c99c24b3bd
users: cannot update profile fields of external user
2024-01-20 11:23:35 +01:00
63766dd10f
do not send email reset for external users
2024-01-13 21:37:02 +01:00
46a589f794
Use BAD_STATE consistently for demo mode
2024-01-13 21:15:41 +01:00
40c82b3e48
external directory: reset auth source when disabled
...
this allows existing users to login (including the owner itself)
The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time.
If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
2024-01-13 11:51:12 +01:00
5b7667fa4d
external ldap: ensure dashboard login does totp check
2024-01-08 11:55:35 +01:00
053f81a53e
externalldap: add tests
2024-01-07 22:04:22 +01:00
eee49a8291
move dashboard setting into dashboard.js
2023-08-11 21:04:10 +05:30
67ee82abb9
remove settings.dashboardOrigin
2023-08-04 22:10:14 +05:30
6aad89ae6e
demo is just a constant, not a setting
2023-08-04 14:13:30 +05:30
bbc6ba1a35
settings: move service setting into services.js
...
this also introduces getJson/setJson
2023-08-03 11:50:00 +05:30
d12e6ee2b3
settings: make user_directory setting route
2023-08-03 08:29:12 +05:30
9d3fa94960
Add separate password reset view
2023-06-15 16:34:58 +02:00
e6ba2a6e7a
replace usage of _.extend with Object.assign
2023-05-25 11:45:14 +02:00
c4f4f3e914
logs: use %o to format error
...
otherwise, they are printed as multi-line and this messes up tail+date formatting
2023-04-16 10:49:59 +02:00
53e9eccf72
unify totp check
...
the totp check is done in several places causing errors like 3552232e99
2023-03-12 16:01:12 +01:00
e9eeab074a
Clarify error message further
2022-11-10 13:50:28 +01:00
3477cf474f
security: do not password reset mail to cloudron owned mail domain
...
https://forum.cloudron.io/topic/7951/privilege-escalation-through-mail-manager-role
2022-11-10 12:59:03 +01:00
a2a60ff426
Add support for LDAP cn=...+totptoken=.. support
2022-08-02 15:27:34 +02:00
f3c66056b5
Allow to unset background image
2022-05-17 13:17:05 +02:00
6bd478b8b0
Add profile backgroundImage api
2022-05-15 12:08:11 +02:00
a3e097d541
add missing awaits for eventlog.add
2022-02-24 20:04:46 -08:00
ba5c2f623c
remove supererror, not really used
2022-02-21 17:34:51 -08:00
26a8738b21
make user listing return non-private fields
...
this was from a time when normal users could install apps
2022-02-16 21:22:38 -08:00
85964676fa
Fix location conflict error message
2022-02-07 16:09:43 -08:00
d5481342ed
Add ability to filter users by state
2022-02-07 17:18:13 +01:00
97e439f8a3
more profileConfig rename
2022-01-13 16:49:06 -08:00
4513b6de70
add a way for admins to set username when profiles are locked
2022-01-12 16:21:00 -08:00
7117c17777
Add exposed ldap tests
2021-12-23 21:31:48 +01:00
e5fecdaabf
Add mail manager role
...
part of #807
2021-12-02 09:24:09 -08:00
37f066f2b0
Fix user signup when profile is locked and add tests
2021-11-22 20:42:51 +01:00
e36d7665fa
The profile based password reset does not return a resetLink
2021-11-03 22:03:08 +01:00
63f6f065ba
Add and fixup invite link related tests
2021-10-28 11:18:31 +02:00
92f0f56fae
do not strictly require fallbackEmail on user creation but provide a fallback
2021-10-28 10:29:02 +02:00
cb8aa15e62
Do not allow setting ghost password for user without username
2021-10-27 23:36:44 +02:00
4356d673bc
Fix wrong assert and minor typos
2021-10-27 22:31:54 +02:00
b59776bf9b
fail getting invite link or sending invite if invate was already used
2021-10-27 21:25:43 +02:00
475795a107
Invite is now also separate
2021-10-27 19:58:06 +02:00
9a80049d36
Add two distinct password reset routes
2021-10-27 19:12:18 +02:00
daf212468f
fallbackEmail is now independent from email
2021-10-26 22:50:02 +02:00
885ea259d7
Set inviteToken on user creation
2021-10-01 14:52:58 +02:00
4ce21f643e
send invite status via user rest api
2021-10-01 14:32:37 +02:00
cb31e5ae8b
Separate invite and password reset token
2021-10-01 12:27:22 +02:00
c7b668b3a4
remove unused require
2021-10-01 11:55:35 +02:00
54c6f33e5f
Fix broken invitation link
2021-09-25 17:36:56 -07:00
1aa96f7f76
demo: do not send login notification
2021-09-23 09:13:07 -07:00
bb2ad0e986
Implement operator role for apps
...
There are two main use cases:
* A consultant/contractor/external developer is given access to just an app.
* A "service" personnel (say upstream app author) is to be given access to single app
for debugging.
Since, this is an "app admin", they are also given access to apps to be consistent with
the idea that Cloudron admin has access to all apps.
part of #791
2021-09-21 12:30:02 -07:00
a36c51483c
no need to re-throw
2021-09-20 10:36:46 -07:00
c6c62de68a
Move ghosts into settings table
2021-09-20 13:05:42 +02:00
b3fe2a4b84
Set correct default ghost expiration
2021-09-17 16:08:03 +02:00
2ea5786fcc
Fix setGhost api usage
2021-09-17 15:52:52 +02:00
Girish Ramakrishnan