176baa075f
Fix some typos
2024-01-30 11:53:54 +01:00
9efe399399
oidc: add picture claim
2024-01-29 13:55:31 +01:00
b03240ccb8
Send avatarType explicitly in profile
2024-01-29 13:51:03 +01:00
c8b997f732
Always send an image as avatar
2024-01-29 13:21:19 +01:00
80e83e0c05
Always send images for profile
2024-01-27 22:55:10 +01:00
243a254f3e
filesystem: remove hook should not rm recursively
...
this causes a bug in the backupcleaner when it tries to prune
empty directories when using the filesystem backend.
the bug is hit when a box backup is getting cleaned up but
one or more app backups are preserved.
2024-01-25 11:50:48 +01:00
2d1e0ec890
Ensure we never set more memory than swap for containers
2024-01-24 15:54:57 +01:00
793ee38f79
external ldap: show proper error message on timeout
2024-01-23 23:27:06 +01:00
b8be174610
Send proper content type for avatar
2024-01-23 17:57:22 +01:00
b923925a6c
better describe
2024-01-23 13:18:14 +01:00
61f5669d76
externalldap: no need to make REST API calls and start server
2024-01-23 13:16:40 +01:00
cf707ba657
move the require
2024-01-23 12:44:23 +01:00
660260336c
dockerproxy: await on close
2024-01-23 12:38:57 +01:00
0447086882
remove spurious log
2024-01-23 12:13:28 +01:00
29a96e5df1
ldap test: more unbinding
2024-01-23 11:58:00 +01:00
c95bb248fb
typo: invoke the function
2024-01-23 11:45:25 +01:00
d3551826c1
platform: add deactivated for tests to uninitialize properly
2024-01-23 11:42:02 +01:00
d2c21627de
ldap: server.close has a callback after all
2024-01-23 10:47:09 +01:00
81e21effa4
test: clear cron jobs to make node exit
2024-01-23 10:24:48 +01:00
2d03941745
cron: clean old jobs variable properly
2024-01-23 10:19:56 +01:00
2401c9cee7
test: unbind ldap client
2024-01-23 10:12:29 +01:00
4f0bbcc73b
externaldap: 2fa validation for supported sources
...
a request to verify password to externaldap.js logic can come from
* cloudron app (via ldapserver.js)
* dashboard (via oidc.js) or proxy auth (proxyauth.js) or CLI (accesscontrol.js)
the only supported source is the 'cloudron' provider at this point
2024-01-22 21:35:19 +01:00
5b9700e099
ldapserver: remove totp logic
...
none of the apps send totptoken and it's dead code
2024-01-22 14:12:40 +01:00
d7dda61775
profile: unify password verification check
2024-01-22 14:03:23 +01:00
3220721f84
directoryserver: test all combinations of 2fa checks
...
directory server cannot know the source of the requesting client.
there are 3 sources - external app, cloudron app, cloudron dashboard.
the 2fa is requested by client by passing `+totpToken=xxx` . totpToken
is ignored if the user has no 2fa setup. If present, it is validated.
2024-01-22 13:14:29 +01:00
13b9bed48b
externalldap: when using cloudron source, disable local 2fa setup
2024-01-20 12:44:19 +01:00
c99c24b3bd
users: cannot update profile fields of external user
2024-01-20 11:23:35 +01:00
a1fd5bb996
users: cannot edit groups with external ldap group sync
2024-01-20 00:11:10 +01:00
8bdcdd7810
groups: members cannot be set for external groups
2024-01-19 23:23:25 +01:00
a1217e52c8
group: cannot set name of ldap group
2024-01-19 22:28:48 +01:00
a8d37b917a
groups: remove unused addMember
2024-01-19 17:25:36 +01:00
06ce351d82
externalldap: set group members as a single transaction
2024-01-19 17:24:35 +01:00
f43a601e86
profile: email change now requires password
2024-01-18 18:11:42 +01:00
0dfadc5922
remove extra quotes on digitalocean DNS TXT records
2024-01-17 18:35:48 +01:00
7499aa9201
Do not fail is we don't have a servicesConfig yet
2024-01-17 13:13:48 +01:00
b7631689b0
Add useVectorRsExtension for postgresql service
2024-01-16 12:53:43 +01:00
afe670b49c
cloudflare: use response.text since json may not be valid
2024-01-16 12:34:18 +01:00
ee43dff35f
externalldap: reset group source when disabled
2024-01-13 22:35:23 +01:00
1faf83afe4
groups: external groups cannot be updated
2024-01-13 22:33:46 +01:00
63766dd10f
do not send email reset for external users
2024-01-13 21:37:02 +01:00
8771158f10
Fix test
2024-01-13 21:29:40 +01:00
46a589f794
Use BAD_STATE consistently for demo mode
2024-01-13 21:15:41 +01:00
257dc4e271
external ldap: run syncer every 4 hours
...
hardcoded for now but we should make this configurable
2024-01-13 15:53:14 +01:00
4136272382
externalldap: add eventlog
2024-01-13 13:22:26 +01:00
4f9e43859c
directoryserver: comments can be provided in allowlist
2024-01-13 12:54:10 +01:00
b57ad9b8c1
directoryserver: allowlist always needs a single IP/range
2024-01-13 12:30:43 +01:00
a389b863f9
directory server: add eventlog entry
2024-01-13 12:24:28 +01:00
40c82b3e48
external directory: reset auth source when disabled
...
this allows existing users to login (including the owner itself)
The alternative is to have some system where we have unique superadmin users across cloudrons which don’t get trampled upon by a sync. This is a bit unrealistic. For the future, we could also design this such that ldap auth is asked for in the initial step i.e at superadmin creation time.
If LDAP connection is lost/down, user can always use 'cloudron-support —owner-login'
2024-01-13 11:51:12 +01:00
2ca94f3159
user: remove make local feature
...
we discussed a bit on what this does and it's confusing as it stands:
* Use case of this is lost in the realms of time
* Possible guess by is that it was to move users of different Cloudron to a central cloudron
* Currently, the design is a bit flawed because the make user local button doesn’t pin the user. The state is lost in next synchronization.
* Maybe, one should use export/import user for this use case
* Let’s disable this button for now, feature is not complete.
2024-01-13 11:02:25 +01:00
33a97d0e50
cloudflare: validate response fields
2024-01-12 14:52:24 +01:00
Girish Ramakrishnan