jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
14,803 Commits 33 Branches 583 Tags
22f9ffd119b11f92af8b4e51e3dd1713801a6145
Commit Graph

78 Commits

Author SHA1 Message Date
Girish Ramakrishnan
53e9eccf72 unify totp check 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
 2023-03-12 16:01:12 +01:00
Girish Ramakrishnan
5b075e3918 transfer ownership is not used anymore 2022-05-26 14:30:32 -07:00
Johannes Zellner
4c3b81d29c Add make user local tests and fixup route 2022-04-24 22:49:12 +02:00
Johannes Zellner
032218c0fd Add route to make user local 2022-04-24 22:22:25 +02:00
Johannes Zellner
71dac64c4c Only allow impersonation for equal or less powerful roles 2022-02-28 20:42:33 +01:00
Girish Ramakrishnan
26a8738b21 make user listing return non-private fields 
this was from a time when normal users could install apps
 2022-02-16 21:22:38 -08:00
Johannes Zellner
d5481342ed Add ability to filter users by state 2022-02-07 17:18:13 +01:00
Girish Ramakrishnan
4513b6de70 add a way for admins to set username when profiles are locked 2022-01-12 16:21:00 -08:00
Johannes Zellner
4356d673bc Fix wrong assert and minor typos 2021-10-27 22:31:54 +02:00
Johannes Zellner
475795a107 Invite is now also separate 2021-10-27 19:58:06 +02:00
Johannes Zellner
9a80049d36 Add two distinct password reset routes 2021-10-27 19:12:18 +02:00
Johannes Zellner
daf212468f fallbackEmail is now independent from email 2021-10-26 22:50:02 +02:00
Girish Ramakrishnan
445c83c8b9 make auditsource a class 
this allows us to use AuditSource for the class and auditSource for
the instances!
 2021-09-30 10:13:36 -07:00
Girish Ramakrishnan
0cfc3e03bb Use concrete resource name instead of generic "resource" 2021-09-20 22:42:34 -07:00
Johannes Zellner
2ea5786fcc Fix setGhost api usage 2021-09-17 15:52:52 +02:00
Johannes Zellner
f75b0ebff9 Add set ghost route 2021-09-17 12:52:41 +02:00
Johannes Zellner
6785253377 Invitation is now also just a single route like password reset 2021-09-16 15:03:48 +02:00
Johannes Zellner
ecd35bd08d Fixup 2fa reset route 2021-09-16 13:18:22 +02:00
Johannes Zellner
d3d22f0878 Directly use users.verify() instead of another db lookup 2021-09-09 22:50:35 +02:00
Girish Ramakrishnan
7ba3203625 users: getAll -> list 2021-08-20 11:31:10 -07:00
Girish Ramakrishnan
79997d5529 users.add and users.createOwner only returns id now 2021-08-10 13:50:52 -07:00
Girish Ramakrishnan
a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan
ea430b255b make the tests work 2021-06-29 11:01:46 -07:00
Girish Ramakrishnan
31498afe39 async'ify the groups code 2021-06-29 09:08:45 -07:00
Girish Ramakrishnan
e7d9af5aed users: asyncify and merge userdb.del 2021-06-26 10:13:21 -07:00
Girish Ramakrishnan
b8ea9de439 move profile icons into the database 2021-04-29 13:57:24 -07:00
Girish Ramakrishnan
f15714182b users: add route to disable 2fa 2021-04-14 20:45:35 -07:00
Johannes Zellner
b6473bc8f0 Add route to transfer ownership 2021-01-15 14:28:41 +01:00
Johannes Zellner
a5cdd6087a Revert "To allow transfer ownership, a user has to be able to update its role if permissions are granted by current role" 
This reverts commit c2f8da5507.
 2021-01-15 14:16:55 +01:00
Johannes Zellner
c2f8da5507 To allow transfer ownership, a user has to be able to update its role if permissions are granted by current role 2021-01-14 21:15:54 +01:00
Girish Ramakrishnan
8c7eff4e24 user: add routes to set/clear avatar 2020-07-10 07:23:38 -07:00
Girish Ramakrishnan
7e0ef60305 Fix incorrect role comparison 2020-03-15 16:19:22 -07:00
Johannes Zellner
890b46836b Do not allow lower level roles to edit higher level ones 2020-03-07 13:53:01 -08:00
Johannes Zellner
afa2fe8177 Improve role add/edit error message 2020-03-06 13:16:50 -08:00
Johannes Zellner
de23d1aa03 Do not allow to set active flag for the operating user 2020-03-05 21:00:59 -08:00
Girish Ramakrishnan
0e156b9376 migrate permissions and admin flag to user.role 2020-02-21 16:49:20 -08:00
Girish Ramakrishnan
c537dfabb2 add manage user permission 2020-02-13 22:49:58 -08:00
Girish Ramakrishnan
d1911be28c user: load the resource with middleware 2020-02-13 20:59:17 -08:00
Johannes Zellner
1fbbaa82ab Generate the user invite link only in one location 2020-02-05 15:53:05 +01:00
Girish Ramakrishnan
3427db3983 Add app passwords feature 2020-01-31 22:03:19 -08:00
Johannes Zellner
9151965cd6 Keep user objects in REST api responses more coherent 2020-01-06 11:54:00 +01:00
Girish Ramakrishnan
5c920fd200 never skip password verification 2019-11-07 13:10:12 -08:00
Girish Ramakrishnan
6e57f8cc03 Refactor toHttpError code into BoxError 2019-10-24 18:09:55 -07:00
Girish Ramakrishnan
4793eb9ef5 Finish UsersError removal 2019-10-24 15:19:07 -07:00
Girish Ramakrishnan
bc3169deb3 Move UsersError to BoxError 2019-10-24 15:06:41 -07:00
Girish Ramakrishnan
94b4bf94c0 Merge active flag into update route 2019-08-08 08:17:08 -07:00
Girish Ramakrishnan
0ab6cad048 Add user enable/disable flag 2019-08-08 06:31:46 -07:00
Girish Ramakrishnan
e7127df30d remove app ownerId 
this is unused
 2019-07-02 21:23:51 -07:00
Girish Ramakrishnan
6bbe2613b4 Return 412 for bad password 2019-06-20 16:44:53 -07:00
Johannes Zellner
c2f464ea75 password change api now returns 400 instead of 403 2019-05-13 23:46:38 +02:00