jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

1871 Commits

Author SHA1 Message Date
Girish Ramakrishnan
c5ffb65563 Fix usage of normalizeScope 2018-05-01 13:21:53 -07:00
Girish Ramakrishnan
f76a5a7ba7 Move the clients API out of oauth prefix 2018-05-01 11:30:51 -07:00
Girish Ramakrishnan
23bc0e8db7 Remove SDK Role 
Just compare with the token's clientId instead
 2018-04-30 23:03:30 -07:00
Girish Ramakrishnan
240ee5f563 Ensure we hand out max user.scope 
The token.scope was valid at token creation time. The user's scope
could since have changed (maybe we got kicked out of a group).
 2018-04-30 22:51:57 -07:00
Girish Ramakrishnan
61d803f528 Use SCOPE_ANY everywhere 2018-04-30 21:44:24 -07:00
Girish Ramakrishnan
e7c8791356 lint 2018-04-30 21:41:09 -07:00
Girish Ramakrishnan
bc4f9cf596 Remove redundant requireAdmin 
We already hand out scopes based on the user's access control
 2018-04-30 21:38:48 -07:00
Girish Ramakrishnan
9789966017 Set the scope for a token basedon what the user has access to 2018-04-30 21:21:18 -07:00
Girish Ramakrishnan
1432d90f37 lint 2018-04-30 21:13:23 -07:00
Girish Ramakrishnan
c84f984205 No need to create a token on password reset 2018-04-30 15:15:05 -07:00
Johannes Zellner
6e19153350 Remove now unused result argument 2018-04-30 20:37:12 +02:00
Johannes Zellner
c5c3748aa9 Do not auto login on password reset 2018-04-30 19:55:59 +02:00
Girish Ramakrishnan
f809e359c9 refactor the global variables as functions 2018-04-29 20:17:45 -07:00
Girish Ramakrishnan
b5f8ca6c16 Fix nasssty typo 2018-04-29 17:50:12 -07:00
Girish Ramakrishnan
922ab3bde1 lint 2018-04-29 17:50:12 -07:00
Girish Ramakrishnan
3b7bcc1f61 refactor scopes into accesscontrol.js 
this will be our authorization layer for oauth and non-oauth tokens.
 2018-04-29 17:50:07 -07:00
Girish Ramakrishnan
6e3b060615 Use SCOPE_PROFILE constant 2018-04-29 17:12:30 -07:00
Girish Ramakrishnan
1c55a3e310 typo 2018-04-29 11:29:21 -07:00
Girish Ramakrishnan
d8acf92929 UserError -> UsersError 2018-04-29 11:22:15 -07:00
Girish Ramakrishnan
7bb8d059b5 GroupError -> GroupsError 2018-04-29 11:21:01 -07:00
Girish Ramakrishnan
863afc68cb DomainError -> DomainsError 2018-04-29 11:20:12 -07:00
Girish Ramakrishnan
4fd58fb46b Rename user.js to users.js 2018-04-29 11:19:04 -07:00
Girish Ramakrishnan
b1b664ceca Move removeInternalAppFields to model code 2018-04-29 10:47:34 -07:00
Girish Ramakrishnan
1a27009fb5 Make expiresAt a body parameter 2018-04-28 22:02:07 -07:00
Girish Ramakrishnan
6c8c206e89 Move input validation logic to routes 2018-04-28 21:58:56 -07:00
Girish Ramakrishnan
82207c3ccd Keep naming consistent with delToken 2018-04-28 21:55:57 -07:00
Girish Ramakrishnan
6768994bbe Capitalize the 2fa text 2018-04-28 10:20:33 -07:00
Girish Ramakrishnan
b72efb1018 Remove private fields when listing domains 
Currently, domains list route does not return the fallback cert.
make it future proof, just in case.
 2018-04-27 11:41:30 -07:00
Johannes Zellner
7a8c525beb Add 2fa Oauth route tests 2018-04-27 14:08:22 +02:00
Johannes Zellner
9372d8797a Add 2fa tests for developer login api 2018-04-27 12:29:11 +02:00
Johannes Zellner
faeb89b258 Add 2fa token login to oauth login form 2018-04-27 11:46:41 +02:00
Johannes Zellner
50d7ade0d9 Remove unused property on set 2fa secret 2018-04-27 08:20:12 +02:00
Johannes Zellner
497c76a905 Add 2fa token check to developer login 2018-04-27 08:18:13 +02:00
Girish Ramakrishnan
a7bb5d6b5c add route to query apps specific to user 
it's not nice to overload a route to mean different things depending
on who queries it.
 2018-04-26 20:07:12 -07:00
Girish Ramakrishnan
e0da6679e9 Move user routes to /api/v1/user 2018-04-26 19:57:44 -07:00
Girish Ramakrishnan
7549b3e837 enhance user creation API to take a password 2018-04-26 14:13:40 -07:00
Johannes Zellner
0d58a6bf33 Send 2fa auth status with profile info 2018-04-26 16:29:40 +02:00
Johannes Zellner
fbba636fb3 Handle more 2fa route errors 2018-04-26 16:14:37 +02:00
Johannes Zellner
9cd6333cf7 2fa routest work with the req.user object 2018-04-26 15:12:14 +02:00
Johannes Zellner
eb02c182e5 Avoid linter issue 2018-04-26 14:45:12 +02:00
Johannes Zellner
6574b22cf6 Add 2fa routest and business logic 2018-04-26 08:46:35 +02:00
Girish Ramakrishnan
d1ed2aa2ce remove untested route set_admin 2018-04-25 21:43:21 -07:00
Girish Ramakrishnan
c2a762cb29 Do not reserve mailbox names 
Now that user management is split from mailboxes, we don't need to
reserve mailbox names anymore.
 2018-04-25 21:14:33 -07:00
Johannes Zellner
0c728c6af5 Fix mail rest api tests 2018-04-13 12:54:40 +02:00
Johannes Zellner
ff856a5978 Rename 'address' catchall property to 'addresses' to better indiciate this being an array 2018-04-13 12:15:15 +02:00
Johannes Zellner
c4dad2f55f Fix address property error response in catchall 2018-04-13 12:15:15 +02:00
Girish Ramakrishnan
1d761deec0 Fix test 2018-04-07 18:39:17 -07:00
Johannes Zellner
55d53ef311 Do not succeed if mailbox name is already taken 2018-04-06 16:55:01 +02:00
Girish Ramakrishnan
9beeb33090 mail: validate list and mailbox names 2018-04-05 17:49:16 -07:00
Girish Ramakrishnan
605dc00422 mail: add members field for lists 
we have to track the members of a list in the mail app separately
from groups. this is required because users can now have multiple
mailboxes. and because of that we cannot do a 1-1 mapping of group
members to mailboxes anymore. the ui is changed to select mailboxes
when creating a list.
 2018-04-05 16:07:38 -07:00