Return user info in the peer API response

client/internal/config.go

@@ -263,7 +263,7 @@ func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (Device
 		}
 	}
 
-	return DeviceAuthorizationFlow{
+	deviceAuthorizationFlow := DeviceAuthorizationFlow{
 		Provider: protoDeviceAuthorizationFlow.Provider.String(),
 
 		ProviderConfig: ProviderConfig{
@@ -274,5 +274,32 @@ func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (Device
 			TokenEndpoint:      protoDeviceAuthorizationFlow.GetProviderConfig().GetTokenEndpoint(),
 			DeviceAuthEndpoint: protoDeviceAuthorizationFlow.GetProviderConfig().GetDeviceAuthEndpoint(),
 		},
-	}, nil
+	}
+
+	err = isProviderConfigValid(deviceAuthorizationFlow.ProviderConfig)
+	if err != nil {
+		return DeviceAuthorizationFlow{}, err
+	}
+
+	return deviceAuthorizationFlow, nil
+}
+
+func isProviderConfigValid(config ProviderConfig) error {
+	errorMSGFormat := "invalid provider configuration received from management: %s value is empty. Contact your NetBird administrator"
+	if config.Audience == "" {
+		return fmt.Errorf(errorMSGFormat, "Audience")
+	}
+	if config.ClientID == "" {
+		return fmt.Errorf(errorMSGFormat, "Client ID")
+	}
+	if config.ClientSecret == "" {
+		return fmt.Errorf(errorMSGFormat, "Client Secret")
+	}
+	if config.TokenEndpoint == "" {
+		return fmt.Errorf(errorMSGFormat, "Token Endpoint")
+	}
+	if config.DeviceAuthEndpoint == "" {
+		return fmt.Errorf(errorMSGFormat, "Device Auth Endpoint")
+	}
+	return nil
 }

management/server/account.go

@@ -47,6 +47,7 @@ type AccountManager interface {
 	IsUserAdmin(claims jwtclaims.AuthorizationClaims) (bool, error)
 	AccountExists(accountId string) (*bool, error)
 	GetPeer(peerKey string) (*Peer, error)
+	GetPeers(accountID string) ([]*PeerInfo, error)
 	MarkPeerConnected(peerKey string, connected bool) error
 	RenamePeer(accountId string, peerKey string, newName string) (*Peer, error)
 	DeletePeer(accountId string, peerKey string) (*Peer, error)
@@ -57,7 +58,7 @@ type AccountManager interface {
 	AddPeer(setupKey string, userId string, peer *Peer) (*Peer, error)
 	UpdatePeerMeta(peerKey string, meta PeerSystemMeta) error
 	UpdatePeerSSHKey(peerKey string, sshKey string) error
-	GetUsersFromAccount(accountId string) ([]*UserInfo, error)
+	GetUsers(accountId string) ([]*UserInfo, error)
 	GetGroup(accountId, groupID string) (*Group, error)
 	SaveGroup(accountId string, group *Group) error
 	UpdateGroup(accountID string, groupID string, operations []GroupUpdateOperation) (*Group, error)

management/server/account_test.go

@@ -847,7 +847,7 @@ func TestGetUsersFromAccount(t *testing.T) {
 		account.Users[user.Id] = user
 	}
 
-	userInfos, err := manager.GetUsersFromAccount(accountId)
+	userInfos, err := manager.GetUsers(accountId)
 	if err != nil {
 		t.Fatal(err)
 	}

management/server/http/api/openapi.yml

@@ -44,19 +44,31 @@ components:
       - name
       - role
       - auto_groups
+    UserMinimum:
+      type: object
+      properties:
+        id:
+          description: User ID
+          type: string
+        email:
+          description: User's email address
+          type: string
+        name:
+          description: User's name from idp provider
+          type: string
     UserRequest:
       type: object
       properties:
+        role:
+          description: User's NetBird account role
+          type: string
         auto_groups:
           description: Groups to auto-assign to peers registered by this user
           type: array
           items:
             type: string
       required:
-        - name
+        - role
-        - type
-        - expires_in
-        - revoked
         - auto_groups
     PeerMinimum:
       type: object
@@ -110,6 +122,11 @@ components:
             ssh_enabled:
               description: Indicates whether SSH server is enabled on this peer
               type: boolean
+            user:
+              $ref: '#/components/schemas/UserMinimum'
+            host_name:
+              description: Peer's hostname
+              type: string
           required:
           - ip
           - connected

management/server/http/api/types.gen.go

@@ -137,6 +137,9 @@ type Peer struct {
 	// Groups that the peer belongs to
 	Groups []GroupMinimum `json:"groups"`
 
+	// Peer's hostname
+	HostName *string `json:"host_name,omitempty"`
+
 	// Peer ID
 	Id string `json:"id"`
 
@@ -154,6 +157,7 @@ type Peer struct {
 
 	// Indicates whether SSH server is enabled on this peer
 	SshEnabled bool         `json:"ssh_enabled"`
+	User       *UserMinimum `json:"user,omitempty"`
 
 	// Peer's daemon or cli version
 	Version string `json:"version"`
@@ -372,10 +376,25 @@ type User struct {
 	Role string `json:"role"`
 }
 
+// UserMinimum defines model for UserMinimum.
+type UserMinimum struct {
+	// User's email address
+	Email *string `json:"email,omitempty"`
+
+	// User ID
+	Id *string `json:"id,omitempty"`
+
+	// User's name from idp provider
+	Name *string `json:"name,omitempty"`
+}
+
 // UserRequest defines model for UserRequest.
 type UserRequest struct {
 	// Groups to auto-assign to peers registered by this user
 	AutoGroups []string `json:"auto_groups"`
+
+	// User's NetBird account role
+	Role string `json:"role"`
 }
 
 // PostApiGroupsJSONBody defines parameters for PostApiGroups.

management/server/http/peers.go

@@ -11,7 +11,7 @@ import (
 	"net/http"
 )
 
-//Peers is a handler that returns peers of the account
+// Peers is a handler that returns peers of the account
 type Peers struct {
 	accountManager server.AccountManager
 	authAudience   string
@@ -42,7 +42,7 @@ func (h *Peers) updatePeer(account *server.Account, peer *server.Peer, w http.Re
 		http.Redirect(w, r, "/", http.StatusInternalServerError)
 		return
 	}
-	writeJSONObject(w, toPeerResponse(peer, account))
+	writeJSONObject(w, toPeerResponse(&server.PeerInfo{Peer: peer}, account))
 }
 
 func (h *Peers) deletePeer(accountId string, peer *server.Peer, w http.ResponseWriter, r *http.Request) {
@@ -83,7 +83,7 @@ func (h *Peers) HandlePeer(w http.ResponseWriter, r *http.Request) {
 		h.updatePeer(account, peer, w, r)
 		return
 	case http.MethodGet:
-		writeJSONObject(w, toPeerResponse(peer, account))
+		writeJSONObject(w, toPeerResponse(&server.PeerInfo{Peer: peer}, account))
 		return
 
 	default:
@@ -93,8 +93,11 @@ func (h *Peers) HandlePeer(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Peers) GetPeers(w http.ResponseWriter, r *http.Request) {
-	switch r.Method {
+
-	case http.MethodGet:
+	if r.Method != http.MethodGet {
+		http.Error(w, "", http.StatusNotFound)
+	}
+
 	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
 	if err != nil {
 		log.Error(err)
@@ -102,18 +105,22 @@ func (h *Peers) GetPeers(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	peers, err := h.accountManager.GetPeers(account.Id)
+	if err != nil {
+		log.Error(err)
+		http.Redirect(w, r, "/", http.StatusInternalServerError)
+		return
+	}
+
 	respBody := []*api.Peer{}
-		for _, peer := range account.Peers {
+	for _, peer := range peers {
 		respBody = append(respBody, toPeerResponse(peer, account))
 	}
 	writeJSONObject(w, respBody)
 	return
-	default:
-		http.Error(w, "", http.StatusNotFound)
-	}
 }
 
-func toPeerResponse(peer *server.Peer, account *server.Account) *api.Peer {
+func toPeerResponse(peer *server.PeerInfo, account *server.Account) *api.Peer {
 	var groupsInfo []api.GroupMinimum
 	groupsChecked := make(map[string]struct{})
 	for _, group := range account.Groups {
@@ -123,7 +130,7 @@ func toPeerResponse(peer *server.Peer, account *server.Account) *api.Peer {
 		}
 		groupsChecked[group.ID] = struct{}{}
 		for _, pk := range group.Peers {
-			if pk == peer.Key {
+			if pk == peer.Peer.Key {
 				info := api.GroupMinimum{
 					Id:         group.ID,
 					Name:       group.Name,
@@ -134,15 +141,26 @@ func toPeerResponse(peer *server.Peer, account *server.Account) *api.Peer {
 			}
 		}
 	}
-	return &api.Peer{
+	resp := &api.Peer{
-		Id:         peer.IP.String(),
+		Id:         peer.Peer.IP.String(),
-		Name:       peer.Name,
+		Name:       peer.Peer.Name,
-		Ip:         peer.IP.String(),
+		Ip:         peer.Peer.IP.String(),
-		Connected:  peer.Status.Connected,
+		Connected:  peer.Peer.Status.Connected,
-		LastSeen:   peer.Status.LastSeen,
+		LastSeen:   peer.Peer.Status.LastSeen,
-		Os:         fmt.Sprintf("%s %s", peer.Meta.OS, peer.Meta.Core),
+		Os:         fmt.Sprintf("%s %s", peer.Peer.Meta.OS, peer.Peer.Meta.Core),
-		Version:    peer.Meta.WtVersion,
+		Version:    peer.Peer.Meta.WtVersion,
 		Groups:     groupsInfo,
-		SshEnabled: peer.SSHEnabled,
+		SshEnabled: peer.Peer.SSHEnabled,
+		HostName:   &peer.Peer.Meta.Hostname,
 	}
+
+	if peer.UserInfo != nil {
+		resp.User = &api.UserMinimum{
+			Email: &peer.UserInfo.Email,
+			Id:    &peer.UserInfo.ID,
+			Name:  &peer.UserInfo.Name,
+		}
+	}
+
+	return resp
 }

management/server/http/users.go

@@ -45,7 +45,7 @@ func (h *UserHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	userID := vars["id"]
 	if len(userID) == 0 {
-		http.Error(w, "invalid key Id", http.StatusBadRequest)
+		http.Error(w, "invalid user ID", http.StatusBadRequest)
 		return
 	}
 
@@ -56,8 +56,15 @@ func (h *UserHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	userRole := server.StrRoleToUserRole(req.Role)
+	if userRole == server.UserRoleUnknown {
+		http.Error(w, "invalid user role", http.StatusBadRequest)
+		return
+	}
+
 	newUser, err := h.accountManager.SaveUser(account.Id, &server.User{
 		Id:         userID,
+		Role:       userRole,
 		AutoGroups: req.AutoGroups,
 	})
 	if err != nil {
@@ -85,9 +92,11 @@ func (h *UserHandler) GetUsers(w http.ResponseWriter, r *http.Request) {
 	account, err := getJWTAccount(h.accountManager, h.jwtExtractor, h.authAudience, r)
 	if err != nil {
 		log.Error(err)
+		http.Redirect(w, r, "/", http.StatusInternalServerError)
+		return
 	}
 
-	data, err := h.accountManager.GetUsersFromAccount(account.Id)
+	data, err := h.accountManager.GetUsers(account.Id)
 	if err != nil {
 		log.Error(err)
 		http.Redirect(w, r, "/", http.StatusInternalServerError)

management/server/mock_server/account_mock.go

@@ -60,7 +60,7 @@ func (am *MockAccountManager) GetUsersFromAccount(accountID string) ([]*server.U
 	if am.GetUsersFromAccountFunc != nil {
 		return am.GetUsersFromAccountFunc(accountID)
 	}
-	return nil, status.Errorf(codes.Unimplemented, "method GetUsersFromAccount is not implemented")
+	return nil, status.Errorf(codes.Unimplemented, "method GetUsers is not implemented")
 }
 
 // GetOrCreateAccountByUser mock implementation of GetOrCreateAccountByUser from server.AccountManager interface

management/server/peer.go

@@ -31,6 +31,12 @@ type PeerStatus struct {
 	Connected bool
 }
 
+// PeerInfo is a composition of Peer and additional UserInfo
+type PeerInfo struct {
+	Peer     *Peer
+	UserInfo *UserInfo
+}
+
 // Peer represents a machine connected to the network.
 // The Peer is a Wireguard peer identified by a public key
 type Peer struct {
@@ -68,6 +74,44 @@ func (p *Peer) Copy() *Peer {
 	}
 }
 
+// GetPeers returns a list of Peers belonging to the specified account
+func (am *DefaultAccountManager) GetPeers(accountID string) ([]*PeerInfo, error) {
+	am.mux.Lock()
+	defer am.mux.Unlock()
+
+	account, err := am.Store.GetAccount(accountID)
+	if err != nil {
+		return nil, status.Errorf(codes.NotFound, "account not found")
+	}
+
+	users, err := am.getUsersInfos(account)
+	if err != nil {
+		return nil, err
+	}
+
+	var userMap = make(map[string]*UserInfo)
+	for _, user := range users {
+		userMap[user.ID] = user
+	}
+
+	var peerInfos []*PeerInfo
+	for _, peer := range account.Peers {
+		if peer.UserID == "" {
+			peerInfos = append(peerInfos, &PeerInfo{
+				Peer:     peer,
+				UserInfo: nil,
+			})
+		} else {
+			peerInfos = append(peerInfos, &PeerInfo{
+				Peer:     peer.Copy(),
+				UserInfo: userMap[peer.UserID],
+			})
+		}
+	}
+
+	return peerInfos, nil
+}
+
 // GetPeer returns a peer from a Store
 func (am *DefaultAccountManager) GetPeer(peerKey string) (*Peer, error) {
 	am.mux.Lock()

management/server/user.go

@@ -13,8 +13,21 @@ import (
 const (
 	UserRoleAdmin   UserRole = "admin"
 	UserRoleUser    UserRole = "user"
+	UserRoleUnknown UserRole = "unknown"
 )
 
+// StrRoleToUserRole returns UserRole for a given strRole or UserRoleUnknown if the specified role is unknown
+func StrRoleToUserRole(strRole string) UserRole {
+	switch strings.ToLower(strRole) {
+	case "admin":
+		return UserRoleAdmin
+	case "user":
+		return UserRoleUser
+	default:
+		return UserRoleUnknown
+	}
+}
+
 // UserRole is the role of the User
 type UserRole string
 
@@ -116,6 +129,7 @@ func (am *DefaultAccountManager) SaveUser(accountID string, update *User) (*User
 	// only auto groups, revoked status, and name can be updated for now
 	newUser := oldUser.Copy()
 	newUser.AutoGroups = update.AutoGroups
+	newUser.Role = update.Role
 
 	account.Users[newUser.Id] = newUser
 
@@ -193,16 +207,11 @@ func (am *DefaultAccountManager) IsUserAdmin(claims jwtclaims.AuthorizationClaim
 	return user.Role == UserRoleAdmin, nil
 }
 
-// GetUsersFromAccount performs a batched request for users from IDP by account ID
+func (am *DefaultAccountManager) getUsersInfos(account *Account) ([]*UserInfo, error) {
-func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserInfo, error) {
+	var err error
-	account, err := am.GetAccountById(accountID)
-	if err != nil {
-		return nil, err
-	}
-
 	queriedUsers := make([]*idp.UserData, 0)
 	if !isNil(am.idpManager) {
-		queriedUsers, err = am.lookupCache(account.Users, accountID)
+		queriedUsers, err = am.lookupCache(account.Users, account.Id)
 		if err != nil {
 			return nil, err
 		}
@@ -235,3 +244,12 @@ func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserI
 
 	return userInfos, nil
 }
+
+// GetUsers performs a batched request for users from IDP by account ID
+func (am *DefaultAccountManager) GetUsers(accountID string) ([]*UserInfo, error) {
+	account, err := am.GetAccountById(accountID)
+	if err != nil {
+		return nil, err
+	}
+	return am.getUsersInfos(account)
+}