jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

51 Commits

Author SHA1 Message Date
Girish Ramakrishnan
d7dda61775 profile: unify password verification check 2024-01-22 14:03:23 +01:00
Girish Ramakrishnan
53e9eccf72 unify totp check 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
 2023-03-12 16:01:12 +01:00
Johannes Zellner
8677e86ace Add authorization to all routes 2022-09-24 21:27:43 +02:00
Johannes Zellner
70d3040135 Validate token scopes 2022-09-23 13:09:07 +02:00
Johannes Zellner
a2a60ff426 Add support for LDAP cn=...+totptoken=.. support 2022-08-02 15:27:34 +02:00
Johannes Zellner
50ff6b99e0 More external ldap fixes after the test tests the correct thing 2021-10-26 18:04:25 +02:00
Girish Ramakrishnan
06e5f9baa1 operators: make the terminal work 2021-09-21 18:27:54 -07:00
Girish Ramakrishnan
bb2ad0e986 Implement operator role for apps 
There are two main use cases:
* A consultant/contractor/external developer is given access to just an app.
* A "service" personnel (say upstream app author) is to be given access to single app
for debugging.

Since, this is an "app admin", they are also given access to apps to be consistent with
the idea that Cloudron admin has access to all apps.

part of #791
 2021-09-21 12:30:02 -07:00
Girish Ramakrishnan
a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan
b579f7ae90 better error messages for 401 2021-06-05 21:26:43 -07:00
Girish Ramakrishnan
7bee7b9ef8 tokens: async'ify 2021-06-04 13:06:38 -07:00
Girish Ramakrishnan
624e34d02d eventlog: add logout 
fixes #757
 2021-01-06 21:57:56 -08:00
Girish Ramakrishnan
e5209a1392 fix some typos 2020-12-20 14:41:16 -08:00
Girish Ramakrishnan
56707ac86a proxyauth: add 2fa 
Fixes #748
 2020-12-20 13:14:21 -08:00
Girish Ramakrishnan
0e156b9376 migrate permissions and admin flag to user.role 2020-02-21 16:49:20 -08:00
Girish Ramakrishnan
c537dfabb2 add manage user permission 2020-02-13 22:49:58 -08:00
Johannes Zellner
cbc6785eb5 Fix typo 2020-02-06 17:29:45 +01:00
Johannes Zellner
2854462e0e Remove token scope business 2020-02-06 16:44:46 +01:00
Johannes Zellner
7c5a258af3 Move 2fa validation in one place 2020-02-06 15:36:14 +01:00
Johannes Zellner
12aa8ac0ad Remove passport 2020-02-06 14:56:28 +01:00
Johannes Zellner
4ae12ac10b Remove oauth 
A whole bunch of useless stuff
 2020-02-05 18:15:59 +01:00
Girish Ramakrishnan
3427db3983 Add app passwords feature 2020-01-31 22:03:19 -08:00
Girish Ramakrishnan
8a3d212bd4 Fix note 2019-11-20 16:17:47 -08:00
Girish Ramakrishnan
af51ddc347 Fix crash when user with active session is deleted 2019-11-20 16:12:21 -08:00
Johannes Zellner
0d8820c247 Add external ldap tests 2019-11-20 22:21:40 +01:00
Johannes Zellner
c53b54bda3 Only create external ldap users for oauth logins 2019-11-20 20:05:22 +01:00
Girish Ramakrishnan
bc3169deb3 Move UsersError to BoxError 2019-10-24 15:06:41 -07:00
Girish Ramakrishnan
2df642000d Move ClientsError to BoxError 2019-10-22 21:16:49 -07:00
Girish Ramakrishnan
f96a8bc269 remove config.edition 
we will replace this with feature flags
 2019-05-06 19:53:34 -07:00
Girish Ramakrishnan
e0b1ebba92 verifyOperator -> isUnmanaged 2018-10-30 21:17:34 -07:00
Girish Ramakrishnan
eed8f109bc operator check is now directly based on edition type 2018-10-30 20:26:22 -07:00
Girish Ramakrishnan
91a1bc7a01 move verifyOperator to users routes 2018-09-06 00:10:09 -07:00
Girish Ramakrishnan
0e3f9c9569 Move verifyAppOwnership to app route 2018-09-06 00:09:42 -07:00
Girish Ramakrishnan
2ad0a57fc1 Typo 2018-09-05 23:59:40 -07:00
Girish Ramakrishnan
3d004b3dcc Disable various server/operator routes based on edition 
The initial idea was to put an owner flag but this means that the
owner will be visible inside apps.
 2018-09-05 15:31:58 -07:00
Girish Ramakrishnan
e0cd7999eb Make spaces an edition instead of setting 2018-08-28 18:31:48 -07:00
Girish Ramakrishnan
a0a523ae71 spaces: verify app ownership in app management routes 2018-08-03 17:35:58 -07:00
Girish Ramakrishnan
38977858aa When issuing token intersect with the existing user roles 
Also:
* Move token validation to accesscontrol.js
* Use clients.addTokenByUserId everywhere
 2018-06-28 00:07:43 -07:00
Girish Ramakrishnan
6cd0601629 Map group roles to scopes 2018-06-18 14:52:39 -07:00
Girish Ramakrishnan
6a2dacb08a Make intersectScopes take an array 2018-06-17 22:39:33 -07:00
Girish Ramakrishnan
ad6bc191f9 Make hasScopes take an array 2018-06-17 21:06:17 -07:00
Girish Ramakrishnan
f24a099e79 Remove user.admin property 
The UI will now base itself entirely off the scopes of the token
 2018-06-17 16:49:56 -07:00
Girish Ramakrishnan
156ffb40c9 Remove scope from users.get 2018-06-17 16:07:20 -07:00
Girish Ramakrishnan
db8b6838bb Move skip password verification logic to accesscontrol.js 2018-06-17 15:20:27 -07:00
Girish Ramakrishnan
e8d9597345 Fix various error codes 
401 - bad password/wrong password
403 - authenticated but not authorized
409 - conflict
 2018-06-15 23:15:30 -07:00
Girish Ramakrishnan
24b0a96f07 Move passport logic to routes 2018-06-15 17:32:40 -07:00
Girish Ramakrishnan
dc86b0f319 validateRequestedScopes -> hasScopes 2018-06-14 20:31:48 -07:00
Girish Ramakrishnan
e5c43e9acd Remove debug 2018-05-02 12:41:22 -07:00
Girish Ramakrishnan
8c4015851a merge auth.js into accesscontrol.js 2018-05-01 14:03:10 -07:00
Girish Ramakrishnan
bc4f9cf596 Remove redundant requireAdmin 
We already hand out scopes based on the user's access control
 2018-04-30 21:38:48 -07:00