jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
162e51a0af03fda3eb2c21f8a1ff4e7dfa9c647f
cloudron-box/src/users.js

1054 lines
41 KiB
JavaScript
Raw Normal View History

app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
'use strict';
exports = module.exports = {
Fix coding style
2021-04-14 15:54:09 -07:00
removePrivateFields,
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
add,
createOwner,
isActivated,
users: getAll -> list
2021-08-20 11:30:35 -07:00
list,
listPaged,
Fix coding style
2021-04-14 15:54:09 -07:00
get,
Separate invite and password reset token
2021-10-01 12:27:22 +02:00
getByInviteToken,
Fix coding style
2021-04-14 15:54:09 -07:00
getByResetToken,
getByUsername,
fix various users-test.js
2021-07-19 12:43:30 -07:00
getByEmail,
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
getOwner,
Fix coding style
2021-04-14 15:54:09 -07:00
getAdmins,
notifications: send backup fail only to owner only superadmin has access to server and can adjust backup config
2021-04-19 20:52:10 -07:00
getSuperadmins,
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
auth: add logs when auth fails or succeeds
2025-07-11 17:59:00 +02:00
verifyWithId,
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
verifyWithUsername,
verifyWithEmail,
Fix coding style
2021-04-14 15:54:09 -07:00
setPassword,
Add set ghost route
2021-09-17 12:52:41 +02:00
setGhost,
users: cannot update profile fields of external user
2024-01-20 10:41:24 +01:00
updateProfile,
Fix coding style
2021-04-14 15:54:09 -07:00
update,
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
del,
Fix coding style
2021-04-14 15:54:09 -07:00
setTwoFactorAuthenticationSecret,
enableTwoFactorAuthentication,
disableTwoFactorAuthentication,
sendPasswordResetByIdentifier,
rename function to sendPasswordResetByIdentifier
2020-07-09 14:42:39 -07:00
Add two distinct password reset routes
2021-10-27 18:36:28 +02:00
getPasswordResetLink,
sendPasswordResetEmail,
Invite is now also separate
2021-10-27 19:58:06 +02:00
getInviteLink,
sendInviteEmail,
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
notifyLoginLocation,
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
setup account based on directory config part of #704
2020-07-09 16:39:29 -07:00
setupAccount,
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
user: move avatar handling into model code
2020-07-09 22:33:36 -07:00
setAvatar,
move profile icons into the database
2021-04-29 12:49:48 -07:00
getAvatar,
setup account based on directory config part of #704
2020-07-09 16:39:29 -07:00
Add profile backgroundImage api
2022-05-14 19:41:32 +02:00
getBackgroundImage,
setBackgroundImage,
notifications: per user email prefs
2024-12-11 18:24:20 +01:00
setNotificationConfig,
groups: add events to eventlog
2024-12-04 09:48:25 +01:00
resetSources,
external directory: reset auth source when disabled this allows existing users to login (including the owner itself) The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time. If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
2024-01-13 11:27:08 +01:00
Fix parsing of displayName Currently, we only have one field for the name. The first part is first name. The rest is last name. Obviously, this won't work in all cases but is the best we can do for the moment.
2024-02-06 16:43:05 +01:00
parseDisplayName,
Add app passwords feature
2020-01-31 15:28:42 -08:00
AP_MAIL: 'mail',
AP_WEBADMIN: 'webadmin',
migrate permissions and admin flag to user.role
2020-02-21 12:17:06 -08:00
ROLE_ADMIN: 'admin',
ROLE_USER: 'user',
ROLE_USER_MANAGER: 'usermanager',
Add mail manager role part of #807
2021-12-01 09:27:24 -08:00
ROLE_MAIL_MANAGER: 'mailmanager',
migrate permissions and admin flag to user.role
2020-02-21 12:17:06 -08:00
ROLE_OWNER: 'owner',
Fix coding style
2021-04-14 15:54:09 -07:00
compareRoles,
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
};
async'ify avatar and apppassword code
2021-06-25 22:11:17 -07:00
const appPasswords = require('./apppasswords.js'),
use node: prefix for requires mostly because code is being autogenerated by all the AI stuff using this prefix. it's also used in the stack trace.
2025-08-14 11:17:38 +05:30
assert = require('node:assert'),
Move GroupsError to BoxError
2019-10-22 16:34:17 -07:00
BoxError = require('./boxerror.js'),
use node: prefix for requires mostly because code is being autogenerated by all the AI stuff using this prefix. it's also used in the stack trace.
2025-08-14 11:17:38 +05:30
crypto = require('node:crypto'),
Add ability to setup a ghost account for caas
2016-07-12 10:07:55 -07:00
constants = require('./constants.js'),
move dashboard setting into dashboard.js
2023-08-11 19:41:05 +05:30
dashboard = require('./dashboard.js'),
async'ify avatar and apppassword code
2021-06-25 22:11:17 -07:00
database = require('./database.js'),
add missing require
2016-05-29 23:15:55 -07:00
debug = require('debug')('box:user'),
make user.create take auditSource
2016-05-01 20:01:34 -07:00
eventlog = require('./eventlog.js'),
ldap: do the secret key dance
2019-10-25 15:58:11 -07:00
externalLdap = require('./externalldap.js'),
Remove hat module It's not been updated for 6 years!
2018-06-11 12:38:15 -07:00
hat = require('./hat.js'),
security: do not password reset mail to cloudron owned mail domain https://forum.cloudron.io/topic/7951/privilege-escalation-through-mail-manager-role
2022-11-10 12:57:32 +01:00
mail = require('./mail.js'),
make requires alphabetical
2016-02-08 15:15:42 -08:00
mailer = require('./mailer.js'),
replace mysql module with mysql2 mysql is deprecated since years now
2025-06-19 12:31:54 +02:00
mysql = require('mysql2'),
notifications: add back app down and app oom mails
2024-12-11 20:44:46 +01:00
notifications = require('./notifications'),
move tokens.ID_ into oidcClients.ID_
2025-06-11 22:53:29 +02:00
oidcClients = require('./oidcclients.js'),
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
qrcode = require('qrcode'),
Add ability to setup a ghost account for caas
2016-07-12 10:07:55 -07:00
safe = require('safetydance'),
config.js is dead, long live config.js we use settings now
2019-07-26 10:49:29 -07:00
settings = require('./settings.js'),
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
speakeasy = require('speakeasy'),
setup account based on directory config part of #704
2020-07-09 16:39:29 -07:00
tokens = require('./tokens.js'),
translation.js -> translations.js kept confusing my why i can't find this file! this is in line with the rest of our code
2024-07-05 12:45:23 +02:00
translations = require('./translations.js'),
Only use simplified user agent for login detection
2021-05-04 09:11:16 +02:00
uaParser = require('ua-parser-js'),
split routes and model code into user-directory.js
2024-06-12 10:27:59 +02:00
userDirectory = require('./user-directory.js'),
use the @cloudron/superagent module
2025-07-10 10:55:52 +02:00
superagent = require('@cloudron/superagent'),
use node: prefix for requires mostly because code is being autogenerated by all the AI stuff using this prefix. it's also used in the stack trace.
2025-08-14 11:17:38 +05:30
util = require('node:util'),
replace validator module
2025-03-07 12:07:33 +01:00
validator = require('./validator.js'),
replace underscore with our own we only need like 5 simple functions
2025-02-13 14:03:25 +01:00
_ = require('./underscore.js');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Revert "Add no-use-before-define linter rule" This reverts commit fdcc5d68a2a92a24b50b490a7a9d9e8cb97f5829. Unfortunately, this requires us to move exports to the bottom. This in turn causes circular dep issues and also access of exports.GLOBAL_VAR in the global context
2025-10-08 20:11:55 +02:00
// the avatar and backgroundImage fields are special and not added here to reduce response sizes
const USERS_FIELDS = [ 'id', 'username', 'email', 'fallbackEmail', 'password', 'salt', 'creationTime', 'inviteToken', 'resetToken', 'displayName', 'language',
'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'active', 'source', 'role', 'resetTokenCreationTime', 'loginLocationsJson', 'notificationConfigJson' ].join(',');
const DEFAULT_GHOST_LIFETIME = 6 * 60 * 60 * 1000; // 6 hours
async'ify avatar and apppassword code
2021-06-25 22:11:17 -07:00
const CRYPTO_SALT_SIZE = 64; // 512-bit salt
const CRYPTO_ITERATIONS = 10000; // iterations
const CRYPTO_KEY_LENGTH = 512; // bits
const CRYPTO_DIGEST = 'sha1'; // used to be the default in node 4.1.1 cannot change since it will affect existing db records
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const pbkdf2Async = util.promisify(crypto.pbkdf2);
make users-test work
2021-08-13 14:43:08 -07:00
const randomBytesAsync = util.promisify(crypto.randomBytes);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
function postProcess(result) {
assert.strictEqual(typeof result, 'object');
result.twoFactorAuthenticationEnabled = !!result.twoFactorAuthenticationEnabled;
result.active = !!result.active;
result.loginLocations = safe.JSON.parse(result.loginLocationsJson) || [];
if (!Array.isArray(result.loginLocations)) result.loginLocations = [];
delete result.loginLocationsJson;
notifications: per user email prefs
2024-12-11 18:24:20 +01:00
result.notificationConfig = safe.JSON.parse(result.notificationConfigJson) || [];
delete result.notificationConfigJson;
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
return result;
}
Remove alias handling from user logic to mail logic
2018-01-25 18:03:26 +01:00
// keep this in sync with validateGroupname and validateAlias
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
function validateUsername(username) {
assert.strictEqual(typeof username, 'string');
Make user id a uuid.v4() and allow empty usernames
2016-04-01 16:48:34 +02:00
Move UsersError to BoxError
2019-10-24 14:40:26 -07:00
if (username.length < 1) return new BoxError(BoxError.BAD_FIELD, 'Username must be atleast 1 char');
if (username.length >= 200) return new BoxError(BoxError.BAD_FIELD, 'Username too long');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Move UsersError to BoxError
2019-10-24 14:40:26 -07:00
if (constants.RESERVED_NAMES.indexOf(username) !== -1) return new BoxError(BoxError.BAD_FIELD, 'Username is reserved');
reserve the "admin" username
2016-04-13 16:50:20 -07:00
Add note on underscore in usernames
2020-07-23 16:29:54 -07:00
// also need to consider valid LDAP characters here (e.g '+' is reserved). apps like openvpn require _ to not be used
Move UsersError to BoxError
2019-10-24 14:40:26 -07:00
if (/[^a-zA-Z0-9.-]/.test(username)) return new BoxError(BoxError.BAD_FIELD, 'Username can only contain alphanumerals, dot and -');
allow only alpha numerals in username
2016-05-25 21:36:20 -07:00
do not add app mailboxes to database a) we don't allow .app pattern in database for aliases and mailboxes b) the addons already know about app names separately
2016-05-30 01:32:18 -07:00
// app emails are sent using the .app suffix
username: only ending with .app is reserved
2025-01-25 16:03:10 +01:00
if (username.endsWith('.app')) return new BoxError(BoxError.BAD_FIELD, 'Username pattern is reserved for apps');
reserve usernames with -app in them
2016-05-18 21:45:02 -07:00
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
return null;
}
function validateEmail(email) {
assert.strictEqual(typeof email, 'string');
Move UsersError to BoxError
2019-10-24 14:40:26 -07:00
if (!validator.isEmail(email)) return new BoxError(BoxError.BAD_FIELD, 'Invalid email');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
return null;
}
Separate invite and password reset token
2021-10-01 12:27:22 +02:00
function validateToken(token) {
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
assert.strictEqual(typeof token, 'string');
Move UsersError to BoxError
2019-10-24 14:40:26 -07:00
if (token.length !== 64) return new BoxError(BoxError.BAD_FIELD, 'Invalid token'); // 256-bit hex coded token
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
return null;
}
Add displayName to create user and activate routes
2016-01-19 23:34:49 -08:00
function validateDisplayName(name) {
assert.strictEqual(typeof name, 'string');
return null;
}
profile: store preferred language in the database
2024-02-26 12:32:14 +01:00
async function validateLanguage(language) {
assert.strictEqual(typeof language, 'string');
if (language === '') return null; // reset to platform default
translation.js -> translations.js kept confusing my why i can't find this file! this is in line with the rest of our code
2024-07-05 12:45:23 +02:00
const languages = await translations.listLanguages();
profile: store preferred language in the database
2024-02-26 12:32:14 +01:00
if (!languages.includes(language)) return new BoxError(BoxError.BAD_FIELD, 'Invalid language');
return null;
}
Make password strength be 8 chars Fixes #434
2018-06-11 12:55:24 -07:00
function validatePassword(password) {
assert.strictEqual(typeof password, 'string');
Move UsersError to BoxError
2019-10-24 14:40:26 -07:00
if (password.length < 8) return new BoxError(BoxError.BAD_FIELD, 'Password must be atleast 8 characters');
if (password.length > 256) return new BoxError(BoxError.BAD_FIELD, 'Password cannot be more than 256 characters');
Make password strength be 8 chars Fixes #434
2018-06-11 12:55:24 -07:00
return null;
}
Add user management scope This splits the user and groups API into those who have just 'read' access and those who have 'manage' access.
2018-06-25 15:54:24 -07:00
// remove all fields that should never be sent out via REST API
Amend full user object to user action eventlog entries
2018-03-02 11:24:06 +01:00
function removePrivateFields(user) {
replace underscore with our own we only need like 5 simple functions
2025-02-13 14:03:25 +01:00
const result = _.pick(user, [
'id', 'username', 'email', 'fallbackEmail', 'displayName', 'groupIds', 'active', 'source', 'role', 'createdAt',
'twoFactorAuthenticationEnabled', 'notificationConfig']);
send invite status via user rest api
2021-10-01 14:32:37 +02:00
// invite status indicator
result.inviteAccepted = !user.inviteToken;
return result;
Amend full user object to user action eventlog entries
2018-03-02 11:24:06 +01:00
}
Revert "Add no-use-before-define linter rule" This reverts commit fdcc5d68a2a92a24b50b490a7a9d9e8cb97f5829. Unfortunately, this requires us to move exports to the bottom. This in turn causes circular dep issues and also access of exports.GLOBAL_VAR in the global context
2025-10-08 20:11:55 +02:00
function validateRole(role) {
assert.strictEqual(typeof role, 'string');
const ORDERED_ROLES = [ exports.ROLE_USER, exports.ROLE_USER_MANAGER, exports.ROLE_MAIL_MANAGER, exports.ROLE_ADMIN, exports.ROLE_OWNER ];
if (ORDERED_ROLES.includes(role)) return null;
return new BoxError(BoxError.BAD_FIELD, `Invalid role '${role}'`);
}
function compareRoles(role1, role2) {
assert.strictEqual(typeof role1, 'string');
assert.strictEqual(typeof role2, 'string');
const ORDERED_ROLES = [ exports.ROLE_USER, exports.ROLE_USER_MANAGER, exports.ROLE_MAIL_MANAGER, exports.ROLE_ADMIN, exports.ROLE_OWNER ];
const roleInt1 = ORDERED_ROLES.indexOf(role1);
const roleInt2 = ORDERED_ROLES.indexOf(role2);
return roleInt1 - roleInt2;
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function add(email, data, auditSource) {
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
assert.strictEqual(typeof email, 'string');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
assert(data && typeof data === 'object');
assert if auditSource is null on user apis
2019-01-23 11:18:31 +01:00
assert(auditSource && typeof auditSource === 'object');
pass owner flag in createUser
2016-02-08 21:05:02 -08:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
assert(data.username === null || typeof data.username === 'string');
assert(data.password === null || typeof data.password === 'string');
assert.strictEqual(typeof data.displayName, 'string');
do not strictly require fallbackEmail on user creation but provide a fallback
2021-10-28 10:29:02 +02:00
if ('fallbackEmail' in data) assert.strictEqual(typeof data.fallbackEmail, 'string');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
lint
2024-05-25 13:42:29 +02:00
const { displayName } = data;
let { username, password } = data;
do not strictly require fallbackEmail on user creation but provide a fallback
2021-10-28 10:29:02 +02:00
let fallbackEmail = data.fallbackEmail || '';
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const source = data.source || ''; // empty is local user
const role = data.role || exports.ROLE_USER;
notifications: add back app down and app oom mails
2024-12-11 20:44:46 +01:00
const notificationConfig = 'notificationConfig' in data ? data.notificationConfig : null;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
users: rename createdAt to creationTime
2021-05-17 07:18:21 -07:00
let error;
Move username and email lowercasing to where it belongs Fixes #592
2016-04-14 16:25:46 +02:00
Allow usernames and groupnames of length 1 Fixes #204
2017-02-02 00:23:11 -08:00
if (username !== null) {
username = username.toLowerCase();
error = validateUsername(username);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
Allow usernames and groupnames of length 1 Fixes #204
2017-02-02 00:23:11 -08:00
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Move password generation logic to model code
2018-06-11 12:59:52 -07:00
if (password !== null) {
error = validatePassword(password);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
Move password generation logic to model code
2018-06-11 12:59:52 -07:00
} else {
password = hat(8 * 8);
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Allow usernames and groupnames of length 1 Fixes #204
2017-02-02 00:23:11 -08:00
email = email.toLowerCase();
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
error = validateEmail(email);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
fallbackEmail is now independent from email
2021-10-26 22:50:02 +02:00
fallbackEmail = fallbackEmail.toLowerCase();
if (fallbackEmail) {
lint: constness
2024-04-26 20:09:36 +02:00
error = validateEmail(fallbackEmail);
fallbackEmail is now independent from email
2021-10-26 22:50:02 +02:00
if (error) throw error;
}
Add displayName to create user and activate routes
2016-01-19 23:34:49 -08:00
error = validateDisplayName(displayName);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
Add displayName to create user and activate routes
2016-01-19 23:34:49 -08:00
migrate permissions and admin flag to user.role
2020-02-21 12:17:06 -08:00
error = validateRole(role);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
lint
2024-05-25 13:42:29 +02:00
const [randomBytesError, salt] = await safe(randomBytesAsync(CRYPTO_SALT_SIZE));
if (randomBytesError) throw new BoxError(BoxError.CRYPTO_ERROR, randomBytesError);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
lint
2024-05-25 13:42:29 +02:00
const [pbkdf2Error, derivedKey] = await safe(pbkdf2Async(password, salt, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST));
if (pbkdf2Error) throw new BoxError(BoxError.CRYPTO_ERROR, pbkdf2Error);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const user = {
remove uuid module built into node.js now
2025-07-28 12:53:27 +02:00
id: 'uid-' + crypto.randomUUID(),
lint
2024-05-25 13:42:29 +02:00
username,
email,
fallbackEmail,
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
password: Buffer.from(derivedKey, 'binary').toString('hex'),
salt: salt.toString('hex'),
resetToken: '',
Set inviteToken on user creation
2021-10-01 14:45:26 +02:00
inviteToken: hat(256), // new users start out with invite tokens
lint
2024-05-25 13:42:29 +02:00
displayName,
source,
role,
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
avatar: null,
notifications: add back app down and app oom mails
2024-12-11 20:44:46 +01:00
language: '',
notificationConfigJson: notificationConfig ? JSON.stringify(notificationConfig) : null
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
};
notifications: add back app down and app oom mails
2024-12-11 20:44:46 +01:00
const query = 'INSERT INTO users (id, username, password, email, fallbackEmail, salt, resetToken, inviteToken, displayName, source, role, avatar, language, notificationConfigJson) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
const args = [ user.id, user.username, user.password, user.email, user.fallbackEmail, user.salt, user.resetToken, user.inviteToken, user.displayName, user.source, user.role, user.avatar, user.language, user.notificationConfigJson ];
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
[error] = await safe(database.query(query, args));
code -> sqlCode
2025-09-29 11:55:15 +02:00
if (error && error.sqlCode === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'email already exists');
if (error && error.sqlCode === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_username') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'username already exists');
if (error && error.sqlCode === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('PRIMARY') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'id already exists');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
// when this is used to create the owner, then we have to patch the auditSource to contain himself
if (!auditSource.userId) auditSource.userId = user.id;
if (!auditSource.username) auditSource.username= user.username;
add missing awaits for eventlog.add
2022-02-24 20:04:46 -08:00
await eventlog.add(eventlog.ACTION_USER_ADD, auditSource, { userId: user.id, email: user.email, user: removePrivateFields(user) });
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
fix various users-test.js
2021-07-19 12:43:30 -07:00
return user.id;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
users: asyncify and merge userdb.del
2021-06-26 09:57:07 -07:00
async function del(user, auditSource) {
user: load the resource with middleware
2020-02-13 20:45:00 -08:00
assert.strictEqual(typeof user, 'object');
assert if auditSource is null on user apis
2019-01-23 11:18:31 +01:00
assert(auditSource && typeof auditSource === 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Use BAD_STATE consistently for demo mode
2024-01-13 21:15:41 +01:00
if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Remove any deleted group and user from operators and accessRestriction part of #857
2025-10-20 16:37:14 +02:00
const arSearch = `JSON_SEARCH(accessRestrictionJson, 'one', ?, NULL, '$.users')`;
const opSearch = `JSON_SEARCH(operatorsJson, 'one', ?, NULL, '$.users')`;
const queries = [
{ query: `UPDATE apps SET accessRestrictionJson=JSON_REMOVE(accessRestrictionJson, REPLACE(${arSearch}, '"', '')) WHERE ${arSearch} IS NOT NULL`, args: [ user.id, user.id ] },
{ query: `UPDATE apps SET operatorsJson=JSON_REMOVE(operatorsJson, REPLACE(${opSearch}, '"', '')) WHERE ${opSearch} IS NOT NULL`, args: [ user.id, user.id ] },
{ query: 'DELETE FROM groupMembers WHERE userId = ?', args: [ user.id ] },
{ query: 'DELETE FROM tokens WHERE identifier = ?', args: [ user.id ] },
{ query: 'DELETE FROM appPasswords WHERE userId = ?', args: [ user.id ] },
{ query: 'DELETE FROM users WHERE id = ?', args: [ user.id ] }, // keep this the last query as we check affectedRows below
];
make user.remove and user.update add eventlog
2016-05-01 20:09:31 -07:00
users: asyncify and merge userdb.del
2021-06-26 09:57:07 -07:00
const [error, result] = await safe(database.transaction(queries));
code -> sqlCode
2025-09-29 11:55:15 +02:00
if (error && error.sqlCode === 'ER_NO_REFERENCED_ROW_2') throw new BoxError(BoxError.NOT_FOUND, error);
users: asyncify and merge userdb.del
2021-06-26 09:57:07 -07:00
if (error) throw error;
Remove any deleted group and user from operators and accessRestriction part of #857
2025-10-20 16:37:14 +02:00
if (result[queries.length-1].affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
Fix usage of eventlog.add
2021-06-03 11:42:32 -07:00
add missing awaits for eventlog.add
2022-02-24 20:04:46 -08:00
await eventlog.add(eventlog.ACTION_USER_REMOVE, auditSource, { userId: user.id, user: removePrivateFields(user) });
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
users: getAll -> list
2021-08-20 11:30:35 -07:00
async function list() {
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const results = await database.query(`SELECT ${USERS_FIELDS},GROUP_CONCAT(groupMembers.groupId) AS groupIds ` +
' FROM users LEFT OUTER JOIN groupMembers ON users.id = groupMembers.userId ' +
' GROUP BY users.id ORDER BY users.username');
set the admin flag in user object
2016-02-09 09:25:17 -08:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
results.forEach(function (result) {
result.groupIds = result.groupIds ? result.groupIds.split(',') : [ ];
set the admin flag in user object
2016-02-09 09:25:17 -08:00
});
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
results.forEach(postProcess);
return results;
set the admin flag in user object
2016-02-09 09:25:17 -08:00
}
Add ability to filter users by state
2022-02-07 16:57:00 +01:00
// if active is null then both active and inactive users are listed
async function listPaged(search, active, page, perPage) {
Support username search in user listing api
2019-01-15 17:21:40 +01:00
assert(typeof search === 'string' || search === null);
Add ability to filter users by state
2022-02-07 16:57:00 +01:00
assert(typeof active === 'boolean' || active === null);
Add user pagination to rest api
2019-01-14 16:39:20 +01:00
assert.strictEqual(typeof page, 'number');
assert.strictEqual(typeof perPage, 'number');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
let query = `SELECT ${USERS_FIELDS},GROUP_CONCAT(groupMembers.groupId) AS groupIds FROM users LEFT OUTER JOIN groupMembers ON users.id = groupMembers.userId `;
Add user pagination to rest api
2019-01-14 16:39:20 +01:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (search) {
query += ' WHERE ';
Add ability to filter users by state
2022-02-07 16:57:00 +01:00
query += '(';
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
query += '(LOWER(users.username) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
query += ' OR ';
query += '(LOWER(users.email) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
query += ' OR ';
query += '(LOWER(users.displayName) LIKE ' + mysql.escape(`%${search.toLowerCase()}%`) + ')';
Add ability to filter users by state
2022-02-07 16:57:00 +01:00
query += ')';
}
if (active !== null) {
if (search) query += ' AND ';
else query += ' WHERE ';
query += 'users.active' + (!active ? ' IS NOT ' : ' IS ') + 'TRUE';
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
}
Add user pagination to rest api
2019-01-14 16:39:20 +01:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
query += ` GROUP BY users.id ORDER BY users.username ASC LIMIT ${(page-1)*perPage},${perPage} `;
do not use userdb directly
2016-06-07 09:59:29 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const results = await database.query(query);
do not use userdb directly
2016-06-07 09:59:29 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
results.forEach(function (result) {
result.groupIds = result.groupIds ? result.groupIds.split(',') : [ ];
do not use userdb directly
2016-06-07 09:59:29 -07:00
});
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
results.forEach(postProcess);
Add users.isActivated it's easier to see where we do activation checks
2018-11-10 18:08:08 -08:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
return results;
}
Add users.isActivated it's easier to see where we do activation checks
2018-11-10 18:08:08 -08:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function isActivated() {
const result = await database.query('SELECT COUNT(*) AS total FROM users');
return result[0].total !== 0;
Add users.isActivated it's easier to see where we do activation checks
2018-11-10 18:08:08 -08:00
}
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
async function internalGet(fieldName, fieldValue) {
assert.strictEqual(typeof fieldName, 'string');
assert.strictEqual(typeof fieldValue, 'string');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const results = await database.query(`SELECT ${USERS_FIELDS},GROUP_CONCAT(groupMembers.groupId) AS groupIds ` +
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
' FROM users LEFT OUTER JOIN groupMembers ON users.id = groupMembers.userId ' +
` GROUP BY users.id HAVING users.${fieldName} = ?`, [ fieldValue ]);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (results.length === 0) return null;
add groupIds to user object
2016-02-08 20:38:50 -08:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
results[0].groupIds = results[0].groupIds ? results[0].groupIds.split(',') : [ ];
add groupIds to user object
2016-02-08 20:38:50 -08:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
return postProcess(results[0]);
}
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
async function get(userId) {
assert.strictEqual(typeof userId, 'string');
return await internalGet('id', userId);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
async function getByEmail(email) {
assert.strictEqual(typeof email, 'string');
return await internalGet('email', email);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
}
async function getByResetToken(resetToken) {
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
assert.strictEqual(typeof resetToken, 'string');
lint: constness
2024-04-26 20:09:36 +02:00
const error = validateToken(resetToken);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
return await internalGet('resetToken', resetToken);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
Separate invite and password reset token
2021-10-01 12:27:22 +02:00
async function getByInviteToken(inviteToken) {
assert.strictEqual(typeof inviteToken, 'string');
lint: constness
2024-04-26 20:09:36 +02:00
const error = validateToken(inviteToken);
Separate invite and password reset token
2021-10-01 12:27:22 +02:00
if (error) throw error;
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
return await internalGet('inviteToken', inviteToken);
Separate invite and password reset token
2021-10-01 12:27:22 +02:00
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function getByUsername(username) {
Make initial sftp connection work
2019-03-18 21:15:50 -07:00
assert.strictEqual(typeof username, 'string');
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
return await internalGet('username', username);
Make initial sftp connection work
2019-03-18 21:15:50 -07:00
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function update(user, data, auditSource) {
user: load the resource with middleware
2020-02-13 20:45:00 -08:00
assert.strictEqual(typeof user, 'object');
user.update does not need the user object
2016-06-02 23:53:06 -07:00
assert.strictEqual(typeof data, 'object');
assert if auditSource is null on user apis
2019-01-23 11:18:31 +01:00
assert(auditSource && typeof auditSource === 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
assert(!('twoFactorAuthenticationEnabled' in data) || (typeof data.twoFactorAuthenticationEnabled === 'boolean'));
assert(!('active' in data) || (typeof data.active === 'boolean'));
assert(!('loginLocations' in data) || (Array.isArray(data.loginLocations)));
Disable updating the cloudron user in demo mode
2020-10-23 11:41:39 -07:00
Use BAD_STATE consistently for demo mode
2024-01-13 21:15:41 +01:00
if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
user.update does not need the user object
2016-06-02 23:53:06 -07:00
if (data.username) {
more profileConfig rename
2022-01-13 15:20:16 -08:00
// regardless of "account setup", username cannot be changed because admin could have logged in with temp password and apps
// already know about it
if (user.username) throw new BoxError(BoxError.CONFLICT, 'Username cannot be changed');
user.update does not need the user object
2016-06-02 23:53:06 -07:00
data.username = data.username.toLowerCase();
lint
2024-05-25 13:42:29 +02:00
const error = validateUsername(data.username);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
user.update does not need the user object
2016-06-02 23:53:06 -07:00
}
if (data.email) {
data.email = data.email.toLowerCase();
lint
2024-05-25 13:42:29 +02:00
const error = validateEmail(data.email);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
user.update does not need the user object
2016-06-02 23:53:06 -07:00
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Add fallbackEmail to user data model
2018-01-21 14:25:39 +01:00
if (data.fallbackEmail) {
data.fallbackEmail = data.fallbackEmail.toLowerCase();
lint
2024-05-25 13:42:29 +02:00
const error = validateEmail(data.fallbackEmail);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
Add fallbackEmail to user data model
2018-01-21 14:25:39 +01:00
}
migrate permissions and admin flag to user.role
2020-02-21 12:17:06 -08:00
if (data.role) {
lint
2024-05-25 13:42:29 +02:00
const error = validateRole(data.role);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
add manage user permission
2020-02-13 22:06:54 -08:00
}
profile: store preferred language in the database
2024-02-26 12:32:14 +01:00
if (data.language) {
lint
2024-05-25 13:42:29 +02:00
const error = await validateLanguage(data.language);
profile: store preferred language in the database
2024-02-26 12:32:14 +01:00
if (error) throw error;
}
lint
2024-05-25 13:42:29 +02:00
const args = [], fields = [];
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
for (const k in data) {
if (k === 'twoFactorAuthenticationEnabled' || k === 'active') {
fields.push(k + ' = ?');
args.push(data[k] ? 1 : 0);
notifications: add back app down and app oom mails
2024-12-11 20:44:46 +01:00
} else if (k === 'loginLocations' || k === 'notificationConfig') {
fields.push(`${k}Json = ?`);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
args.push(JSON.stringify(data[k]));
} else {
fields.push(k + ' = ?');
args.push(data[k]);
}
}
users: do nothing when nothing to update
2025-02-13 17:28:02 +01:00
if (args.length == 0) return; // nothing to do
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
args.push(user.id);
make user.remove and user.update add eventlog
2016-05-01 20:09:31 -07:00
lint
2024-05-25 13:42:29 +02:00
const [error, result] = await safe(database.query('UPDATE users SET ' + fields.join(', ') + ' WHERE id = ?', args));
code -> sqlCode
2025-09-29 11:55:15 +02:00
if (error && error.sqlCode === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'email already exists');
if (error && error.sqlCode === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_username') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'username already exists');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw new BoxError(BoxError.DATABASE_ERROR, error);
if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
user: load the resource with middleware
2020-02-13 20:45:00 -08:00
replace usage of _.extend with Object.assign
2023-05-25 11:27:23 +02:00
const newUser = Object.assign({}, user, data);
Make users-test work
2020-02-14 13:01:51 -08:00
add missing awaits for eventlog.add
2022-02-24 20:04:46 -08:00
await eventlog.add(eventlog.ACTION_USER_UPDATE, auditSource, {
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
userId: user.id,
user: removePrivateFields(newUser),
roleChanged: newUser.role !== user.role,
activeStatusChanged: ((newUser.active && !user.active) || (!newUser.active && user.active))
remove mailbox routes and move it to users
2016-09-21 15:34:58 -07:00
});
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
users: cannot update profile fields of external user
2024-01-20 10:41:24 +01:00
async function updateProfile(user, profile, auditSource) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof profile, 'object');
assert(auditSource && typeof auditSource === 'object');
if (user.source === 'ldap') throw new BoxError(BoxError.BAD_STATE, 'Cannot update profile of external auth user');
await update(user, profile, auditSource);
}
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
async function listByRole(role) {
assert.strictEqual(typeof role, 'string');
// the mailer code relies on the first object being the 'owner' (thus the ORDER)
const results = await database.query(`SELECT ${USERS_FIELDS},GROUP_CONCAT(groupMembers.groupId) AS groupIds ` +
' FROM users LEFT OUTER JOIN groupMembers ON users.id = groupMembers.userId ' +
' GROUP BY users.id HAVING role = ? ORDER BY users.creationTime', [ role ]);
results.forEach(function (result) {
result.groupIds = result.groupIds ? result.groupIds.split(',') : [ ];
});
results.forEach(postProcess);
return results;
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function getOwner() {
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
const owners = await listByRole(exports.ROLE_OWNER);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (owners.length === 0) return null;
return owners[0];
Add route to set the users groups
2016-02-09 15:47:02 -08:00
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function getAdmins() {
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
const owners = await listByRole(exports.ROLE_OWNER);
const admins = await listByRole(exports.ROLE_ADMIN);
migrate permissions and admin flag to user.role
2020-02-21 12:17:06 -08:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
return owners.concat(admins);
Add user.getAllAdmins()
2016-01-15 16:04:33 +01:00
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function getSuperadmins() {
users: ensure all user objects have groupIds this prevents ldap/sftp code from detecting user groups and thus fails to detect membership of a user via operator groups.
2025-08-07 12:28:55 +02:00
return await listByRole(exports.ROLE_OWNER);
notifications: send backup fail only to owner only superadmin has access to server and can adjust backup config
2021-04-19 20:52:10 -07:00
}
Revert "Add no-use-before-define linter rule" This reverts commit fdcc5d68a2a92a24b50b490a7a9d9e8cb97f5829. Unfortunately, this requires us to move exports to the bottom. This in turn causes circular dep issues and also access of exports.GLOBAL_VAR in the global context
2025-10-08 20:11:55 +02:00
async function setGhost(user, password, expiresAt) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof expiresAt, 'number');
if (!user.username) throw new BoxError(BoxError.BAD_STATE, 'user has no username yet');
expiresAt = expiresAt || (Date.now() + DEFAULT_GHOST_LIFETIME);
const ghostData = await settings.getJson(settings.GHOSTS_CONFIG_KEY) || {};
ghostData[user.username] = { password, expiresAt };
await settings.setJson(settings.GHOSTS_CONFIG_KEY, ghostData);
}
// returns true if ghost user was matched
async function verifyGhost(username, password) {
assert.strictEqual(typeof username, 'string');
assert.strictEqual(typeof password, 'string');
const ghostData = await settings.getJson(settings.GHOSTS_CONFIG_KEY) || {};
// either the username is an object with { password, expiresAt } or a string with the password which will expire on first match
if (username in ghostData) {
if (typeof ghostData[username] === 'object') {
if (ghostData[username].expiresAt < Date.now()) {
debug('verifyGhost: password expired');
delete ghostData[username];
await settings.setJson(settings.GHOSTS_CONFIG_KEY, ghostData);
return false;
} else if (ghostData[username].password === password) {
debug('verifyGhost: matched ghost user');
return true;
} else {
return false;
}
} else if(ghostData[username] === password) {
debug('verifyGhost: matched ghost user');
delete ghostData[username];
await settings.setJson(settings.GHOSTS_CONFIG_KEY, ghostData);
return true;
}
}
return false;
}
async function verifyAppPassword(userId, password, identifier) {
assert.strictEqual(typeof userId, 'string');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof identifier, 'string');
const results = await appPasswords.list(userId);
const hashedPasswords = results.filter(r => r.identifier === identifier).map(r => r.hashedPassword);
const hash = crypto.createHash('sha256').update(password).digest('base64');
if (hashedPasswords.includes(hash)) return;
throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Password is not valid');
}
// identifier is only used to check if password is valid for a specific app
async function verify(user, password, identifier, options) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof identifier, 'string');
assert.strictEqual(typeof options, 'object');
if (!user.active) {
debug(`verify: ${user.username} is not active`);
throw new BoxError(BoxError.NOT_FOUND, 'User not active');
}
// for just invited users the username may be still null
if (user.username) {
const valid = await verifyGhost(user.username, password);
if (valid) {
debug(`verify: ${user.username} authenticated via impersonation`);
user.ghost = true;
return user;
}
}
const [error] = await safe(verifyAppPassword(user.id, password, identifier));
if (!error) { // matched app password
debug(`verify: ${user.username || user.id} matched app password`);
user.appPassword = true;
return user;
}
let localTotpCheck = true; // does 2fa need to be verified with local database 2fa creds
if (user.source === 'ldap') {
await externalLdap.verifyPassword(user.username, password, options);
const externalLdapConfig = await externalLdap.getConfig();
localTotpCheck = user.twoFactorAuthenticationEnabled && !externalLdap.supports2FA(externalLdapConfig);
} else {
const saltBinary = Buffer.from(user.salt, 'hex');
const [error, derivedKey] = await safe(pbkdf2Async(password, saltBinary, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST));
if (error) throw new BoxError(BoxError.CRYPTO_ERROR, error);
const derivedKeyHex = Buffer.from(derivedKey, 'binary').toString('hex');
if (derivedKeyHex !== user.password) {
debug(`verify: ${user.username || user.id} provided incorrect password`);
throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Wrong password');
}
localTotpCheck = user.twoFactorAuthenticationEnabled;
}
if (localTotpCheck && !options.skipTotpCheck) {
if (!options.totpToken) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'A totpToken must be provided');
const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: options.totpToken, window: 2 });
if (!verified) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Invalid totpToken');
}
return user;
}
async function verifyWithId(id, password, identifier, options) {
assert.strictEqual(typeof id, 'string');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof identifier, 'string');
assert.strictEqual(typeof options, 'object');
const user = await get(id);
if (!user) {
debug(`verifyWithId: ${id} not found`);
throw new BoxError(BoxError.NOT_FOUND, 'User not found');
}
return await verify(user, password, identifier, options);
}
async function verifyWithUsername(username, password, identifier, options) {
assert.strictEqual(typeof username, 'string');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof identifier, 'string');
assert.strictEqual(typeof options, 'object');
const user = await getByUsername(username.toLowerCase());
if (user) return await verify(user, password, identifier, options);
const [error, newUserId] = await safe(externalLdap.maybeCreateUser(username.toLowerCase()));
if (error && error.reason === BoxError.BAD_STATE) {
debug(`verifyWithUsername: ${username} not found`);
throw new BoxError(BoxError.NOT_FOUND, 'User not found'); // no external ldap or no auto create
}
if (error) {
debug(`verifyWithUsername: failed to auto create user ${username}. %o`, error);
throw new BoxError(BoxError.NOT_FOUND, 'User not found');
}
return await verifyWithId(newUserId, password, identifier, options);
}
async function verifyWithEmail(email, password, identifier, options) {
assert.strictEqual(typeof email, 'string');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof identifier, 'string');
assert.strictEqual(typeof options, 'object');
const user = await getByEmail(email.toLowerCase());
if (!user) {
debug(`verifyWithEmail: ${email} no such user`);
throw new BoxError(BoxError.NOT_FOUND, 'User not found');
}
return await verify(user, password, identifier, options);
}
Add two distinct password reset routes
2021-10-27 18:36:28 +02:00
async function getPasswordResetLink(user, auditSource) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof auditSource, 'object');
let resetToken = user.resetToken;
let resetTokenCreationTime = user.resetTokenCreationTime || 0;
if (!resetToken || (Date.now() - resetTokenCreationTime > 7 * 24 * 60 * 60 * 1000)) {
resetToken = hat(256);
resetTokenCreationTime = new Date();
await update(user, { resetToken, resetTokenCreationTime }, auditSource);
}
move dashboard setting into dashboard.js
2023-08-11 19:41:05 +05:30
const { fqdn:dashboardFqdn } = await dashboard.getLocation();
const resetLink = `https://${dashboardFqdn}/passwordreset.html?resetToken=${resetToken}`;
Return password reset link on reset request route
2021-09-16 14:34:56 +02:00
return resetLink;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
security: do not password reset mail to cloudron owned mail domain https://forum.cloudron.io/topic/7951/privilege-escalation-through-mail-manager-role
2022-11-10 12:57:32 +01:00
async function sendPasswordResetByIdentifier(identifier, auditSource) {
assert.strictEqual(typeof identifier, 'string');
assert.strictEqual(typeof auditSource, 'object');
const user = identifier.indexOf('@') === -1 ? await getByUsername(identifier.toLowerCase()) : await getByEmail(identifier.toLowerCase());
if (!user) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
do not send email reset for external users
2024-01-13 21:37:02 +01:00
if (user.source === 'ldap') throw new BoxError(BoxError.BAD_STATE, 'Cannot reset password of external auth user');
security: do not password reset mail to cloudron owned mail domain https://forum.cloudron.io/topic/7951/privilege-escalation-through-mail-manager-role
2022-11-10 12:57:32 +01:00
const email = user.fallbackEmail || user.email;
// security measure to prevent a mail manager or admin resetting the superadmin's password
const mailDomains = await mail.listDomains();
Clarify error message further
2022-11-10 13:46:33 +01:00
if (mailDomains.some(d => d.enabled && email.endsWith(`@${d.domain}`))) throw new BoxError(BoxError.CONFLICT, 'Password reset email cannot be sent to email addresses hosted on the same Cloudron');
security: do not password reset mail to cloudron owned mail domain https://forum.cloudron.io/topic/7951/privilege-escalation-through-mail-manager-role
2022-11-10 12:57:32 +01:00
const resetLink = await getPasswordResetLink(user, auditSource);
await mailer.passwordReset(user, email, resetLink);
}
Add two distinct password reset routes
2021-10-27 18:36:28 +02:00
async function sendPasswordResetEmail(user, email, auditSource) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof email, 'string');
assert.strictEqual(typeof auditSource, 'object');
Add and fixup invite link related tests
2021-10-28 11:18:31 +02:00
const error = validateEmail(email);
if (error) throw error;
security: do not password reset mail to cloudron owned mail domain https://forum.cloudron.io/topic/7951/privilege-escalation-through-mail-manager-role
2022-11-10 12:57:32 +01:00
// security measure to prevent a mail manager or admin resetting the superadmin's password
const mailDomains = await mail.listDomains();
Clarify error message further
2022-11-10 13:46:33 +01:00
if (mailDomains.some(d => d.enabled && email.endsWith(`@${d.domain}`))) throw new BoxError(BoxError.CONFLICT, 'Password reset email cannot be sent to email addresses hosted on the same Cloudron');
security: do not password reset mail to cloudron owned mail domain https://forum.cloudron.io/topic/7951/privilege-escalation-through-mail-manager-role
2022-11-10 12:57:32 +01:00
Add two distinct password reset routes
2021-10-27 18:36:28 +02:00
const resetLink = await getPasswordResetLink(user, auditSource);
await mailer.passwordReset(user, email, resetLink);
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function notifyLoginLocation(user, ip, userAgent, auditSource) {
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof ip, 'string');
assert.strictEqual(typeof userAgent, 'string');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
assert.strictEqual(typeof auditSource, 'object');
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
oidc: do not notify login of ghost users
2025-06-11 23:38:32 +02:00
debug(`notifyLoginLocation: ${user.id} ${ip} ${userAgent} ghost:${!!user.ghost}`);
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
demo is just a constant, not a setting
2023-08-04 14:13:30 +05:30
if (constants.DEMO) return;
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (constants.TEST && ip === '127.0.0.1') return;
notification: do not send login notification for external users
2024-06-13 16:47:08 +02:00
if (user.ghost || user.source) return; // for external users, rely on the external source to send login notification to avoid dup login emails
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
When using await on superagent we should not call end() https://visionmedia.github.io/superagent/#promise-and-generator-support
2021-07-29 11:26:23 +02:00
const response = await superagent.get('https://geolocation.cloudron.io/json').query({ ip }).ok(() => true);
replace with custom superagent based on fetch API
2025-02-14 17:26:54 +01:00
if (response.status !== 200) return debug(`Failed to get geoip info. status: ${response.status}`);
Fix failing tests
2021-04-30 09:44:25 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const country = safe.query(response.body, 'country.names.en', '');
const city = safe.query(response.body, 'city.names.en', '');
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (!city || !country) return;
Only use simplified user agent for login detection
2021-05-04 09:11:16 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const ua = uaParser(userAgent);
const simplifiedUserAgent = ua.browser.name ? `${ua.browser.name} - ${ua.os.name}` : userAgent;
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const knownLogin = user.loginLocations.find(function (l) {
return l.userAgent === simplifiedUserAgent && l.country === country && l.city === city;
});
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (knownLogin) return;
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
// purge potentially old locations where ts > now() - 6 months
const sixMonthsBack = Date.now() - 6 * 30 * 24 * 60 * 60 * 1000;
const newLoginLocation = { ts: Date.now(), ip, userAgent: simplifiedUserAgent, country, city };
lint: constness
2024-04-26 20:09:36 +02:00
const loginLocations = user.loginLocations.filter(function (l) { return l.ts > sixMonthsBack; });
Fallback to unkown useragent and don't stash such login attempts
2021-05-04 20:02:53 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
// only stash if we have a real useragent, otherwise warn the user every time
if (simplifiedUserAgent) loginLocations.push(newLoginLocation);
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
await update(user, { loginLocations }, auditSource);
mailer: handle error at the caller instead the send test email logic breaks if we disable throwing error in send
2025-08-06 10:18:05 +02:00
await safe(mailer.sendNewLoginLocation(user, newLoginLocation), { debug });
Properly detect new user agents and location
2021-04-30 13:21:50 +02:00
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function setPassword(user, newPassword, auditSource) {
user: load the resource with middleware
2020-02-13 20:45:00 -08:00
assert.strictEqual(typeof user, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
assert.strictEqual(typeof newPassword, 'string');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
assert.strictEqual(typeof auditSource, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
lint
2024-05-25 13:42:29 +02:00
const error = validatePassword(newPassword);
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Use BAD_STATE consistently for demo mode
2024-01-13 21:15:41 +01:00
if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (user.source) throw new BoxError(BoxError.CONFLICT, 'User is from an external directory');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
lint
2024-05-25 13:42:29 +02:00
const [randomBytesError, salt] = await safe(randomBytesAsync(CRYPTO_SALT_SIZE));
if (randomBytesError) throw new BoxError(BoxError.CRYPTO_ERROR, randomBytesError);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
lint
2024-05-25 13:42:29 +02:00
const [pbkdf2Error, derivedKey] = await safe(pbkdf2Async(newPassword, salt, CRYPTO_ITERATIONS, CRYPTO_KEY_LENGTH, CRYPTO_DIGEST));
if (pbkdf2Error) throw new BoxError(BoxError.CRYPTO_ERROR, pbkdf2Error);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const data = {
make users-test work
2021-08-13 14:43:08 -07:00
salt: salt.toString('hex'),
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
password: Buffer.from(derivedKey, 'binary').toString('hex'),
resetToken: ''
};
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
await update(user, data, auditSource);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function createOwner(email, username, password, displayName, auditSource) {
assert.strictEqual(typeof email, 'string');
Add asserts for user.createOwner()
2016-04-04 15:14:00 +02:00
assert.strictEqual(typeof username, 'string');
assert.strictEqual(typeof password, 'string');
assert.strictEqual(typeof displayName, 'string');
assert if auditSource is null on user apis
2019-01-23 11:18:31 +01:00
assert(auditSource && typeof auditSource === 'object');
Add asserts for user.createOwner()
2016-04-04 15:14:00 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
// This is only not allowed for the owner. reset of username validation happens in add()
if (username === '') throw new BoxError(BoxError.BAD_FIELD, 'Username cannot be empty');
Do not allow empty username on createOwner()
2016-04-04 15:16:16 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const activated = await isActivated();
if (activated) throw new BoxError(BoxError.ALREADY_EXISTS, 'Cloudron already activated');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
notifications: add update failure in defaults
2025-01-24 18:51:04 +01:00
const notificationConfig = [notifications.TYPE_BACKUP_FAILED, notifications.TYPE_CERTIFICATE_RENEWAL_FAILED, notifications.TYPE_MANUAL_APP_UPDATE_NEEDED, notifications.TYPE_APP_DOWN, notifications.TYPE_CLOUDRON_UPDATE_FAILED ];
notifications: add back app down and app oom mails
2024-12-11 20:44:46 +01:00
return await add(email, { username, password, fallbackEmail: '', displayName, role: exports.ROLE_OWNER, notificationConfig }, auditSource);
Add getOwner
2016-01-13 12:28:38 -08:00
}
add user.sendInvite() with tests
2016-01-18 15:16:18 +01:00
Invite is now also separate
2021-10-27 19:58:06 +02:00
async function getInviteLink(user, auditSource) {
user: load the resource with middleware
2020-02-13 20:45:00 -08:00
assert.strictEqual(typeof user, 'object');
Invite is now also separate
2021-10-27 19:58:06 +02:00
assert.strictEqual(typeof auditSource, 'object');
add user.sendInvite() with tests
2016-01-18 15:16:18 +01:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
if (user.source) throw new BoxError(BoxError.CONFLICT, 'User is from an external directory');
fail getting invite link or sending invite if invate was already used
2021-10-27 21:25:43 +02:00
if (!user.inviteToken) throw new BoxError(BoxError.BAD_STATE, 'User already used invite link');
Disable invite & password reset route for external users
2019-10-29 11:03:28 -07:00
split routes and model code into user-directory.js
2024-06-12 10:27:59 +02:00
const directoryConfig = await userDirectory.getProfileConfig();
move dashboard setting into dashboard.js
2023-08-11 19:41:05 +05:30
const { fqdn:dashboardFqdn } = await dashboard.getLocation();
let inviteLink = `https://${dashboardFqdn}/setupaccount.html?inviteToken=${user.inviteToken}&email=${encodeURIComponent(user.email)}`;
Invitation is now also just a single route like password reset
2021-09-16 14:56:10 +02:00
if (user.username) inviteLink += `&username=${encodeURIComponent(user.username)}`;
if (user.displayName) inviteLink += `&displayName=${encodeURIComponent(user.displayName)}`;
if (directoryConfig.lockUserProfiles) inviteLink += '&profileLocked=true';
setup account based on directory config part of #704
2020-07-09 16:39:29 -07:00
Invitation is now also just a single route like password reset
2021-09-16 14:56:10 +02:00
return inviteLink;
setup account based on directory config part of #704
2020-07-09 16:39:29 -07:00
}
Invite is now also separate
2021-10-27 19:58:06 +02:00
async function sendInviteEmail(user, email, auditSource) {
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof email, 'string');
assert.strictEqual(typeof auditSource, 'object');
Add and fixup invite link related tests
2021-10-28 11:18:31 +02:00
const error = validateEmail(email);
if (error) throw error;
Fix wrong assert and minor typos
2021-10-27 21:25:43 +02:00
const inviteLink = await getInviteLink(user, auditSource);
await mailer.sendInvite(user, null /* invitor */, email, inviteLink);
Invite is now also separate
2021-10-27 19:58:06 +02:00
}
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
async function setupAccount(user, data, auditSource) {
setup account based on directory config part of #704
2020-07-09 16:39:29 -07:00
assert.strictEqual(typeof user, 'object');
assert.strictEqual(typeof data, 'object');
assert(auditSource && typeof auditSource === 'object');
Fix profile test
2025-08-14 16:02:54 +05:30
const profileConfig = await userDirectory.getProfileConfig();
// error out if admin has not provided a username
if (profileConfig.lockUserProfiles) {
if (!user.username) throw new BoxError(BoxError.CONFLICT, 'Account cannot be setup without a username');
if (data.username) throw new BoxError(BoxError.CONFLICT, 'Username cannot be changed because profiles are locked');
}
Fix location conflict error message
2022-02-07 16:09:43 -08:00
const tmp = { inviteToken: '' };
Fix user signup when profile is locked and add tests
2021-11-22 20:42:51 +01:00
Validate user account input during account setup
2025-08-08 10:07:14 +02:00
if (data.username) {
const error = validateUsername(data.username);
if (error) throw error;
tmp.username = data.username;
Fix user signup when profile is locked and add tests
2021-11-22 20:42:51 +01:00
}
Validate user account input during account setup
2025-08-08 10:07:14 +02:00
if (data.displayName) {
const error = validateDisplayName(data.displayName);
if (error) throw error;
setup account based on directory config part of #704
2020-07-09 16:39:29 -07:00
Validate user account input during account setup
2025-08-08 10:07:14 +02:00
tmp.displayName = data.displayName;
}
const error = validatePassword(data.password);
if (error) throw error;
await update(user, tmp, auditSource);
Separate invite and password reset token
2021-10-01 12:27:22 +02:00
await setPassword(user, data.password, auditSource);
setup account based on directory config part of #704
2020-07-09 16:39:29 -07:00
move tokens.ID_ into oidcClients.ID_
2025-06-11 22:53:29 +02:00
const token = { clientId: oidcClients.ID_WEBADMIN, identifier: user.id, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS, allowedIpRanges: '' };
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const result = await tokens.add(token);
return result.accessToken;
Split the invite route into two
2018-08-17 09:49:58 -07:00
}
externalldap: when using cloudron source, disable local 2fa setup
2024-01-20 11:35:27 +01:00
async function setTwoFactorAuthenticationSecret(user, auditSource) {
assert.strictEqual(typeof user, 'object');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
assert(auditSource && typeof auditSource === 'object');
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
externalldap: when using cloudron source, disable local 2fa setup
2024-01-20 11:35:27 +01:00
const externalLdapConfig = await externalLdap.getConfig();
if (user.source === 'ldap' && externalLdap.supports2FA(externalLdapConfig)) throw new BoxError(BoxError.BAD_STATE, 'Cannot disable 2FA of external auth user');
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
Use BAD_STATE consistently for demo mode
2024-01-13 21:15:41 +01:00
if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
Disable ldap/directory config/2fa in demo mode
2020-07-22 16:18:22 -07:00
boxerror: always pass second error string
2024-10-30 16:21:21 +01:00
if (user.twoFactorAuthenticationEnabled) throw new BoxError(BoxError.ALREADY_EXISTS, '2FA is already enabled');
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
move dashboard setting into dashboard.js
2023-08-11 19:41:05 +05:30
const { fqdn:dashboardFqdn } = await dashboard.getLocation();
const secret = speakeasy.generateSecret({ name: `Cloudron ${dashboardFqdn} (${user.username})` });
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
await update(user, { twoFactorAuthenticationSecret: secret.base32, twoFactorAuthenticationEnabled: false }, auditSource);
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const [error, dataUrl] = await safe(qrcode.toDataURL(secret.otpauth_url));
if (error) throw new BoxError(BoxError.INTERNAL_ERROR, error);
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
return { secret: secret.base32, qrcode: dataUrl };
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
}
externalldap: when using cloudron source, disable local 2fa setup
2024-01-20 11:35:27 +01:00
async function enableTwoFactorAuthentication(user, totpToken, auditSource) {
assert.strictEqual(typeof user, 'object');
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
assert.strictEqual(typeof totpToken, 'string');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
assert(auditSource && typeof auditSource === 'object');
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
externalldap: when using cloudron source, disable local 2fa setup
2024-01-20 11:35:27 +01:00
const externalLdapConfig = await externalLdap.getConfig();
if (user.source === 'ldap' && externalLdap.supports2FA(externalLdapConfig)) throw new BoxError(BoxError.BAD_STATE, 'Cannot enable 2FA of external auth user');
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken, window: 2 });
boxerror: always pass second error string
2024-10-30 16:21:21 +01:00
if (!verified) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Invalid 2FA code');
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
boxerror: always pass second error string
2024-10-30 16:21:21 +01:00
if (user.twoFactorAuthenticationEnabled) throw new BoxError(BoxError.ALREADY_EXISTS, '2FA already enabled');
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
await update(user, { twoFactorAuthenticationEnabled: true }, auditSource);
Add 2fa routest and business logic
2018-04-25 19:08:15 +02:00
}
externalldap: when using cloudron source, disable local 2fa setup
2024-01-20 11:35:27 +01:00
async function disableTwoFactorAuthentication(user, auditSource) {
assert.strictEqual(typeof user, 'object');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
assert(auditSource && typeof auditSource === 'object');
Add user enable/disable flag
2019-08-08 05:45:56 -07:00
externalldap: when using cloudron source, disable local 2fa setup
2024-01-20 11:35:27 +01:00
const externalLdapConfig = await externalLdap.getConfig();
if (user.source === 'ldap' && externalLdap.supports2FA(externalLdapConfig)) throw new BoxError(BoxError.BAD_STATE, 'Cannot disable 2FA of external auth user');
merge userdb.js into users.js
2021-07-15 09:50:11 -07:00
await update(user, { twoFactorAuthenticationEnabled: false, twoFactorAuthenticationSecret: '' }, auditSource);
Add user enable/disable flag
2019-08-08 05:45:56 -07:00
}
Add app passwords feature
2020-01-31 15:28:42 -08:00
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
async function getAvatar(user) {
assert.strictEqual(typeof user, 'object');
user: move avatar handling into model code
2020-07-09 22:33:36 -07:00
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
const result = await database.query('SELECT avatar FROM users WHERE id = ?', [ user.id ]);
Make gravatar support explicit only
2021-07-07 14:31:39 +02:00
if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
async'ify avatar and apppassword code
2021-06-25 22:11:17 -07:00
return result[0].avatar;
user: move avatar handling into model code
2020-07-09 22:33:36 -07:00
}
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
async function setAvatar(user, avatar) {
assert.strictEqual(typeof user, 'object');
users: add unset route for avatar also add missing tests for avatar and profile locking
2025-07-15 10:06:26 +02:00
assert(Buffer.isBuffer(avatar) || avatar === null);
user: move avatar handling into model code
2020-07-09 22:33:36 -07:00
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
const result = await database.query('UPDATE users SET avatar=? WHERE id = ?', [ avatar, user.id ]);
async'ify avatar and apppassword code
2021-06-25 22:11:17 -07:00
if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
user: move avatar handling into model code
2020-07-09 22:33:36 -07:00
}
Add profile backgroundImage api
2022-05-14 19:41:32 +02:00
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
async function getBackgroundImage(user) {
assert.strictEqual(typeof user, 'object');
Add profile backgroundImage api
2022-05-14 19:41:32 +02:00
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
const result = await database.query('SELECT backgroundImage FROM users WHERE id = ?', [ user.id ]);
Add profile backgroundImage api
2022-05-14 19:41:32 +02:00
if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
return result[0].backgroundImage;
}
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
async function setBackgroundImage(user, backgroundImage) {
assert.strictEqual(typeof user, 'object');
Allow to unset background image
2022-05-15 12:14:17 +02:00
assert(Buffer.isBuffer(backgroundImage) || backgroundImage === null);
Add profile backgroundImage api
2022-05-14 19:41:32 +02:00
profile: drop gravatar support gravatar is owned by an external entity (Automattic) and we have an unnecessary dep to this service. users can just upload a profile pic
2025-06-08 12:42:13 +02:00
const result = await database.query('UPDATE users SET backgroundImage=? WHERE id = ?', [ backgroundImage, user.id ]);
Add profile backgroundImage api
2022-05-14 19:41:32 +02:00
if (result.length === 0) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
}
settings: make user_directory setting route
2023-08-03 08:11:42 +05:30
notifications: per user email prefs
2024-12-11 18:24:20 +01:00
async function setNotificationConfig(user, notificationConfig, auditSource) {
assert.strictEqual(typeof user, 'object');
assert(Array.isArray(notificationConfig));
assert(auditSource && typeof auditSource === 'object');
notifications: add back app down and app oom mails
2024-12-11 20:44:46 +01:00
await update(user, { notificationConfig }, auditSource);
notifications: per user email prefs
2024-12-11 18:24:20 +01:00
}
groups: add events to eventlog
2024-12-04 09:48:25 +01:00
async function resetSources() {
external directory: reset auth source when disabled this allows existing users to login (including the owner itself) The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time. If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
2024-01-13 11:27:08 +01:00
await database.query('UPDATE users SET source = ?', [ '' ]);
}
Fix parsing of displayName Currently, we only have one field for the name. The first part is first name. The rest is last name. Obviously, this won't work in all cases but is the best we can do for the moment.
2024-02-06 16:43:05 +01:00
function parseDisplayName(displayName) {
assert.strictEqual(typeof displayName, 'string');
const middleName = '';
const idx = displayName.indexOf(' ');
if (idx === -1) return { firstName: displayName, lastName: '', middleName };
const firstName = displayName.substring(0, idx);
const lastName = displayName.substring(idx+1);
return { firstName, lastName, middleName };
}
Revert "Add no-use-before-define linter rule" This reverts commit fdcc5d68a2a92a24b50b490a7a9d9e8cb97f5829. Unfortunately, this requires us to move exports to the bottom. This in turn causes circular dep issues and also access of exports.GLOBAL_VAR in the global context
2025-10-08 20:11:55 +02:00
Reference in New Issue Copy Permalink