Commit Graph

18333 Commits

Author SHA1 Message Date
Johannes Zellner
1845a65085 Remove distinct support view 2025-06-09 20:54:52 +02:00
Johannes Zellner
86bad5cb3e fix ipv6 address label and clear errors always on submit 2025-06-09 20:52:37 +02:00
Girish Ramakrishnan
ad4c88b535 Fix missing usage of safe() 2025-06-09 10:18:01 +02:00
Girish Ramakrishnan
55dde26aae profile: add fallback when no avatar set 2025-06-09 09:35:54 +02:00
Girish Ramakrishnan
a93c85ebc9 profile: drop gravatar support
gravatar is owned by an external entity (Automattic) and we have an
unnecessary dep to this service. users can just upload a profile pic
2025-06-08 18:12:40 +02:00
Girish Ramakrishnan
cd45046724 test: fix tasks test 2025-06-08 15:55:00 +02:00
Girish Ramakrishnan
804be6d5e4 cloudron-support: typo 2025-06-08 11:06:56 +02:00
Girish Ramakrishnan
344782099f add explicit unset for the image routes
the initial motivation was to fix up the profile avatar rule which
had a mix of json or multipart. this style does not work well with
express 5
2025-06-06 18:58:49 +02:00
Girish Ramakrishnan
4ffff84540 test: fix dockerproxy test 2025-06-06 18:07:03 +02:00
Girish Ramakrishnan
dffa3b7986 do not mix multipart and json 2025-06-06 17:18:39 +02:00
Girish Ramakrishnan
0f7bc9be52 GET requests should not use json middleware 2025-06-06 17:18:39 +02:00
Girish Ramakrishnan
05fc8ed5db Fix crash with express 5
express.json does not enforce json. this means it will pass it through
but let req.body be undefined. this causes all our asserts to crash
2025-06-06 16:30:43 +02:00
Girish Ramakrishnan
74a8779c49 Fix oidc upgrade crash
they keys object format has changed
2025-06-06 16:23:11 +02:00
Girish Ramakrishnan
40631a753f Fix express 5 crashes 2025-06-06 16:23:07 +02:00
Girish Ramakrishnan
5cf266c5be test: fix nock usage
by default, nock intercepts and redirects everything to 127.0.0.1:80
this is regardless of any http request is mocked or not

nock.isActive() - is interceptor active
nock.restore() removes the interceptor
nock.activate() - enables interceptor again

nock.cleanAll() - deletes all mocks. nothing to do with interceptor
nock.activeMock() - to get the active mocks
nock.persist(true/false) - the mock will reply once and set isDone(). but you can persist(true)
2025-06-06 15:49:07 +02:00
Girish Ramakrishnan
0f3eb42332 test: fix provision test 2025-06-06 15:48:21 +02:00
Girish Ramakrishnan
1fa8395847 test: remove support ticket test 2025-06-06 15:45:43 +02:00
Girish Ramakrishnan
1b6e283ac1 appstore: better error message 2025-06-06 13:45:23 +02:00
Girish Ramakrishnan
7b9504c5b4 test: add provision test 2025-06-06 13:39:30 +02:00
Girish Ramakrishnan
2b52e21ccf test: fix appstore test 2025-06-06 13:39:30 +02:00
Girish Ramakrishnan
c49050ea69 appstore: removed old route and rename to reset_cloudron_id 2025-06-06 13:39:30 +02:00
Johannes Zellner
53037c96cf Update lock file 2025-06-06 13:26:18 +02:00
Johannes Zellner
000e5fa105 Use distinct translation strings for mail and user directory settings menu entries 2025-06-06 11:29:16 +02:00
Girish Ramakrishnan
3ccad9ada9 cloudron-setup: remove --generate-setup-token
this code path is hardly ever tested and seems unnecesary
2025-06-06 10:22:06 +02:00
Girish Ramakrishnan
73bd3e513c appstore: fix response fields from register_cloudron3 2025-06-06 10:19:37 +02:00
Girish Ramakrishnan
2c2a24c31b support: remove createTicket
there is no form to create tickets anymore since a while
2025-06-06 09:51:07 +02:00
Girish Ramakrishnan
28a1c254d9 activation: move registration into provision model code 2025-06-06 09:31:31 +02:00
Girish Ramakrishnan
203ad6b565 major upgrade of express 2025-06-06 08:39:57 +02:00
Girish Ramakrishnan
0969bb9824 test: fix storage test 2025-06-06 08:34:21 +02:00
Girish Ramakrishnan
c6ae7729d1 Fix package.json version 2025-06-06 08:26:21 +02:00
Girish Ramakrishnan
af719dd8c2 major package changes 2025-06-06 08:24:45 +02:00
Girish Ramakrishnan
f87e257233 update modules 2025-06-06 08:16:57 +02:00
Girish Ramakrishnan
83d7535d84 turn: add outbound ratelimit
coturn will send 401 when receiving UDP packets with forged source IP.
this can cause a flood of 401s at the victim. the primary concern appears
to be that these packets are quite large compared to handshake packets
below.

TCP is also affected but effects are minimal because they will get
discarded at the connection handshake level.

UDP/TLS (DTLS) has similar handshake mechanism of TCP and effects are
minimal.

https://forum.cloudron.io/topic/13855/reflection-attack-via-stun-turn
https://github.com/coturn/coturn/pull/1588
2025-06-04 14:15:45 +02:00
Girish Ramakrishnan
811cc9c028 turn: reduce the exposed ports to 100 2025-06-04 13:23:47 +02:00
Girish Ramakrishnan
f14fbfe087 turn: verbose logs in debug mode 2025-06-04 13:22:25 +02:00
Girish Ramakrishnan
446099b1f9 turn: add note on why we still use host mode 2025-06-04 13:11:12 +02:00
Johannes Zellner
bad927e283 Update pankow 2025-06-04 11:08:52 +02:00
Johannes Zellner
ccbb3dca9f Try some sidebar hover indicator 2025-06-04 10:59:27 +02:00
Johannes Zellner
d47b947acf Bring back possibility to disable 2fa for a user from the users view 2025-06-04 10:48:57 +02:00
Johannes Zellner
6332db8e86 Pankow now has the dashboard primary colors 2025-06-03 13:48:39 +02:00
Johannes Zellner
d829d43f2f Update pankow 2025-06-03 12:51:22 +02:00
Johannes Zellner
8944698df1 Remove main UI loading animation 2025-06-03 12:43:14 +02:00
Johannes Zellner
ccf5f2f60e Fix sshfs volume mounting 2025-06-03 11:05:50 +02:00
Johannes Zellner
d381f579d3 Only show NotificationSettings for admins or owners 2025-06-03 10:57:38 +02:00
Johannes Zellner
995c0a7afc Update frontend dependencies 2025-06-02 22:54:46 +02:00
Johannes Zellner
ebba516603 Non-admins do not have a checklist property, so handle it correctly in AppsModel 2025-06-02 22:20:51 +02:00
Johannes Zellner
9289d80e32 Indicate busy state in invitation dialog 2025-06-02 22:20:20 +02:00
Johannes Zellner
d366e10cb9 Fix password reset layout 2025-06-02 21:53:59 +02:00
Johannes Zellner
7c30c2f945 Ensure markdown style for checklist can be applied as not being scoped by vue 2025-06-02 14:52:22 +02:00
Johannes Zellner
4ae9821185 App restart is not a 'danger' operation 2025-06-01 10:18:59 +02:00