jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

15779 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Girish Ramakrishnan
d2c21627de ldap: server.close has a callback after all 2024-01-23 10:47:09 +01:00
Girish Ramakrishnan
81e21effa4 test: clear cron jobs to make node exit 2024-01-23 10:24:48 +01:00
Girish Ramakrishnan
2d03941745 cron: clean old jobs variable properly 2024-01-23 10:19:56 +01:00
Girish Ramakrishnan
2401c9cee7 test: unbind ldap client 2024-01-23 10:12:29 +01:00
Girish Ramakrishnan
4f0bbcc73b externaldap: 2fa validation for supported sources 
a request to verify password to externaldap.js logic can come from
* cloudron app (via ldapserver.js)
* dashboard (via oidc.js) or proxy auth (proxyauth.js) or CLI (accesscontrol.js)

the only supported source is the 'cloudron' provider at this point
 2024-01-22 21:35:19 +01:00
Girish Ramakrishnan
5b9700e099 ldapserver: remove totp logic 
none of the apps send totptoken and it's dead code
 2024-01-22 14:12:40 +01:00
Girish Ramakrishnan
d7dda61775 profile: unify password verification check 2024-01-22 14:03:23 +01:00
Girish Ramakrishnan
3220721f84 directoryserver: test all combinations of 2fa checks 
directory server cannot know the source of the requesting client.
there are 3 sources - external app, cloudron app, cloudron dashboard.

the 2fa is requested by client by passing `+totpToken=xxx` . totpToken
is ignored if the user has no 2fa setup. If present, it is validated.
 2024-01-22 13:14:29 +01:00
Girish Ramakrishnan
0ed144fe81 hide user import/export buttons until we know the use case 
maybe people can just script using the REST API
 2024-01-20 12:44:23 +01:00
Girish Ramakrishnan
13b9bed48b externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 12:44:19 +01:00
Girish Ramakrishnan
c99c24b3bd users: cannot update profile fields of external user 2024-01-20 11:23:35 +01:00
Girish Ramakrishnan
bd1ab000f3 users: do not call setGroups when ldap groups synced 2024-01-20 00:32:49 +01:00
Girish Ramakrishnan
a1fd5bb996 users: cannot edit groups with external ldap group sync 2024-01-20 00:11:10 +01:00
Girish Ramakrishnan
9ef29343b3 lint: camel case the variables 2024-01-19 23:35:02 +01:00
Girish Ramakrishnan
8bdcdd7810 groups: members cannot be set for external groups 2024-01-19 23:23:25 +01:00
Girish Ramakrishnan
a1217e52c8 group: cannot set name of ldap group 2024-01-19 22:28:48 +01:00
Girish Ramakrishnan
a8d37b917a groups: remove unused addMember 2024-01-19 17:25:36 +01:00
Girish Ramakrishnan
06ce351d82 externalldap: set group members as a single transaction 2024-01-19 17:24:35 +01:00
Girish Ramakrishnan
f43a601e86 profile: email change now requires password 2024-01-18 18:11:42 +01:00
Johannes Zellner
0dfadc5922 remove extra quotes on digitalocean DNS TXT records 2024-01-17 18:35:48 +01:00
Johannes Zellner
c8cd67258a dashboard: show mailbox login in eventlog correctly 2024-01-17 16:17:22 +01:00
Johannes Zellner
7499aa9201 Do not fail is we don't have a servicesConfig yet 2024-01-17 13:13:48 +01:00
Johannes Zellner
0f4ea17f29 dashboard: ensure we show postinstall also from app config screen 2024-01-16 13:54:42 +01:00
Johannes Zellner
b7631689b0 Add useVectorRsExtension for postgresql service 2024-01-16 12:53:43 +01:00
Girish Ramakrishnan
afe670b49c cloudflare: use response.text since json may not be valid 2024-01-16 12:34:18 +01:00
Girish Ramakrishnan
ee43dff35f externalldap: reset group source when disabled 2024-01-13 22:35:23 +01:00
Girish Ramakrishnan
1faf83afe4 groups: external groups cannot be updated 2024-01-13 22:33:46 +01:00
Girish Ramakrishnan
ce0b66db7d login: show error on password reset 2024-01-13 21:56:18 +01:00
Girish Ramakrishnan
01d33c45bd profile: hide password reset for external users 2024-01-13 21:45:03 +01:00
Girish Ramakrishnan
63766dd10f do not send email reset for external users 2024-01-13 21:37:02 +01:00
Girish Ramakrishnan
8771158f10 Fix test 2024-01-13 21:29:40 +01:00
Girish Ramakrishnan
46a589f794 Use BAD_STATE consistently for demo mode 2024-01-13 21:15:41 +01:00
Girish Ramakrishnan
a007a8e40c externalldap: sync log history 2024-01-13 16:50:10 +01:00
Girish Ramakrishnan
6e42cf4ec5 externalldap: available on all plans 
looks like an oversight that this needs a subscription
 2024-01-13 16:49:35 +01:00
Girish Ramakrishnan
257dc4e271 external ldap: run syncer every 4 hours 
hardcoded for now but we should make this configurable
 2024-01-13 15:53:14 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
4f9e43859c directoryserver: comments can be provided in allowlist 2024-01-13 12:54:10 +01:00
Girish Ramakrishnan
b57ad9b8c1 directoryserver: allowlist always needs a single IP/range 2024-01-13 12:30:43 +01:00
Girish Ramakrishnan
b8c297b178 ldap allow list is not a json 2024-01-13 12:29:00 +01:00
Girish Ramakrishnan
a389b863f9 directory server: add eventlog entry 2024-01-13 12:24:28 +01:00
Girish Ramakrishnan
40c82b3e48 external directory: reset auth source when disabled 
this allows existing users to login (including the owner itself)

The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time.

If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
 2024-01-13 11:51:12 +01:00
Girish Ramakrishnan
2ca94f3159 user: remove make local feature 
we discussed a bit on what this does and it's confusing as it stands:

* Use case of this is lost in the realms of time
* Possible guess by is that it was to move users of different Cloudron to a central cloudron
* Currently, the design is a bit flawed because the make user local button doesn’t pin the user. The state is lost in next synchronization.
* Maybe, one should use export/import user for this use case
* Let’s disable this button for now, feature is not complete.
 2024-01-13 11:02:25 +01:00
Girish Ramakrishnan
33a97d0e50 cloudflare: validate response fields 2024-01-12 14:52:24 +01:00
Girish Ramakrishnan
cef0b6d0d8 test: bump retries 2024-01-11 16:31:12 +01:00
Girish Ramakrishnan
7a5e990ad4 email: rewrite loading of email status using async 
we start a bunch of requests in the background for each domain. when
we switch views immediately, to say the eventlog, these requests are
still active in the background.

canceling the requests will require a much bigger refactor.

https://forum.cloudron.io/topic/10434/email-event-log-loading-very-slowly-seems-tied-to-overall-email-domain-list-health-checks
 2024-01-09 17:34:54 +01:00
Girish Ramakrishnan
ca31dc8d78 namecheap: fix TLD 
continuation of 6cdb448f62
 2024-01-09 09:44:24 +01:00
Girish Ramakrishnan
5b7667fa4d external ldap: ensure dashboard login does totp check 2024-01-08 11:55:35 +01:00
Girish Ramakrishnan
6cdb448f62 namecheap: pass the TLD correctly 
this is safe because namecheap does not allow external domains to be hosted.
otherwise, we would have to use tldjs
 2024-01-08 11:54:37 +01:00
Girish Ramakrishnan
053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan
c842d02d6f namecheap: slow down requests for rate limit 
https://www.namecheap.com/support/knowledgebase/article.aspx/9739/63/api-faq/#z
 2024-01-07 22:01:42 +01:00