The `document.execCommand` call is deprecated since a few years [0] so I
went ahead and removed it. We only use it to copy stuff to the clipboard
and the recommended way now is to use `navigator.clipboard.writeText`
[1]. `writeText` is kind of new, but I think we'll be alright regarding
compatibility (Compat table is also available at [1]).
Making the handler functions async is okay because extjs executes the
handler and does not expect any result from it, nor does it need to do
some work afterwards.
[0]: https://developer.mozilla.org/en-US/docs/Web/API/document/execCommand
[1]: https://developer.mozilla.org/en-US/docs/Web/API/Clipboard/writeText
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Similar to a recent change in pve-access-control [0], add a new
'confirmation-password' parameter to the change-password endpoint and
require non-root users to confirm their passwords.
Doing so avoids that an attacker that has direct access to a computer
where a user is logged in to the PVE interface can change the password
of said user and thus either prolong their possibility to attack,
and/or create a denial of service situation, where the original user
cannot login into the PVE host using their old credentials.
Note that this might sound worse than it is, as for this attack to
work the attacker needs either:
- physical access to an unlocked computer that is currently logged in
to a PVE host
- having taken over such a computer already through some unrelated
vulnerability
As these required pre-conditions are pretty big implications, which
allow (temporary) access to all of the resources (including PVE ones)
that the user can control, we see this as slight improvement that
won't hurt, might protect one in some specific cases that is simply
too cheap not to do.
For now we avoid additional confirmation through a second factor, as
that is a much higher complexity without that much gain, and some
forms like (unauthenticated) button press on a WebAuthn token or the
TOTP code would be easy to circumvent in the physical access case and
in the local access case one might be able to MITM themselves too.
[0]: https://git.proxmox.com/?p=pve-access-control.git;a=commit;h=5bcf553e3a193a537d92498f4fee3c23e22d1741
Reported-by: Wouter Arts <security@wth-security.nl>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
[ TL: Extend ocmmit message, squash in UI change ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
no need to keep a copy of that component here, just re-use the common
one from widget-toolkit. That one provides also some more features
that will be used here with a next commit.
Originally-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
[ TL: move switch to common widget up front ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
the default timeout of 30 seconds is too short to properly wait for a
slot transfer. Increase the timeout to a value of 3 minutes. In my
tests, it took about 60 seconds in a very basic changer to move a tape
between two slots, so triple that to account for bigger and more
complicated libraries.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
values.username just does not exist, and we do not need to delete the
username part anyway, as that field is used to assemble the full
userid by concatenating the name@realm parts.
While at it move this over to let-assignments and do not call setting
expiry explicitly a hack, it's fine and warranted code, because if one
wants to use a datefield's empty value as 0 one needs to do so
explicitly, nothing hacky there..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
the api does not accept a realm property here, it is only needed to
construct a proper user id of the form `{username}@{realm}`. so
remove it before sending it to the api and getting an error in return.
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
since that's not a valid api parameter there
we have to pass the `isCreate` value through to the inputpanel, we even
used it there already but it was never set.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
the prune input panel is used in various contexts (add/editing a
prunejob, adding a datastore, executing a prune). These different api
calls don't all take the same parameters, so we have to correctly set
the `isCreate` to not send a `delete` paramter for those request if
there was an empty field.
Also set 'max-depth:0' only when recursive was not set *and* we can
set 'recursive', because for creating a datastore that is not supported
by the api, and for the prune job editing we override the whole
onGetValues anyway so that's not an issue there.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this is not a valid parameter for the create call. To do that in the
onGetValues method, we have to pass the 'isCreate' value through to the
input panels via cbind.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we accidentally always tried to load an existing config, even when
creating a new entry. This returned the list of all configured ones plus
the digest (which gets set by the edit window). When the digest is set,
the edit window will send it along, but that does not exist for the
create api call, so it failed.
To fix it, guard the load behind the `serverid` property, which is only
set when we edit an existing entry.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
While PVE and PMG use a rather brittle "replace whole config" style on
their DNS entry CRUD API, the PBS one was made with a per-entry level
granularity, so that single entries can modified, or deleted, without
touching the others.
But the UI from the widget-toolkit was made for the older PVE/PMG
behavior and did not sent along the delete-array of to-be-deleted
keys.
Since widget-toolkit commit 8d161ac ("dns: update comment to avoid
coupling to downstream dependency") the DNS edit window supports
opting into that by setting the new `deleteEmpty` config parameter.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: expand commit message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
users that add the correct subscription key just get unnecessarily
confused with a "value does not match the regex pattern" error if
they accidentally have a stray whitespace at the end or beginning
otherwise.
Switch to using our `proxmoxtextfield` component that provides a
`trimValue` config option since widget-toolkit commit 5d7d30d ("text
field: add trimValue config") that was made just for this case.
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
[ TL: reference widget toolkit commit ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This already works in pve and is also possible in pbs when using the
`proxmox-backup-manager user create` command.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
and add it as a hidden column. This now displays all tapes even if there
are some with identical label-texts.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
To make the UI compatible, the Group Filter dialogue has been extended
by a second list, so it now features a list for all include filter and
one for all exclude filters.
Internally, all include as well as exclude filter are managed into one
list. The 2 list view is just for a cleaner representation in the UI.
Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
Correctly display missing 'avail' and 'used' attributes in the
datatstore summary. This simply sets it to 0, so that we don't get any
errors in the console.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
without any default value in the viewModel, the resulting url would be:
`<id>?destroy-data=<value>&keep-job-configs=`
which is missing the actual value, so add the default
Fixes: e9979a1a ("ui: add 'keep configs' checkbox to datastore removal window")
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Fiona Ebner <f.ebner@proxmox.com>
to make the system load/status summary one look less cramped, as that
got recently the boot-mode information line added.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
by globally calling the 'status' api once and saving the fingerprint
into the global Proxmox variable.
since not all users might have that permission, ignore errors for that,
and don't show the fingerprint in this case
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
this has a similar functionality as the 'show fingerprint' button,
but for repository strings that are needed e.g. for the cli
included with and without the current user for convenience
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: squash in window title rename and iconCls fix for light-mode ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Extract and display the build version and kernel
release nicely.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>
Shows the bootmode of the instance. Options are Legacy BIOS,
EFI, or EFI(Secure Boot).
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>
... since the API already accepts a boolean for that.
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
[ DC: actually send the option to the api ]
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This reverts commit 3940f48c47 as it's
bogus and was already fixed on master, so that's why testing this
change made it look like it was working now compared to the previous
version.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
when editing a local sync job, the field would be empty because of
this and not be set to the previously configured remote-store.
The binding is already used for the local datastore, not sure why it
should even be applied to the target where it might not even be valid.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Set `supportsWipeDisk` to true to enables the wipe button in the web
UI.
The entry for override_task_descriptions is copied from pve-manager.
Signed-off-by: Markus Frank <m.frank@proxmox.com>
Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>
Reviewed-by: Max Carrara <m.carrara@proxmox.com>
Tested-by: Max Carrara <m.carrara@proxmox.com>
and show the relevant actions. They will be forwarded to the controller,
so we can reuse that code without big refactoring them into another
class/place.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
... since the store field was cleared when the window opened.
Reported-by: Lukas Wagner <l.wagner@proxmox.com>
Fixes: 9039d6709e
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>
previously, the snapshot grid returned one of three possible types of
values:
* a list of snapshots
* a list of datastores (if only whole datastores were selected)
* the string 'all' (when all snapshots were selected)
this led to some confusing and wrong code, especially the part:
```
if (source === 'all') {
source = values.store;
}
```
which basically set the selected *target* store as a source. (meaning
it tried restoring a datastore with the selected target name,
regardless if it existed or not)
This fell through in testing, since we most often only restored to the
same datastore anyway were the target and source name were the same.
Rework the return value to return the empty array in case all
snapshots are selected, since selecting none is not a valid anyway.
This means we always get an array back, which makes the code a bit
cleaner overall.
At the same time, we now differentiate correctly the 'all selected'
case, by setting the selected target as a default target.
So instead of previously having `target=target` as datastore
parameter, we now have `target` which is the correct behavior when we
want to restore the whole media set anyway.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
some of the variable names did not really tell the full story, so
extend them a bit. This makes the intention much clearer.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
by counting the returned tapes and compare it to the sequence number.
If the tape count is lower than the highest sequence number plus one,
there must be a tape missing.
Mark it in the text and add the proxmox-warning-row class.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
With this patch it is possible to remove systemd mount units via the webui.
Signed-off-by: Markus Frank <m.frank@proxmox.com>
Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>
When there is no comment for a backup group, the comment of the last
(most recent) snapshot in this group will be shown as dimmed text, as
long as the back group is collapsed.
Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
the ui shows the default 'root' namespace as target, but this only
worked when no namespace was selected. as soon as one source datastore
had a target namespace selected, the others datastores would be
skipped as there was no namespace mapping for them. To fix that, we
simply send a default namespace mapping for each source datastore
without a target (no target means 'root')
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
the reset button only makes sense for editing existing entries,
not for creating new.
This brings it inline with the ZFS create window from PVE.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
by adding the 'totp-locked' column to the model
a diff store can only know if a column has changed if the column is
defined in the model, otherwise it'll only load it the first time
(when the 'load' called on the diff store)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
but fallback to 'eslint' otherwise
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[T: move into www/manager Makefile directly]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
We recently took into account the selected datastore when restoring
from tape, but the snapshot grids value may not only be a single
datastore, it can also be a list of snapshots, datastores or 'all'.
Handle these cases and extract the source datastore correctly.
This fixes tape restoration when not a whole datastore is selected.
Reported in the forum:
https://forum.proxmox.com/threads/restore-from-lto-parameter-verification-errors-store.128445
Fixes: df881ed0 ("ui: tape: fix restoring a single datastore")
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
if the user selected a single datastore to restore from tape on a
media-set that includes more than one, the ui suggests (and is
intended to) that only that datastore will be restored on the selected
target.
The logic to construct the store mapping parameter did not consider that
case, and simply gave the target as default store, which meant all
datastores were restored onto the target.
To fix that, we have to get the source datastore from the field, and
construct the correct parameter ("source=target").
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
ExtJS has a `listeners` but no `listener` config, so add the missing
`s` to ensure the upload window destroy event callback is triggered.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
when labeling a tape in a changer, we pre-fill the label field with
the one from the barcode (if it exists). Letting the user change
the label here does not make much sense, since we assume that they are
the same (e.g. for move operations etc.)
So instead simply display the label to protect users from accidentally
changing it. If a user really needs to have a different label than the
suggested one, it's still possible on the cli.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
avoid accessing private members directly but rather try to use the
public API, this then allows us do drop declaring a reference on the
realm combobox, which was not directly used and thus a bit subtle.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
For the `Datastore -> Summary` overview for all configured datastores.
Fix is adapted from the PVE's ceph's status details or performance
runningCharts, which are both similar (but not really the same)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ T: expand commit message to note that this is adapted from PVE ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
removes the style that gets added directly to the element of the
package versions and system report views. this makes them harder to
style through css as normal selectors cannot override the element's
style. since they behave properly without these styles anyway, remove
them.
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
adds a theme switcher to the ui and handles the necessary cookies in
the backend.
this requires a bump of the widget toolkit so the necessary widgets
are present.
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This allows specifying a user's realm when adding a new user.
For now, adding users to the PAM realm is explicitely disabled
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
we use 'enable' property here with a default of true, so change
the dataIndex and the renderer to reflect that
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
The `onSetValues` (pedant to `onGetValues`) got added relatively
recently to widget toolkits input panel. Using it avoids the need to
hard-code some "dynamic override" calling semantics.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Add a simple edit window with 2 combo boxes for `sync-level` and
`chunk-order`.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ T: rework commit message/subject a bit ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
we can still do that as notifications for prune jobs weren't released
yet.
We may want to evaluate if we adapt (some) other notification types
too on next major release.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
is left in the datastore. Before, the GUI would report "Never" for the
estimated time full, because the value provided in the backend was in
the past. To get around this, the GUI now reports "Full" if the value
for available reaches 0.
Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
The API now exposes the field 'available' as well, with which the
unprivileged total is calculated in all corresponsing views in the
frontend.
The rrd charts now also display the total as the unprivileged total
if available, otherwise the absolute total is used.
Signed-off-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
The backend doesn't have an 'enable' option, but 'disable'. Convert
it to avoid a negative value that is checked "enabled".
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
namely 'catalog' and 'read-all-labels', by always opening a
window (with a drive now autoselected) and the two checkboxes
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
