jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,737 Commits 33 Branches 583 Tags
fa3e908afc5e3979ccfcdcdcb0229d35f6b83637
Commit Graph

51 Commits

Author SHA1 Message Date
Girish Ramakrishnan d7dda61775 profile: unify password verification check 2024-01-22 14:03:23 +01:00
Girish Ramakrishnan 53e9eccf72 unify totp check 
the totp check is done in several places causing errors like 3552232e99

* ldap (addon)
* accesscontrol (dashboard)
* proxyauth
* directoryserver (exposed ldap)
* externalldap (the connector)

The code also makes externalldap auto-create work now across all the cases where there is a username
 2023-03-12 16:01:12 +01:00
Johannes Zellner 8677e86ace Add authorization to all routes 2022-09-24 21:27:43 +02:00
Johannes Zellner 70d3040135 Validate token scopes 2022-09-23 13:09:07 +02:00
Johannes Zellner a2a60ff426 Add support for LDAP cn=...+totptoken=.. support 2022-08-02 15:27:34 +02:00
Johannes Zellner 50ff6b99e0 More external ldap fixes after the test tests the correct thing 2021-10-26 18:04:25 +02:00
Girish Ramakrishnan 06e5f9baa1 operators: make the terminal work 2021-09-21 18:27:54 -07:00
Girish Ramakrishnan bb2ad0e986 Implement operator role for apps 
There are two main use cases:
* A consultant/contractor/external developer is given access to just an app.
* A "service" personnel (say upstream app author) is to be given access to single app
for debugging.

Since, this is an "app admin", they are also given access to apps to be consistent with
the idea that Cloudron admin has access to all apps.

part of #791
 2021-09-21 12:30:02 -07:00
Girish Ramakrishnan a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan b579f7ae90 better error messages for 401 2021-06-05 21:26:43 -07:00
Girish Ramakrishnan 7bee7b9ef8 tokens: async'ify 2021-06-04 13:06:38 -07:00
Girish Ramakrishnan 624e34d02d eventlog: add logout 
fixes #757
 2021-01-06 21:57:56 -08:00
Girish Ramakrishnan e5209a1392 fix some typos 2020-12-20 14:41:16 -08:00
Girish Ramakrishnan 56707ac86a proxyauth: add 2fa 
Fixes #748
 2020-12-20 13:14:21 -08:00
Girish Ramakrishnan 0e156b9376 migrate permissions and admin flag to user.role 2020-02-21 16:49:20 -08:00
Girish Ramakrishnan c537dfabb2 add manage user permission 2020-02-13 22:49:58 -08:00
Johannes Zellner cbc6785eb5 Fix typo 2020-02-06 17:29:45 +01:00
Johannes Zellner 2854462e0e Remove token scope business 2020-02-06 16:44:46 +01:00
Johannes Zellner 7c5a258af3 Move 2fa validation in one place 2020-02-06 15:36:14 +01:00
Johannes Zellner 12aa8ac0ad Remove passport 2020-02-06 14:56:28 +01:00
Johannes Zellner 4ae12ac10b Remove oauth 
A whole bunch of useless stuff
 2020-02-05 18:15:59 +01:00
Girish Ramakrishnan 3427db3983 Add app passwords feature 2020-01-31 22:03:19 -08:00
Girish Ramakrishnan 8a3d212bd4 Fix note 2019-11-20 16:17:47 -08:00
Girish Ramakrishnan af51ddc347 Fix crash when user with active session is deleted 2019-11-20 16:12:21 -08:00
Johannes Zellner 0d8820c247 Add external ldap tests 2019-11-20 22:21:40 +01:00
Johannes Zellner c53b54bda3 Only create external ldap users for oauth logins 2019-11-20 20:05:22 +01:00
Girish Ramakrishnan bc3169deb3 Move UsersError to BoxError 2019-10-24 15:06:41 -07:00
Girish Ramakrishnan 2df642000d Move ClientsError to BoxError 2019-10-22 21:16:49 -07:00
Girish Ramakrishnan f96a8bc269 remove config.edition 
we will replace this with feature flags
 2019-05-06 19:53:34 -07:00
Girish Ramakrishnan e0b1ebba92 verifyOperator -> isUnmanaged 2018-10-30 21:17:34 -07:00
Girish Ramakrishnan eed8f109bc operator check is now directly based on edition type 2018-10-30 20:26:22 -07:00
Girish Ramakrishnan 91a1bc7a01 move verifyOperator to users routes 2018-09-06 00:10:09 -07:00
Girish Ramakrishnan 0e3f9c9569 Move verifyAppOwnership to app route 2018-09-06 00:09:42 -07:00
Girish Ramakrishnan 2ad0a57fc1 Typo 2018-09-05 23:59:40 -07:00
Girish Ramakrishnan 3d004b3dcc Disable various server/operator routes based on edition 
The initial idea was to put an owner flag but this means that the
owner will be visible inside apps.
 2018-09-05 15:31:58 -07:00
Girish Ramakrishnan e0cd7999eb Make spaces an edition instead of setting 2018-08-28 18:31:48 -07:00
Girish Ramakrishnan a0a523ae71 spaces: verify app ownership in app management routes 2018-08-03 17:35:58 -07:00
Girish Ramakrishnan 38977858aa When issuing token intersect with the existing user roles 
Also:
* Move token validation to accesscontrol.js
* Use clients.addTokenByUserId everywhere
 2018-06-28 00:07:43 -07:00
Girish Ramakrishnan 6cd0601629 Map group roles to scopes 2018-06-18 14:52:39 -07:00
Girish Ramakrishnan 6a2dacb08a Make intersectScopes take an array 2018-06-17 22:39:33 -07:00
Girish Ramakrishnan ad6bc191f9 Make hasScopes take an array 2018-06-17 21:06:17 -07:00
Girish Ramakrishnan f24a099e79 Remove user.admin property 
The UI will now base itself entirely off the scopes of the token
 2018-06-17 16:49:56 -07:00
Girish Ramakrishnan 156ffb40c9 Remove scope from users.get 2018-06-17 16:07:20 -07:00
Girish Ramakrishnan db8b6838bb Move skip password verification logic to accesscontrol.js 2018-06-17 15:20:27 -07:00
Girish Ramakrishnan e8d9597345 Fix various error codes 
401 - bad password/wrong password
403 - authenticated but not authorized
409 - conflict
 2018-06-15 23:15:30 -07:00
Girish Ramakrishnan 24b0a96f07 Move passport logic to routes 2018-06-15 17:32:40 -07:00
Girish Ramakrishnan dc86b0f319 validateRequestedScopes -> hasScopes 2018-06-14 20:31:48 -07:00
Girish Ramakrishnan e5c43e9acd Remove debug 2018-05-02 12:41:22 -07:00
Girish Ramakrishnan 8c4015851a merge auth.js into accesscontrol.js 2018-05-01 14:03:10 -07:00
Girish Ramakrishnan bc4f9cf596 Remove redundant requireAdmin 
We already hand out scopes based on the user's access control
 2018-04-30 21:38:48 -07:00