jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

8393 Commits

Author SHA1 Message Date
Girish Ramakrishnan
8a63f0368e Fix parsing of displayName 
Currently, we only have one field for the name. The first part is
first name. The rest is last name. Obviously, this won't work in all
cases but is the best we can do for the moment.
 2024-02-06 16:53:03 +01:00
Girish Ramakrishnan
479946173f df: run async 
df hangs on some systems and this brings down the box code

happens on erroneous cifs/sshfs volumes
 2024-01-30 12:23:20 +01:00
Girish Ramakrishnan
176baa075f Fix some typos 2024-01-30 11:53:54 +01:00
Johannes Zellner
9efe399399 oidc: add picture claim 2024-01-29 13:55:31 +01:00
Johannes Zellner
b03240ccb8 Send avatarType explicitly in profile 2024-01-29 13:51:03 +01:00
Johannes Zellner
c8b997f732 Always send an image as avatar 2024-01-29 13:21:19 +01:00
Johannes Zellner
80e83e0c05 Always send images for profile 2024-01-27 22:55:10 +01:00
Girish Ramakrishnan
243a254f3e filesystem: remove hook should not rm recursively 
this causes a bug in the backupcleaner when it tries to prune
empty directories when using the filesystem backend.

the bug is hit when a box backup is getting cleaned up but
one or more app backups are preserved.
 2024-01-25 11:50:48 +01:00
Johannes Zellner
2d1e0ec890 Ensure we never set more memory than swap for containers 2024-01-24 15:54:57 +01:00
Girish Ramakrishnan
793ee38f79 external ldap: show proper error message on timeout 2024-01-23 23:27:06 +01:00
Johannes Zellner
b8be174610 Send proper content type for avatar 2024-01-23 17:57:22 +01:00
Girish Ramakrishnan
b923925a6c better describe 2024-01-23 13:18:14 +01:00
Girish Ramakrishnan
61f5669d76 externalldap: no need to make REST API calls and start server 2024-01-23 13:16:40 +01:00
Girish Ramakrishnan
cf707ba657 move the require 2024-01-23 12:44:23 +01:00
Girish Ramakrishnan
660260336c dockerproxy: await on close 2024-01-23 12:38:57 +01:00
Girish Ramakrishnan
0447086882 remove spurious log 2024-01-23 12:13:28 +01:00
Girish Ramakrishnan
29a96e5df1 ldap test: more unbinding 2024-01-23 11:58:00 +01:00
Girish Ramakrishnan
c95bb248fb typo: invoke the function 2024-01-23 11:45:25 +01:00
Girish Ramakrishnan
d3551826c1 platform: add deactivated for tests to uninitialize properly 2024-01-23 11:42:02 +01:00
Girish Ramakrishnan
d2c21627de ldap: server.close has a callback after all 2024-01-23 10:47:09 +01:00
Girish Ramakrishnan
81e21effa4 test: clear cron jobs to make node exit 2024-01-23 10:24:48 +01:00
Girish Ramakrishnan
2d03941745 cron: clean old jobs variable properly 2024-01-23 10:19:56 +01:00
Girish Ramakrishnan
2401c9cee7 test: unbind ldap client 2024-01-23 10:12:29 +01:00
Girish Ramakrishnan
4f0bbcc73b externaldap: 2fa validation for supported sources 
a request to verify password to externaldap.js logic can come from
* cloudron app (via ldapserver.js)
* dashboard (via oidc.js) or proxy auth (proxyauth.js) or CLI (accesscontrol.js)

the only supported source is the 'cloudron' provider at this point
 2024-01-22 21:35:19 +01:00
Girish Ramakrishnan
5b9700e099 ldapserver: remove totp logic 
none of the apps send totptoken and it's dead code
 2024-01-22 14:12:40 +01:00
Girish Ramakrishnan
d7dda61775 profile: unify password verification check 2024-01-22 14:03:23 +01:00
Girish Ramakrishnan
3220721f84 directoryserver: test all combinations of 2fa checks 
directory server cannot know the source of the requesting client.
there are 3 sources - external app, cloudron app, cloudron dashboard.

the 2fa is requested by client by passing `+totpToken=xxx` . totpToken
is ignored if the user has no 2fa setup. If present, it is validated.
 2024-01-22 13:14:29 +01:00
Girish Ramakrishnan
13b9bed48b externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 12:44:19 +01:00
Girish Ramakrishnan
c99c24b3bd users: cannot update profile fields of external user 2024-01-20 11:23:35 +01:00
Girish Ramakrishnan
a1fd5bb996 users: cannot edit groups with external ldap group sync 2024-01-20 00:11:10 +01:00
Girish Ramakrishnan
8bdcdd7810 groups: members cannot be set for external groups 2024-01-19 23:23:25 +01:00
Girish Ramakrishnan
a1217e52c8 group: cannot set name of ldap group 2024-01-19 22:28:48 +01:00
Girish Ramakrishnan
a8d37b917a groups: remove unused addMember 2024-01-19 17:25:36 +01:00
Girish Ramakrishnan
06ce351d82 externalldap: set group members as a single transaction 2024-01-19 17:24:35 +01:00
Girish Ramakrishnan
f43a601e86 profile: email change now requires password 2024-01-18 18:11:42 +01:00
Johannes Zellner
0dfadc5922 remove extra quotes on digitalocean DNS TXT records 2024-01-17 18:35:48 +01:00
Johannes Zellner
7499aa9201 Do not fail is we don't have a servicesConfig yet 2024-01-17 13:13:48 +01:00
Johannes Zellner
b7631689b0 Add useVectorRsExtension for postgresql service 2024-01-16 12:53:43 +01:00
Girish Ramakrishnan
afe670b49c cloudflare: use response.text since json may not be valid 2024-01-16 12:34:18 +01:00
Girish Ramakrishnan
ee43dff35f externalldap: reset group source when disabled 2024-01-13 22:35:23 +01:00
Girish Ramakrishnan
1faf83afe4 groups: external groups cannot be updated 2024-01-13 22:33:46 +01:00
Girish Ramakrishnan
63766dd10f do not send email reset for external users 2024-01-13 21:37:02 +01:00
Girish Ramakrishnan
8771158f10 Fix test 2024-01-13 21:29:40 +01:00
Girish Ramakrishnan
46a589f794 Use BAD_STATE consistently for demo mode 2024-01-13 21:15:41 +01:00
Girish Ramakrishnan
257dc4e271 external ldap: run syncer every 4 hours 
hardcoded for now but we should make this configurable
 2024-01-13 15:53:14 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
4f9e43859c directoryserver: comments can be provided in allowlist 2024-01-13 12:54:10 +01:00
Girish Ramakrishnan
b57ad9b8c1 directoryserver: allowlist always needs a single IP/range 2024-01-13 12:30:43 +01:00
Girish Ramakrishnan
a389b863f9 directory server: add eventlog entry 2024-01-13 12:24:28 +01:00
Girish Ramakrishnan
40c82b3e48 external directory: reset auth source when disabled 
this allows existing users to login (including the owner itself)

The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time.

If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
 2024-01-13 11:51:12 +01:00