bump version (again)

feat: single sign-on https://github.com/amidaware/tacticalrmm/issues/508

.github/workflows/build-release.yml

@@ -15,7 +15,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: "20.11.1"
+          node-version: "20.18.0"
 
       - run: touch env-config.js
 

.github/workflows/frontend-linting.yml

@@ -9,11 +9,11 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: "20.18.0"
       - run: npm install
 
       - name: Run Prettier formatting

package.json

@@ -1,6 +1,6 @@
 {
   "name": "web",
-  "version": "0.101.46",
+  "version": "0.101.52",
   "private": true,
   "productName": "Tactical RMM",
   "scripts": {
@@ -10,38 +10,38 @@
     "format": "prettier --write \"**/*.{js,ts,vue,,html,md,json}\" --ignore-path .gitignore"
   },
   "dependencies": {
-    "@quasar/extras": "1.16.12",
-    "@vueuse/core": "10.11.0",
-    "@vueuse/integrations": "10.11.0",
-    "@vueuse/shared": "10.11.0",
-    "apexcharts": "3.49.2",
-    "axios": "1.7.2",
+    "@quasar/extras": "1.16.13",
+    "@vueuse/core": "11.2.0",
+    "@vueuse/integrations": "11.2.0",
+    "@vueuse/shared": "11.2.0",
+    "apexcharts": "3.54.1",
+    "axios": "1.7.7",
     "dotenv": "16.4.5",
     "monaco-editor": "0.50.0",
-    "pinia": "2.1.7",
-    "qrcode": "1.5.3",
-    "quasar": "2.16.5",
-    "vue": "3.4.31",
-    "vue-router": "4.4.0",
-    "vue3-apexcharts": "1.5.3",
+    "pinia": "2.2.6",
+    "qrcode": "1.5.4",
+    "quasar": "2.17.2",
+    "vue": "3.5.12",
+    "vue-router": "4.4.5",
+    "vue3-apexcharts": "1.7.0",
     "vuedraggable": "4.1.0",
     "vuex": "4.1.0",
     "@xterm/xterm": "5.5.0",
     "@xterm/addon-fit": "0.10.0",
-    "yaml": "2.4.5"
+    "yaml": "2.6.0"
   },
   "devDependencies": {
     "@intlify/unplugin-vue-i18n": "4.0.0",
-    "@quasar/app-vite": "1.9.3",
+    "@quasar/app-vite": "1.10.2",
     "@quasar/cli": "2.4.1",
-    "@types/node": "20.14.10",
+    "@types/node": "22.7.5",
     "@typescript-eslint/eslint-plugin": "7.16.0",
     "@typescript-eslint/parser": "7.16.0",
-    "autoprefixer": "10.4.19",
+    "autoprefixer": "10.4.20",
     "eslint": "8.57.0",
     "eslint-config-prettier": "9.1.0",
     "eslint-plugin-vue": "8.7.1",
-    "prettier": "3.2.5",
-    "typescript": "5.5.3"
+    "prettier": "3.3.3",
+    "typescript": "5.6.2"
   }
 }

quasar.config.js

@@ -8,6 +8,7 @@
 // Configuration for your app
 // https://v2.quasar.dev/quasar-cli-vite/quasar-config-js
 
+const { mergeConfig } = require("vite");
 const { configure } = require("quasar/wrappers");
 const path = require("path");
 require("dotenv").config();
@@ -78,9 +79,22 @@ module.exports = configure(function (/* ctx */) {
       // polyfillModulePreload: true,
       distDir: "dist/",
 
-      // extendViteConf (viteConf) {},
+      /* eslint-disable quotes */
+      // eslint-disable-next-line @typescript-eslint/no-unused-vars
+      extendViteConf(viteConf, { isServer, isClient }) {
+        viteConf.build = mergeConfig(viteConf.build, {
+          chunkSizeWarningLimit: 1600,
+          rollupOptions: {
+            output: {
+              entryFileNames: `[hash].js`,
+              chunkFileNames: `[hash].js`,
+              assetFileNames: `[hash].[ext]`,
+            },
+          },
+        });
+      },
+      /* eslint-enable quotes */
       // viteVuePluginOptions: {},
-
       // vitePlugins: []
     },
 

src/api/accounts.js

@@ -31,6 +31,34 @@ export async function resetTwoFactor() {
   }
 }
 
+// sessions api
+export async function fetchUserSessions(id) {
+  try {
+    const { data } = await axios.get(`${baseUrl}/users/${id}/sessions/`);
+    return data;
+  } catch (e) {
+    console.error(e);
+  }
+}
+
+export async function deleteAllUserSessions(id) {
+  try {
+    const { data } = await axios.delete(`${baseUrl}/users/${id}/sessions/`);
+    return data;
+  } catch (e) {
+    console.error(e);
+  }
+}
+
+export async function deleteUserSession(id) {
+  try {
+    const { data } = await axios.delete(`${baseUrl}/sessions/${id}/`);
+    return data;
+  } catch (e) {
+    console.error(e);
+  }
+}
+
 // role api function
 export async function fetchRoles(params = {}) {
   try {

src/api/core.ts

@@ -8,8 +8,15 @@ import type {
   TestRunURLActionResponse,
 } from "@/types/core/urlactions";
 
+import type { CoreSetting } from "@/types/core/settings";
+
 const baseUrl = "/core";
 
+export async function fetchCoreSettings(params = {}): Promise<CoreSetting> {
+  const { data } = await axios.get("/core/settings/", { params: params });
+  return data;
+}
+
 export async function fetchDashboardInfo(params = {}) {
   const { data } = await axios.get(`${baseUrl}/dashinfo/`, { params: params });
   return data;

src/boot/axios.js

@@ -21,6 +21,7 @@ export function setErrorMessage(data, message) {
 
 export default function ({ app, router }) {
   app.config.globalProperties.$axios = axios;
+  axios.defaults.withCredentials = true;
 
   axios.interceptors.request.use(
     function (config) {
@@ -65,12 +66,20 @@ export default function ({ app, router }) {
       // perms
       else if (error.response.status === 403) {
         // don't notify user if method is GET
-        if (error.config.method === "get" || error.config.method === "patch")
+        if (
+          error.config.method === "get" ||
+          error.config.method === "patch" ||
+          error.config.url === "accounts/ssoproviders/token/"
+        )
           return Promise.reject({ ...error });
         text = error.response.data.detail;
       }
       // catch all for other 400 error messages
-      else if (error.response.status >= 400 && error.response.status < 500) {
+      else if (
+        error.response.status >= 400 &&
+        error.response.status < 500 &&
+        error.response.status !== 423
+      ) {
         if (error.config.responseType === "blob") {
           text = (await error.response.data.text()).replace(/^"|"$/g, "");
         } else if (error.response.data.non_field_errors) {
@@ -85,7 +94,7 @@ export default function ({ app, router }) {
         }
       }
 
-      if (text || error.response) {
+      if ((text || error.response) && error.response.status !== 423) {
         Notify.create({
           color: "negative",
           message: text ? text : "",

src/components/AdminManager.vue

@@ -1,157 +1,202 @@
 <template>
-  <div style="width: 900px; max-width: 90vw">
-    <q-card>
-      <q-bar>
+  <q-card style="width: 65vw; max-width: 70vw; min-height: 50vh">
+    <q-bar>
+      <q-btn
+        ref="refresh"
+        @click="getUsers"
+        class="q-mr-sm"
+        dense
+        flat
+        push
+        icon="refresh"
+      />User Administration
+      <q-space />
+      <q-btn dense flat icon="close" v-close-popup>
+        <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+      </q-btn>
+    </q-bar>
+    <div class="q-pa-md">
+      <div class="q-gutter-sm">
         <q-btn
-          ref="refresh"
-          @click="getUsers"
-          class="q-mr-sm"
+          ref="new"
+          label="New"
           dense
           flat
           push
-          icon="refresh"
-        />User Administration
-        <q-space />
-        <q-btn dense flat icon="close" v-close-popup>
-          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
-        </q-btn>
-      </q-bar>
-      <div class="q-pa-md">
-        <div class="q-gutter-sm">
-          <q-btn
-            ref="new"
-            label="New"
-            dense
-            flat
-            push
-            unelevated
-            no-caps
-            icon="add"
-            @click="showAddUserModal"
-          />
-        </div>
-        <q-table
-          dense
-          :rows="users"
-          :columns="columns"
-          v-model:pagination="pagination"
-          row-key="id"
-          binary-state-sort
-          hide-pagination
-          virtual-scroll
-        >
-          <!-- header slots -->
-          <template v-slot:header-cell-is_active="props">
-            <q-th :props="props" auto-width>
-              <q-icon name="power_settings_new" size="1.5em">
-                <q-tooltip>Enable User</q-tooltip>
-              </q-icon>
-            </q-th>
-          </template>
-
-          <!-- No data Slot -->
-          <template v-slot:no-data>
-            <div class="full-width row flex-center q-gutter-sm">
-              <span v-if="users.length === 0">No Users</span>
-            </div>
-          </template>
-
-          <!-- body slots -->
-          <template v-slot:body="props">
-            <q-tr
-              :props="props"
-              class="cursor-pointer"
-              @dblclick="showEditUserModal(props.row)"
-            >
-              <!-- context menu -->
-              <q-menu context-menu>
-                <q-list dense style="min-width: 200px">
-                  <q-item
-                    clickable
-                    v-close-popup
-                    @click="showEditUserModal(props.row)"
-                  >
-                    <q-item-section side>
-                      <q-icon name="edit" />
-                    </q-item-section>
-                    <q-item-section>Edit</q-item-section>
-                  </q-item>
-                  <q-item
-                    clickable
-                    v-close-popup
-                    @click="deleteUser(props.row)"
-                    :disable="props.row.username === logged_in_user"
-                  >
-                    <q-item-section side>
-                      <q-icon name="delete" />
-                    </q-item-section>
-                    <q-item-section>Delete</q-item-section>
-                  </q-item>
-
-                  <q-separator></q-separator>
-
-                  <q-item
-                    clickable
-                    v-close-popup
-                    @click="ResetPassword(props.row)"
-                    id="context-reset"
-                  >
-                    <q-item-section side>
-                      <q-icon name="autorenew" />
-                    </q-item-section>
-                    <q-item-section>Reset Password</q-item-section>
-                  </q-item>
-
-                  <q-item
-                    clickable
-                    v-close-popup
-                    @click="reset2FA(props.row)"
-                    id="context-reset"
-                  >
-                    <q-item-section side>
-                      <q-icon name="autorenew" />
-                    </q-item-section>
-                    <q-item-section>Reset Two-Factor Auth</q-item-section>
-                  </q-item>
-
-                  <q-separator></q-separator>
-
-                  <q-item clickable v-close-popup>
-                    <q-item-section>Close</q-item-section>
-                  </q-item>
-                </q-list>
-              </q-menu>
-              <!-- enabled checkbox -->
-              <q-td>
-                <q-checkbox
-                  dense
-                  @update:model-value="toggleEnabled(props.row)"
-                  v-model="props.row.is_active"
-                  :disable="props.row.username === logged_in_user"
-                />
-              </q-td>
-              <q-td>{{ props.row.username }}</q-td>
-              <q-td>{{ props.row.first_name }} {{ props.row.last_name }}</q-td>
-              <q-td>{{ props.row.email }}</q-td>
-              <q-td v-if="props.row.last_login">{{
-                formatDate(props.row.last_login)
-              }}</q-td>
-              <q-td v-else>Never</q-td>
-              <q-td>{{ props.row.last_login_ip }}</q-td>
-            </q-tr>
-          </template>
-        </q-table>
+          unelevated
+          no-caps
+          icon="add"
+          @click="showAddUserModal"
+        />
       </div>
-    </q-card>
-  </div>
+      <q-table
+        dense
+        :rows="users"
+        :columns="columns"
+        v-model:pagination="pagination"
+        row-key="id"
+        binary-state-sort
+        hide-pagination
+        virtual-scroll
+      >
+        <!-- header slots -->
+        <template v-slot:header-cell-is_active="props">
+          <q-th :props="props" auto-width>
+            <q-icon name="power_settings_new" size="1.5em">
+              <q-tooltip>Enable User</q-tooltip>
+            </q-icon>
+          </q-th>
+        </template>
+
+        <template v-slot:header-cell-sso="props">
+          <q-th :props="props" auto-width></q-th>
+        </template>
+
+        <!-- No data Slot -->
+        <template v-slot:no-data>
+          <div class="full-width row flex-center q-gutter-sm">
+            <span v-if="users.length === 0">No Users</span>
+          </div>
+        </template>
+
+        <!-- body slots -->
+        <template v-slot:body="props">
+          <q-tr
+            :props="props"
+            class="cursor-pointer"
+            @dblclick="showEditUserModal(props.row)"
+          >
+            <!-- context menu -->
+            <q-menu context-menu>
+              <q-list dense style="min-width: 200px">
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="showEditUserModal(props.row)"
+                >
+                  <q-item-section side>
+                    <q-icon name="edit" />
+                  </q-item-section>
+                  <q-item-section>Edit</q-item-section>
+                </q-item>
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="deleteUser(props.row)"
+                  :disable="props.row.username === logged_in_user"
+                >
+                  <q-item-section side>
+                    <q-icon name="delete" />
+                  </q-item-section>
+                  <q-item-section>Delete</q-item-section>
+                </q-item>
+
+                <q-separator></q-separator>
+
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="ResetPassword(props.row)"
+                  id="context-reset"
+                  :disable="props.row.social_accounts.length !== 0"
+                >
+                  <q-item-section side>
+                    <q-icon name="autorenew" />
+                  </q-item-section>
+                  <q-item-section>Reset Password</q-item-section>
+                </q-item>
+
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="reset2FA(props.row)"
+                  id="context-reset"
+                  :disable="props.row.social_accounts.length !== 0"
+                >
+                  <q-item-section side>
+                    <q-icon name="autorenew" />
+                  </q-item-section>
+                  <q-item-section>Reset Two-Factor Auth</q-item-section>
+                </q-item>
+
+                <q-separator></q-separator>
+
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="showSSOAccounts(props.row)"
+                  id="context-reset"
+                  :disable="props.row.social_accounts.length === 0"
+                >
+                  <q-item-section side>
+                    <q-icon name="groups" />
+                  </q-item-section>
+                  <q-item-section>Show Connected SSO Accounts</q-item-section>
+                </q-item>
+
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="showSessions(props.row)"
+                  id="context-reset"
+                >
+                  <q-item-section side>
+                    <q-icon name="groups" />
+                  </q-item-section>
+                  <q-item-section>Show Active Sessions</q-item-section>
+                </q-item>
+
+                <q-separator></q-separator>
+
+                <q-item clickable v-close-popup>
+                  <q-item-section>Close</q-item-section>
+                </q-item>
+              </q-list>
+            </q-menu>
+            <!-- enabled checkbox -->
+            <q-td>
+              <q-checkbox
+                dense
+                @update:model-value="toggleEnabled(props.row)"
+                v-model="props.row.is_active"
+                :disable="props.row.username === logged_in_user"
+              />
+            </q-td>
+            <q-td>
+              <q-chip
+                v-if="props.row.social_accounts.length > 0"
+                color="primary"
+                dense
+                >SSO</q-chip
+              >
+            </q-td>
+            <q-td>{{ props.row.username }}</q-td>
+            <q-td>{{ props.row.first_name }} {{ props.row.last_name }}</q-td>
+            <q-td>{{ props.row.email }}</q-td>
+            <q-td v-if="props.row.last_login">{{
+              formatDate(props.row.last_login)
+            }}</q-td>
+            <q-td v-else>Never</q-td>
+            <q-td>{{ props.row.last_login_ip }}</q-td>
+          </q-tr>
+        </template>
+      </q-table>
+    </div>
+  </q-card>
 </template>
 
 <script>
 import mixins from "@/mixins/mixins";
 import { computed } from "vue";
-import { mapState, useStore } from "vuex";
+import { useStore } from "vuex";
+import { useQuasar } from "quasar";
+
+import { mapState as piniaMapState } from "pinia";
+import { useAuthStore } from "@/stores/auth";
 import UserForm from "@/components/modals/admin/UserForm.vue";
 import UserResetPasswordForm from "@/components/modals/admin/UserResetPasswordForm.vue";
+import SSOAccountsTable from "@/ee/sso/components/SSOAccountsTable.vue";
+import UserSessionsTable from "@/components/accounts/UserSessionsTable.vue";
 
 export default {
   name: "AdminManager",
@@ -161,8 +206,30 @@ export default {
     const store = useStore();
     const formatDate = computed(() => store.getters.formatDate);
 
+    const $q = useQuasar();
+
+    function showSSOAccounts(user) {
+      $q.dialog({
+        component: SSOAccountsTable,
+        componentProps: {
+          user,
+        },
+      });
+    }
+
+    async function showSessions(user) {
+      $q.dialog({
+        component: UserSessionsTable,
+        componentProps: {
+          user,
+        },
+      });
+    }
+
     return {
       formatDate,
+      showSSOAccounts,
+      showSessions,
     };
   },
   data() {
@@ -175,6 +242,13 @@ export default {
           field: "is_active",
           align: "left",
         },
+        {
+          name: "sso",
+          label: "",
+          field: "sso",
+          align: "left",
+          sortable: true,
+        },
         {
           name: "username",
           label: "Username",
@@ -316,7 +390,7 @@ export default {
     },
   },
   computed: {
-    ...mapState({
+    ...piniaMapState(useAuthStore, {
       logged_in_user: (state) => state.username,
     }),
   },

src/components/AgentTable.vue

@@ -46,6 +46,9 @@
       <template v-slot:header-cell-plat="props">
         <q-th auto-width :props="props"></q-th>
       </template>
+      <template v-slot:header-cell-mon-type="props">
+        <q-th auto-width :props="props"></q-th>
+      </template>
       <template v-slot:header-cell-checks-status="props">
         <q-th :props="props">
           <q-icon name="fas fa-check-double" size="1.2em">
@@ -206,6 +209,20 @@
             </q-icon>
           </q-td>
 
+          <q-td key="mon-type" :props="props">
+            <q-icon
+              v-if="props.row.monitoring_type === 'server'"
+              name="dns"
+              size="sm"
+              color="primary"
+            >
+              <q-tooltip>Server</q-tooltip>
+            </q-icon>
+            <q-icon v-else name="computer" size="sm" color="primary">
+              <q-tooltip>Workstation</q-tooltip>
+            </q-icon>
+          </q-td>
+
           <q-td key="checks-status" :props="props">
             <q-icon
               v-if="props.row.maintenance_mode"

src/components/accounts/RolesForm.vue

@@ -151,6 +151,14 @@
                 v-model="localRole.can_edit_core_settings"
                 label="Edit Global Settings"
               />
+              <q-checkbox
+                v-model="localRole.can_view_global_keystore"
+                label="View Global Key Store"
+              />
+              <q-checkbox
+                v-model="localRole.can_edit_global_keystore"
+                label="Edit Global Key Store"
+              />
               <q-checkbox
                 v-model="localRole.can_do_server_maint"
                 label="Do Server Maintenance"
@@ -477,6 +485,8 @@ export default {
           // settings perms
           can_view_core_settings: false,
           can_edit_core_settings: false,
+          can_view_global_keystore: false,
+          can_edit_global_keystore: false,
           can_do_server_maint: false,
           can_code_sign: false,
           can_run_urlactions: false,

src/components/accounts/UserSessionsTable.vue

@@ -0,0 +1,151 @@
+<template>
+  <q-dialog ref="dialogRef" @hide="onDialogHide">
+    <q-card style="width: 60vw; max-width: 90vw; min-height: 40vh">
+      <q-bar>
+        User Sessions for {{ user.username }}
+        <q-space />
+        <q-btn v-close-popup dense flat icon="close">
+          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+        </q-btn>
+      </q-bar>
+      <q-table
+        dense
+        :table-class="{
+          'table-bgcolor': !$q.dark.isActive,
+          'table-bgcolor-dark': $q.dark.isActive,
+        }"
+        :style="{ 'max-height': `${$q.screen.height - 24}px` }"
+        class="tbl-sticky"
+        :rows="sessions"
+        :columns="columns"
+        :loading="loading"
+        :pagination="{ rowsPerPage: 0, sortBy: 'display', descending: true }"
+        row-key="id"
+        binary-state-sort
+        virtual-scroll
+        :rows-per-page-options="[0]"
+      >
+        <template #top>
+          <q-space />
+          <q-btn
+            label="Remove All Sessions"
+            @click="removeAllSessions"
+            size="sm"
+            color="negative"
+          />
+        </template>
+        <template #body="props">
+          <q-tr>
+            <!-- rows -->
+            <td>{{ formatDate(props.row.created) }}</td>
+            <td>{{ formatDate(props.row.expiry) }}</td>
+            <td>
+              <q-btn
+                size="sm"
+                @click="removeSession(props.row)"
+                label="Disconnect"
+                color="negative"
+              ></q-btn>
+            </td>
+          </q-tr>
+        </template>
+      </q-table>
+    </q-card>
+  </q-dialog>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { onMounted, ref } from "vue";
+import { useDialogPluginComponent, useQuasar, type QTableColumn } from "quasar";
+import { notifySuccess } from "@/utils/notify";
+import { formatDate } from "@/utils/format";
+import {
+  fetchUserSessions,
+  deleteAllUserSessions,
+  deleteUserSession,
+} from "@/api/accounts";
+
+//types
+import type { SSOUser } from "@/ee/sso/types/sso";
+import type { AuthToken } from "@/types/accounts";
+
+const columns: QTableColumn[] = [
+  {
+    name: "created",
+    label: "Created",
+    field: "created",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "expiry",
+    label: "Expires",
+    field: "expiry",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "action",
+    label: "",
+    field: "action",
+    align: "left",
+    sortable: true,
+  },
+];
+
+// emits
+defineEmits([...useDialogPluginComponent.emits]);
+
+// props
+const props = defineProps<{
+  user: SSOUser;
+}>();
+
+const { dialogRef, onDialogHide } = useDialogPluginComponent();
+const $q = useQuasar();
+
+const sessions = ref([] as AuthToken[]);
+const loading = ref(false);
+
+function removeSession(token: AuthToken) {
+  $q.dialog({
+    title: `Disconnect session for ${token.user}?`,
+    message: "This user will be signed out immediately.",
+    cancel: true,
+    ok: { label: "Delete", color: "negative" },
+  }).onOk(async () => {
+    loading.value = true;
+    try {
+      await deleteUserSession(token.digest);
+      notifySuccess("Login session deleted successfully");
+    } finally {
+      loading.value = false;
+      await getSessions();
+    }
+  });
+}
+
+function removeAllSessions() {
+  $q.dialog({
+    title: `Disconnect all sessions for ${props.user.username}?`,
+    cancel: true,
+    ok: { label: "Delete", color: "negative" },
+  }).onOk(async () => {
+    loading.value = true;
+    try {
+      await deleteAllUserSessions(props.user.id);
+      notifySuccess("Login sessions deleted successfully");
+    } finally {
+      loading.value = false;
+      onDialogHide();
+    }
+  });
+}
+
+async function getSessions() {
+  sessions.value = await fetchUserSessions(props.user.id);
+}
+
+onMounted(getSessions);
+</script>

src/components/agents/AgentActionMenu.vue

@@ -302,9 +302,9 @@ export default {
     async function getURLActions() {
       menuLoading.value = true;
       try {
-        urlActions.value = (await fetchURLActions()).filter(
-          (action) => action.action_type === "web",
-        );
+        urlActions.value = (await fetchURLActions())
+          .filter((action) => action.action_type === "web")
+          .sort((a, b) => a.name.localeCompare(b.name));
 
         if (urlActions.value.length === 0) {
           notifyWarning(
@@ -312,8 +312,11 @@ export default {
           );
           return;
         }
-      } catch (e) {}
-      menuLoading.value = true;
+      } catch (e) {
+        console.error(e);
+      } finally {
+        menuLoading.value = false;
+      }
     }
 
     function showSendCommand(agent) {

src/components/agents/AutomatedTasksTab.vue

@@ -295,7 +295,12 @@
           </q-td>
           <q-td v-else></q-td>
           <!-- name -->
-          <q-td>{{ props.row.name }}</q-td>
+          <q-td
+            >{{ props.row.name
+            }}<q-tooltip v-if="props.row?.win_task_name" :delay="700">{{
+              props.row.win_task_name
+            }}</q-tooltip></q-td
+          >
           <!-- sync status -->
           <q-td v-if="props.row.task_result.sync_status === 'notsynced'"
             >Will sync on next agent checkin</q-td

src/components/agents/ChecksTab.vue

@@ -370,7 +370,13 @@
               style="cursor: pointer; text-decoration: underline"
               class="text-primary"
               @click="showPingInfo(props.row)"
-              >Last Output</span
+              >{{
+                grep(props.row.check_result.more_info, [
+                  "transmitted",
+                  "received",
+                  "packet loss",
+                ])
+              }}</span
             >
             <span
               v-else-if="
@@ -379,7 +385,7 @@
               style="cursor: pointer; text-decoration: underline"
               class="text-primary"
               @click="showScriptOutput(props.row.check_result)"
-              >Last Output</span
+              >{{ processOutput(props.row.check_result) }}</span
             >
             <span
               v-else-if="
@@ -392,7 +398,9 @@
             >
             <span
               v-else-if="
-                props.row.check_type === 'diskspace' ||
+                ['diskspace', 'cpuload', 'memory'].includes(
+                  props.row.check_type,
+                ) ||
                 (props.row.check_type === 'winsvc' && props.row.check_result.id)
               "
               >{{ props.row.check_result.more_info }}</span
@@ -510,6 +518,40 @@ export default {
       descending: false,
     });
 
+    // TODO this will break when we add translations
+    function grep(text, stringsToMatch) {
+      try {
+        const lines = text.split("\n");
+        const matched = [];
+
+        for (const line of lines) {
+          if (stringsToMatch.every((str) => line.includes(str))) {
+            matched.push(line);
+          }
+        }
+
+        return matched.length > 0 ? matched.join("\n") : "Last Output";
+      } catch (e) {
+        console.error(e);
+        return "Last Output";
+      }
+    }
+
+    function processOutput(result) {
+      try {
+        if (result.stdout && result.stdout.trim() !== "") {
+          return result.stdout.substring(0, 60);
+        } else if (result.stderr && result.stderr.trim() !== "") {
+          return result.stderr.substring(0, 60);
+        } else {
+          return "Last Output";
+        }
+      } catch (e) {
+        console.error(e);
+        return "Last Output";
+      }
+    }
+
     function getAlertSeverity(check) {
       if (check.check_result.alert_severity) {
         return check.check_result.alert_severity;
@@ -707,6 +749,8 @@ export default {
       getAlertSeverity,
       runChecks,
       resetAllChecks,
+      grep,
+      processOutput,
 
       // dialogs
       showScriptOutput,

src/components/agents/remotebg/ProcessManager.vue

@@ -17,70 +17,85 @@
     :loading="loading"
   >
     <template v-slot:top>
-      <q-btn
-        v-if="isPolling"
-        dense
-        flat
-        push
-        @click="stopPoll"
-        icon="stop"
-        label="Stop Live Refresh"
-      />
-      <q-btn
-        v-else
-        dense
-        flat
-        push
-        @click="startPoll"
-        icon="play_arrow"
-        label="Resume Live Refresh"
-      />
-
-      <q-space />
-
-      <div class="q-pa-md q-gutter-sm">
+      <div class="q-gutter-md flex flex-center items-center">
         <q-btn
-          :disable="pollInterval === 1"
+          v-if="isPolling"
           dense
-          @click="pollIntervalChanged('subtract')"
+          flat
           push
-          icon="remove"
-          size="sm"
-          color="grey"
+          @click="stopPoll"
+          icon="stop"
+          label="Stop Live Refresh"
         />
         <q-btn
+          v-else
           dense
+          flat
           push
-          icon="add"
-          size="sm"
-          color="grey"
-          @click="pollIntervalChanged('add')"
+          @click="startPoll"
+          icon="play_arrow"
+          label="Resume Live Refresh"
         />
-      </div>
-      <div class="text-overline">
-        <q-badge
-          align="middle"
-          size="sm"
-          class="text-h6"
-          color="blue"
-          :label="pollInterval"
-        />
-        Refresh interval (seconds)
-      </div>
 
-      <q-space />
-      <q-input v-model="filter" outlined label="Search" dense clearable>
-        <template v-slot:prepend>
-          <q-icon name="search" />
-        </template>
-      </q-input>
-      <!-- file download doesn't work so disabling -->
-      <export-table-btn
-        v-show="false"
-        class="q-ml-sm"
-        :columns="columns"
-        :data="processes"
-      />
+        <div class="flex flex-center q-ml-md">
+          <q-icon name="fas fa-microchip" class="q-mr-xs" />
+          <div class="text-caption q-mr-sm">
+            CPU Usage:
+            <span class="text-body1 text-weight-medium"
+              >{{ totalCpuUsage }}%</span
+            >
+          </div>
+
+          <q-icon name="fas fa-memory" class="q-mr-xs" />
+          <div class="text-caption">
+            RAM Usage:
+            <span class="text-body1 text-weight-medium"
+              >{{ bytes2Human(totalRamUsage) }}/{{ total_ram }} GB</span
+            >
+          </div>
+        </div>
+
+        <q-space />
+
+        <div class="q-pa-md q-gutter-sm">
+          <q-btn
+            :disable="pollInterval === 1"
+            dense
+            @click="pollIntervalChanged('subtract')"
+            push
+            icon="remove"
+            size="sm"
+            color="grey"
+          />
+          <q-btn
+            dense
+            push
+            icon="add"
+            size="sm"
+            color="grey"
+            @click="pollIntervalChanged('add')"
+          />
+        </div>
+
+        <div class="text-overline">
+          <q-badge
+            align="middle"
+            size="sm"
+            class="text-h6"
+            color="blue"
+            :label="pollInterval"
+          />
+          Refresh interval (seconds)
+        </div>
+
+        <q-space />
+
+        <q-input v-model="filter" outlined label="Search" dense clearable>
+          <template v-slot:prepend>
+            <q-icon name="search" />
+          </template>
+        </q-input>
+      </div>
     </template>
     <template v-slot:body="props">
       <q-tr :props="props" class="cursor-pointer">
@@ -121,9 +136,6 @@ import {
 import { bytes2Human } from "@/utils/format";
 import { notifySuccess } from "@/utils/notify";
 
-// ui imports
-import ExportTableBtn from "@/components/ui/ExportTableBtn.vue";
-
 const columns = [
   {
     name: "name",
@@ -164,7 +176,6 @@ const columns = [
 ];
 
 export default {
-  components: { ExportTableBtn },
   name: "ProcessManager",
   props: {
     agent_id: !String,
@@ -175,52 +186,71 @@ export default {
     const poll = ref(null);
     const isPolling = computed(() => !!poll.value);
 
-    async function startPoll() {
-      await getProcesses();
-      if (processes.value.length > 0) {
-        refreshProcesses();
-      }
+    function startPoll() {
+      stopPoll();
+      getProcesses();
+      poll.value = setInterval(() => {
+        getProcesses();
+      }, pollInterval.value * 1000);
     }
 
     function stopPoll() {
-      clearInterval(poll.value);
-      poll.value = null;
+      if (poll.value) {
+        clearInterval(poll.value);
+        poll.value = null;
+      }
     }
 
     function pollIntervalChanged(action) {
-      if (action === "subtract" && pollInterval.value <= 1) {
-        stopPoll();
-        startPoll();
-        return;
-      }
       if (action === "add") {
         pollInterval.value++;
-      } else {
+      } else if (action === "subtract" && pollInterval.value > 1) {
         pollInterval.value--;
       }
-      stopPoll();
-      startPoll();
+      if (isPolling.value) {
+        startPoll();
+      }
     }
 
     // process manager logic
     const processes = ref([]);
     const filter = ref("");
-    const memory = ref(null);
+    const total_ram = ref(0);
 
     const loading = ref(false);
 
+    const totalCpuUsage = computed(() => {
+      if (!Array.isArray(processes.value) || processes.value.length === 0) {
+        return "0.00";
+      }
+
+      const total = processes.value.reduce((acc, proc) => {
+        const cpuPercent = parseFloat(proc.cpu_percent);
+
+        if (isNaN(cpuPercent)) {
+          return acc;
+        }
+
+        return acc + cpuPercent;
+      }, 0);
+
+      return total.toFixed(2);
+    });
+
+    const totalRamUsage = computed(() => {
+      return processes.value.reduce((acc, proc) => acc + proc.membytes, 0);
+    });
+
     async function getProcesses() {
       loading.value = true;
-      processes.value = await fetchAgentProcesses(props.agent_id);
+      try {
+        processes.value = await fetchAgentProcesses(props.agent_id);
+      } catch (error) {
+        console.error(error);
+      }
       loading.value = false;
     }
 
-    function refreshProcesses() {
-      poll.value = setInterval(() => {
-        getProcesses(props.agent_id);
-      }, pollInterval.value * 1000);
-    }
-
     async function killProcess(pid) {
       loading.value = true;
       let result = "";
@@ -235,11 +265,8 @@ export default {
 
     // lifecycle hooks
     onMounted(async () => {
-      memory.value = await fetchAgent(props.agent_id).total_ram;
-      await getProcesses();
-      if (processes.value.length > 0) {
-        refreshProcesses();
-      }
+      total_ram.value = (await fetchAgent(props.agent_id)).total_ram;
+      startPoll();
     });
 
     onBeforeUnmount(() => clearInterval(poll.value));
@@ -248,10 +275,12 @@ export default {
       // reactive data
       processes,
       filter,
-      memory,
+      total_ram,
       isPolling,
       pollInterval,
       loading,
+      totalCpuUsage,
+      totalRamUsage,
 
       // non-reactive data
       columns,

src/components/automation/modals/PolicyStatus.vue

@@ -2,6 +2,15 @@
   <q-dialog ref="dialog" @hide="onHide">
     <q-card class="q-dialog-plugin" style="min-width: 70vw">
       <q-bar>
+        <q-btn
+          ref="refresh"
+          @click="refresh"
+          class="q-mr-sm"
+          dense
+          flat
+          push
+          icon="refresh"
+        />
         {{ title.slice(0, 27) }}
         <q-space />
         <q-btn dense flat icon="close" v-close-popup>
@@ -281,6 +290,13 @@ export default {
         },
       });
     },
+    refresh() {
+      if (this.type === "task") {
+        this.getTaskData();
+      } else {
+        this.getCheckData();
+      }
+    },
     show() {
       this.$refs.dialog.show();
     },

src/components/checks/ScriptOutput.vue

@@ -20,12 +20,18 @@
         </div>
         <br />
         <div v-if="scriptInfo.stdout">
-          Standard Output
+          <script-output-copy-clip
+            label="Standard Output"
+            :data="scriptInfo.stdout"
+          />
           <q-separator />
           <pre>{{ scriptInfo.stdout }}</pre>
         </div>
         <div v-if="scriptInfo.stderr">
-          Standard Error
+          <script-output-copy-clip
+            label="Standard Error"
+            :data="scriptInfo.stderr"
+          />
           <q-separator />
           <pre>{{ scriptInfo.stderr }}</pre>
         </div>
@@ -43,8 +49,13 @@ import { computed } from "vue";
 import { useStore } from "vuex";
 import { useDialogPluginComponent } from "quasar";
 
+import ScriptOutputCopyClip from "@/components/scripts/ScriptOutputCopyClip.vue";
+
 export default {
   name: "ScriptOutput",
+  components: {
+    ScriptOutputCopyClip,
+  },
   emits: [...useDialogPluginComponent.emits],
   props: { scriptInfo: !Object },
   setup() {

src/components/modals/admin/UserForm.vue

@@ -116,7 +116,8 @@
 </template>
 
 <script>
-import { mapState } from "vuex";
+import { mapState as piniaMapState } from "pinia";
+import { useAuthStore } from "@/stores/auth";
 import mixins from "@/mixins/mixins";
 
 export default {
@@ -145,7 +146,7 @@ export default {
     title() {
       return this.user ? "Edit User" : "Add User";
     },
-    ...mapState({
+    ...piniaMapState(useAuthStore, {
       logged_in_user: (state) => state.username,
     }),
   },

src/components/modals/agents/BulkAction.vue

@@ -88,7 +88,24 @@
             outlined
             mapOptions
             filterable
-          />
+          >
+            <template v-slot:after>
+              <q-btn
+                size="sm"
+                round
+                dense
+                flat
+                icon="info"
+                @click="openScriptURL"
+              >
+                <q-tooltip
+                  v-if="syntax"
+                  class="bg-white text-primary text-body1"
+                  v-html="formatScriptSyntax(syntax)"
+                />
+              </q-btn>
+            </template>
+          </tactical-dropdown>
         </q-card-section>
         <q-card-section v-if="mode === 'script'" class="q-pt-none">
           <tactical-dropdown
@@ -153,6 +170,39 @@
           </q-checkbox>
         </q-card-section>
 
+        <q-card-section v-if="mode === 'script'" class="q-pt-none">
+          <div class="q-gutter-sm">
+            <q-checkbox
+              label="Save results to Custom Field"
+              v-model="collector"
+              @update:model-value="
+                state.custom_field = null;
+                state.collector_all_output = false;
+              "
+            />
+            <q-checkbox
+              v-model="state.save_to_agent_note"
+              label="Save results to Agent Note"
+            />
+          </div>
+        </q-card-section>
+
+        <q-card-section v-if="mode === 'script' && collector">
+          <tactical-dropdown
+            :rules="[(val) => !!val || '*Required']"
+            outlined
+            v-model="state.custom_field"
+            :options="customFieldOptions"
+            label="Select custom field"
+            mapOptions
+            filterable
+          />
+          <q-checkbox
+            v-model="state.collector_all_output"
+            label="Save all output"
+          />
+        </q-card-section>
+
         <q-card-section v-if="mode === 'script' || mode === 'command'">
           <q-input
             v-model.number="state.timeout"
@@ -218,12 +268,14 @@ import {
   onMounted,
   defineComponent,
 } from "vue";
-import { useDialogPluginComponent } from "quasar";
+import { useDialogPluginComponent, openURL } from "quasar";
 import { useScriptDropdown } from "@/composables/scripts";
 import { useAgentDropdown } from "@/composables/agents";
 import { useClientDropdown, useSiteDropdown } from "@/composables/clients";
+import { useCustomFieldDropdown } from "@/composables/core";
 import { runBulkAction } from "@/api/agents";
 import { notifySuccess } from "@/utils/notify";
+import { formatScriptSyntax } from "@/utils/format";
 import { cmdPlaceholder } from "@/composables/agents";
 import { envVarsLabel, runAsUserToolTip } from "@/constants/constants";
 
@@ -297,11 +349,18 @@ export default defineComponent({
       defaultTimeout,
       defaultArgs,
       defaultEnvVars,
+      syntax,
+      link,
       getScriptOptions,
     } = useScriptDropdown();
     const { agents, agentOptions, getAgentOptions } = useAgentDropdown();
     const { site, siteOptions, getSiteOptions } = useSiteDropdown();
     const { client, clientOptions, getClientOptions } = useClientDropdown();
+    const { customFieldOptions } = useCustomFieldDropdown({ onMount: true });
+
+    function openScriptURL() {
+      link.value ? openURL(link.value) : null;
+    }
 
     // bulk action logic
     const state = reactive({
@@ -312,6 +371,9 @@ export default defineComponent({
       cmd: "",
       shell: "cmd",
       custom_shell: null,
+      custom_field: null,
+      collector_all_output: false,
+      save_to_agent_note: false,
       patchMode: "scan",
       offlineAgents: false,
       client,
@@ -324,6 +386,7 @@ export default defineComponent({
       run_as_user: false,
     });
     const loading = ref(false);
+    const collector = ref(false);
 
     watch(
       () => state.target,
@@ -395,6 +458,8 @@ export default defineComponent({
       state,
       agentOptions,
       clientOptions,
+      collector,
+      customFieldOptions,
       siteOptions,
       filterByPlatformOptions,
       loading,
@@ -408,6 +473,7 @@ export default defineComponent({
       patchModeOptions,
       runAsUserToolTip,
       envVarsLabel,
+      syntax,
 
       //computed
       modalTitle,
@@ -416,6 +482,8 @@ export default defineComponent({
       submit,
       cmdPlaceholder,
       supportsRunAsUser,
+      openScriptURL,
+      formatScriptSyntax,
 
       // quasar dialog plugin
       dialogRef,

src/components/modals/agents/InstallAgent.vue

@@ -137,7 +137,7 @@
             <q-radio
               v-model="goarch"
               :val="GOARCH_ARM64"
-              label="Apple Silicon (M1, M2, M3)"
+              label="Apple Silicon (M-Series)"
               v-show="agentOS === 'darwin'"
             />
             <q-radio

src/components/modals/agents/RunScript.vue

@@ -89,7 +89,7 @@
             new-value-mode="add"
           />
         </q-card-section>
-        <q-card-section>
+        <q-card-section v-if="!state.run_on_server">
           <q-option-group
             v-model="state.output"
             :options="outputOptions"
@@ -140,10 +140,30 @@
           />
           <q-checkbox v-model="state.save_all_output" label="Save all output" />
         </q-card-section>
-        <q-card-section v-if="agent.plat === 'windows'">
-          <q-checkbox v-model="state.run_as_user" label="Run As User">
+        <q-card-section>
+          <q-checkbox
+            v-if="agent.plat === 'windows' && !state.run_on_server"
+            v-model="state.run_as_user"
+            label="Run As User"
+          >
             <q-tooltip>{{ runAsUserToolTip }}</q-tooltip>
           </q-checkbox>
+          <q-checkbox
+            v-if="!hosted"
+            :disable="!server_scripts_enabled"
+            v-model="state.run_on_server"
+            label="Run On Server"
+            @update:model-value="ret = null"
+          >
+            <q-tooltip v-if="!server_scripts_enabled"
+              >Enable server side scripts globally to activate this
+              feature.</q-tooltip
+            >
+            <q-tooltip v-else
+              >Run the script on the Tactical RMM server in the context of this
+              agent.</q-tooltip
+            >
+          </q-checkbox>
         </q-card-section>
         <q-card-section>
           <q-input
@@ -175,7 +195,39 @@
           class="q-pl-md q-pr-md q-pt-none q-ma-none scroll"
           style="max-height: 50vh"
         >
-          <pre>{{ ret }}</pre>
+          <script-output-copy-clip
+            v-if="!state.run_on_server"
+            label="Output"
+            :data="ret"
+          />
+          <q-separator />
+          <pre v-if="!state.run_on_server">{{ ret }}</pre>
+          <q-card-section v-if="state.run_on_server" class="scroll">
+            <div>
+              Run Time:
+              <code>{{ ret.execution_time }} seconds</code>
+              <br />Return Code:
+              <code>{{ ret.retcode }}</code>
+              <br />
+            </div>
+            <br />
+            <div v-if="ret.stdout">
+              <script-output-copy-clip
+                label="Standard Output"
+                :data="ret.stdout"
+              />
+              <q-separator />
+              <pre>{{ ret.stdout }}</pre>
+            </div>
+            <div v-if="ret.stderr">
+              <script-output-copy-clip
+                label="Standard Error"
+                :data="ret.stderr"
+              />
+              <q-separator />
+              <pre>{{ ret.stderr }}</pre>
+            </div>
+          </q-card-section>
         </q-card-section>
       </q-form>
     </q-card>
@@ -184,7 +236,8 @@
 
 <script setup lang="ts">
 // composition imports
-import { ref, watch } from "vue";
+import { computed, ref, watch } from "vue";
+import { useStore } from "vuex";
 import { useDialogPluginComponent, openURL } from "quasar";
 import { useScriptDropdown } from "@/composables/scripts";
 import { useCustomFieldDropdown } from "@/composables/core";
@@ -195,10 +248,18 @@ import { formatScriptSyntax } from "@/utils/format";
 
 //ui imports
 import TacticalDropdown from "@/components/ui/TacticalDropdown.vue";
+import ScriptOutputCopyClip from "@/components/scripts/ScriptOutputCopyClip.vue";
 
 // types
 import type { Agent } from "@/types/agents";
 
+// store
+const store = useStore();
+const hosted = computed(() => store.state.hosted);
+const server_scripts_enabled = computed(
+  () => store.state.server_scripts_enabled,
+);
+
 // static data
 const outputOptions = [
   { label: "Wait for Output", value: "wait" },
@@ -248,6 +309,7 @@ const state = ref({
   env_vars: defaultEnvVars,
   timeout: defaultTimeout,
   run_as_user: false,
+  run_on_server: false,
 });
 
 const ret = ref(null);

src/components/modals/agents/SendCommand.vue

@@ -104,6 +104,9 @@
             type="submit"
           />
         </q-card-actions>
+        <q-card-section v-if="ret !== null"
+          ><script-output-copy-clip label="Output" :data="ret" /> <q-separator
+        /></q-card-section>
         <q-card-section
           v-if="ret !== null"
           class="q-pl-md q-pr-md q-pt-none q-ma-none scroll"
@@ -124,8 +127,13 @@ import { sendAgentCommand } from "@/api/agents";
 import { cmdPlaceholder } from "@/composables/agents";
 import { runAsUserToolTip } from "@/constants/constants";
 
+import ScriptOutputCopyClip from "@/components/scripts/ScriptOutputCopyClip.vue";
+
 export default {
   name: "SendCommand",
+  components: {
+    ScriptOutputCopyClip,
+  },
   emits: [...useDialogPluginComponent.emits],
   props: {
     agent: !Object,

src/components/modals/alerts/AlertsOverview.vue

@@ -249,6 +249,20 @@ export default {
           sortable: true,
           format: (a) => this.formatDate(a),
         },
+        {
+          name: "client",
+          label: "Client",
+          field: "client",
+          align: "left",
+          sortable: true,
+        },
+        {
+          name: "site",
+          label: "Site",
+          field: "site",
+          align: "left",
+          sortable: true,
+        },
         {
           name: "hostname",
           label: "Agent",

src/components/modals/coresettings/CustomFieldsTable.vue

@@ -48,6 +48,7 @@
         <!-- name -->
         <q-td>
           {{ props.row.name }}
+          <q-tooltip :delay="600">ID: {{ props.row.id }}</q-tooltip>
         </q-td>
         <!-- type -->
         <q-td>

src/components/modals/coresettings/EditCoreSettings.vue

@@ -13,6 +13,7 @@
           <q-tab name="webhooks" label="Web Hooks" />
           <q-tab name="retention" label="Retention" />
           <q-tab name="apikeys" label="API Keys" />
+          <q-tab name="sso" label="Single Sign-On (SSO)" />
           <!-- <q-tab name="openai" label="Open AI" /> -->
         </q-tabs>
       </template>
@@ -636,6 +637,11 @@
                 <APIKeysTable />
               </q-tab-panel>
 
+              <!-- sso integration -->
+              <q-tab-panel name="sso">
+                <SSOProvidersTable />
+              </q-tab-panel>
+
               <!-- Open AI -->
               <!-- <q-tab-panel name="openai">
                 <div class="text-subtitle2">Open AI</div>
@@ -685,7 +691,8 @@
               v-show="
                 tab !== 'customfields' &&
                 tab !== 'keystore' &&
-                tab !== 'urlactions'
+                tab !== 'urlactions' &&
+                tab !== 'sso'
               "
               label="Save"
               color="primary"
@@ -722,6 +729,7 @@ import CustomFields from "@/components/modals/coresettings/CustomFields.vue";
 import KeyStoreTable from "@/components/modals/coresettings/KeyStoreTable.vue";
 import URLActionsTable from "@/components/modals/coresettings/URLActionsTable.vue";
 import APIKeysTable from "@/components/core/APIKeysTable.vue";
+import SSOProvidersTable from "@/ee/sso/components/SSOProvidersTable.vue";
 
 export default {
   name: "EditCoreSettings",
@@ -731,7 +739,7 @@ export default {
     KeyStoreTable,
     URLActionsTable,
     APIKeysTable,
-    // ServerTasksTable,
+    SSOProvidersTable,
   },
   mixins: [mixins],
   data() {
@@ -767,6 +775,13 @@ export default {
       return this.$store.state.hosted;
     },
   },
+  watch: {
+    tab(newTab, oldTab) {
+      if (oldTab === "sso") {
+        this.getCoreSettings();
+      }
+    },
+  },
   methods: {
     openURL(url) {
       openURL(url);

src/components/modals/coresettings/KeyStoreForm.vue

@@ -27,8 +27,16 @@
             outlined
             dense
             v-model="localKey.value"
+            :type="isPwd ? 'password' : 'text'"
             :rules="[(val) => !!val || '*Required']"
-          />
+            ><template v-slot:append>
+              <q-icon
+                :name="isPwd ? 'visibility_off' : 'visibility'"
+                class="cursor-pointer"
+                @click="isPwd = !isPwd"
+              />
+            </template>
+          </q-input>
         </q-card-section>
 
         <q-card-actions align="right">
@@ -50,6 +58,7 @@ export default {
   props: { globalKey: Object },
   data() {
     return {
+      isPwd: true,
       localKey: {
         name: "",
         value: "",

src/components/modals/coresettings/KeyStoreTable.vue

@@ -3,6 +3,15 @@
     <div class="row">
       <div class="text-subtitle2">Global Key Store</div>
       <q-space />
+      <q-btn
+        size="sm"
+        color="grey-5"
+        text-color="black"
+        class="q-mr-sm"
+        :label="isPwd ? 'Show values' : 'Hide values'"
+        :icon="isPwd ? 'visibility_off' : 'visibility'"
+        @click="isPwd = !isPwd"
+      />
       <q-btn
         size="sm"
         color="grey-5"
@@ -61,7 +70,7 @@
           </q-td>
           <!-- value -->
           <q-td>
-            {{ props.row.value }}
+            {{ isPwd ? "****" : props.row.value }}
           </q-td>
         </q-tr>
       </template>
@@ -79,6 +88,7 @@ export default {
   data() {
     return {
       keystore: [],
+      isPwd: true,
       pagination: {
         rowsPerPage: 0,
         sortBy: "name",

src/components/modals/coresettings/URLActionsForm.vue

@@ -5,7 +5,10 @@
     @show="loadEditor"
     @before-hide="cleanupEditors"
   >
-    <q-card class="q-dialog-plugin" style="width: 60vw">
+    <q-card
+      class="q-dialog-plugin"
+      :style="`width: ${props.type === 'web' ? 50 : 60}vw; max-width: ${props.type === 'web' ? 60 : 70}vw`"
+    >
       <q-bar>
         {{
           props.action
@@ -71,7 +74,6 @@
 
         <q-card-section v-show="type === 'rest'">
           <q-toolbar>
-            <q-space />
             <q-tabs v-model="tab" dense shrink>
               <q-tab
                 name="body"

src/components/modals/coresettings/UserPreferences.vue

@@ -313,18 +313,19 @@ export default {
     },
     getURLActions() {
       this.$axios.get("/core/urlaction/").then((r) => {
-        if (r.data.length === 0) {
-          this.notifyWarning(
-            "No URL Actions configured. Go to Settings > Global Settings > URL Actions",
-          );
-          return;
-        }
         this.urlActions = r.data
           .filter((action) => action.action_type === "web")
+          .sort((a, b) => a.name.localeCompare(b.name))
           .map((action) => ({
             label: action.name,
             value: action.id,
           }));
+
+        if (this.urlActions.length === 0) {
+          this.notifyWarning(
+            "No URL Actions configured. Go to Settings > Global Settings > URL Actions",
+          );
+        }
       });
     },
     getUserPrefs() {

src/components/scripts/ScriptManager.vue

@@ -539,6 +539,7 @@
               >
                 {{ props.row.name }}
               </q-tooltip>
+              <q-tooltip :delay="600">ID: {{ props.row.id }}</q-tooltip>
             </q-td>
             <!-- args -->
             <q-td key="args" :props="props">

src/components/scripts/ScriptOutputCopyClip.vue

@@ -0,0 +1,26 @@
+<template>
+  <div class="row q-gutter-sm items-center">
+    <div class="col-auto">{{ label }}</div>
+    <div class="col-auto">
+      <q-btn dense flat size="md" icon="content_copy" @click="copyText">
+        <q-tooltip>Copy to Clipboard</q-tooltip>
+      </q-btn>
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { copyOutput } from "@/utils/helpers";
+
+const props = defineProps({
+  label: String,
+  data: {
+    type: String,
+    required: true,
+  },
+});
+
+const copyText = () => {
+  copyOutput(props.data);
+};
+</script>

src/components/scripts/ScriptUploadModal.vue

@@ -42,15 +42,7 @@
         </q-card-section>
 
         <q-card-section>
-          <q-file
-            label="Script Upload"
-            v-model="file"
-            hint="Supported file types: .ps1, .bat, .py, .sh"
-            filled
-            dense
-            counter
-            accept=".ps1, .bat, .py, .sh"
-          >
+          <q-file label="Script Upload" v-model="file" filled dense counter>
             <template v-slot:prepend>
               <q-icon name="attach_file" />
             </template>

src/components/scripts/TestScriptModal.vue

@@ -18,12 +18,12 @@
         </div>
         <br />
         <div v-if="ret.stdout">
-          Standard Output
+          <script-output-copy-clip label="Standard Output" :data="ret.stdout" />
           <q-separator />
           <pre>{{ ret.stdout }}</pre>
         </div>
         <div v-if="ret.stderr">
-          Standard Error
+          <script-output-copy-clip label="Standard Error" :data="ret.stderr" />
           <q-separator />
           <pre>{{ ret.stderr }}</pre>
         </div>
@@ -38,9 +38,13 @@
 import { ref, onMounted } from "vue";
 import { testScript, testScriptOnServer } from "@/api/scripts";
 import { useDialogPluginComponent } from "quasar";
+import ScriptOutputCopyClip from "@/components/scripts/ScriptOutputCopyClip.vue";
 
 export default {
   name: "TestScriptModal",
+  components: {
+    ScriptOutputCopyClip,
+  },
   emits: [...useDialogPluginComponent.emits],
   props: {
     script: !Object,

src/composables/accounts.js

@@ -1,5 +1,5 @@
 import { ref, onMounted } from "vue";
-import { fetchUsers } from "@/api/accounts";
+import { fetchUsers, fetchRoles } from "@/api/accounts";
 import { formatUserOptions } from "@/utils/format";
 
 export function useUserDropdown(onMount = false) {
@@ -44,3 +44,26 @@ export function useUserDropdown(onMount = false) {
     getDynamicUserOptions,
   };
 }
+
+export function useRoleDropdown(opts = {}) {
+  const roleOptions = ref([]);
+  async function getRoleOptions() {
+    const roles = await fetchRoles();
+    roleOptions.value = roles.map((role) => ({
+      value: role.id,
+      label: role.name,
+    }));
+  }
+
+  if (opts.onMount) {
+    onMounted(getRoleOptions);
+  }
+
+  return {
+    //data
+    roleOptions,
+
+    //methods
+    getRoleOptions,
+  };
+}

src/ee/LICENSE.md

@@ -4,7 +4,7 @@ Copyright (c) 2023 Amidaware Inc. All rights reserved.
 
 This Agreement is entered into between the licensee ("You" or the "Licensee") and Amidaware Inc. ("Amidaware") and governs the use of the enterprise features of the Tactical RMM Software (hereinafter referred to as the "Software").
 
-The EE features of the Software, including but not limited to Reporting and White-labeling, are exclusively contained within directories named "ee," "enterprise," or "premium" in Amidaware's repositories, or in any files bearing the EE License header. The use of the Software is also governed by the terms and conditions set forth in the Tactical RMM License, available at https://license.tacticalrmm.com, which terms are incorporated herein by reference.
+The EE features of the Software, including but not limited to SSO (Single Sign-On), Reporting and White-labeling, are exclusively contained within directories named "ee," "enterprise," or "premium" in Amidaware's repositories, or in any files bearing the EE License header. The use of the Software is also governed by the terms and conditions set forth in the Tactical RMM License, available at https://license.tacticalrmm.com, which terms are incorporated herein by reference.
 
 ## License Grant
 

src/ee/sso/api/sso.ts

@@ -0,0 +1,144 @@
+/*
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+*/
+
+import axios from "axios";
+import { getCookie } from "@/ee/sso/utils/cookies";
+import { getBaseUrl } from "@/boot/axios";
+import { useStorage } from "@vueuse/core";
+
+import type {
+  SSOAccount,
+  SSOProvider,
+  SSOSettingsType,
+} from "@/ee/sso/types/sso";
+
+const baseUrl = "accounts";
+
+interface FormData {
+  provider: string;
+  process: string;
+  callback_url: string;
+  csrfmiddlewaretoken: string;
+}
+
+export function getCSRFToken() {
+  return getCookie("csrftoken");
+}
+
+// needed for sso provider redirect
+function postForm(url: string, data: FormData) {
+  const f = document.createElement("form");
+  f.method = "POST";
+  f.action = url;
+
+  for (const key in data) {
+    const d = document.createElement("input");
+    d.type = "hidden";
+    d.name = key;
+    d.value = data[key];
+    f.appendChild(d);
+  }
+  document.body.appendChild(f);
+  f.submit();
+}
+
+// sso providers
+
+export async function fetchSSOProviders(): Promise<SSOProvider[]> {
+  const { data } = await axios.get(`${baseUrl}/ssoproviders/`);
+  return data;
+}
+
+export async function addSSOProvider(payload: SSOProvider) {
+  const { data } = await axios.post(`${baseUrl}/ssoproviders/`, payload);
+  return data;
+}
+
+export async function editSSOProvider(id: number, payload: SSOProvider) {
+  const { data } = await axios.put(`${baseUrl}/ssoproviders/${id}/`, payload);
+  return data;
+}
+
+export async function removeSSOProvider(id: number) {
+  const { data } = await axios.delete(`${baseUrl}/ssoproviders/${id}/`);
+  return data;
+}
+
+export async function fetchSSOSettings(): Promise<SSOSettingsType> {
+  const { data } = await axios.get(`${baseUrl}/ssoproviders/settings/`);
+  return data;
+}
+
+export async function updateSSOSettings(settings: SSOSettingsType) {
+  const { data } = await axios.post(
+    `${baseUrl}/ssoproviders/settings/`,
+    settings,
+  );
+  return data;
+}
+
+export async function getSSOProviderToken() {
+  const { data } = await axios.post(
+    `${baseUrl}/ssoproviders/token/`,
+    {},
+    {
+      headers: { "X-CSRFToken": getCSRFToken() },
+    },
+  );
+  return data;
+}
+
+export async function disconnectSSOAccount(
+  provider: string,
+  account: string,
+): Promise<SSOAccount> {
+  const { data } = await axios.delete(`${baseUrl}/ssoproviders/account/`, {
+    data: { provider, account },
+  });
+  return data;
+}
+
+// allauth
+const allauthBase = "_allauth/browser/v1";
+
+export interface AllAuthResponse<T> {
+  data: T;
+  status: number;
+  meta?: {
+    is_autheticated: boolean;
+  };
+}
+
+export interface SSOProviderConfig {
+  client_id: string;
+  flows: string[];
+  id: string;
+  name: string;
+}
+
+export interface SSOConfigResponse {
+  socialaccount: {
+    providers: SSOProviderConfig[];
+  };
+}
+
+export async function getSSOConfig(): Promise<
+  AllAuthResponse<SSOConfigResponse>
+> {
+  const { data } = await axios.get(`${allauthBase}/config/`);
+  return data;
+}
+
+export async function openSSOProviderRedirect(id: string) {
+  //save provider to local storage
+  useStorage("provider_id", id);
+  postForm(`${getBaseUrl()}/${allauthBase}/auth/provider/redirect/`, {
+    provider: id,
+    process: "login",
+    callback_url: `${location.origin}/account/provider/callback`,
+    csrfmiddlewaretoken: getCSRFToken() || "",
+  });
+}

src/ee/sso/components/SSOAccountsTable.vue

@@ -0,0 +1,142 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
+<template>
+  <q-dialog ref="dialogRef" @hide="onDialogHide">
+    <q-card style="width: 60vw; max-width: 90vw; min-height: 40vh">
+      <q-bar>
+        Connected Social Accounts for {{ user.username }}
+        <q-space />
+        <q-btn v-close-popup dense flat icon="close">
+          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+        </q-btn>
+      </q-bar>
+      <q-table
+        dense
+        :table-class="{
+          'table-bgcolor': !$q.dark.isActive,
+          'table-bgcolor-dark': $q.dark.isActive,
+        }"
+        :style="{ 'max-height': `${$q.screen.height - 24}px` }"
+        class="tbl-sticky"
+        :rows="user.social_accounts"
+        :columns="columns"
+        :loading="loading"
+        :pagination="{ rowsPerPage: 0, sortBy: 'display', descending: true }"
+        row-key="id"
+        binary-state-sort
+        virtual-scroll
+        :rows-per-page-options="[0]"
+      >
+        <template #body="props">
+          <q-tr>
+            <!-- rows -->
+            <td>{{ props.row.display }}</td>
+            <td>{{ props.row.provider }}</td>
+            <td>{{ formatDate(props.row.last_login) }}</td>
+            <td>{{ formatDate(props.row.date_joined) }}</td>
+            <td>
+              <q-btn
+                size="sm"
+                @click="removeSSOAccount(props.row)"
+                label="Disconnect"
+                color="negative"
+              ></q-btn>
+            </td>
+          </q-tr>
+        </template>
+      </q-table>
+    </q-card>
+  </q-dialog>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { ref } from "vue";
+import { useDialogPluginComponent, useQuasar, type QTableColumn } from "quasar";
+import { disconnectSSOAccount } from "@/ee/sso/api/sso";
+import { notifySuccess } from "@/utils/notify";
+import { useAuthStore } from "@/stores/auth";
+import { formatDate } from "@/utils/format";
+
+//types
+import type { SSOAccount, SSOUser } from "../types/sso";
+
+const columns: QTableColumn[] = [
+  {
+    name: "display",
+    label: "Display Name",
+    field: "display",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "provider",
+    label: "Provider",
+    field: "provider",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "last_login",
+    label: "Last Login",
+    field: "last_login",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "date_joined",
+    label: "Date Joined",
+    field: "date_joined",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "action",
+    label: "",
+    field: "action",
+    align: "left",
+    sortable: true,
+  },
+];
+
+// emits
+defineEmits([...useDialogPluginComponent.emits]);
+
+// props
+const props = defineProps<{
+  user: SSOUser;
+}>();
+
+const { dialogRef, onDialogHide } = useDialogPluginComponent();
+const $q = useQuasar();
+const auth = useAuthStore();
+
+const loading = ref(false);
+
+function removeSSOAccount(account: SSOAccount) {
+  $q.dialog({
+    title: `Disconnect social account: ${account.display}?`,
+    cancel: true,
+    ok: { label: "Delete", color: "negative" },
+  }).onOk(async () => {
+    loading.value = true;
+    try {
+      await disconnectSSOAccount(account.provider, account.uid);
+      notifySuccess("Social account disconnected successfully");
+      if (
+        auth.username === props.user.username &&
+        auth.ssoLoginProvider === account.provider
+      ) {
+        await auth.logout();
+      }
+    } finally {
+      loading.value = false;
+      onDialogHide();
+    }
+  });
+}
+</script>

src/ee/sso/components/SSOProvidersForm.vue

@@ -0,0 +1,160 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
+<template>
+  <q-dialog persistent ref="dialogRef" @hide="onDialogHide">
+    <q-card class="q-dialog-plugin" style="width: 35vw; max-width: 35vw">
+      <q-bar>
+        {{ props.provider ? "Edit OIDC Provider" : "Add OIDC Provider" }}
+        <q-space />
+        <q-btn dense flat icon="close" v-close-popup>
+          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+        </q-btn>
+      </q-bar>
+
+      <!-- name -->
+      <q-card-section>
+        <q-input
+          :readonly="!!props.provider"
+          :disable="!!props.provider"
+          label="Provider Name"
+          outlined
+          dense
+          v-model="localProvider.name"
+          :rules="[
+            (val) => !!val || '*Required',
+            (val) =>
+              /^[a-zA-Z0-9_-]+$/.test(val) ||
+              'Only letters, numbers, hyphens, and underscores are allowed',
+          ]"
+          hint="A unique identifier for the SSO provider. Avoid spaces and special characters, as this will be part of the callback URL."
+        />
+      </q-card-section>
+
+      <!-- url -->
+      <q-card-section>
+        <q-input
+          label="Issuer URL"
+          outlined
+          dense
+          v-model="localProvider.server_url"
+          :rules="[(val) => !!val || '*Required']"
+          hint="The OpenID Connect Issuer URL provided by the SSO provider. This is typically the base URL where the provider hosts their OIDC configuration."
+        />
+      </q-card-section>
+
+      <!-- client id -->
+      <q-card-section>
+        <q-input
+          label="Client ID"
+          outlined
+          dense
+          v-model="localProvider.client_id"
+          :rules="[(val) => !!val || '*Required']"
+        />
+      </q-card-section>
+
+      <!-- secret -->
+      <q-card-section>
+        <q-input
+          v-model="localProvider.secret"
+          filled
+          :type="hideSecret ? 'password' : 'text'"
+          label="Secret"
+          outlined
+          dense
+          :rules="[(val) => !!val || '*Required']"
+        >
+          <template v-slot:append>
+            <q-icon
+              :name="hideSecret ? 'visibility_off' : 'visibility'"
+              class="cursor-pointer"
+              @click="hideSecret = !hideSecret"
+            />
+          </template>
+        </q-input>
+      </q-card-section>
+
+      <q-card-section>
+        <tactical-dropdown
+          label="Default User Role"
+          :options="roleOptions"
+          outlined
+          dense
+          clearable
+          mapOptions
+          filled
+          v-model="localProvider.role"
+          hint="The role assigned to users upon first sign-in through this provider."
+        />
+      </q-card-section>
+
+      <q-card-actions align="right">
+        <q-btn flat label="Cancel" v-close-popup />
+        <q-btn
+          flat
+          label="Submit"
+          color="primary"
+          :loading="loading"
+          @click="submit"
+        />
+      </q-card-actions>
+    </q-card>
+  </q-dialog>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { ref, reactive } from "vue";
+import { useDialogPluginComponent, extend } from "quasar";
+import { editSSOProvider, addSSOProvider } from "@/ee/sso/api/sso";
+import { notifySuccess } from "@/utils/notify";
+import { useRoleDropdown } from "@/composables/accounts";
+
+// components
+import TacticalDropdown from "@/components/ui/TacticalDropdown.vue";
+
+// types
+import type { SSOProvider } from "@/ee/sso/types/sso";
+
+// define emits
+defineEmits([...useDialogPluginComponent.emits]);
+
+// define props
+const props = defineProps<{ provider?: SSOProvider }>();
+
+const { dialogRef, onDialogHide, onDialogOK } = useDialogPluginComponent();
+
+const loading = ref(false);
+
+const { roleOptions } = useRoleDropdown({ onMount: true });
+
+const hideSecret = ref(true);
+const localProvider: SSOProvider = props.provider
+  ? reactive(extend({}, props.provider))
+  : reactive({
+      id: 0,
+      name: "",
+      client_id: "",
+      secret: "",
+      server_url: "",
+      role: null,
+    } as SSOProvider);
+
+async function submit() {
+  loading.value = true;
+
+  try {
+    props.provider
+      ? await editSSOProvider(localProvider.id, localProvider)
+      : await addSSOProvider(localProvider);
+    onDialogOK();
+    notifySuccess("SSO Provider was edited!");
+  } catch (e) {}
+
+  loading.value = false;
+}
+</script>

src/ee/sso/components/SSOProvidersTable.vue

@@ -0,0 +1,293 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
+<template>
+  <div>
+    <div class="row">
+      <div class="text-subtitle2">SSO Providers</div>
+      <q-space />
+      <q-btn
+        size="sm"
+        color="grey-5"
+        icon="fas fa-plus"
+        text-color="black"
+        label="Add OIDC Provider"
+        @click="addSSOProvider"
+        :disable="!ssoSettings.sso_enabled"
+      >
+        <q-tooltip v-if="!ssoSettings.sso_enabled" class="text-caption"
+          >Enable SSO in the settings to allow adding a provider.</q-tooltip
+        >
+      </q-btn>
+    </div>
+    <q-separator />
+    <q-table
+      dense
+      :rows="providers"
+      :columns="columns"
+      :visible-columns="visibleColumns"
+      :pagination="{ rowsPerPage: 0, sortBy: 'name', descending: true }"
+      row-key="id"
+      binary-state-sort
+      hide-pagination
+      virtual-scroll
+      :rows-per-page-options="[0]"
+      no-data-label="No OIDC Providers added yet"
+      :loading="loading"
+    >
+      <template v-slot:top>
+        <q-btn
+          @click="openSSOSettings"
+          label="SSO Settings"
+          no-caps
+          color="primary"
+          size="md"
+        />
+      </template>
+      <!-- body slots -->
+      <template v-slot:body="props">
+        <q-tr
+          :props="props"
+          class="cursor-pointer"
+          @dblclick="editSSOProvider(props.row)"
+        >
+          <!-- context menu -->
+          <q-menu context-menu>
+            <q-list dense style="min-width: 200px">
+              <q-item
+                clickable
+                v-close-popup
+                @click="editSSOProvider(props.row)"
+              >
+                <q-item-section side>
+                  <q-icon name="edit" />
+                </q-item-section>
+                <q-item-section>Edit</q-item-section>
+              </q-item>
+              <q-item
+                clickable
+                v-close-popup
+                @click="deleteSSOProvider(props.row)"
+              >
+                <q-item-section side>
+                  <q-icon name="delete" />
+                </q-item-section>
+                <q-item-section>Delete</q-item-section>
+              </q-item>
+
+              <q-separator></q-separator>
+
+              <!-- callback url -->
+              <q-item
+                clickable
+                v-close-popup
+                @click="getCallbackURL(props.row.callback_url)"
+              >
+                <q-item-section side>
+                  <q-icon name="description" />
+                </q-item-section>
+                <q-item-section>Copy Callback URL</q-item-section>
+              </q-item>
+
+              <!-- javascript origin url (used by google oauth) -->
+              <q-item
+                clickable
+                v-close-popup
+                @click="getCallbackURL(props.row.javascript_origin_url)"
+              >
+                <q-item-section side>
+                  <q-icon name="description" />
+                </q-item-section>
+                <q-item-section
+                  >Copy Authorized JavaScript origin</q-item-section
+                >
+              </q-item>
+
+              <q-separator></q-separator>
+
+              <q-item clickable v-close-popup>
+                <q-item-section>Close</q-item-section>
+              </q-item>
+            </q-list>
+          </q-menu>
+          <!-- name -->
+          <q-td>
+            {{ truncateText(props.row.name, 25) }}
+            <q-tooltip>{{ props.row.name }}</q-tooltip>
+          </q-td>
+          <!-- server_url -->
+          <q-td>
+            {{ truncateText(props.row.server_url, 20) }}
+            <q-tooltip>{{ props.row.server_url }}</q-tooltip>
+          </q-td>
+          <!-- pattern -->
+          <q-td>
+            {{ truncateText(props.row.client_id, 20) }}
+            <q-tooltip>{{ props.row.client_id }}</q-tooltip>
+          </q-td>
+          <q-td>
+            <q-icon
+              size="sm"
+              name="content_copy"
+              @click="getCallbackURL(props.row.callback_url)"
+            >
+              <q-tooltip>Copy Callback URL to Clipboard</q-tooltip>
+            </q-icon>
+          </q-td>
+        </q-tr>
+      </template>
+    </q-table>
+  </div>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { computed, ref, onMounted } from "vue";
+import { useStore } from "vuex";
+import { QTableColumn, useQuasar, copyToClipboard } from "quasar";
+import {
+  fetchSSOProviders,
+  removeSSOProvider,
+  fetchSSOSettings,
+} from "@/ee/sso/api/sso";
+import { notifySuccess } from "@/utils/notify";
+import { truncateText } from "@/utils/format";
+
+// ui imports
+import SSOProvidersForm from "@/ee/sso/components/SSOProvidersForm.vue";
+
+// types
+import { type SSOProvider, SSOSettingsType } from "@/ee/sso/types/sso";
+import SSOSettings from "@/ee/sso/components/SSOSettings.vue";
+
+// setup quasar
+const $q = useQuasar();
+
+// setup vuew store
+const store = useStore();
+
+const loading = ref(false);
+const providers = ref([] as SSOProvider[]);
+const ssoSettings = ref({} as SSOSettingsType);
+
+const columns: QTableColumn[] = [
+  {
+    name: "name",
+    label: "Name",
+    field: "name",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "server_url",
+    label: "Server Url",
+    field: "server_url",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "client_id",
+    label: "Client ID",
+    field: "client_id",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "callback_url",
+    label: "Callback URL",
+    field: "callback_url",
+    align: "left",
+    sortable: false,
+  },
+  {
+    name: "javascript_origin_url",
+    label: "Javascript Origin URL",
+    field: "javascript_origin_url",
+    align: "left",
+    sortable: false,
+  },
+];
+
+const visibleColumns = computed(() => {
+  return columns
+    .map((column) => column.name)
+    .filter((name) => name !== "javascript_origin_url");
+});
+
+async function getSSOSettings() {
+  try {
+    ssoSettings.value = await fetchSSOSettings();
+  } catch (e) {
+    console.error(e);
+  }
+}
+
+async function getSSOProviders() {
+  loading.value = true;
+  try {
+    providers.value = await fetchSSOProviders();
+  } catch (e) {
+    console.error(e);
+  }
+  loading.value = false;
+}
+
+function addSSOProvider() {
+  $q.dialog({
+    component: SSOProvidersForm,
+  }).onOk(getSSOProviders);
+}
+
+function editSSOProvider(provider: SSOProvider) {
+  $q.dialog({
+    component: SSOProvidersForm,
+    componentProps: {
+      provider: provider,
+    },
+  }).onOk(getSSOProviders);
+}
+
+function deleteSSOProvider(provider: SSOProvider) {
+  $q.dialog({
+    title: `Delete SSO Provider: ${provider.name}?`,
+    cancel: true,
+    ok: { label: "Delete", color: "negative" },
+  }).onOk(async () => {
+    loading.value = true;
+    try {
+      await removeSSOProvider(provider.id);
+      await getSSOProviders();
+      notifySuccess(`SSO Provider: ${provider.name} was deleted!`);
+    } catch (e) {
+      console.error(e);
+    }
+    loading.value = false;
+  });
+}
+
+function getCallbackURL(url: string) {
+  copyToClipboard(url).then(() => {
+    notifySuccess("URL copied!");
+  });
+}
+
+function openSSOSettings() {
+  $q.dialog({
+    component: SSOSettings,
+  }).onOk((updatedSSOSettings: SSOSettingsType) => {
+    store.commit(
+      "setBlockLocalUserLogon",
+      updatedSSOSettings.block_local_user_logon,
+    );
+    ssoSettings.value = { ...updatedSSOSettings };
+  });
+}
+
+onMounted(async () => {
+  await getSSOSettings();
+  await getSSOProviders();
+});
+</script>

src/ee/sso/components/SSOSettings.vue

@@ -0,0 +1,112 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
+<template>
+  <q-dialog ref="dialogRef" @hide="onDialogHide">
+    <q-card class="q-dialog-plugin" style="width: 50">
+      <q-bar>
+        SSO Settings
+        <q-space />
+        <q-btn dense flat icon="close" v-close-popup>
+          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+        </q-btn>
+      </q-bar>
+
+      <!-- disable sso-->
+      <q-card-section>
+        <q-checkbox
+          dense
+          label="Enable SSO"
+          v-model="ssoSettings.sso_enabled"
+        />
+      </q-card-section>
+
+      <!-- block local user logon -->
+      <q-card-section>
+        <q-checkbox
+          dense
+          label="Block Local User Login"
+          v-model="ssoSettings.block_local_user_logon"
+          :disable="!ssoSettings.sso_enabled"
+          hint="When enabled, only users with SSO accounts can log in, with the exception of local superuser accounts."
+        >
+          <q-tooltip class="text-caption"
+            >When enabled, only users with SSO accounts can log in, with the
+            exception of local superuser accounts.</q-tooltip
+          >
+        </q-checkbox>
+      </q-card-section>
+
+      <q-card-actions align="right">
+        <q-btn flat label="Cancel" v-close-popup />
+        <q-btn
+          flat
+          label="Submit"
+          color="primary"
+          :loading="loading"
+          @click="submit"
+        />
+      </q-card-actions>
+    </q-card>
+  </q-dialog>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { ref, watch, onMounted } from "vue";
+import { useDialogPluginComponent } from "quasar";
+import { notifySuccess, notifyWarning } from "@/utils/notify";
+import { fetchSSOSettings, updateSSOSettings } from "@/ee/sso/api/sso";
+
+// types
+import { SSOSettingsType } from "../types/sso";
+
+// define emits
+defineEmits([...useDialogPluginComponent.emits]);
+
+const { dialogRef, onDialogHide, onDialogOK } = useDialogPluginComponent();
+
+const ssoSettings = ref({} as SSOSettingsType);
+const loading = ref(false);
+
+async function getSSOSettings() {
+  loading.value = true;
+  try {
+    ssoSettings.value = await fetchSSOSettings();
+  } catch (e) {
+    console.error(e);
+  }
+  loading.value = false;
+}
+
+async function submit() {
+  loading.value = true;
+  try {
+    await updateSSOSettings(ssoSettings.value);
+    notifySuccess("Settings updated successfully");
+    onDialogOK(ssoSettings.value);
+  } catch (e) {
+    if (e.status === 423) {
+      notifyWarning(e.response.data, 7000);
+    }
+    console.error(e);
+  }
+  loading.value = false;
+}
+
+onMounted(async () => {
+  await getSSOSettings();
+  // watcher to disable block local login if sso is disabled
+  watch(
+    () => ssoSettings.value.sso_enabled,
+    (newValue) => {
+      if (!newValue) {
+        ssoSettings.value.block_local_user_logon = false;
+      }
+    },
+  );
+});
+</script>

src/ee/sso/types/sso.ts

@@ -0,0 +1,33 @@
+/*
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+*/
+
+import { User } from "@/types/accounts";
+export interface SSOProvider {
+  id: number;
+  name: string;
+  provider_id: string;
+  client_id: string;
+  secret: string;
+  server_url: string;
+  role: number | null;
+}
+
+export interface SSOAccount {
+  uid: string;
+  display: string;
+  provider: string;
+  last_login: string;
+  date_joined: string;
+}
+
+export interface SSOUser extends User {
+  social_accounts: SSOAccount[];
+}
+
+export interface SSOSettingsType {
+  sso_enabled: boolean;
+  block_local_user_logon: boolean;
+}

src/ee/sso/utils/cookies.ts

@@ -0,0 +1,21 @@
+/*
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+*/
+
+export function getCookie(name: string) {
+  let cookieValue = null;
+  if (document.cookie && document.cookie !== "") {
+    const cookies = document.cookie.split(";");
+    for (let i = 0; i < cookies.length; i++) {
+      const cookie = cookies[i].trim();
+      // Does this cookie string begin with the name we want?
+      if (cookie.substring(0, name.length + 1) === name + "=") {
+        cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+        break;
+      }
+    }
+  }
+  return cookieValue;
+}

src/ee/sso/views/ProviderCallback.vue

@@ -0,0 +1,32 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
+<template>
+  <div class="fixed-center text-center" v-if="error">
+    <p class="text-faded">There was an error logging into your provider.</p>
+    <q-btn color="secondary" style="width: 200px" to="/login"
+      >Go back to Login</q-btn
+    >
+  </div>
+</template>
+
+<script lang="ts" setup>
+import { useRoute, useRouter } from "vue-router";
+import { useAuthStore } from "@/stores/auth";
+
+const route = useRoute();
+const error = route.query.error;
+
+const router = useRouter();
+const auth = useAuthStore();
+if (!error) {
+  if (auth.loggedIn) {
+    router.push({ name: "Dashboard" });
+  } else {
+    router.push({ name: "Login" });
+  }
+}
+</script>

src/layouts/MainLayout.vue

@@ -106,7 +106,7 @@
               <q-item-label header>Servers</q-item-label>
               <q-item>
                 <q-item-section avatar>
-                  <q-icon name="fa fa-server" size="sm" color="primary" />
+                  <q-icon name="dns" size="sm" color="primary" />
                 </q-item-section>
 
                 <q-item-section no-wrap>
@@ -157,7 +157,7 @@
 
         <AlertsIcon />
 
-        <q-btn-dropdown flat no-caps stretch :label="username || ''">
+        <q-btn-dropdown flat no-caps stretch :label="displayName || ''">
           <q-list>
             <q-item
               clickable
@@ -211,7 +211,7 @@
 </template>
 <script setup lang="ts">
 // composition imports
-import { computed, onMounted } from "vue";
+import { computed, onMounted, onBeforeUnmount, ref } from "vue";
 import { useQuasar } from "quasar";
 import { useStore } from "vuex";
 import { useDashboardStore } from "@/stores/dashboard";
@@ -240,7 +240,7 @@ const {
   daysUntilCertExpires,
 } = storeToRefs(useDashboardStore());
 
-const { username } = storeToRefs(useAuthStore());
+const { displayName } = storeToRefs(useAuthStore());
 
 const darkMode = computed({
   get: () => {
@@ -315,8 +315,25 @@ const updateAvailable = computed(() => {
   return currentTRMMVersion.value !== latestTRMMVersion.value;
 });
 
+const poll = ref(null);
+
+function livePoll() {
+  poll.value = setInterval(
+    () => {
+      store.dispatch("checkVer");
+      store.dispatch("getDashInfo", false);
+    },
+    60 * 4 * 1000,
+  );
+}
+
 onMounted(() => {
   store.dispatch("getDashInfo");
   store.dispatch("checkVer");
+  livePoll();
+});
+
+onBeforeUnmount(() => {
+  clearInterval(poll.value);
 });
 </script>

src/store/index.js

@@ -43,6 +43,8 @@ export default function () {
         },
         server_scripts_enabled: true,
         web_terminal_enabled: true,
+        sso_enabled: false,
+        block_local_user_logon: false,
       };
     },
     getters: {
@@ -159,6 +161,12 @@ export default function () {
       setWebTerminalEnabled(state, obj) {
         state.web_terminal_enabled = obj;
       },
+      setSSOEnabled(state, obj) {
+        state.sso_enabled = obj;
+      },
+      setBlockLocalUserLogon(state, obj) {
+        state.block_local_user_logon = obj;
+      },
     },
     actions: {
       setClientTreeSplitter(context, val) {
@@ -245,6 +253,7 @@ export default function () {
         commit("setRunCmdPlaceholders", data.run_cmd_placeholder_text);
         commit("setServerScriptsEnabled", data.server_scripts_enabled);
         commit("setWebTerminalEnabled", data.web_terminal_enabled);
+        commit("setBlockLocalUserLogon", data.block_local_user_logon);
 
         if (data?.date_format !== "") commit("setDateFormat", data.date_format);
         else commit("setDateFormat", data.default_date_format);

src/stores/auth.ts

@@ -1,5 +1,6 @@
 import { defineStore } from "pinia";
 import { useStorage } from "@vueuse/core";
+
 import axios from "axios";
 
 interface CheckCredentialsRequest {
@@ -27,12 +28,18 @@ interface TOTPSetupResponse {
 export const useAuthStore = defineStore("auth", {
   state: () => ({
     username: useStorage("user_name", null),
+    name: useStorage("name", null),
     token: useStorage("access_token", null),
+    ssoLoginProvider: useStorage("sso_provider", null),
+    provider_id: useStorage("provider_id", null),
   }),
   getters: {
     loggedIn: (state) => {
       return state.token !== null;
     },
+    displayName: (state) => {
+      return state.name ? state.name : state.username;
+    },
   },
   actions: {
     async checkCredentials(
@@ -43,13 +50,16 @@ export const useAuthStore = defineStore("auth", {
       if (!data.totp) {
         this.token = data.token;
         this.username = data.username;
+        this.name = data.name;
       }
       return data;
     },
     async login(credentials: LoginRequest) {
       const { data } = await axios.post("/v2/login/", credentials);
       this.username = data.username;
+      this.name = data.name;
       this.token = data.token;
+      this.ssoLoginProvider = null;
 
       return data;
     },
@@ -61,6 +71,9 @@ export const useAuthStore = defineStore("auth", {
       }
       this.token = null;
       this.username = null;
+      this.name = null;
+      this.ssoLoginProvider = null;
+      this.provider_id = null;
     },
     async setupTotp(): Promise<TOTPSetupResponse | false> {
       const { data } = await axios.post("/accounts/users/setup_totp/");

src/types/accounts.ts

@@ -1,4 +1,13 @@
 export interface User {
   id: number;
   username: string;
+  name: string;
+  email: string;
+}
+
+export interface AuthToken {
+  digest: string;
+  created: string;
+  expiry: string;
+  user: string;
 }

src/types/core/settings.ts

@@ -0,0 +1,3 @@
+export interface CoreSetting {
+  block_local_user_logon: boolean;
+}

src/utils/helpers.ts

@@ -0,0 +1,8 @@
+import { copyToClipboard } from "quasar";
+import { notifySuccess } from "@/utils/notify";
+
+export function copyOutput(val: string) {
+  copyToClipboard(val).then(() => {
+    notifySuccess("Copied to clipboard");
+  });
+}

src/views/DashboardView.vue

@@ -509,6 +509,13 @@ export default {
           sortable: true,
           align: "left",
         },
+        {
+          name: "mon-type",
+          label: "",
+          field: "monitoring_type",
+          sortable: true,
+          align: "left",
+        },
         {
           name: "checks-status",
           align: "left",
@@ -600,6 +607,7 @@ export default {
       visibleColumns: [
         "smsalert",
         "plat",
+        "mon-type",
         "emailalert",
         "dashboardalert",
         "checks-status",
@@ -818,15 +826,14 @@ export default {
     },
     getURLActions() {
       this.$axios.get("/core/urlaction/").then((r) => {
-        if (r.data.length === 0) {
+        this.urlActions = r.data
+          .filter((action) => action.action_type === "web")
+          .sort((a, b) => a.name.localeCompare(b.name));
+        if (this.urlActions.length === 0) {
           this.notifyWarning(
             "No URL Actions configured. Go to Settings > Global Settings > URL Actions",
           );
-          return;
         }
-        this.urlActions = r.data.filter(
-          (action) => action.action_type === "web",
-        );
       });
     },
     runURLAction(id, action, model) {

src/views/LoginView.vue

@@ -49,7 +49,34 @@
               </div>
             </q-form>
           </q-card-section>
+
+          <q-card-section v-if="ssoProviders?.length > 0">
+            <div class="text-h6 text-center q-mb-md">Log in with SSO</div>
+            <q-separator />
+
+            <q-list dense bordered class="q-pa-sm">
+              <q-item
+                v-for="provider in ssoProviders"
+                :key="provider.id"
+                @click="openSSOProviderRedirect(provider.id)"
+                clickable
+                class="q-pa-xs hover-bg"
+              >
+                <q-item-section avatar>
+                  <q-icon
+                    :name="provider.icon ?? 'mdi-key'"
+                    size="sm"
+                    class="text-primary"
+                  />
+                </q-item-section>
+                <q-item-section>
+                  <q-item-label>{{ provider.name }}</q-item-label>
+                </q-item-section>
+              </q-item>
+            </q-list>
+          </q-card-section>
         </q-card>
+
         <!-- 2 factor modal -->
         <q-dialog persistent v-model="prompt">
           <q-card style="min-width: 400px">
@@ -84,10 +111,15 @@
 </template>
 
 <script setup lang="ts">
-import { ref, reactive } from "vue";
+import { ref, reactive, onMounted } from "vue";
 import { type QForm, useQuasar } from "quasar";
 import { useAuthStore } from "@/stores/auth";
 import { useRouter } from "vue-router";
+import {
+  openSSOProviderRedirect,
+  getSSOConfig,
+  type SSOProviderConfig,
+} from "@/ee/sso/api/sso";
 
 // setup quasar
 const $q = useQuasar();
@@ -107,6 +139,7 @@ const credentials = reactive({ username: "", password: "" });
 const twofactor = ref("");
 const prompt = ref(false);
 const showPassword = ref(true);
+const ssoProviders = ref([] as SSOProviderConfig[]);
 
 async function checkCreds() {
   try {
@@ -135,6 +168,15 @@ async function onSubmit() {
     prompt.value = false;
   }
 }
+
+onMounted(async () => {
+  try {
+    const result = await getSSOConfig();
+    ssoProviders.value = result.data.socialaccount.providers;
+  } catch (e) {
+    console.error(e);
+  }
+});
 </script>
 
 <style>

src/views/RemoteBackground.vue

@@ -34,6 +34,7 @@
     <q-tab-panels v-model="tab">
       <q-tab-panel name="terminal" class="q-pa-none">
         <iframe
+          allow="clipboard-read; clipboard-write"
           :src="terminal"
           :style="{
             height: `${$q.screen.height - 30}px`,
@@ -66,6 +67,7 @@
       </q-tab-panel>
       <q-tab-panel name="filebrowser" class="q-pa-none">
         <iframe
+          allow="clipboard-read; clipboard-write"
           :src="file"
           :style="{
             height: `${$q.screen.height - 30}px`,

src/views/TakeControl.vue

@@ -23,12 +23,15 @@
       />
       <q-space />
     </q-bar>
-
-    <q-video
-      v-show="control"
-      :src="control"
-      :style="{ height: `${$q.screen.height - 26}px` }"
-    ></q-video>
+    <div class="q-video" :style="{ height: `${$q.screen.height - 26}px` }">
+      <iframe
+        v-show="control"
+        :src="control"
+        allow="clipboard-read; clipboard-write"
+        allowfullscreen
+        frameborder="0"
+      ></iframe>
+    </div>
   </div>
 </template>