jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
16,001 Commits 33 Branches 583 Tags
4e39eb89fd194a908959c0642bede50233411856
Commit Graph

104 Commits

Author SHA1 Message Date
Girish Ramakrishnan
793ee38f79 external ldap: show proper error message on timeout 2024-01-23 23:27:06 +01:00
Girish Ramakrishnan
4f0bbcc73b externaldap: 2fa validation for supported sources 
a request to verify password to externaldap.js logic can come from
* cloudron app (via ldapserver.js)
* dashboard (via oidc.js) or proxy auth (proxyauth.js) or CLI (accesscontrol.js)

the only supported source is the 'cloudron' provider at this point
 2024-01-22 21:35:19 +01:00
Girish Ramakrishnan
13b9bed48b externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 12:44:19 +01:00
Girish Ramakrishnan
8bdcdd7810 groups: members cannot be set for external groups 2024-01-19 23:23:25 +01:00
Girish Ramakrishnan
06ce351d82 externalldap: set group members as a single transaction 2024-01-19 17:24:35 +01:00
Girish Ramakrishnan
ee43dff35f externalldap: reset group source when disabled 2024-01-13 22:35:23 +01:00
Girish Ramakrishnan
8771158f10 Fix test 2024-01-13 21:29:40 +01:00
Girish Ramakrishnan
46a589f794 Use BAD_STATE consistently for demo mode 2024-01-13 21:15:41 +01:00
Girish Ramakrishnan
257dc4e271 external ldap: run syncer every 4 hours 
hardcoded for now but we should make this configurable
 2024-01-13 15:53:14 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
40c82b3e48 external directory: reset auth source when disabled 
this allows existing users to login (including the owner itself)

The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time.

If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
 2024-01-13 11:51:12 +01:00
Girish Ramakrishnan
5b7667fa4d external ldap: ensure dashboard login does totp check 2024-01-08 11:55:35 +01:00
Girish Ramakrishnan
053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan
1ca46a064c ldap: use proper error message instead of dn 
the dn is already in lde_dn field of the error object.
lde_message is the message
 2024-01-03 15:23:22 +01:00
Girish Ramakrishnan
d2c702f890 eventlog: always use AuditSource objects as source field 2023-08-28 08:13:56 +05:30
Girish Ramakrishnan
6aad89ae6e demo is just a constant, not a setting 2023-08-04 14:13:30 +05:30
Girish Ramakrishnan
bbc6ba1a35 settings: move service setting into services.js 
this also introduces getJson/setJson
 2023-08-03 11:50:00 +05:30
Girish Ramakrishnan
4a34c390f8 settings: move externaldap setting 2023-08-03 02:43:26 +05:30
Johannes Zellner
65769e5701 ldap uses lower-case attributes 2023-07-31 13:12:39 +02:00
Girish Ramakrishnan
057e4db6c1 use debug instead of console.error 2023-04-30 21:49:34 +02:00
Girish Ramakrishnan
c4f4f3e914 logs: use %o to format error 
otherwise, they are printed as multi-line and this messes up tail+date formatting
 2023-04-16 10:49:59 +02:00
Girish Ramakrishnan
53e9eccf72 unify totp check 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
 2023-03-12 16:01:12 +01:00
Johannes Zellner
41b03e3fef Ensure ldap client always has an error handler 2023-01-12 14:39:58 +01:00
Johannes Zellner
88eb809c6e For ldap users created on first login, make sure we also check 2fa if enabled 2022-08-03 18:20:43 +02:00
Johannes Zellner
a2a60ff426 Add support for LDAP cn=...+totptoken=.. support 2022-08-02 15:27:34 +02:00
Johannes Zellner
0cd48bd239 Ensure LDAP usernames are always treated lowercase 2022-04-23 11:21:14 +02:00
Girish Ramakrishnan
7f89dfd261 add once.js 2022-04-15 19:01:35 -05:00
Johannes Zellner
b54c4bb399 Fixup cn attribute for ldap to be according to spec 2022-02-18 17:43:47 +01:00
Johannes Zellner
63fe75ecd2 Reduce noisy externalldap debug()s 2021-11-26 09:55:59 +01:00
Johannes Zellner
92f0f56fae do not strictly require fallbackEmail on user creation but provide a fallback 2021-10-28 10:29:02 +02:00
Johannes Zellner
cef5c1e78c Use normal bind() 2021-10-26 18:47:51 +02:00
Johannes Zellner
50ff6b99e0 More external ldap fixes after the test tests the correct thing 2021-10-26 18:04:25 +02:00
Johannes Zellner
84884b969e Fix external ldap bind 
See "Losing context" https://masteringjs.io/tutorials/node/promisify
 2021-10-26 11:55:58 +02:00
Girish Ramakrishnan
445c83c8b9 make auditsource a class 
this allows us to use AuditSource for the class and auditSource for
the instances!
 2021-09-30 10:13:36 -07:00
Johannes Zellner
48056d7451 If we detect a local user with the same username as found on LDAP/AD we map it 2021-09-13 21:17:41 +02:00
Girish Ramakrishnan
1856caf972 externalldap: async'ify 
and make the tests work again
 2021-09-01 21:33:27 -07:00
Johannes Zellner
8d43015867 Asyncify some external ldap sync code 2021-09-01 14:47:43 +02:00
Girish Ramakrishnan
411cc7daa1 merge settingsdb into settings code 2021-08-19 17:45:40 -07:00
Girish Ramakrishnan
a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan
e59d0e878d merge taskdb into tasks.js 2021-07-14 10:37:12 -07:00
Girish Ramakrishnan
ea430b255b make the tests work 2021-06-29 11:01:46 -07:00
Girish Ramakrishnan
31498afe39 async'ify the groups code 2021-06-29 09:08:45 -07:00
Girish Ramakrishnan
442110a437 lint 2021-05-01 11:21:09 -07:00
Girish Ramakrishnan
1b307632ab Use debug instead of console.* everywhere 
No need to patch up console.* anymore

also removes supererror
 2020-08-02 12:04:55 -07:00
Johannes Zellner
fbc666f178 Make externalldap sync more robust 2020-07-30 15:08:01 +02:00
Johannes Zellner
d9bf6c0933 also support uniqueMember property next to member for ldap groups 2020-07-01 17:08:17 +02:00
Johannes Zellner
324344d118 Reusue the single correct ldap.createClient call also in auth 2020-07-01 14:59:26 +02:00
Johannes Zellner
5cb71e9443 No need to return externalLdapConfig in getClient() 2020-07-01 14:52:11 +02:00
Johannes Zellner
cca19f00c5 Fallback to mailPrimaryAddress in ldap sync 2020-07-01 14:34:41 +02:00
Johannes Zellner
5199a9342e Add missing ldap client error handling 2020-06-26 17:55:42 +02:00