jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
7,886 Commits 33 Branches 583 Tags
81b721be2bdfdacf1e750fbbd34181268ec32b88
Commit Graph

130 Commits

Author SHA1 Message Date
Girish Ramakrishnan
81b721be2b Fix buffer warnings 2019-03-21 20:06:14 -07:00
Johannes Zellner
acc7b65649 Set uid number from localstorage addon ftp value 2019-03-19 21:17:23 -07:00
Johannes Zellner
77ed177855 Only allow ftp access for apps which support it 2019-03-19 21:13:19 -07:00
Johannes Zellner
4a046ca70e Check for user access in ldap ftp routes 2019-03-19 16:23:03 -07:00
Johannes Zellner
62ee3fa0f1 Verify proftp ldap connection via ip instead of fake admin account 2019-03-19 15:24:09 -07:00
Johannes Zellner
044b27967e Make initial sftp connection work 2019-03-19 15:24:09 -07:00
Johannes Zellner
86c4246f75 Do not dump the whole app object into a login event 2019-02-05 16:13:20 +01:00
Johannes Zellner
3470252768 Add user pagination to rest api 2019-01-14 16:39:20 +01:00
Girish Ramakrishnan
4eec2a6414 Add LDAP_MAILBOXES_BASE_DN 
this got removed by mistake in the email refactor assuming this
was unused (but it is used by sogo)

(cherry picked from commit 6589ba0988)
 2018-12-16 21:06:52 -08:00
Girish Ramakrishnan
dfa61f1b2d rework how app mailboxes are allocated 
Our current setup had a mailbox allocated for an app during app
install (into the mailboxes table). This has many issues:

* When set to a custom mailbox location, there was no way to access
  this mailbox even via IMAP. Even when using app credentials, we
  cannot use IMAP since the ldap logic was testing on the addon type
  (most of our apps only use sendmail addon and thus cannot recvmail).

* The mailboxes table was being used to add hidden 'app' type entries.
  This made it very hard for the user to understand why a mailbox conflicts.
  For example, if you set an app to use custom mailbox 'blog', this is
  hidden from all views.

The solution is to let an app send email as whatever mailbox name is
allocated to it (which we now track in the apps table. the default is in the
db already so that REST response contains it). When not using
Cloudron email, it will just send mail as that mailbox and the auth
checks the "app password" in the addons table. Any replies to that
mailbox will end up in the domain's mail server (not our problem).

When using cloudron email, the app can send mail like above. Any responses
will not end anywhere and bounce since there is no 'mailbox'. This is the
expected behavior. If user wants to access this mailbox name, he can
create a concrete mailbox and set himself as owner OR set this as
an alias.

For apps using the recvmail addon, the workflow is to actually create
a mailbox at some point. Currently, we have no UI for this 'flow'.
It's fine because we have only meemo using it.

Intuitive much!
 2018-12-06 22:13:32 -08:00
Girish Ramakrishnan
707b03b8c8 mailbox: ownerType is now purely internal 2018-12-06 20:25:24 -08:00
Girish Ramakrishnan
f2f93ed141 ldap: nobody binds to mailboxes 2018-12-06 19:34:25 -08:00
Johannes Zellner
2de630e491 Put the app owner also into ldap groups 
Fixes #585
 2018-09-03 17:14:11 +02:00
Johannes Zellner
3af358b9bc List app owner as admins in ldap search 2018-09-03 16:08:05 +02:00
Johannes Zellner
b61478edc9 Attach req.app for further use in ldap routes 2018-09-03 15:38:50 +02:00
Johannes Zellner
fb02e8768c Remove unused require 2018-08-13 21:05:07 +02:00
Girish Ramakrishnan
78a2176d1d Make admin simply a boolean instead of group 
This simplifies a lot of logic. Keeping an admin group has no benefit
 2018-07-26 22:29:57 -07:00
Girish Ramakrishnan
ea946396e7 Use users.isAdmin in all places 2018-07-26 13:23:06 -07:00
Girish Ramakrishnan
f24a099e79 Remove user.admin property 
The UI will now base itself entirely off the scopes of the token
 2018-06-17 16:49:56 -07:00
Johannes Zellner
d6e49415d4 Only list user mailboxes in ldap search 2018-05-04 17:02:04 +02:00
Johannes Zellner
cb73eb61d4 Allow binds against mailboxes 2018-05-04 17:02:04 +02:00
Johannes Zellner
4ce3a262a3 Allow search for mailboxes over ldap for a specific domain 2018-05-04 17:02:04 +02:00
Girish Ramakrishnan
b5f8ca6c16 Fix nasssty typo 2018-04-29 17:50:12 -07:00
Girish Ramakrishnan
d8acf92929 UserError -> UsersError 2018-04-29 11:22:15 -07:00
Girish Ramakrishnan
4fd58fb46b Rename user.js to users.js 2018-04-29 11:19:04 -07:00
Girish Ramakrishnan
d6a8837716 mail: verify with the owner id 2018-04-09 13:17:07 -07:00
Girish Ramakrishnan
b6335a327c Rename TYPE_* to OWNER_TYPE_* 2018-04-07 18:33:30 -07:00
Girish Ramakrishnan
5af657ee22 rename mail crud functions 2018-04-03 15:06:14 -07:00
Johannes Zellner
726202b040 Amend app object where applicable to login event 2018-03-02 19:21:11 +01:00
Johannes Zellner
39d6ec96b7 amend full user object to login action 2018-03-02 19:21:11 +01:00
Girish Ramakrishnan
83ff295f6d debug: authenticateMailbox 2018-02-08 18:49:27 -08:00
Johannes Zellner
6470803604 Do not check if email is enabled when an app tries to do sendmail auth through ldap 2018-01-29 19:29:04 +01:00
Johannes Zellner
77961e51ec mail.get() returns a MailError 2018-01-29 13:14:08 +01:00
Johannes Zellner
f152dbefad Also check if the domain has mail enabled for ldap sendmail auth 2018-01-22 20:35:08 +01:00
Johannes Zellner
687ba0e248 Verify mailbox against username instead of email 2018-01-22 20:06:18 +01:00
Johannes Zellner
48d557b242 Replace alternateEmail with fallbackEmail 2018-01-21 14:50:24 +01:00
Girish Ramakrishnan
98d493b2d0 ldap: make mailbox search return fully qualified names 2018-01-19 12:14:43 -08:00
Girish Ramakrishnan
af25485fa0 ldap: Make alias return fully qualified alias 2018-01-19 12:11:33 -08:00
Girish Ramakrishnan
2015e7bce9 ldap: make mailing list search return fully qualified members 2018-01-19 12:11:26 -08:00
Girish Ramakrishnan
0f47dcfae6 ldap: mailbox routes now require the cn to be fully qualified 2018-01-18 19:33:38 -08:00
Johannes Zellner
14d575f514 Make mailboxdb aware of domain field 2017-11-20 20:01:50 +01:00
Girish Ramakrishnan
1babfb6e87 Allow admins to access all apps 
Fixes #420
 2017-11-15 19:24:11 -08:00
Johannes Zellner
6a2b0eedb3 Add ldap pagination support 2017-10-27 01:25:07 +02:00
Johannes Zellner
9c02785d49 Support ldap group compare 
Fixes #463
 2017-10-24 02:00:00 +02:00
Girish Ramakrishnan
fc6ce4945f add sendmail/recvmail ldap tests 2017-03-26 20:42:46 -07:00
Girish Ramakrishnan
6ea741e92f Verify password for sendmail/recvmail addon 
Part of #109
 2017-03-26 20:07:55 -07:00
Johannes Zellner
c905adde1e Revert "Limit ldap queries per client to 60 per minute" 
This reverts commit 466dfdf81f.
 2017-03-22 19:35:06 +01:00
Johannes Zellner
466dfdf81f Limit ldap queries per client to 60 per minute 
Part of #187
 2017-03-21 16:43:22 +01:00
Johannes Zellner
daa34c3b4d add some asserts in the ldap code 2017-03-13 11:10:08 +01:00
Johannes Zellner
bf5c78d819 Refactor ldap user listing code to avoid pyramids 2017-03-13 11:09:12 +01:00