Remove rp id from settings and derive it from defguard_url#2326
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR removes the persisted WebAuthn RP ID setting and instead derives it at runtime from Settings.defguard_url, with stricter validation to ensure the derivation is always possible. It also renames the stats purge flag to a positive form (enable_stats_purge), updates cookie handling to avoid panics when a cookie domain can’t be derived, and wires defguard_url into the web UI setup/settings flows.
Changes:
- Remove
webauthn_rp_idfrom DB/config and derive WebAuthn configuration + cookie domain fromSettings.defguard_url(with validation rejecting IP hosts). - Rename
disable_stats_purge→enable_stats_purgeacross DB, backend, and web UI (including form UX tweaks). - Add
defguard_urlinput + validation to initial setup, auto-adoption setup, migration wizard, and instance settings UI.
Reviewed changes
Copilot reviewed 26 out of 26 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| web/src/shared/utils/defguardUrl.ts | Adds client-side defguard_url validation (reject IP hosts). |
| web/src/shared/api/types.ts | Renames settings field to enable_stats_purge. |
| web/src/pages/settings/SettingsInstancePage/SettingsInstancePage.tsx | Adds defguard_url to instance settings UI; renames stats purge toggle + folds options under toggle. |
| web/src/pages/SetupPage/initial/steps/SetupGeneralConfigStep.tsx | Adds invalid-host validation for defguard_url. |
| web/src/pages/SetupPage/autoAdoption/steps/AutoAdoptionUrlSettingsStep.tsx | Adds invalid-host validation for defguard_url. |
| web/src/pages/MigrationWizardPage/steps/MigrationWizardGeneralConfigurationStep.tsx | Adds invalid-host validation for defguard_url. |
| web/messages/en/settings.json | Adds new instance-settings strings and renames stats purge toggle label. |
| web/messages/en/migration_wizard.json | Adds invalid-host error string for defguard_url. |
| web/messages/en/initial_wizard.json | Adds invalid-host error string for defguard_url. |
| migrations/20260312072940_[2.0.0]_rp_id_stats_purge.up.sql | Renames stats purge column, drops webauthn_rp_id, inverts boolean semantics. |
| migrations/20260312072940_[2.0.0]_rp_id_stats_purge.down.sql | Restores webauthn_rp_id column and reverses stats purge column rename/semantics. |
| crates/defguard_setup/src/auto_adoption.rs | Adjusts error conversion for updated update_current_settings result type. |
| crates/defguard_core/tests/integration/common.rs | Removes test setup of webauthn_rp_id and URL parsing dependency. |
| crates/defguard_core/src/handlers/openid_flow.rs | Uses derived cookie domain when available instead of panicking. |
| crates/defguard_core/src/handlers/mod.rs | Introduces shared cookie_domain() helper with derivation fallback + warning. |
| crates/defguard_core/src/handlers/auth.rs | Uses derived cookie domain; rebuilds WebAuthn config from current settings via appstate.webauthn(). |
| crates/defguard_core/src/error.rs | Adds SettingsSaveError / SettingsUrlError conversions into WebError. |
| crates/defguard_core/src/enterprise/license.rs | Propagates settings save failures via LicenseError. |
| crates/defguard_core/src/enterprise/ldap/error.rs | Propagates settings save failures via LdapError. |
| crates/defguard_core/src/enterprise/handlers/openid_login.rs | Uses derived cookie domain when available instead of panicking. |
| crates/defguard_core/src/appstate.rs | Removes stored WebAuthn instance; derives WebAuthn from current settings on demand. |
| crates/defguard_common/src/db/models/settings.rs | Removes persisted webauthn_rp_id, adds URL parsing/validation, derives RP ID + cookie domain, and introduces SettingsSaveError/SettingsUrlError. |
| crates/defguard_common/src/config.rs | Removes CLI/config webauthn_rp_id; derives cookie domain from settings. |
| crates/defguard/src/main.rs | Updates purge task guard to use enable_stats_purge. |
| .sqlx/query-dab137a626956fe0a0f2fbfc17c45075372f6963ff73760a53f843eaf5ebed4a.json | Updates SQLx metadata for settings SELECT (removes rp_id, renames purge column). |
| .sqlx/query-89698ecaa251e056770bb90827d2d41284e6629883f647462029872c9fad2bfb.json | Updates SQLx metadata for settings UPDATE (removes rp_id, renames purge column). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
filipslezaklab
approved these changes
Mar 16, 2026
wojcik91
approved these changes
Mar 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related issue: #2233
SettingsandDefguardConfigSettings::defguard_urlin runtimeSettings::defguard_urlvalidation to ensure rp id can be derived from it (no IP addresses)defguard_urlto instance settings UIdisable_stats_purge->enable_stats_purge