aa86174d6b
We can have toplevel arrays just fine
2021-05-04 20:30:52 +02:00
fed8ba95f0
Fallback to unkown useragent and don't stash such login attempts
2021-05-04 20:07:28 +02:00
bec42c69c8
Do not use toplevel arrays
2021-05-04 19:52:21 +02:00
7d8d6d4913
better error messages
2021-05-04 10:45:36 -07:00
5ab925e284
Fix login location stash
2021-05-04 15:00:09 +02:00
e10b7b59dc
Only use simplified user agent for login detection
2021-05-04 09:11:16 +02:00
885647f484
fix proxyauth icon
2021-05-03 23:00:51 -07:00
c17743d869
migrate secrets into the database
...
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
2021-05-03 22:11:18 -07:00
035f356dff
add async support to database.query()
2021-05-02 23:18:07 -07:00
199eda82d1
Use Array.isArray instead
2021-05-02 11:26:47 -07:00
442110a437
lint
2021-05-01 11:21:09 -07:00
907ae4f233
secrets -> blobs
...
this will also have certs which are not really "secrets"
2021-04-30 22:34:27 -07:00
130ef72c9a
Add secrets table
...
this will hold keys, certs etc
2021-04-30 22:07:51 -07:00
a33fdee659
remove unused dir
2021-04-30 16:34:05 -07:00
6e7716e992
Update ts when setting task as well
2021-04-30 16:26:19 -07:00
bad77fd99e
apps: update ts in code instead of database
...
ts is useful as a versioning mechanism (for example, icon changed). update the timestamp explicity in code instead of db.
this way health and healthTime can be updated without changing ts.
2021-04-30 16:14:29 -07:00
0062e6d9fe
apps: add icon and appStoreIcon to database
2021-04-30 14:35:21 -07:00
64414eb932
new login mail: minor adjustments to text
2021-04-30 12:01:57 -07:00
8ff68331a8
proxyAuth: use default expiry time in cookie (1 year)
2021-04-30 10:31:09 -07:00
6fe8974a2d
location -> loginLocations
2021-04-30 10:28:34 -07:00
44027f61e6
Fix failing tests
2021-04-30 09:48:00 -07:00
549b2f2a6b
Improve new login location email
2021-04-30 16:20:50 +02:00
fb5c2a5e52
Properly detect new user agents and location
2021-04-30 15:22:10 +02:00
af2c096975
branding: move logo into database
...
initially, i tried to put this in the current value field but that
is TEXT and has a size limit of 64K. TEXT also stores things with
character encoding, so we have to stash it as base64
2021-04-29 18:28:03 -07:00
3c09416e44
Use Buffer.isBuffer instead
2021-04-29 15:37:32 -07:00
6df5a4f79b
Remove unused FIREWALL_CONFIG_FILE
2021-04-29 15:35:42 -07:00
df0532714e
Fix various debugs
2021-04-29 15:25:19 -07:00
6a32291609
Move updatechecker.json into platform data
2021-04-29 14:01:24 -07:00
b8ea9de439
move profile icons into the database
2021-04-29 13:57:24 -07:00
fe6ee45645
typo
2021-04-27 15:25:11 -07:00
cd300bb6e2
graphite: carbon crash fix
...
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923464
https://forum.cloudron.io/topic/4797/graphite-keeps-crashing-oom/34
2021-04-27 14:25:12 -07:00
cb573c0a37
reverseproxy: identify LE staging correctly
2021-04-27 12:55:11 -07:00
70f2337b09
Allow apps to override the Referrer-Policy header
2021-04-26 11:48:18 +02:00
f3d870978b
add tests for inactive mailbox and list
2021-04-21 12:39:18 -07:00
d437acebe2
notifications: can also mark it as unread
2021-04-21 12:20:58 -07:00
bb3f9744fb
notifications: fix pagination of listByUserIdPaged
...
we have to filter in sql query, otherwise we don't get consistent per page count
2021-04-21 10:55:31 -07:00
fbceb67df9
notifications: remove app up/down
2021-04-21 10:55:31 -07:00
61e51c7875
Send new login location notification mail
2021-04-21 16:14:49 +02:00
8b99af952a
turn: turn off verbose logging
2021-04-20 11:30:31 -07:00
d74f2b8506
Stop using deprecated developer/login route in tests
2021-04-20 17:52:53 +02:00
142af8e700
Fix notifications schema
2021-04-19 21:00:31 -07:00
0c8e0c4715
notifications: send backup fail only to owner
...
only superadmin has access to server and can adjust backup config
2021-04-19 20:57:10 -07:00
613da5fff9
notifications: remove user add/edit/update notifications
...
these just clutter the real notifications. these are in the eventlog
anyways.
2021-04-19 20:44:35 -07:00
355de5b0a4
notifications: fix update notification
...
the notification wasn't working because this was in apptask and the apptask died
before it could send out the email. we now move the notification to box process
and also remove the email notification.
2021-04-19 15:14:04 -07:00
7a7223a261
OCSP: do not set must-staple in certificate request
...
On first visit in firefox, must-staple certs (unlike chrome which ignores must-staple) always fail.
Investigating, it turns out, nginx does not fetch OCSP responses on reload or restart - https://trac.nginx.org/nginx/ticket/812 .
So, one has to prime the OCSP cache using curl requests. Alternately, one can use `openssl ocsp -noverify -no_nonce` and
then set `ssl_stapling_file`. Both approaches won't work if the OCSP servers are down and then we have to have some retry logic.
Also, the cache is per nginx worker, so I have no clue how many times one has to call curl. The `ssl_stapling_file` approach
requires some refresh logic as well. All very messy.
For the moment, do not set must-staple in the cert. Instead, check if the cert has a CSP URL and then enable
stapling in nginx accordingly.
2021-04-16 13:33:32 -07:00
4d919127a7
implement OCSP stapling
...
can verify stapling using openssl s_client -connect hostname:443 -status
status_request is RFC6066. there is also status_request_v2 (RFC6961) but this is
not implemented even in openssl libs yet
2021-04-16 12:13:54 -07:00
5d2fd81c0d
Add missing callback()
2021-04-15 16:33:21 -07:00
ef476f74bf
notifications: no email for app up/down/oom events
...
emails will not be used for self monitoring events. these are best done
from the outside. we just log everything in eventlog and raise notifications
as well.
2021-04-15 15:29:25 -07:00
d29d46d812
mail: add active flag to mailboxes and lists
2021-04-15 11:49:19 -07:00
c3e14cd11f
user: return 2fa status for the UI
2021-04-14 21:46:35 -07:00
Johannes Zellner