jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
16,001 Commits 33 Branches 583 Tags
4e39eb89fd194a908959c0642bede50233411856
Commit Graph

1123 Commits

Author SHA1 Message Date
Girish Ramakrishnan
b4e4f26361 Rework cpuShares into cpuQuota 
cpuShares is the relative weight wrt other apps. This is used when
there is contention for CPU. If we want this, maybe we implement
a UI where we show all the apps and let the user re-order them.
As it stands, it is confusing.

cpuQuota is a more straightforward "hard limit" of the CPU% that you
want the app to consume.

Can be tested with : stress -c 8 -t 20s
 2024-04-10 18:25:14 +02:00
Girish Ramakrishnan
6bd9391160 syslog: fix tests 2024-03-30 19:17:28 +01:00
Girish Ramakrishnan
4ee56782ba move syslog.js to top level 2024-03-21 19:09:51 +01:00
Johannes Zellner
dec7bc3ca3 Check for portBindings with range outside the db constraint for now 2024-02-29 15:20:17 +01:00
Girish Ramakrishnan
7455490074 Fix tests 2024-02-28 16:02:42 +01:00
Girish Ramakrishnan
18a680a85b groups: only the local groups of a user can be set 2024-02-28 15:56:03 +01:00
Girish Ramakrishnan
e26f71b603 externalldap: cannot set members of external group 2024-02-28 15:56:03 +01:00
Girish Ramakrishnan
f98fe43843 test: add ldap group test 2024-02-28 14:25:19 +01:00
Girish Ramakrishnan
5927f397a3 translate port bindings after validation 2024-02-27 13:19:19 +01:00
Girish Ramakrishnan
6525504923 profile: store preferred language in the database 2024-02-26 13:30:35 +01:00
Girish Ramakrishnan
a6f078330f shell: no need to promise scoping 2024-02-21 19:40:27 +01:00
Girish Ramakrishnan
cfd5c0f82b shell: rewrite exec to use execFile 
this also renames execFile to execArgs
 2024-02-21 18:54:43 +01:00
Girish Ramakrishnan
2237d2bbb7 shell: remove usage of .spawn 2024-02-21 13:27:04 +01:00
Girish Ramakrishnan
c1bb4de6a3 reverseproxy: use async exec 2024-02-21 12:33:04 +01:00
Girish Ramakrishnan
9b94cf18d0 convert more execSync to async 2024-02-21 11:00:12 +01:00
Girish Ramakrishnan
3da3ccedcb volumes: only wait for 5 seconds for mount status 
mountpoint -q can never exit if the nfs mount disappears, for example
 2024-02-20 21:38:57 +01:00
Girish Ramakrishnan
26eb739b46 shell: add options to exec 2024-02-20 21:11:09 +01:00
Girish Ramakrishnan
8a63f0368e Fix parsing of displayName 
Currently, we only have one field for the name. The first part is
first name. The rest is last name. Obviously, this won't work in all
cases but is the best we can do for the moment.
 2024-02-06 16:53:03 +01:00
Girish Ramakrishnan
b923925a6c better describe 2024-01-23 13:18:14 +01:00
Girish Ramakrishnan
61f5669d76 externalldap: no need to make REST API calls and start server 2024-01-23 13:16:40 +01:00
Girish Ramakrishnan
29a96e5df1 ldap test: more unbinding 2024-01-23 11:58:00 +01:00
Girish Ramakrishnan
d2c21627de ldap: server.close has a callback after all 2024-01-23 10:47:09 +01:00
Girish Ramakrishnan
81e21effa4 test: clear cron jobs to make node exit 2024-01-23 10:24:48 +01:00
Girish Ramakrishnan
2401c9cee7 test: unbind ldap client 2024-01-23 10:12:29 +01:00
Girish Ramakrishnan
4f0bbcc73b externaldap: 2fa validation for supported sources 
a request to verify password to externaldap.js logic can come from
* cloudron app (via ldapserver.js)
* dashboard (via oidc.js) or proxy auth (proxyauth.js) or CLI (accesscontrol.js)

the only supported source is the 'cloudron' provider at this point
 2024-01-22 21:35:19 +01:00
Girish Ramakrishnan
3220721f84 directoryserver: test all combinations of 2fa checks 
directory server cannot know the source of the requesting client.
there are 3 sources - external app, cloudron app, cloudron dashboard.

the 2fa is requested by client by passing `+totpToken=xxx` . totpToken
is ignored if the user has no 2fa setup. If present, it is validated.
 2024-01-22 13:14:29 +01:00
Girish Ramakrishnan
13b9bed48b externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 12:44:19 +01:00
Girish Ramakrishnan
c99c24b3bd users: cannot update profile fields of external user 2024-01-20 11:23:35 +01:00
Girish Ramakrishnan
8bdcdd7810 groups: members cannot be set for external groups 2024-01-19 23:23:25 +01:00
Girish Ramakrishnan
a1217e52c8 group: cannot set name of ldap group 2024-01-19 22:28:48 +01:00
Girish Ramakrishnan
a8d37b917a groups: remove unused addMember 2024-01-19 17:25:36 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
4f9e43859c directoryserver: comments can be provided in allowlist 2024-01-13 12:54:10 +01:00
Girish Ramakrishnan
5b7667fa4d external ldap: ensure dashboard login does totp check 2024-01-08 11:55:35 +01:00
Girish Ramakrishnan
053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan
4ddcd547ba directoryserver: leave it to client to decide totp check 
initially, the idea was to make the server enforce it. this is more secure. however,
we have 3 kinds of clients - an external cloudron dashboard which needs totp,
an external cloudron app, which doesn't have totp and external apps that don't have totp either.

given that the directory server is IP restricted, this is a reasonable compromise until
we move wholesale to oidc.

a directoryserver setting like "enforce totp" also does not work since this policy will be
applied to all clients.
 2024-01-07 20:38:36 +01:00
Girish Ramakrishnan
7bb68ea6b5 rename ldap.js to ldapserver.js 
this makes it clearer it is server module and not some generic ldap thing
 2024-01-06 13:31:32 +01:00
Girish Ramakrishnan
e13f427267 directoryserver: 2fa validation tests 2024-01-06 13:25:12 +01:00
Girish Ramakrishnan
c422e2d570 users: add tests for 2fa and relaxed 2fa 2024-01-06 13:15:55 +01:00
Girish Ramakrishnan
e42579521c Fix tests 2024-01-03 15:12:07 +01:00
Johannes Zellner
4d29592450 Do not invalidate session sudo but only for the command we want to test 2023-12-04 01:42:46 +01:00
Girish Ramakrishnan
cbf1b47332 system: merge info and dmi routes 
also return uptimeSecs instead of abstract date
 2023-12-04 01:11:26 +01:00
Girish Ramakrishnan
72083f59cd system: dmi information 2023-12-04 00:31:18 +01:00
Girish Ramakrishnan
8a20b603f5 system: cpu route 2023-12-04 00:23:25 +01:00
Girish Ramakrishnan
d45c433bc7 fix dockerproxy test 2023-12-04 00:11:11 +01:00
Girish Ramakrishnan
943325baa3 better sudoers configuration check 2023-12-03 17:50:50 +01:00
Girish Ramakrishnan
b9e584752b Fix system test 2023-12-03 15:52:31 +01:00
Girish Ramakrishnan
41319bc817 ldap server close has no callback 2023-10-01 14:33:19 +05:30
Johannes Zellner
3bde6e7475 Fixup eventlog tests 2023-09-27 09:12:06 +02:00
Johannes Zellner
b72a5e9c69 Add notification types 2023-09-22 17:58:13 +02:00