jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
19,750 Commits 33 Branches 583 Tags
c2ec97d641883747fd3a45a4d130b8068b19dc3a
Commit Graph

64 Commits

Author SHA1 Message Date
Johannes Zellner
918c2f8587 Move to @cloudron/safetydance 2026-04-01 09:49:34 +02:00
Johannes Zellner
ba0bb62fa3 hardcode CLI name for cid-cli in device auth flow 2026-03-18 14:37:15 +01:00
Johannes Zellner
1ca62dd38e Restyle oidc device login views 2026-03-18 14:28:28 +01:00
Girish Ramakrishnan
ea7647f43c oidcserver: fix jwks_rsaonly response 2026-03-17 17:49:52 +05:30
Girish Ramakrishnan
bc5737b9b0 passkey: implement passwordless login 2026-03-16 20:10:59 +05:30
Girish Ramakrishnan
d0745d1914 2fa: provider passkey or totp 2026-03-16 18:49:12 +05:30
Girish Ramakrishnan
009d0b39f9 rename twoFactor* to totp 2026-03-16 16:38:42 +05:30
Girish Ramakrishnan
db974d72d5 oidcserver: permit origin "*" from localhost testing 2026-03-16 07:21:55 +05:30
Girish Ramakrishnan
c15e342bb8 webadmin: remove the implicit flow 
we now use pkce . main advantage is that we don't see the access token
in the url anymore.

in pkce, the auth code by itself is useless. need the verifier.

fixes #844
 2026-03-15 17:38:27 +05:30
Girish Ramakrishnan
dc1449c7b6 oidcserver: convert to trace 2026-03-15 17:32:03 +05:30
Girish Ramakrishnan
6db2b55e63 oidcserver: custom templates for device login 
the default one uses google fonts :/
 2026-03-13 13:25:57 +05:30
Girish Ramakrishnan
a3c038781f oidc: implement Device Authorization Grant 2026-03-13 12:44:39 +05:30
Girish Ramakrishnan
f12b4faf34 lint 2026-03-12 23:23:23 +05:30
Girish Ramakrishnan
01d0c738bc replace debug() with our custom logger 
mostly we want trace() and log(). trace() can be enabled whenever
we want by flipping a flag and restarting box
 2026-03-12 23:08:35 +05:30
Girish Ramakrishnan
d377d1e1cf remove deprecated url 2026-03-10 15:15:17 +05:30
Johannes Zellner
19a0f77c53 Do not add empty mailclient claim unless requested 2026-02-25 16:15:35 +01:00
Johannes Zellner
6dbd97ba14 Only generate mailpassword and fetch mailboxes if the oidc client wants the mailclient scope 2026-02-25 16:07:46 +01:00
Johannes Zellner
466527884f Fix acl logic for token inspection endpoint 2026-02-19 19:09:02 +01:00
Johannes Zellner
9d03eb2643 Check internal ACL during token introspection 2026-02-19 18:05:49 +01:00
Johannes Zellner
43acecfc6e mailPasswords table should work with oidc clients not apps 2026-02-18 15:17:08 +01:00
Johannes Zellner
5e7e739589 Enable token inspection endpoints in oidc 2026-02-18 15:00:02 +01:00
Johannes Zellner
f14dfb6c17 Fix typo 2026-02-18 11:27:45 +01:00
Johannes Zellner
bfbcbb686d Send an email accessToken alongside the mailclient claims 2026-02-18 10:12:34 +01:00
Johannes Zellner
744300744c Fix claim name to mailclient 2026-02-18 10:12:34 +01:00
Johannes Zellner
9bac099339 Add mailPassword table 
This table stores email credentials for users using apps which use the
email addon
 2026-02-18 10:12:34 +01:00
Johannes Zellner
135c9fb64d Support mailclient oidc claim 
Only apps with addon email have access to the claims' scopes
 2026-02-18 10:12:34 +01:00
Girish Ramakrishnan
4ed6fbbd74 eslint: add no-shadow 2026-02-18 08:18:37 +01:00
Girish Ramakrishnan
319360f8d0 lint 2026-02-17 19:51:09 +01:00
Johannes Zellner
c21011a17a support ID_CLI oidc client 2026-02-16 23:19:37 +01:00
Girish Ramakrishnan
b5a1554631 Fix various linter errors 2026-02-15 19:37:30 +01:00
Girish Ramakrishnan
b71e503a01 more ESM cleanups 2026-02-14 16:52:16 +01:00
Girish Ramakrishnan
36aa641cb9 migrate to "export default" 
also, set no-use-before-define in linter
 2026-02-14 15:43:24 +01:00
Girish Ramakrishnan
96dc79cfe6 Migrate codebase from CommonJS to ES Modules 
- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
  (dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
  declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
  loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing

Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-14 15:11:45 +01:00
Johannes Zellner
5724ca73b4 Add passkey support 2026-02-13 17:18:56 +01:00
Girish Ramakrishnan
88a44ee065 oidc: add alg to the jwks keys 2026-02-12 19:42:00 +01:00
Girish Ramakrishnan
91b8f1a457 oidc: do not fail on notification failure 2026-02-05 18:26:14 +01:00
Johannes Zellner
8d85b521c8 Fix oidc profile avatar route 2025-12-24 10:51:38 +01:00
Girish Ramakrishnan
10f99673c5 oidc: filter oidc-provider module response instead 2025-12-09 12:52:37 +01:00
Girish Ramakrishnan
aff5e8f44d oidc: add separate jwks key route for cloudflare access 2025-12-09 12:51:27 +01:00
Johannes Zellner
2b4f8ff00d store actual appId not oidc clientId for log in events 2025-11-19 23:21:09 +01:00
Johannes Zellner
1bc9dc30f6 Render oidc error page instead of showing a httperror if interaction is invalid 
Fixes #862
 2025-10-17 23:43:21 +02:00
Girish Ramakrishnan
3a0febe760 convert console.log to debug 2025-10-07 09:36:07 +02:00
Girish Ramakrishnan
12e073e8cf use node: prefix for requires 
mostly because code is being autogenerated by all the AI stuff using
this prefix. it's also used in the stack trace.
 2025-08-14 12:55:35 +05:30
Johannes Zellner
8143ef1057 Fix autologin after account creation 2025-08-07 17:16:46 +02:00
Johannes Zellner
ed288317c4 Use the same app label in login and app grid 2025-07-16 18:21:34 +02:00
Johannes Zellner
f15909c814 Pickup system language from template 2025-07-14 11:43:28 +02:00
Girish Ramakrishnan
8e8b635769 oidc: remove user.active check for owner user 2025-07-11 17:36:46 +02:00
Johannes Zellner
93e48fabdf Move oidc views to ejs templating 2025-07-11 14:47:44 +02:00
Johannes Zellner
2fe84293b3 Rename oidc rendered login.html to oidc_login.html 2025-07-11 12:28:02 +02:00
Girish Ramakrishnan
820aeee659 oidcserver: fix login events not being raised for webadmin 
we should remove implicit flow at some point . also #844
 2025-07-10 13:43:25 +02:00