jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
19,659 Commits 33 Branches 583 Tags
c15e342bb8a7313c905d534df0163d2f023a106d
Commit Graph

56 Commits

Author SHA1 Message Date
Girish Ramakrishnan
c15e342bb8 webadmin: remove the implicit flow 
we now use pkce . main advantage is that we don't see the access token
in the url anymore.

in pkce, the auth code by itself is useless. need the verifier.

fixes #844
 2026-03-15 17:38:27 +05:30
Girish Ramakrishnan
dc1449c7b6 oidcserver: convert to trace 2026-03-15 17:32:03 +05:30
Girish Ramakrishnan
6db2b55e63 oidcserver: custom templates for device login 
the default one uses google fonts :/
 2026-03-13 13:25:57 +05:30
Girish Ramakrishnan
a3c038781f oidc: implement Device Authorization Grant 2026-03-13 12:44:39 +05:30
Girish Ramakrishnan
f12b4faf34 lint 2026-03-12 23:23:23 +05:30
Girish Ramakrishnan
01d0c738bc replace debug() with our custom logger 
mostly we want trace() and log(). trace() can be enabled whenever
we want by flipping a flag and restarting box
 2026-03-12 23:08:35 +05:30
Girish Ramakrishnan
d377d1e1cf remove deprecated url 2026-03-10 15:15:17 +05:30
Johannes Zellner
19a0f77c53 Do not add empty mailclient claim unless requested 2026-02-25 16:15:35 +01:00
Johannes Zellner
6dbd97ba14 Only generate mailpassword and fetch mailboxes if the oidc client wants the mailclient scope 2026-02-25 16:07:46 +01:00
Johannes Zellner
466527884f Fix acl logic for token inspection endpoint 2026-02-19 19:09:02 +01:00
Johannes Zellner
9d03eb2643 Check internal ACL during token introspection 2026-02-19 18:05:49 +01:00
Johannes Zellner
43acecfc6e mailPasswords table should work with oidc clients not apps 2026-02-18 15:17:08 +01:00
Johannes Zellner
5e7e739589 Enable token inspection endpoints in oidc 2026-02-18 15:00:02 +01:00
Johannes Zellner
f14dfb6c17 Fix typo 2026-02-18 11:27:45 +01:00
Johannes Zellner
bfbcbb686d Send an email accessToken alongside the mailclient claims 2026-02-18 10:12:34 +01:00
Johannes Zellner
744300744c Fix claim name to mailclient 2026-02-18 10:12:34 +01:00
Johannes Zellner
9bac099339 Add mailPassword table 
This table stores email credentials for users using apps which use the
email addon
 2026-02-18 10:12:34 +01:00
Johannes Zellner
135c9fb64d Support mailclient oidc claim 
Only apps with addon email have access to the claims' scopes
 2026-02-18 10:12:34 +01:00
Girish Ramakrishnan
4ed6fbbd74 eslint: add no-shadow 2026-02-18 08:18:37 +01:00
Girish Ramakrishnan
319360f8d0 lint 2026-02-17 19:51:09 +01:00
Johannes Zellner
c21011a17a support ID_CLI oidc client 2026-02-16 23:19:37 +01:00
Girish Ramakrishnan
b5a1554631 Fix various linter errors 2026-02-15 19:37:30 +01:00
Girish Ramakrishnan
b71e503a01 more ESM cleanups 2026-02-14 16:52:16 +01:00
Girish Ramakrishnan
36aa641cb9 migrate to "export default" 
also, set no-use-before-define in linter
 2026-02-14 15:43:24 +01:00
Girish Ramakrishnan
96dc79cfe6 Migrate codebase from CommonJS to ES Modules 
- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
  (dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
  declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
  loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing

Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-14 15:11:45 +01:00
Johannes Zellner
5724ca73b4 Add passkey support 2026-02-13 17:18:56 +01:00
Girish Ramakrishnan
88a44ee065 oidc: add alg to the jwks keys 2026-02-12 19:42:00 +01:00
Girish Ramakrishnan
91b8f1a457 oidc: do not fail on notification failure 2026-02-05 18:26:14 +01:00
Johannes Zellner
8d85b521c8 Fix oidc profile avatar route 2025-12-24 10:51:38 +01:00
Girish Ramakrishnan
10f99673c5 oidc: filter oidc-provider module response instead 2025-12-09 12:52:37 +01:00
Girish Ramakrishnan
aff5e8f44d oidc: add separate jwks key route for cloudflare access 2025-12-09 12:51:27 +01:00
Johannes Zellner
2b4f8ff00d store actual appId not oidc clientId for log in events 2025-11-19 23:21:09 +01:00
Johannes Zellner
1bc9dc30f6 Render oidc error page instead of showing a httperror if interaction is invalid 
Fixes #862
 2025-10-17 23:43:21 +02:00
Girish Ramakrishnan
3a0febe760 convert console.log to debug 2025-10-07 09:36:07 +02:00
Girish Ramakrishnan
12e073e8cf use node: prefix for requires 
mostly because code is being autogenerated by all the AI stuff using
this prefix. it's also used in the stack trace.
 2025-08-14 12:55:35 +05:30
Johannes Zellner
8143ef1057 Fix autologin after account creation 2025-08-07 17:16:46 +02:00
Johannes Zellner
ed288317c4 Use the same app label in login and app grid 2025-07-16 18:21:34 +02:00
Johannes Zellner
f15909c814 Pickup system language from template 2025-07-14 11:43:28 +02:00
Girish Ramakrishnan
8e8b635769 oidc: remove user.active check for owner user 2025-07-11 17:36:46 +02:00
Johannes Zellner
93e48fabdf Move oidc views to ejs templating 2025-07-11 14:47:44 +02:00
Johannes Zellner
2fe84293b3 Rename oidc rendered login.html to oidc_login.html 2025-07-11 12:28:02 +02:00
Girish Ramakrishnan
820aeee659 oidcserver: fix login events not being raised for webadmin 
we should remove implicit flow at some point . also #844
 2025-07-10 13:43:25 +02:00
Girish Ramakrishnan
bba48f455e use @connect-lastmile 2025-07-10 11:00:31 +02:00
Girish Ramakrishnan
fd61a0bfbf proxyauth: oidc server returns username now 
See 846986987d
 2025-07-09 18:07:05 +02:00
Johannes Zellner
846986987d the oidc module expect accountId and sub to be the same 
in our case sub is the username exposed to the app, not the userId
internal to Cloudron

Upstream behavior change 9b89153c0e
 2025-07-02 00:38:11 +02:00
Johannes Zellner
e496f4f3e2 Bring back demo login info 2025-06-13 09:35:16 +02:00
Girish Ramakrishnan
b60681e9bd oidc: refactor the StorageAdapter 2025-06-13 02:05:01 +02:00
Girish Ramakrishnan
25684bf4f6 oidc: reload the login form if the interaction expires 
use the error status which the oidc provider module returns
 2025-06-13 00:47:45 +02:00
Girish Ramakrishnan
f0c5b603ee oidc: some comments 2025-06-12 22:58:29 +02:00
Johannes Zellner
b61b45177a Only access lastSubmission if it exists 2025-06-12 22:33:57 +02:00