jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,673 Commits 33 Branches 583 Tags
d7dda61775001ba70f2c8b3f3bab0a71ece31ef2
Commit Graph

1098 Commits

Author SHA1 Message Date
Girish Ramakrishnan
3220721f84 directoryserver: test all combinations of 2fa checks 
directory server cannot know the source of the requesting client.
there are 3 sources - external app, cloudron app, cloudron dashboard.

the 2fa is requested by client by passing `+totpToken=xxx` . totpToken
is ignored if the user has no 2fa setup. If present, it is validated.
 2024-01-22 13:14:29 +01:00
Girish Ramakrishnan
13b9bed48b externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 12:44:19 +01:00
Girish Ramakrishnan
c99c24b3bd users: cannot update profile fields of external user 2024-01-20 11:23:35 +01:00
Girish Ramakrishnan
8bdcdd7810 groups: members cannot be set for external groups 2024-01-19 23:23:25 +01:00
Girish Ramakrishnan
a1217e52c8 group: cannot set name of ldap group 2024-01-19 22:28:48 +01:00
Girish Ramakrishnan
a8d37b917a groups: remove unused addMember 2024-01-19 17:25:36 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
4f9e43859c directoryserver: comments can be provided in allowlist 2024-01-13 12:54:10 +01:00
Girish Ramakrishnan
5b7667fa4d external ldap: ensure dashboard login does totp check 2024-01-08 11:55:35 +01:00
Girish Ramakrishnan
053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan
4ddcd547ba directoryserver: leave it to client to decide totp check 
initially, the idea was to make the server enforce it. this is more secure. however,
we have 3 kinds of clients - an external cloudron dashboard which needs totp,
an external cloudron app, which doesn't have totp and external apps that don't have totp either.

given that the directory server is IP restricted, this is a reasonable compromise until
we move wholesale to oidc.

a directoryserver setting like "enforce totp" also does not work since this policy will be
applied to all clients.
 2024-01-07 20:38:36 +01:00
Girish Ramakrishnan
7bb68ea6b5 rename ldap.js to ldapserver.js 
this makes it clearer it is server module and not some generic ldap thing
 2024-01-06 13:31:32 +01:00
Girish Ramakrishnan
e13f427267 directoryserver: 2fa validation tests 2024-01-06 13:25:12 +01:00
Girish Ramakrishnan
c422e2d570 users: add tests for 2fa and relaxed 2fa 2024-01-06 13:15:55 +01:00
Girish Ramakrishnan
e42579521c Fix tests 2024-01-03 15:12:07 +01:00
Johannes Zellner
4d29592450 Do not invalidate session sudo but only for the command we want to test 2023-12-04 01:42:46 +01:00
Girish Ramakrishnan
cbf1b47332 system: merge info and dmi routes 
also return uptimeSecs instead of abstract date
 2023-12-04 01:11:26 +01:00
Girish Ramakrishnan
72083f59cd system: dmi information 2023-12-04 00:31:18 +01:00
Girish Ramakrishnan
8a20b603f5 system: cpu route 2023-12-04 00:23:25 +01:00
Girish Ramakrishnan
d45c433bc7 fix dockerproxy test 2023-12-04 00:11:11 +01:00
Girish Ramakrishnan
943325baa3 better sudoers configuration check 2023-12-03 17:50:50 +01:00
Girish Ramakrishnan
b9e584752b Fix system test 2023-12-03 15:52:31 +01:00
Girish Ramakrishnan
41319bc817 ldap server close has no callback 2023-10-01 14:33:19 +05:30
Johannes Zellner
3bde6e7475 Fixup eventlog tests 2023-09-27 09:12:06 +02:00
Johannes Zellner
b72a5e9c69 Add notification types 2023-09-22 17:58:13 +02:00
Girish Ramakrishnan
91a4883b50 typo 2023-08-21 19:43:53 +05:30
Girish Ramakrishnan
79af6c1a68 On dashboard or email location change, reconfigure immediately 2023-08-21 18:34:07 +05:30
Girish Ramakrishnan
28bfab6700 LOCATION_TYPE can move into location.js 2023-08-17 16:05:19 +05:30
Girish Ramakrishnan
de7879afb5 store subdomain in database instead of fqdn 
this makes it more consistent with the locations table
 2023-08-16 21:58:56 +05:30
Girish Ramakrishnan
1133a41b77 Fix proxy config not generated on restore 2023-08-16 12:52:52 +05:30
Girish Ramakrishnan
aa8c23c8b3 rework backup root 
notes:
* backup root cannot come from backend. for dynamic mounts backend cannot know where it is mounted
* backupConfig is 3 parts - format / mount / password . there is also this rootPath (which should not be in db)
* password should be stored separately in settings at some point
* format has to be passed along everywhere because we allow restore from  same backupConfig but different format. we do this by saving the format in the backups table

fixes #819
 2023-08-15 22:51:45 +05:30
Girish Ramakrishnan
cd9d49116e backups: move limits and storage into separate keys 2023-08-15 10:48:56 +05:30
Girish Ramakrishnan
a7be30a816 better naming of the dashboard functions 2023-08-13 10:38:07 +05:30
Girish Ramakrishnan
68a3c267e5 move config route under dashboard 
it's essentially giving info for various parts of the ui
 2023-08-12 22:25:49 +05:30
Girish Ramakrishnan
eee49a8291 move dashboard setting into dashboard.js 2023-08-11 21:04:10 +05:30
Girish Ramakrishnan
57772662aa move provisioning routes into /provision/ 2023-08-10 16:52:10 +05:30
Girish Ramakrishnan
6c4aa605df move various login routes under auth/ 2023-08-10 16:24:10 +05:30
Girish Ramakrishnan
c6db1c70c0 docker: fix image prune 
it seems docker images --digests cloudron/sftp --format "{{.ID}} {{.Repository}}:{{.Tag}}@{{.Digest}}
broke at some point
 2023-08-08 21:21:00 +05:30
Girish Ramakrishnan
4cdf37b060 settings: move mailFqdn/Domain into mailServer 2023-08-04 22:02:24 +05:30
Girish Ramakrishnan
fb9d8c23e1 move appstore urls into appstore.js 2023-08-04 15:41:41 +05:30
Girish Ramakrishnan
e73b75e4b5 settings: move backup settings 2023-08-04 11:54:12 +05:30
Girish Ramakrishnan
775246946a settings: move language and tz into cloudron.js 2023-08-04 10:58:04 +05:30
Girish Ramakrishnan
5603b9e811 move updater routes and settings under /api/v1/updater 2023-08-03 15:35:27 +05:30
Girish Ramakrishnan
47d57a3971 fold sysinfo into network 
the backends are network backends
 2023-08-03 13:38:42 +05:30
Girish Ramakrishnan
d12e6ee2b3 settings: make user_directory setting route 2023-08-03 08:29:12 +05:30
Girish Ramakrishnan
92a103d635 settings: move ipv6/ipv4 config into network 
this also rename sysinfo_config to ipv4_config
 2023-08-03 06:40:04 +05:30
Girish Ramakrishnan
67e4c90d37 settings: move directory server config to it's own route 2023-08-03 02:48:21 +05:30
Girish Ramakrishnan
4a34c390f8 settings: move externaldap setting 2023-08-03 02:43:26 +05:30
Girish Ramakrishnan
a19e502198 settings: move dynamic dns to network 
and add tests
 2023-08-02 23:02:40 +05:30
Girish Ramakrishnan
e0d07c3c19 settings: move branding settings into branding.js 2023-08-02 23:02:40 +05:30