jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
11,327 Commits 33 Branches 583 Tags
3477cf474f32a51c62aef65015e615db62bca4f7
Commit Graph

160 Commits

Author SHA1 Message Date
Girish Ramakrishnan 3477cf474f security: do not password reset mail to cloudron owned mail domain 
https://forum.cloudron.io/topic/7951/privilege-escalation-through-mail-manager-role
 2022-11-10 12:59:03 +01:00
Johannes Zellner a2a60ff426 Add support for LDAP cn=...+totptoken=.. support 2022-08-02 15:27:34 +02:00
Johannes Zellner f3c66056b5 Allow to unset background image 2022-05-17 13:17:05 +02:00
Johannes Zellner 6bd478b8b0 Add profile backgroundImage api 2022-05-15 12:08:11 +02:00
Girish Ramakrishnan a3e097d541 add missing awaits for eventlog.add 2022-02-24 20:04:46 -08:00
Girish Ramakrishnan ba5c2f623c remove supererror, not really used 2022-02-21 17:34:51 -08:00
Girish Ramakrishnan 26a8738b21 make user listing return non-private fields 
this was from a time when normal users could install apps
 2022-02-16 21:22:38 -08:00
Girish Ramakrishnan 85964676fa Fix location conflict error message 2022-02-07 16:09:43 -08:00
Johannes Zellner d5481342ed Add ability to filter users by state 2022-02-07 17:18:13 +01:00
Girish Ramakrishnan 97e439f8a3 more profileConfig rename 2022-01-13 16:49:06 -08:00
Girish Ramakrishnan 4513b6de70 add a way for admins to set username when profiles are locked 2022-01-12 16:21:00 -08:00
Johannes Zellner 7117c17777 Add exposed ldap tests 2021-12-23 21:31:48 +01:00
Girish Ramakrishnan e5fecdaabf Add mail manager role 
part of #807
 2021-12-02 09:24:09 -08:00
Johannes Zellner 37f066f2b0 Fix user signup when profile is locked and add tests 2021-11-22 20:42:51 +01:00
Johannes Zellner e36d7665fa The profile based password reset does not return a resetLink 2021-11-03 22:03:08 +01:00
Johannes Zellner 63f6f065ba Add and fixup invite link related tests 2021-10-28 11:18:31 +02:00
Johannes Zellner 92f0f56fae do not strictly require fallbackEmail on user creation but provide a fallback 2021-10-28 10:29:02 +02:00
Johannes Zellner cb8aa15e62 Do not allow setting ghost password for user without username 2021-10-27 23:36:44 +02:00
Johannes Zellner 4356d673bc Fix wrong assert and minor typos 2021-10-27 22:31:54 +02:00
Johannes Zellner b59776bf9b fail getting invite link or sending invite if invate was already used 2021-10-27 21:25:43 +02:00
Johannes Zellner 475795a107 Invite is now also separate 2021-10-27 19:58:06 +02:00
Johannes Zellner 9a80049d36 Add two distinct password reset routes 2021-10-27 19:12:18 +02:00
Johannes Zellner daf212468f fallbackEmail is now independent from email 2021-10-26 22:50:02 +02:00
Johannes Zellner 885ea259d7 Set inviteToken on user creation 2021-10-01 14:52:58 +02:00
Johannes Zellner 4ce21f643e send invite status via user rest api 2021-10-01 14:32:37 +02:00
Johannes Zellner cb31e5ae8b Separate invite and password reset token 2021-10-01 12:27:22 +02:00
Johannes Zellner c7b668b3a4 remove unused require 2021-10-01 11:55:35 +02:00
Girish Ramakrishnan 54c6f33e5f Fix broken invitation link 2021-09-25 17:36:56 -07:00
Girish Ramakrishnan 1aa96f7f76 demo: do not send login notification 2021-09-23 09:13:07 -07:00
Girish Ramakrishnan bb2ad0e986 Implement operator role for apps 
There are two main use cases:
* A consultant/contractor/external developer is given access to just an app.
* A "service" personnel (say upstream app author) is to be given access to single app
for debugging.

Since, this is an "app admin", they are also given access to apps to be consistent with
the idea that Cloudron admin has access to all apps.

part of #791
 2021-09-21 12:30:02 -07:00
Girish Ramakrishnan a36c51483c no need to re-throw 2021-09-20 10:36:46 -07:00
Johannes Zellner c6c62de68a Move ghosts into settings table 2021-09-20 13:05:42 +02:00
Johannes Zellner b3fe2a4b84 Set correct default ghost expiration 2021-09-17 16:08:03 +02:00
Johannes Zellner 2ea5786fcc Fix setGhost api usage 2021-09-17 15:52:52 +02:00
Johannes Zellner f75b0ebff9 Add set ghost route 2021-09-17 12:52:41 +02:00
Johannes Zellner 8fde4e959c Support ghost password expiration in ghost file 2021-09-17 11:48:56 +02:00
Johannes Zellner 9da18d3acb Fixup user tests 2021-09-16 15:38:06 +02:00
Johannes Zellner 6785253377 Invitation is now also just a single route like password reset 2021-09-16 15:03:48 +02:00
Johannes Zellner 074ce574dd Return password reset link on reset request route 2021-09-16 14:34:56 +02:00
Girish Ramakrishnan 7ba3203625 users: getAll -> list 2021-08-20 11:31:10 -07:00
Girish Ramakrishnan 4cd5137292 mailer: fix error handling 
previous mailer code has no callback and thus no way to pass back errors.
now with asyncification it passes back the error
 2021-08-19 12:40:53 -07:00
Girish Ramakrishnan 200018a022 settings: async'ify 
* directory config
* unstable app config
 2021-08-18 15:46:08 -07:00
Girish Ramakrishnan beb1ab7c5b make users-test work 2021-08-13 14:52:57 -07:00
Girish Ramakrishnan fee38acc40 Fix crash when setting up user account 2021-07-31 04:39:10 -07:00
Johannes Zellner 8e42423f06 When using await on superagent we should not call end() 
https://visionmedia.github.io/superagent/#promise-and-generator-support
 2021-07-29 11:26:28 +02:00
Girish Ramakrishnan 6e9b62dfba fix various users-test.js 2021-07-19 23:38:20 -07:00
Girish Ramakrishnan a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan 01a585aa11 remove safe usage 2021-07-08 08:52:51 -07:00
Johannes Zellner 0db62b4fd8 Make avatar apis buffer based 2021-07-08 11:17:13 +02:00
Johannes Zellner 81e6cd6195 Make gravatar support explicit only 2021-07-07 16:16:04 +02:00