jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

8393 Commits

Author SHA1 Message Date
Girish Ramakrishnan 5883857e8c sftp: remove requireAdmin setting. deprecated with operators 2021-09-21 22:43:04 -07:00
Girish Ramakrishnan 629908eb4c operator: add a limits route to determine max app resource limits 2021-09-21 22:29:19 -07:00
Girish Ramakrishnan 214540ebfa operator: add app task status route 2021-09-21 22:19:20 -07:00
Girish Ramakrishnan d7bd3dfe7c operator: add graphs route 2021-09-21 21:50:33 -07:00
Girish Ramakrishnan 0857378801 operator: add app update checker route 2021-09-21 19:58:38 -07:00
Girish Ramakrishnan 82d4fdf24e operator: add route to get app event log 
we cannot go via /cloudron/eventlog since that requires admin
 2021-09-21 19:45:29 -07:00
Girish Ramakrishnan 06e5f9baa1 operators: make the terminal work 2021-09-21 18:27:54 -07:00
Girish Ramakrishnan 6c9b8c8fa8 apps: fix various operators issues 
part of #791
 2021-09-21 18:20:03 -07:00
Girish Ramakrishnan fabd0323e1 Add missing await 2021-09-21 17:47:42 -07:00
Girish Ramakrishnan bb2ad0e986 Implement operator role for apps 
There are two main use cases:
* A consultant/contractor/external developer is given access to just an app.
* A "service" personnel (say upstream app author) is to be given access to single app
for debugging.

Since, this is an "app admin", they are also given access to apps to be consistent with
the idea that Cloudron admin has access to all apps.

part of #791
 2021-09-21 12:30:02 -07:00
Girish Ramakrishnan f44fa2cf47 apps: hasAccessTo -> canAccess 2021-09-21 10:13:06 -07:00
Johannes Zellner 737412653f Fix renamed function call 2021-09-21 18:58:18 +02:00
Girish Ramakrishnan 0cfc3e03bb Use concrete resource name instead of generic "resource" 2021-09-20 22:42:34 -07:00
Girish Ramakrishnan d1e8fded65 mail: expose 465 for mail submission 
Port 465 is implicit TLS. rfc8314 is now pushing this as a standard
and some mail clients like outlook have already taken this to heart.

Note that this port is sometimes confused with SMTPS. Unlike SMTPS,
this is being used for "submissions" (by a client) as opposed to
server transfer protocol.

This is more secure than port 587+STARTTLS. We reject credentials
on insecure connections but it's too late.

See also:

https://www.fastmail.help/hc/en-us/articles/360058753834
https://www.agwa.name/blog/post/starttls_considered_harmful
https://linuxguideandhints.com/misc/port465.html
 2021-09-20 15:42:16 -07:00
Girish Ramakrishnan 2a667cb985 attach debug object for background safe() 2021-09-20 10:36:49 -07:00
Girish Ramakrishnan a36c51483c no need to re-throw 2021-09-20 10:36:46 -07:00
Girish Ramakrishnan e2fc785e80 rename getServiceIds to listServices 2021-09-20 09:15:49 -07:00
Johannes Zellner 5a1a439224 Adjust comment about getAll 2021-09-20 18:04:01 +02:00
Johannes Zellner 212d025579 Do not send new login notification if we have ghost user login 2021-09-20 17:56:37 +02:00
Johannes Zellner 7c70b9050d Fixup ghost tests 2021-09-20 14:59:26 +02:00
Johannes Zellner c6c62de68a Move ghosts into settings table 2021-09-20 13:05:42 +02:00
Girish Ramakrishnan f66af19458 page number starts from 1 2021-09-19 18:36:08 -07:00
Girish Ramakrishnan 50c68cd499 notifications: better oom message for redis 
fixes #795
 2021-09-19 17:34:41 -07:00
Girish Ramakrishnan 8c66ec5d18 tokens: ID_CLI is never used 2021-09-17 15:21:56 -07:00
Girish Ramakrishnan 66a907ef48 Logout users without 2FA when mandatory 2fa is enabled 
Fixes #803
 2021-09-17 14:52:24 -07:00
Girish Ramakrishnan e8aaad976b backups: make test config funcs return error 2021-09-17 10:14:26 -07:00
Girish Ramakrishnan 2554c47632 add missing apps.delPortBinding 
this got lost in async/db translation
 2021-09-17 09:52:21 -07:00
Girish Ramakrishnan c5794b5ecd get rid of all the NOOP_CALLBACKs 2021-09-17 09:40:26 -07:00
Johannes Zellner b3fe2a4b84 Set correct default ghost expiration 2021-09-17 16:08:03 +02:00
Johannes Zellner 2ea5786fcc Fix setGhost api usage 2021-09-17 15:52:52 +02:00
Johannes Zellner f75b0ebff9 Add set ghost route 2021-09-17 12:52:41 +02:00
Johannes Zellner 8fde4e959c Support ghost password expiration in ghost file 2021-09-17 11:48:56 +02:00
Girish Ramakrishnan ac59a7dcc2 disable col stats in test mode (mysql 5.7) or non-ubuntu 20 2021-09-16 17:25:09 -07:00
Girish Ramakrishnan 9a2ed4f2c8 apptask: asyncify 2021-09-16 17:25:05 -07:00
Girish Ramakrishnan b5539120f1 tests: cache dhparams in /tmp 2021-09-16 16:39:13 -07:00
Johannes Zellner 7277727307 Fixup some of app route tests 2021-09-16 17:20:19 +02:00
Johannes Zellner f13e641af4 Also generate dhparams in test to let the platform finish startup 2021-09-16 17:19:59 +02:00
Johannes Zellner da23bae09e return error if purchase fails 2021-09-16 17:19:38 +02:00
Johannes Zellner 9da18d3acb Fixup user tests 2021-09-16 15:38:06 +02:00
Johannes Zellner d92f4c2d2b Ensure a whole test run succeeds for me on archlinux 2021-09-16 15:20:26 +02:00
Johannes Zellner 6785253377 Invitation is now also just a single route like password reset 2021-09-16 15:03:48 +02:00
Johannes Zellner 074ce574dd Return password reset link on reset request route 2021-09-16 14:34:56 +02:00
Johannes Zellner ecd35bd08d Fixup 2fa reset route 2021-09-16 13:18:22 +02:00
Johannes Zellner df864a8b6e Add missing safe() call 2021-09-16 08:40:01 +02:00
Girish Ramakrishnan 48eab7935c sftp: add missing safe() 2021-09-15 15:31:20 -07:00
Johannes Zellner 4080d111c1 We now map ldap users instead of ignoring them if usernames match 2021-09-15 11:44:39 +02:00
Girish Ramakrishnan a78178ec47 redact password immediately after verify 2021-09-14 10:36:14 -07:00
Johannes Zellner 48056d7451 If we detect a local user with the same username as found on LDAP/AD we map it 2021-09-13 21:17:41 +02:00
Girish Ramakrishnan 2f0297d97e Use the debug argument 2021-09-13 11:29:55 -07:00
Girish Ramakrishnan ae13fe60a7 make startBackupTask async 2021-09-10 12:10:10 -07:00