-05 21:23:49 +00:00
Echo	1aa90c7eb0	fix: add host creation form for Add Host button	2026-05-05 20:48:14 +00:00
Echo	0cfe8ba891	fix: job completion stuck in running - NULL output and status type mismatch ... Bug 1: status.output.as_deref() passes NULL when agent returns no output, but patch_job_hosts.output has NOT NULL constraint. Fix: use .unwrap_or("") to default to empty string. Bug 2: sync_job_status passes String to job_status enum column, PostgreSQL rejects implicit text-to-enum cast. Fix: add ::job_status cast in SQL UPDATE queries.	2026-05-05 20:16:26 +00:00
Echo	91c82735d1	fix: ServiceStatusData deserialization, audit_action enum, and agent HTTP client ... - Fix ServiceStatusData to match agent response (active_state, sub_state, etc.) - Add migration 009 for health_check audit_action enum values - Fix build_agent_http_client: use rustls TLS with mTLS instead of danger_accept_invalid_certs - Add detailed error logging for agent HTTP client builder	2026-05-05 15:47:01 +00:00
Echo	c51b48f7b0	fix: ServiceStatusData deserialization mismatch with agent response ... Manager expected fields: name, status, healthy, uptime_secs Agent actually returns: name, display_name, active_state, sub_state, load_state, enabled_state, main_pid, healthy Updated ServiceStatusData to match agent response format. Updated health_check_poller.rs to use new field names.	2026-05-05 15:13:41 +00:00
Echo	6eeedb1793	fix: health_check_status SQL subquery in hosts API ... - Fixed broken SQL in hosts.rs that was using Python string replacement instead of proper CASE expression for health_check_status - Added serde default for health_check_poll_interval_secs config - Fixed missing AgentClient import in health_check_poller.rs - Added /etc/patch-manager/keys to systemd ReadWritePaths - Integration test verified: health check CRUD, service/HTTP checks work	2026-05-05 14:30:16 +00:00
Echo	93828e1976	feat: health check configuration and worker engine (Phase 3+4) ... - Added health_check_poller.rs: periodic service/HTTP health checks - Added pre-patch health gate in job_executor.rs - Added waiting_health_check job status (migration 008) - Added health_check_status to HostSummary and hosts API - Added health check types and API functions to frontend - Added health check UI section to HostDetailPage - Added health check status indicators to HostsPage and PatchDeploymentPage - Added serde default for health_check_poll_interval_secs - Fixed missing AgentClient import in health_check_poller.rs - Fixed missing ws_relay import in main.rs - Fixed missing closing paren in retry_pending_jobs SQL - Added ReadWritePaths for /etc/patch-manager/keys in systemd services	2026-05-05 14:10:37 +00:00
Echo	a306806b04	fix: change patches_missing type from i64 to i32 to match PostgreSQL INTEGER column	2026-05-05 02:18:18 +00:00
Echo	1ba325d529	feat: add patches missing filter and count indicator to deploy page	2026-05-04 18:56:52 +00:00