778c583a52
Activation hands out a token without PREFIX_USER now
2016-06-03 12:59:13 +02:00
f988bb4d14
Do not use PREFIX_USER for token managment
2016-06-03 12:58:39 +02:00
7057f1aaa2
All token identifiers are now plain user ids
2016-06-03 12:54:59 +02:00
e06f5f88b8
Remove the token types
2016-06-03 12:54:34 +02:00
03cd3f0b6f
Remove attached tokenType on req.user
2016-06-03 12:53:11 +02:00
615f875169
Remove PREFIX_DEV for developer tokens
2016-06-03 12:52:10 +02:00
f27ba04a00
Add test case for developer tokens
2016-06-03 11:11:11 +02:00
3e0006a327
Allow tokens with SCOPE_ROLE_SDK through without a password
2016-06-03 11:10:59 +02:00
558ca42ae8
Issue developer tokens with SCOPE_ROLE_SDK
2016-06-03 11:10:22 +02:00
9d8a803185
Handle scope roles in scope checks
2016-06-03 11:09:48 +02:00
105047b0c4
Add SCOPE_ROLE_SDK
2016-06-03 11:08:35 +02:00
e335aa5dee
Check for sdk token instead of token type DEV
2016-06-03 10:17:52 +02:00
10163733db
Separate the scope checking
2016-06-03 10:10:58 +02:00
251fad8514
add test for groupIds in listing api
2016-06-03 00:14:52 -07:00
036740f97b
filter out correct fields in the route code
2016-06-03 00:04:17 -07:00
f4958d936c
return groupIds in get user route
2016-06-03 00:00:11 -07:00
80ca69a128
user.update does not need the user object
2016-06-02 23:53:06 -07:00
097d23c412
move logic to model code
2016-06-02 23:29:43 -07:00
13a1213b0d
make group listing API return member userIds
2016-06-02 21:07:33 -07:00
50c4e4c91e
log event only after lock is acquired
2016-06-02 19:26:58 -07:00
46441d1814
cloudron.update is not exposed
2016-06-02 19:23:21 -07:00
a4e73be834
pass auditSource for certificate renewal
2016-06-02 18:54:45 -07:00
6be0d0814d
pass auditSource from cron.js
2016-06-02 18:51:50 -07:00
e30d71921e
pass auditSource for app autoupdater
2016-06-02 18:49:56 -07:00
a49c78f32c
make box autoupdate generate eventlog
2016-06-02 18:47:09 -07:00
b077223e58
fix scope name
2016-06-02 17:49:54 -07:00
d2864dfe56
rename root scope to cloudron scope (for lack of better scope name)
2016-06-02 16:51:14 -07:00
6d08af35a8
give developer token root scope
2016-06-02 15:58:40 -07:00
54f9d653f7
fix error messages
2016-06-02 14:41:21 -07:00
8d65f93fa4
return error.message
2016-06-02 14:40:29 -07:00
462440bb30
do not check for password in profile route
...
This is already checked by the verifyPassword middleware based on
the token type.
When using dev tokens, this check barfs for lack of password field
even when none is required.
2016-06-02 14:26:01 -07:00
65261dc4d5
add time_zone setter route
2016-06-02 13:54:07 -07:00
28b3550214
use error.message
2016-06-02 13:00:23 -07:00
e2e70da4c5
restrict length to 32
2016-06-02 12:51:49 -07:00
7326ea27ca
Only set username and displayName after successful update
2016-06-02 21:12:02 +02:00
1fe00f7f80
do not use verbs in resource url
2016-06-02 12:01:48 -07:00
e9e9d6000d
remove token check for user.update to work with dev tokens
2016-06-02 11:29:59 -07:00
086cfdc1e6
Disabled form fields are not POSTed
...
I did not know about that fact, one has to use readonly
2016-06-02 16:12:32 +02:00
1f091d3b4b
We have to let angular know
2016-06-02 16:06:15 +02:00
892fa4b2ec
We still require the username to be sent always
2016-06-02 16:01:25 +02:00
a87b4b207c
Adhere to already set username in user setup view
2016-06-02 15:47:58 +02:00
bdd14022d6
Report user conflict message all the way through the rest routes
2016-06-02 15:41:07 +02:00
3d40cf03b1
Pass down the reason why the user conflicts
2016-06-02 15:39:21 +02:00
594be7dbbd
Allow the userdb code to distinguish between username or email duplicates
2016-06-02 15:34:27 +02:00
8eeee712aa
Remove unused require
2016-06-02 14:14:16 +02:00
0f62faa198
All our tokens are now representing an user with a profile
2016-06-02 14:13:57 +02:00
bfd66cf309
Remove unused token PREFIX_APP
2016-06-02 14:07:41 +02:00
c2f7d61e34
Remove unused token TYPE_APP
2016-06-02 14:07:19 +02:00
60ce6b69ee
profile updates must be POST
2016-06-02 00:31:41 -07:00
4fcc7fe99f
updateUser is POST
2016-06-02 00:27:06 -07:00
Johannes Zellner