BED-5063 chore: Merge back v6.2.2 staging to main

cmd/api/src/api/v2/auth/auth.go

@@ -528,7 +528,7 @@ func (s ManagementResource) UpdateUser(response http.ResponseWriter, request *ht
 		updateUserRequest v2.UpdateUserRequest
 		pathVars          = mux.Vars(request)
 		rawUserID         = pathVars[api.URIPathVariableUserID]
-		context           = *ctx.FromRequest(request)
+		authCtx           = *ctx.FromRequest(request)
 	)
 
 	if userID, err := uuid.FromString(rawUserID); err != nil {
@@ -550,7 +550,7 @@ func (s ManagementResource) UpdateUser(response http.ResponseWriter, request *ht
 		user.IsDisabled = updateUserRequest.IsDisabled
 
 		if user.IsDisabled {
-			if loggedInUser, _ := auth.GetUserFromAuthCtx(context.AuthCtx); user.ID == loggedInUser.ID {
+			if loggedInUser, _ := auth.GetUserFromAuthCtx(authCtx.AuthCtx); user.ID == loggedInUser.ID {
 				api.WriteErrorResponse(request.Context(), api.BuildErrorResponse(http.StatusBadRequest, api.ErrorResponseUserSelfDisable, request), response)
 				return
 			} else if userSessions, err := s.db.LookupActiveSessionsByUser(request.Context(), user); err != nil {
@@ -576,6 +576,7 @@ func (s ManagementResource) UpdateUser(response http.ResponseWriter, request *ht
 				return
 			} else {
 				// Ensure that the AuthSecret reference is nil and that the SAML provider is set
+				user.AuthSecret = nil // Required or the below updateUser will re-add the authSecret
 				user.SAMLProviderID = null.Int32From(samlProviderID)
 				user.SSOProviderID = provider.SSOProviderID
 			}
@@ -587,6 +588,7 @@ func (s ManagementResource) UpdateUser(response http.ResponseWriter, request *ht
 				api.HandleDatabaseError(request, response, err)
 				return
 			} else {
+				user.AuthSecret = nil // Required or the below updateUser will re-add the authSecret
 				user.SSOProviderID = updateUserRequest.SSOProviderID
 				if ssoProvider.Type == model.SessionAuthProviderSAML {
 					if ssoProvider.SAMLProvider != nil {
@@ -600,6 +602,7 @@ func (s ManagementResource) UpdateUser(response http.ResponseWriter, request *ht
 		} else {
 			// Default SAMLProviderID and SSOProviderID to null if the update request contains no SAMLProviderID and SSOProviderID
 			user.SAMLProvider = nil
+			user.SSOProvider = nil
 			user.SAMLProviderID = null.NewInt32(0, false)
 			user.SSOProviderID = null.NewInt32(0, false)
 		}

packages/go/dawgs/cardinality/hyperloglog64.go

@@ -38,7 +38,7 @@ type hyperLogLog64 struct {
 
 func NewHyperLogLog64() Simplex[uint64] {
 	return &hyperLogLog64{
-		sketch: hyperloglog.New16(),
+		sketch: hyperloglog.NewNoSparse(),
 	}
 }
 
@@ -49,7 +49,7 @@ func (s *hyperLogLog64) Clone() Simplex[uint64] {
 }
 
 func (s *hyperLogLog64) Clear() {
-	s.sketch = hyperloglog.New16()
+	s.sketch = hyperloglog.NewNoSparse()
 }
 
 func (s *hyperLogLog64) Add(values ...uint64) {

packages/go/dawgs/cardinality/hyperloglog64_test.go

@@ -40,8 +40,8 @@ func TestHyperLogLog64(t *testing.T) {
 		deviation            = 100 - cardinalityMax/float64(estimatedCardinality)*100
 	)
 
-	// We expect the HLL sketch to have a cardinality that does not deviate more than 0.58% from reality
-	require.Truef(t, deviation < 0.58, "Expected a cardinality less than 0.58%% but got %.2f%%", deviation)
+	// We expect the HLL sketch to have a cardinality that does not deviate more than 0.66% from reality
+	require.Truef(t, deviation < 0.66, "Expected a cardinality less than 0.66%% but got %.2f%%", deviation)
 
 	for i := 0; i < 100; i++ {
 		previous := sketch.Cardinality()

packages/javascript/bh-shared-ui/src/views/Users/Users.tsx

@@ -32,10 +32,9 @@ import {
     CreateUserDialog,
 } from '../../components';
 import { apiClient, LuxonFormat } from '../../utils';
-import { CreateUserRequest, PutUserAuthSecretRequest, UpdateUserRequest } from 'js-client-library';
+import { CreateUserRequest, PutUserAuthSecretRequest, UpdateUserRequest, User } from 'js-client-library';
 import find from 'lodash/find';
 import { useToggle } from '../../hooks';
-import { User } from '../../hooks/useUsers';
 import UserActionsMenu from '../../components/UserActionsMenu';
 import { useNotifications } from '../../providers';
 
@@ -93,51 +92,31 @@ const Users = () => {
         }
     );
 
-    const disableUserMutation = useMutation(
-        async (userId: string) => {
-            const user = listUsersQuery.data.find((user: User) => {
+    const disableEnableUserMutation = useMutation(
+        async ({ userId, disable }: { userId: string; disable: boolean }) => {
+            const user = listUsersQuery.data?.find((user: User) => {
                 return user.id === userId;
             });
 
-            const updatedUser = {
-                emailAddress: user.email_address || '',
-                principal: user.principal_name || '',
-                firstName: user.first_name || '',
-                lastName: user.last_name || '',
-                SSOProviderId: user.sso_provider_id?.toString() || '',
-                roles: user.roles?.map((role: any) => role.id) || [],
-                is_disabled: true,
-            };
-            return apiClient.updateUser(selectedUserId!, updatedUser);
-        },
-        {
-            onSuccess: () => {
-                addNotification('User disabled successfully!', 'disableUserSuccess');
-                listUsersQuery.refetch();
-            },
-        }
-    );
+            if (!user) {
+                return;
+            }
 
-    const enableUserMutation = useMutation(
-        async (userId: string) => {
-            const user = listUsersQuery.data.find((user: User) => {
-                return user.id === userId;
-            });
-
-            const updatedUser = {
+            const updatedUser: UpdateUserRequest = {
                 emailAddress: user.email_address || '',
                 principal: user.principal_name || '',
                 firstName: user.first_name || '',
                 lastName: user.last_name || '',
-                SSOProviderId: user.sso_provider_id?.toString() || '',
+                ...(user.sso_provider_id && { SSOProviderId: user.sso_provider_id }),
                 roles: user.roles?.map((role: any) => role.id) || [],
-                is_disabled: false,
+                is_disabled: disable,
             };
+
             return apiClient.updateUser(selectedUserId!, updatedUser);
         },
         {
-            onSuccess: () => {
-                addNotification('User enabled successfully!', 'enableUserSuccess');
+            onSuccess: (_, { disable }) => {
+                addNotification(`User ${disable ? 'disabled' : 'enabled'} successfully!`, 'disableEnableUserSuccess');
                 listUsersQuery.refetch();
             },
         }
@@ -301,7 +280,7 @@ const Users = () => {
                 title={'Enable User'}
                 onClose={(response) => {
                     if (response) {
-                        enableUserMutation.mutate(selectedUserId!);
+                        disableEnableUserMutation.mutate({ userId: selectedUserId!, disable: false });
                     }
                     toggleEnableUserDialog();
                 }}
@@ -312,7 +291,7 @@ const Users = () => {
                 title={'Disable User'}
                 onClose={(response) => {
                     if (response) {
-                        disableUserMutation.mutate(selectedUserId!);
+                        disableEnableUserMutation.mutate({ userId: selectedUserId!, disable: true });
                     }
                     toggleDisableUserDialog();
                 }}

packages/javascript/js-client-library/src/client.ts

@@ -740,7 +740,8 @@ class BHEAPIClient {
     deleteUserToken = (tokenId: string, options?: types.RequestOptions) =>
         this.baseClient.delete(`/api/v2/tokens/${tokenId}`, options);
 
-    listUsers = (options?: types.RequestOptions) => this.baseClient.get('/api/v2/bloodhound-users', options);
+    listUsers = (options?: types.RequestOptions) =>
+        this.baseClient.get<types.ListUsersResponse>('/api/v2/bloodhound-users', options);
 
     getUser = (userId: string, options?: types.RequestOptions) =>
         this.baseClient.get(`/api/v2/bloodhound-users/${userId}`, options);

packages/javascript/js-client-library/src/types.ts

@@ -185,6 +185,36 @@ export interface ListSSOProvidersResponse {
     data: SSOProvider[];
 }
 
+export interface User {
+    id: string;
+    sso_provider_id: number | null;
+    AuthSecret: any;
+    roles: Role[];
+    first_name: string | null;
+    last_name: string | null;
+    email_address: string | null;
+    principal_name: string;
+    last_login: string;
+}
+
+interface Permission {
+    id: number;
+    name: string;
+    authority: string;
+}
+
+interface Role {
+    name: string;
+    description: string;
+    permissions: Permission[];
+}
+
+export interface ListUsersResponse {
+    data: {
+        users: User[];
+    };
+}
+
 export interface LoginRequest {
     login_method: string;
     secret: string;