Fix WireGuard config and LDAP saving bugs (#2827)

* fix displaying configs for mfa locations, fix downloading configs

* send location mfa mode

* dont show button if no locations viable

* fix

* fix

Author: t-aleksander

…dd8c19286c201303bf2eb1dd0c3c004cad0.json …c7a62ac4c807dd36a025611d71cc8d11919.json.sqlx/query-27458fd8de7671429d382e5e27b71dd8c19286c201303bf2eb1dd0c3c004cad0.json renamed to .sqlx/query-e2d5bb28064afd6169f6078dc06edc7a62ac4c807dd36a025611d71cc8d11919.json .sqlx/query-27458fd8de7671429d382e5e27b71dd8c19286c201303bf2eb1dd0c3c004cad0.json renamed to .sqlx/query-e2d5bb28064afd6169f6078dc06edc7a62ac4c807dd36a025611d71cc8d11919.json

@@ -232,6 +232,7 @@ pub struct UserDeviceNetworkInfo {
     pub last_connected_ip: Option<String>,
     pub last_connected_at: Option<NaiveDateTime>,
     pub is_active: bool,
+    pub location_mfa_mode: LocationMfaMode,
 }
 
 impl UserDevice {
@@ -242,7 +243,8 @@ impl UserDevice {
 	            wnd.wireguard_ips \"device_wireguard_ips: Vec<IpAddr>\", \
 				latest_successful_stats.endpoint \"device_endpoint?\", \
 	            latest_successful_session.connected_at \"last_connected_at?\", \
-	            latest_successful_session.state \"state?: VpnClientSessionState\" \
+	            latest_successful_session.state \"state?: VpnClientSessionState\", \
+                n.location_mfa_mode \"location_mfa_mode: LocationMfaMode\" \
             FROM wireguard_network_device wnd \
             JOIN wireguard_network n ON n.id = wnd.wireguard_network_id \
             LEFT JOIN LATERAL ( \
@@ -297,6 +299,7 @@ impl UserDevice {
                     last_connected_ip: device_ip,
                     last_connected_at: r.last_connected_at,
                     is_active,
+                    location_mfa_mode: r.location_mfa_mode,
                 }
             })
             .collect::<Vec<_>>();

crates/defguard_common/src/db/models/device.rs

@@ -15,7 +15,7 @@ use defguard_common::{
         models::{
             Device, DeviceConfig, DeviceType, Settings, User, WireguardNetwork,
             device::{DeviceInfo, WireguardNetworkDevice},
-            wireguard::NetworkAddressError,
+            wireguard::{LocationMfaMode, NetworkAddressError},
         },
     },
     utils::{SplitIp, split_ip},
@@ -120,6 +120,7 @@ pub(crate) struct DeviceWireGuardConfig {
     pub(crate) network_id: Id,
     pub(crate) network_name: String,
     pub(crate) config: String,
+    pub(crate) location_mfa_mode: LocationMfaMode,
 }
 
 /// For a given device, retrieve all WireGuard configuations for all networks.
@@ -162,6 +163,7 @@ pub(crate) async fn network_device_configs(
             network_id: network.id,
             network_name: network.name,
             config,
+            location_mfa_mode: network.location_mfa_mode.clone(),
         };
         result.push(device_config);
     }

crates/defguard_core/src/handlers/network_devices.rs

@@ -1395,6 +1395,7 @@ pub(crate) async fn user_device_configs(
             network_id: location.id,
             network_name: location.name,
             config,
+            location_mfa_mode: location.location_mfa_mode.clone(),
         });
     }
 

crates/defguard_core/src/handlers/wireguard.rs

@@ -16,7 +16,7 @@ import { orderBy } from 'lodash-es';
 import { useCallback, useMemo, useState } from 'react';
 import { m } from '../../paraglide/messages';
 import api from '../../shared/api/api';
-import type { Device, User } from '../../shared/api/types';
+import { type Device, LocationMfaMode, type User } from '../../shared/api/types';
 import { useSelectionModal } from '../../shared/components/modals/SelectionModal/useSelectionModal';
 import type { SelectionOption } from '../../shared/components/SelectionSection/type';
 import { TableValuesListCell } from '../../shared/components/TableValuesListCell/TableValuesListCell';
@@ -558,7 +558,7 @@ export const UsersTable = () => {
         },
       ];
 
-      if (device.networks.length > 0) {
+      if (device.networks.some((n) => n.location_mfa_mode === LocationMfaMode.Disabled)) {
         items.push({
           text: m.profile_devices_menu_show_config(),
           onClick: () => {

web/src/pages/UsersOverviewPage/UsersTable.tsx

@@ -197,7 +197,7 @@ const PageForm = () => {
       onSubmit: formSchema,
       onChange: formSchema,
     },
-    onSubmit: async ({ value }) => {
+    onSubmit: async ({ value, formApi }) => {
       const licenseCheckRes = canUseBusinessFeature(licenseInfo);
       if (!licenseCheckRes.result) {
         openModal(ModalName.UpgradeBusiness);
@@ -219,6 +219,7 @@ const PageForm = () => {
               .filter(Boolean)
           : [],
       });
+      formApi.reset(value);
     },
   });
 

web/src/pages/settings/SettingsLdapPage/SettingsLdapPage.tsx

@@ -13,7 +13,7 @@ import orderBy from 'lodash-es/orderBy';
 import { useCallback, useMemo } from 'react';
 import { m } from '../../../../../../../paraglide/messages';
 import api from '../../../../../../../shared/api/api';
-import type { UserDevice } from '../../../../../../../shared/api/types';
+import { LocationMfaMode, type UserDevice } from '../../../../../../../shared/api/types';
 import { useAddUserDeviceModal } from '../../../../../../../shared/components/modals/AddUserDeviceModal/store/useAddUserDeviceModal';
 import { Badge } from '../../../../../../../shared/defguard-ui/components/Badge/Badge';
 import { Button } from '../../../../../../../shared/defguard-ui/components/Button/Button';
@@ -158,7 +158,7 @@ const DevicesTable = ({ rowData }: { rowData: RowData[] }) => {
           },
         });
       }
-      if (row.networks.length > 0) {
+      if (row.networks.some((n) => n.location_mfa_mode === LocationMfaMode.Disabled)) {
         items.push({
           text: m.profile_devices_menu_show_config(),
           onClick: () => {

web/src/pages/user-profile/UserProfilePage/tabs/ProfileDevicesTab/components/ProfileDevicesTable/ProfileDevicesTable.tsx

@@ -330,6 +330,7 @@ export interface DeviceNetworkInfo {
   network_name: string;
   last_connected_at?: string;
   last_connected_ip?: string;
+  location_mfa_mode: LocationMfaModeValue;
 }
 
 export interface Device {
@@ -540,6 +541,7 @@ export interface AddDeviceResponseConfig {
   network_id: number;
   network_name: string;
   config: string;
+  location_mfa_mode: LocationMfaModeValue;
 }
 
 export interface AddDeviceResponse {

web/src/shared/api/types.ts

@@ -1,4 +1,5 @@
 import type { AddDeviceResponse, AddDeviceResponseConfig } from '../../api/types';
+import { LocationMfaMode } from '../../api/types';
 import './style.scss';
 import { ZipArchive } from '@shortercode/webzip';
 import { useCallback, useMemo, useState } from 'react';
@@ -23,8 +24,11 @@ const configToOption = (
   value: item,
 });
 
+const configToLocationName = (item: AddDeviceResponseConfig): string =>
+  item.network_name.toLowerCase().replaceAll(' ', '-');
+
 const configToFilename = (item: AddDeviceResponseConfig): string =>
-  `${item.network_name.toLowerCase().replaceAll(' ', '-')}.txt`;
+  `${configToLocationName(item)}.conf`;
 
 type Props = { data: AddDeviceResponse; privateKey?: string };
 
@@ -33,9 +37,9 @@ export const ModalDeviceConfigSection = ({ data: response, privateKey }: Props)
   const { writeToClipboard } = useClipboard();
   const selectOptions = useMemo(
     () =>
-      response.configs.map(
-        (item): SelectOption<AddDeviceResponseConfig> => configToOption(item),
-      ),
+      response.configs
+        .filter((item) => item.location_mfa_mode === LocationMfaMode.Disabled)
+        .map((item): SelectOption<AddDeviceResponseConfig> => configToOption(item)),
     [response.configs],
   );
   const [selectedOption, setSelected] =
@@ -58,19 +62,23 @@ export const ModalDeviceConfigSection = ({ data: response, privateKey }: Props)
   }, [selectedOption, privateKey]);
 
   const handleDownloadSelected = useCallback(() => {
-    downloadText(clipboardConfig, 'conf');
-  }, [clipboardConfig]);
+    if (!selectedOption) return;
+    downloadText(clipboardConfig, configToLocationName(selectedOption.value), 'conf');
+  }, [clipboardConfig, selectedOption]);
 
   const handleDownloadAll = useCallback(async () => {
     if (!response) return;
+    const nonMfaConfigs = response.configs.filter(
+      (c) => c.location_mfa_mode === LocationMfaMode.Disabled,
+    );
     let data: AddDeviceResponseConfig[] = [];
     if (isPresent(privateKey)) {
-      data = response.configs.map((c) => ({
+      data = nonMfaConfigs.map((c) => ({
         ...c,
         config: c.config.replace('YOUR_PRIVATE_KEY', privateKey as string),
       }));
     } else {
-      data = response.configs;
+      data = nonMfaConfigs;
     }
     const zip = new ZipArchive();
     for (const item of data) {