jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
18,990 Commits 33 Branches 583 Tags
ae2f74777b36c4a2e0ee43b75e57ab45d5b6d0c9
Commit Graph

119 Commits

Author SHA1 Message Date
Girish Ramakrishnan
ae2f74777b rename some variables for clarity 2025-11-23 15:35:18 +01:00
Girish Ramakrishnan
28feadd6c5 typo: forgot to amend previous commit 2025-11-04 09:20:12 +01:00
Girish Ramakrishnan
af3ed04b7f externalldap: only set group members if they changed 2025-11-04 09:12:25 +01:00
Girish Ramakrishnan
43e426ab9f Revert "Add no-use-before-define linter rule" 
This reverts commit fdcc5d68a2.

Unfortunately, this requires us to move exports to the bottom.
This in turn causes circular dep issues and also access of
exports.GLOBAL_VAR in the global context
 2025-10-08 21:17:52 +02:00
Girish Ramakrishnan
9226baa63c externalldap: remove usage of secret placeholder 2025-10-08 19:42:35 +02:00
Girish Ramakrishnan
12e073e8cf use node: prefix for requires 
mostly because code is being autogenerated by all the AI stuff using
this prefix. it's also used in the stack trace.
 2025-08-14 12:55:35 +05:30
Girish Ramakrishnan
d9c104613c tasks: rework the startTask API 
it is now async. change was required to reset the pending flag
 2025-06-17 19:32:46 +02:00
Girish Ramakrishnan
148e3dc65b boxerror: error must be string or Error 2025-02-27 16:55:12 +01:00
Girish Ramakrishnan
1197693591 test: add root dn response 2025-02-26 14:14:42 +01:00
Girish Ramakrishnan
f78f6634fa ldap: automatically detect if server supports pagination 2025-02-26 12:18:32 +01:00
Girish Ramakrishnan
3b9d617e37 groups: add events to eventlog 2024-12-04 11:30:30 +01:00
Girish Ramakrishnan
55a880c9ac Fix typo 
14a18a42b7
 2024-10-30 17:41:57 +01:00
Girish Ramakrishnan
61341b8380 boxerror: always pass second error string 2024-10-30 17:32:12 +01:00
Johannes Zellner
14a18a42b7 Avoid crash in externalldap if search result has no username 2024-10-22 14:49:14 +02:00
Johannes Zellner
2c28eddc2b Fix linter errors 2024-10-22 14:40:53 +02:00
Girish Ramakrishnan
793ee38f79 external ldap: show proper error message on timeout 2024-01-23 23:27:06 +01:00
Girish Ramakrishnan
4f0bbcc73b externaldap: 2fa validation for supported sources 
a request to verify password to externaldap.js logic can come from
* cloudron app (via ldapserver.js)
* dashboard (via oidc.js) or proxy auth (proxyauth.js) or CLI (accesscontrol.js)

the only supported source is the 'cloudron' provider at this point
 2024-01-22 21:35:19 +01:00
Girish Ramakrishnan
13b9bed48b externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 12:44:19 +01:00
Girish Ramakrishnan
8bdcdd7810 groups: members cannot be set for external groups 2024-01-19 23:23:25 +01:00
Girish Ramakrishnan
06ce351d82 externalldap: set group members as a single transaction 2024-01-19 17:24:35 +01:00
Girish Ramakrishnan
ee43dff35f externalldap: reset group source when disabled 2024-01-13 22:35:23 +01:00
Girish Ramakrishnan
8771158f10 Fix test 2024-01-13 21:29:40 +01:00
Girish Ramakrishnan
46a589f794 Use BAD_STATE consistently for demo mode 2024-01-13 21:15:41 +01:00
Girish Ramakrishnan
257dc4e271 external ldap: run syncer every 4 hours 
hardcoded for now but we should make this configurable
 2024-01-13 15:53:14 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
40c82b3e48 external directory: reset auth source when disabled 
this allows existing users to login (including the owner itself)

The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time.

If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
 2024-01-13 11:51:12 +01:00
Girish Ramakrishnan
5b7667fa4d external ldap: ensure dashboard login does totp check 2024-01-08 11:55:35 +01:00
Girish Ramakrishnan
053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan
1ca46a064c ldap: use proper error message instead of dn 
the dn is already in lde_dn field of the error object.
lde_message is the message
 2024-01-03 15:23:22 +01:00
Girish Ramakrishnan
d2c702f890 eventlog: always use AuditSource objects as source field 2023-08-28 08:13:56 +05:30
Girish Ramakrishnan
6aad89ae6e demo is just a constant, not a setting 2023-08-04 14:13:30 +05:30
Girish Ramakrishnan
bbc6ba1a35 settings: move service setting into services.js 
this also introduces getJson/setJson
 2023-08-03 11:50:00 +05:30
Girish Ramakrishnan
4a34c390f8 settings: move externaldap setting 2023-08-03 02:43:26 +05:30
Johannes Zellner
65769e5701 ldap uses lower-case attributes 2023-07-31 13:12:39 +02:00
Girish Ramakrishnan
057e4db6c1 use debug instead of console.error 2023-04-30 21:49:34 +02:00
Girish Ramakrishnan
c4f4f3e914 logs: use %o to format error 
otherwise, they are printed as multi-line and this messes up tail+date formatting
 2023-04-16 10:49:59 +02:00
Girish Ramakrishnan
53e9eccf72 unify totp check 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
 2023-03-12 16:01:12 +01:00
Johannes Zellner
41b03e3fef Ensure ldap client always has an error handler 2023-01-12 14:39:58 +01:00
Johannes Zellner
88eb809c6e For ldap users created on first login, make sure we also check 2fa if enabled 2022-08-03 18:20:43 +02:00
Johannes Zellner
a2a60ff426 Add support for LDAP cn=...+totptoken=.. support 2022-08-02 15:27:34 +02:00
Johannes Zellner
0cd48bd239 Ensure LDAP usernames are always treated lowercase 2022-04-23 11:21:14 +02:00
Girish Ramakrishnan
7f89dfd261 add once.js 2022-04-15 19:01:35 -05:00
Johannes Zellner
b54c4bb399 Fixup cn attribute for ldap to be according to spec 2022-02-18 17:43:47 +01:00
Johannes Zellner
63fe75ecd2 Reduce noisy externalldap debug()s 2021-11-26 09:55:59 +01:00
Johannes Zellner
92f0f56fae do not strictly require fallbackEmail on user creation but provide a fallback 2021-10-28 10:29:02 +02:00
Johannes Zellner
cef5c1e78c Use normal bind() 2021-10-26 18:47:51 +02:00
Johannes Zellner
50ff6b99e0 More external ldap fixes after the test tests the correct thing 2021-10-26 18:04:25 +02:00
Johannes Zellner
84884b969e Fix external ldap bind 
See "Losing context" https://masteringjs.io/tutorials/node/promisify
 2021-10-26 11:55:58 +02:00
Girish Ramakrishnan
445c83c8b9 make auditsource a class 
this allows us to use AuditSource for the class and auditSource for
the instances!
 2021-09-30 10:13:36 -07:00
Johannes Zellner
48056d7451 If we detect a local user with the same username as found on LDAP/AD we map it 2021-09-13 21:17:41 +02:00