jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
6,732 Commits 33 Branches 583 Tags
8c5b550caaa423dcf21fdfb3aea4dfae5518b5a4
Commit Graph

3900 Commits

Author SHA1 Message Date
Girish Ramakrishnan
240ee5f563 Ensure we hand out max user.scope 
The token.scope was valid at token creation time. The user's scope
could since have changed (maybe we got kicked out of a group).
 2018-04-30 22:51:57 -07:00
Girish Ramakrishnan
200f43a58e lint 2018-04-30 22:41:23 -07:00
Girish Ramakrishnan
61d803f528 Use SCOPE_ANY everywhere 2018-04-30 21:44:24 -07:00
Girish Ramakrishnan
e7c8791356 lint 2018-04-30 21:41:09 -07:00
Girish Ramakrishnan
bc4f9cf596 Remove redundant requireAdmin 
We already hand out scopes based on the user's access control
 2018-04-30 21:38:48 -07:00
Girish Ramakrishnan
9789966017 Set the scope for a token basedon what the user has access to 2018-04-30 21:21:18 -07:00
Girish Ramakrishnan
1432d90f37 lint 2018-04-30 21:13:23 -07:00
Girish Ramakrishnan
68317a89cb remove the analytics hooks 2018-04-30 15:33:25 -07:00
Girish Ramakrishnan
c84f984205 No need to create a token on password reset 2018-04-30 15:15:05 -07:00
Johannes Zellner
6e19153350 Remove now unused result argument 2018-04-30 20:37:12 +02:00
Johannes Zellner
4dc778f7c2 Change reset password button text 2018-04-30 20:17:56 +02:00
Johannes Zellner
c5c3748aa9 Do not auto login on password reset 2018-04-30 19:55:59 +02:00
Girish Ramakrishnan
f809e359c9 refactor the global variables as functions 2018-04-29 20:17:45 -07:00
Girish Ramakrishnan
91e846d976 Add SCOPE_DOMAINS 2018-04-29 18:11:33 -07:00
Girish Ramakrishnan
b5f8ca6c16 Fix nasssty typo 2018-04-29 17:50:12 -07:00
Girish Ramakrishnan
922ab3bde1 lint 2018-04-29 17:50:12 -07:00
Girish Ramakrishnan
3b7bcc1f61 refactor scopes into accesscontrol.js 
this will be our authorization layer for oauth and non-oauth tokens.
 2018-04-29 17:50:07 -07:00
Girish Ramakrishnan
6e3b060615 Use SCOPE_PROFILE constant 2018-04-29 17:12:30 -07:00
Girish Ramakrishnan
cc113d0bb5 Add SCOPE_CLIENTS for oauth clients API 2018-04-29 17:03:10 -07:00
Girish Ramakrishnan
3e22d513eb Add SCOPE_MAIL for mail APIs 2018-04-29 17:01:12 -07:00
Girish Ramakrishnan
1c55a3e310 typo 2018-04-29 11:29:21 -07:00
Girish Ramakrishnan
d8acf92929 UserError -> UsersError 2018-04-29 11:22:15 -07:00
Girish Ramakrishnan
7bb8d059b5 GroupError -> GroupsError 2018-04-29 11:21:01 -07:00
Girish Ramakrishnan
863afc68cb DomainError -> DomainsError 2018-04-29 11:20:12 -07:00
Girish Ramakrishnan
4fd58fb46b Rename user.js to users.js 2018-04-29 11:19:04 -07:00
Girish Ramakrishnan
b1b664ceca Move removeInternalAppFields to model code 2018-04-29 10:47:34 -07:00
Girish Ramakrishnan
1a27009fb5 Make expiresAt a body parameter 2018-04-28 22:02:07 -07:00
Girish Ramakrishnan
6c8c206e89 Move input validation logic to routes 2018-04-28 21:58:56 -07:00
Girish Ramakrishnan
82207c3ccd Keep naming consistent with delToken 2018-04-28 21:55:57 -07:00
Girish Ramakrishnan
6768994bbe Capitalize the 2fa text 2018-04-28 10:20:33 -07:00
Girish Ramakrishnan
b72efb1018 Remove private fields when listing domains 
Currently, domains list route does not return the fallback cert.
make it future proof, just in case.
 2018-04-27 11:41:30 -07:00
Johannes Zellner
7a8c525beb Add 2fa Oauth route tests 2018-04-27 14:08:22 +02:00
Johannes Zellner
9372d8797a Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00
Johannes Zellner
faeb89b258 Add 2fa token login to oauth login form 2018-04-27 11:46:41 +02:00
Johannes Zellner
50d7ade0d9 Remove unused property on set 2fa secret 2018-04-27 08:20:12 +02:00
Johannes Zellner
497c76a905 Add 2fa token check to developer login 2018-04-27 08:18:13 +02:00
Johannes Zellner
bbc434dc21 Attach the whole user object also for basic authed routes 2018-04-27 08:18:13 +02:00
Girish Ramakrishnan
a7bb5d6b5c add route to query apps specific to user 
it's not nice to overload a route to mean different things depending
on who queries it.
 2018-04-26 20:07:12 -07:00
Girish Ramakrishnan
e0da6679e9 Move user routes to /api/v1/user 2018-04-26 19:57:44 -07:00
Girish Ramakrishnan
561d2d9f8b admin column is no more in users table 2018-04-26 19:55:26 -07:00
Girish Ramakrishnan
7549b3e837 enhance user creation API to take a password 2018-04-26 14:13:40 -07:00
Girish Ramakrishnan
7756c07bc6 Add better text for the secret 2018-04-26 09:39:35 -07:00
Johannes Zellner
0d58a6bf33 Send 2fa auth status with profile info 2018-04-26 16:29:40 +02:00
Johannes Zellner
fbba636fb3 Handle more 2fa route errors 2018-04-26 16:14:37 +02:00
Johannes Zellner
9cd6333cf7 2fa routest work with the req.user object 2018-04-26 15:12:14 +02:00
Johannes Zellner
eb02c182e5 Avoid linter issue 2018-04-26 14:45:12 +02:00
Johannes Zellner
6574b22cf6 Add 2fa routest and business logic 2018-04-26 08:46:35 +02:00
Girish Ramakrishnan
d1ed2aa2ce remove untested route set_admin 2018-04-25 21:43:21 -07:00
Girish Ramakrishnan
c2a762cb29 Do not reserve mailbox names 
Now that user management is split from mailboxes, we don't need to
reserve mailbox names anymore.
 2018-04-25 21:14:33 -07:00
Johannes Zellner
38668937ad Fixup database tests 2018-04-25 17:03:16 +02:00