jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
19,122 Commits 33 Branches 583 Tags
aa2df465a0eb4dfac7d2f982ebecb41ba67c1c8c
Commit Graph

1265 Commits

Author SHA1 Message Date
Girish Ramakrishnan
5927f397a3 translate port bindings after validation 2024-02-27 13:19:19 +01:00
Girish Ramakrishnan
6525504923 profile: store preferred language in the database 2024-02-26 13:30:35 +01:00
Girish Ramakrishnan
a6f078330f shell: no need to promise scoping 2024-02-21 19:40:27 +01:00
Girish Ramakrishnan
cfd5c0f82b shell: rewrite exec to use execFile 
this also renames execFile to execArgs
 2024-02-21 18:54:43 +01:00
Girish Ramakrishnan
2237d2bbb7 shell: remove usage of .spawn 2024-02-21 13:27:04 +01:00
Girish Ramakrishnan
c1bb4de6a3 reverseproxy: use async exec 2024-02-21 12:33:04 +01:00
Girish Ramakrishnan
9b94cf18d0 convert more execSync to async 2024-02-21 11:00:12 +01:00
Girish Ramakrishnan
3da3ccedcb volumes: only wait for 5 seconds for mount status 
mountpoint -q can never exit if the nfs mount disappears, for example
 2024-02-20 21:38:57 +01:00
Girish Ramakrishnan
26eb739b46 shell: add options to exec 2024-02-20 21:11:09 +01:00
Girish Ramakrishnan
8a63f0368e Fix parsing of displayName 
Currently, we only have one field for the name. The first part is
first name. The rest is last name. Obviously, this won't work in all
cases but is the best we can do for the moment.
 2024-02-06 16:53:03 +01:00
Girish Ramakrishnan
b923925a6c better describe 2024-01-23 13:18:14 +01:00
Girish Ramakrishnan
61f5669d76 externalldap: no need to make REST API calls and start server 2024-01-23 13:16:40 +01:00
Girish Ramakrishnan
29a96e5df1 ldap test: more unbinding 2024-01-23 11:58:00 +01:00
Girish Ramakrishnan
d2c21627de ldap: server.close has a callback after all 2024-01-23 10:47:09 +01:00
Girish Ramakrishnan
81e21effa4 test: clear cron jobs to make node exit 2024-01-23 10:24:48 +01:00
Girish Ramakrishnan
2401c9cee7 test: unbind ldap client 2024-01-23 10:12:29 +01:00
Girish Ramakrishnan
4f0bbcc73b externaldap: 2fa validation for supported sources 
a request to verify password to externaldap.js logic can come from
* cloudron app (via ldapserver.js)
* dashboard (via oidc.js) or proxy auth (proxyauth.js) or CLI (accesscontrol.js)

the only supported source is the 'cloudron' provider at this point
 2024-01-22 21:35:19 +01:00
Girish Ramakrishnan
3220721f84 directoryserver: test all combinations of 2fa checks 
directory server cannot know the source of the requesting client.
there are 3 sources - external app, cloudron app, cloudron dashboard.

the 2fa is requested by client by passing `+totpToken=xxx` . totpToken
is ignored if the user has no 2fa setup. If present, it is validated.
 2024-01-22 13:14:29 +01:00
Girish Ramakrishnan
13b9bed48b externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 12:44:19 +01:00
Girish Ramakrishnan
c99c24b3bd users: cannot update profile fields of external user 2024-01-20 11:23:35 +01:00
Girish Ramakrishnan
8bdcdd7810 groups: members cannot be set for external groups 2024-01-19 23:23:25 +01:00
Girish Ramakrishnan
a1217e52c8 group: cannot set name of ldap group 2024-01-19 22:28:48 +01:00
Girish Ramakrishnan
a8d37b917a groups: remove unused addMember 2024-01-19 17:25:36 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
4f9e43859c directoryserver: comments can be provided in allowlist 2024-01-13 12:54:10 +01:00
Girish Ramakrishnan
5b7667fa4d external ldap: ensure dashboard login does totp check 2024-01-08 11:55:35 +01:00
Girish Ramakrishnan
053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan
4ddcd547ba directoryserver: leave it to client to decide totp check 
initially, the idea was to make the server enforce it. this is more secure. however,
we have 3 kinds of clients - an external cloudron dashboard which needs totp,
an external cloudron app, which doesn't have totp and external apps that don't have totp either.

given that the directory server is IP restricted, this is a reasonable compromise until
we move wholesale to oidc.

a directoryserver setting like "enforce totp" also does not work since this policy will be
applied to all clients.
 2024-01-07 20:38:36 +01:00
Girish Ramakrishnan
7bb68ea6b5 rename ldap.js to ldapserver.js 
this makes it clearer it is server module and not some generic ldap thing
 2024-01-06 13:31:32 +01:00
Girish Ramakrishnan
e13f427267 directoryserver: 2fa validation tests 2024-01-06 13:25:12 +01:00
Girish Ramakrishnan
c422e2d570 users: add tests for 2fa and relaxed 2fa 2024-01-06 13:15:55 +01:00
Girish Ramakrishnan
e42579521c Fix tests 2024-01-03 15:12:07 +01:00
Johannes Zellner
4d29592450 Do not invalidate session sudo but only for the command we want to test 2023-12-04 01:42:46 +01:00
Girish Ramakrishnan
cbf1b47332 system: merge info and dmi routes 
also return uptimeSecs instead of abstract date
 2023-12-04 01:11:26 +01:00
Girish Ramakrishnan
72083f59cd system: dmi information 2023-12-04 00:31:18 +01:00
Girish Ramakrishnan
8a20b603f5 system: cpu route 2023-12-04 00:23:25 +01:00
Girish Ramakrishnan
d45c433bc7 fix dockerproxy test 2023-12-04 00:11:11 +01:00
Girish Ramakrishnan
943325baa3 better sudoers configuration check 2023-12-03 17:50:50 +01:00
Girish Ramakrishnan
b9e584752b Fix system test 2023-12-03 15:52:31 +01:00
Girish Ramakrishnan
41319bc817 ldap server close has no callback 2023-10-01 14:33:19 +05:30
Johannes Zellner
3bde6e7475 Fixup eventlog tests 2023-09-27 09:12:06 +02:00
Johannes Zellner
b72a5e9c69 Add notification types 2023-09-22 17:58:13 +02:00
Girish Ramakrishnan
91a4883b50 typo 2023-08-21 19:43:53 +05:30
Girish Ramakrishnan
79af6c1a68 On dashboard or email location change, reconfigure immediately 2023-08-21 18:34:07 +05:30
Girish Ramakrishnan
28bfab6700 LOCATION_TYPE can move into location.js 2023-08-17 16:05:19 +05:30
Girish Ramakrishnan
de7879afb5 store subdomain in database instead of fqdn 
this makes it more consistent with the locations table
 2023-08-16 21:58:56 +05:30
Girish Ramakrishnan
1133a41b77 Fix proxy config not generated on restore 2023-08-16 12:52:52 +05:30
Girish Ramakrishnan
aa8c23c8b3 rework backup root 
notes:
* backup root cannot come from backend. for dynamic mounts backend cannot know where it is mounted
* backupConfig is 3 parts - format / mount / password . there is also this rootPath (which should not be in db)
* password should be stored separately in settings at some point
* format has to be passed along everywhere because we allow restore from  same backupConfig but different format. we do this by saving the format in the backups table

fixes #819
 2023-08-15 22:51:45 +05:30
Girish Ramakrishnan
cd9d49116e backups: move limits and storage into separate keys 2023-08-15 10:48:56 +05:30
Girish Ramakrishnan
a7be30a816 better naming of the dashboard functions 2023-08-13 10:38:07 +05:30