jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
10,439 Commits 33 Branches 583 Tags
8fde4e959c3ffb4a2d6177d62005742bc9df030f
Commit Graph

62 Commits

Author SHA1 Message Date
Johannes Zellner
6785253377 Invitation is now also just a single route like password reset 2021-09-16 15:03:48 +02:00
Johannes Zellner
ecd35bd08d Fixup 2fa reset route 2021-09-16 13:18:22 +02:00
Johannes Zellner
d3d22f0878 Directly use users.verify() instead of another db lookup 2021-09-09 22:50:35 +02:00
Girish Ramakrishnan
7ba3203625 users: getAll -> list 2021-08-20 11:31:10 -07:00
Girish Ramakrishnan
79997d5529 users.add and users.createOwner only returns id now 2021-08-10 13:50:52 -07:00
Girish Ramakrishnan
a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan
ea430b255b make the tests work 2021-06-29 11:01:46 -07:00
Girish Ramakrishnan
31498afe39 async'ify the groups code 2021-06-29 09:08:45 -07:00
Girish Ramakrishnan
e7d9af5aed users: asyncify and merge userdb.del 2021-06-26 10:13:21 -07:00
Girish Ramakrishnan
b8ea9de439 move profile icons into the database 2021-04-29 13:57:24 -07:00
Girish Ramakrishnan
f15714182b users: add route to disable 2fa 2021-04-14 20:45:35 -07:00
Johannes Zellner
b6473bc8f0 Add route to transfer ownership 2021-01-15 14:28:41 +01:00
Johannes Zellner
a5cdd6087a Revert "To allow transfer ownership, a user has to be able to update its role if permissions are granted by current role" 
This reverts commit c2f8da5507.
 2021-01-15 14:16:55 +01:00
Johannes Zellner
c2f8da5507 To allow transfer ownership, a user has to be able to update its role if permissions are granted by current role 2021-01-14 21:15:54 +01:00
Girish Ramakrishnan
8c7eff4e24 user: add routes to set/clear avatar 2020-07-10 07:23:38 -07:00
Girish Ramakrishnan
7e0ef60305 Fix incorrect role comparison 2020-03-15 16:19:22 -07:00
Johannes Zellner
890b46836b Do not allow lower level roles to edit higher level ones 2020-03-07 13:53:01 -08:00
Johannes Zellner
afa2fe8177 Improve role add/edit error message 2020-03-06 13:16:50 -08:00
Johannes Zellner
de23d1aa03 Do not allow to set active flag for the operating user 2020-03-05 21:00:59 -08:00
Girish Ramakrishnan
0e156b9376 migrate permissions and admin flag to user.role 2020-02-21 16:49:20 -08:00
Girish Ramakrishnan
c537dfabb2 add manage user permission 2020-02-13 22:49:58 -08:00
Girish Ramakrishnan
d1911be28c user: load the resource with middleware 2020-02-13 20:59:17 -08:00
Johannes Zellner
1fbbaa82ab Generate the user invite link only in one location 2020-02-05 15:53:05 +01:00
Girish Ramakrishnan
3427db3983 Add app passwords feature 2020-01-31 22:03:19 -08:00
Johannes Zellner
9151965cd6 Keep user objects in REST api responses more coherent 2020-01-06 11:54:00 +01:00
Girish Ramakrishnan
5c920fd200 never skip password verification 2019-11-07 13:10:12 -08:00
Girish Ramakrishnan
6e57f8cc03 Refactor toHttpError code into BoxError 2019-10-24 18:09:55 -07:00
Girish Ramakrishnan
4793eb9ef5 Finish UsersError removal 2019-10-24 15:19:07 -07:00
Girish Ramakrishnan
bc3169deb3 Move UsersError to BoxError 2019-10-24 15:06:41 -07:00
Girish Ramakrishnan
94b4bf94c0 Merge active flag into update route 2019-08-08 08:17:08 -07:00
Girish Ramakrishnan
0ab6cad048 Add user enable/disable flag 2019-08-08 06:31:46 -07:00
Girish Ramakrishnan
e7127df30d remove app ownerId 
this is unused
 2019-07-02 21:23:51 -07:00
Girish Ramakrishnan
6bbe2613b4 Return 412 for bad password 2019-06-20 16:44:53 -07:00
Johannes Zellner
c2f464ea75 password change api now returns 400 instead of 403 2019-05-13 23:46:38 +02:00
Girish Ramakrishnan
d752c68790 re-factor all the audit source objects 2019-03-25 15:15:39 -07:00
Girish Ramakrishnan
ee76c2c06e Return 403 if totp token is invalid 
the ui redirects to login screen otherwise
 2019-03-23 14:12:46 -07:00
Johannes Zellner
13fac3072d Support username search in user listing api 2019-01-15 17:21:40 +01:00
Johannes Zellner
3470252768 Add user pagination to rest api 2019-01-14 16:39:20 +01:00
Girish Ramakrishnan
eed8f109bc operator check is now directly based on edition type 2018-10-30 20:26:22 -07:00
Girish Ramakrishnan
91a1bc7a01 move verifyOperator to users routes 2018-09-06 00:10:09 -07:00
Girish Ramakrishnan
43055da614 Add route to let admin set user password 2018-08-31 14:35:01 -07:00
Johannes Zellner
f05df7cfef Allow set admin flag on user creation 2018-08-21 17:12:46 +02:00
Girish Ramakrishnan
6a1a697820 Split the invite route into two 2018-08-17 16:27:29 -07:00
Girish Ramakrishnan
554006683e Only unset of admin flag is disallowed 2018-07-26 23:43:44 -07:00
Girish Ramakrishnan
78a2176d1d Make admin simply a boolean instead of group 
This simplifies a lot of logic. Keeping an admin group has no benefit
 2018-07-26 22:29:57 -07:00
Girish Ramakrishnan
6810c61e58 Add audit event for ownership transfer 2018-07-05 13:51:22 -07:00
Girish Ramakrishnan
9978dff627 Add API to set and transfer ownership 2018-06-28 16:48:04 -07:00
Girish Ramakrishnan
ff5bd42bef remove mostly dead comment 2018-06-28 14:19:56 -07:00
Girish Ramakrishnan
f932f8b3d3 Add user management scope 
This splits the user and groups API into those who have just 'read' access
and those who have 'manage' access.
 2018-06-25 16:10:00 -07:00
Girish Ramakrishnan
8a84872704 Wrong password logs out the user 2018-06-18 18:52:35 -07:00