jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,649 Commits 33 Branches 583 Tags
8771158f10d659b75453b16b4f71a3b6e6bafce2
Commit Graph

8301 Commits

Author SHA1 Message Date
Girish Ramakrishnan
8771158f10 Fix test 2024-01-13 21:29:40 +01:00
Girish Ramakrishnan
46a589f794 Use BAD_STATE consistently for demo mode 2024-01-13 21:15:41 +01:00
Girish Ramakrishnan
257dc4e271 external ldap: run syncer every 4 hours 
hardcoded for now but we should make this configurable
 2024-01-13 15:53:14 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
4f9e43859c directoryserver: comments can be provided in allowlist 2024-01-13 12:54:10 +01:00
Girish Ramakrishnan
b57ad9b8c1 directoryserver: allowlist always needs a single IP/range 2024-01-13 12:30:43 +01:00
Girish Ramakrishnan
a389b863f9 directory server: add eventlog entry 2024-01-13 12:24:28 +01:00
Girish Ramakrishnan
40c82b3e48 external directory: reset auth source when disabled 
this allows existing users to login (including the owner itself)

The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time.

If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
 2024-01-13 11:51:12 +01:00
Girish Ramakrishnan
2ca94f3159 user: remove make local feature 
we discussed a bit on what this does and it's confusing as it stands:

* Use case of this is lost in the realms of time
* Possible guess by is that it was to move users of different Cloudron to a central cloudron
* Currently, the design is a bit flawed because the make user local button doesn’t pin the user. The state is lost in next synchronization.
* Maybe, one should use export/import user for this use case
* Let’s disable this button for now, feature is not complete.
 2024-01-13 11:02:25 +01:00
Girish Ramakrishnan
33a97d0e50 cloudflare: validate response fields 2024-01-12 14:52:24 +01:00
Girish Ramakrishnan
cef0b6d0d8 test: bump retries 2024-01-11 16:31:12 +01:00
Girish Ramakrishnan
ca31dc8d78 namecheap: fix TLD 
continuation of 6cdb448f62
 2024-01-09 09:44:24 +01:00
Girish Ramakrishnan
5b7667fa4d external ldap: ensure dashboard login does totp check 2024-01-08 11:55:35 +01:00
Girish Ramakrishnan
6cdb448f62 namecheap: pass the TLD correctly 
this is safe because namecheap does not allow external domains to be hosted.
otherwise, we would have to use tldjs
 2024-01-08 11:54:37 +01:00
Girish Ramakrishnan
053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan
c842d02d6f namecheap: slow down requests for rate limit 
https://www.namecheap.com/support/knowledgebase/article.aspx/9739/63/api-faq/#z
 2024-01-07 22:01:42 +01:00
Girish Ramakrishnan
4ddcd547ba directoryserver: leave it to client to decide totp check 
initially, the idea was to make the server enforce it. this is more secure. however,
we have 3 kinds of clients - an external cloudron dashboard which needs totp,
an external cloudron app, which doesn't have totp and external apps that don't have totp either.

given that the directory server is IP restricted, this is a reasonable compromise until
we move wholesale to oidc.

a directoryserver setting like "enforce totp" also does not work since this policy will be
applied to all clients.
 2024-01-07 20:38:36 +01:00
Girish Ramakrishnan
7bb68ea6b5 rename ldap.js to ldapserver.js 
this makes it clearer it is server module and not some generic ldap thing
 2024-01-06 13:31:32 +01:00
Girish Ramakrishnan
e13f427267 directoryserver: 2fa validation tests 2024-01-06 13:25:12 +01:00
Girish Ramakrishnan
c422e2d570 users: add tests for 2fa and relaxed 2fa 2024-01-06 13:15:55 +01:00
Johannes Zellner
29663a1229 Update sftp addon 2024-01-04 11:59:56 +01:00
Girish Ramakrishnan
1ca46a064c ldap: use proper error message instead of dn 
the dn is already in lde_dn field of the error object.
lde_message is the message
 2024-01-03 15:23:22 +01:00
Girish Ramakrishnan
e42579521c Fix tests 2024-01-03 15:12:07 +01:00
Girish Ramakrishnan
96be06188b ldap: send proper error messages 2024-01-03 15:12:07 +01:00
Johannes Zellner
10172e0211 Add login busy indicator 2024-01-03 14:55:07 +01:00
Girish Ramakrishnan
70c8a5a6be directoryserver: totp check must be enforced 2024-01-03 14:40:51 +01:00
Johannes Zellner
af42f150f2 Update sftp addon 2024-01-03 13:20:32 +01:00
Girish Ramakrishnan
ba16fdaf60 domain: handle alias domain conflict during deletion 2024-01-02 17:18:37 +01:00
Girish Ramakrishnan
c5480bfcc1 mail: update limit plugin 2024-01-02 15:50:34 +01:00
Girish Ramakrishnan
79448e9ff9 oidc: fix error message with correct username but bad password 2023-12-29 18:15:33 +01:00
Girish Ramakrishnan
e49398eb47 Bump request timeout to a minute, some servers are just too slow 2023-12-29 16:19:52 +01:00
Girish Ramakrishnan
fa842034ed update: continue to update apps if box update never starts 
https://forum.cloudron.io/topic/10699/no-automatic-app-updates-with-pending-box-update
 2023-12-28 12:16:03 +01:00
Girish Ramakrishnan
672b472359 hetzner: typo in error message 2023-12-27 20:41:34 +01:00
Girish Ramakrishnan
37ed87f9c1 route53: retry on rate limit 
route53 has a limit of 5 req/sec/region - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests

see https://forum.cloudron.io/topic/10656/improve-dns-updates-to-avoid-rate-limits/
 2023-12-27 12:23:09 +01:00
Johannes Zellner
25ba312636 Use postgres addon with pgvecto_rs extension 2023-12-22 22:45:41 +01:00
Johannes Zellner
340ea3fe9b Fix variable usage bug for noop backup provider 2023-12-18 13:23:40 +01:00
Johannes Zellner
5ac9a7f1ef Do not bind to ipv6 for port 53 apps (adguard) 2023-12-14 18:00:03 +01:00
Johannes Zellner
00268b1da9 Use postgresql addon 5.1.5 which fixes the search_path issue 2023-12-13 16:47:40 +01:00
Johannes Zellner
c7b2e15d16 Use new postgres addon image with vectors extension enabled 2023-12-08 09:15:45 +01:00
Girish Ramakrishnan
48f0c75c57 network: increase maxelem of the ipsets 2023-12-07 23:20:24 +01:00
Girish Ramakrishnan
93d3b24300 firewall: max 65536 elements 2023-12-07 21:52:51 +01:00
Girish Ramakrishnan
f7a53e1b15 also flush the ipv6 blocklist 2023-12-06 22:20:25 +01:00
Girish Ramakrishnan
759f3f29f0 hetzner: accomodate other nameservers 2023-12-05 18:13:34 +01:00
Girish Ramakrishnan
be35926fd1 ovh: accomodate anycast.me servers 2023-12-05 14:04:16 +01:00
Girish Ramakrishnan
0e0199fc94 typo 2023-12-04 09:09:43 +01:00
Johannes Zellner
4d29592450 Do not invalidate session sudo but only for the command we want to test 2023-12-04 01:42:46 +01:00
Girish Ramakrishnan
44be454a1e system: return activation time if we have it 2023-12-04 01:41:56 +01:00
Girish Ramakrishnan
cbf1b47332 system: merge info and dmi routes 
also return uptimeSecs instead of abstract date
 2023-12-04 01:11:26 +01:00
Girish Ramakrishnan
eb64bd296a system: return uptime and reboot required 2023-12-04 00:46:12 +01:00
Girish Ramakrishnan
72083f59cd system: dmi information 2023-12-04 00:31:18 +01:00