cloudflare: Fix crash when there is an external error updating dns records

The initial idea was to put an owner flag but this means that the
owner will be visible inside apps.

CHANGES

@@ -1361,3 +1361,19 @@
 * Make backup interval configurable
 * Fix alternate domain certificate renewal
 
+[3.1.1]
+* Fix caas domain migration
+
+[3.1.2]
+* Add UDP support
+* Clicking invite button does not send an invite immediately
+* Implement docker addon
+* Automatically login after password reset and account setup
+* Make backup interval configurable
+* Fix alternate domain certificate renewal
+* API token can now have a name
+
+[3.1.3]
+* Prevent dashboard domain from being deleted
+* Add alternateDomains to app install route
+

baseimage/initializeBaseUbuntuImage.sh

@@ -14,8 +14,11 @@ function die {
 
 export DEBIAN_FRONTEND=noninteractive
 
+# hold grub since updating it breaks on some VPS providers. also, dist-upgrade will trigger it
+apt-mark hold grub* >/dev/null
 apt-get -o Dpkg::Options::="--force-confdef" update -y
-apt-get -o Dpkg::Options::="--force-confdef" dist-upgrade -y
+apt-get -o Dpkg::Options::="--force-confdef" upgrade -y
+apt-mark unhold grub* >/dev/null
 
 echo "==> Installing required packages"
 
@@ -72,8 +75,9 @@ if [[ "${storage_driver}" != "overlay2" ]]; then
     exit 1
 fi
 
+# do not upgrade grub because it might prompt user and break this script
 echo "==> Enable memory accounting"
-apt-get -y install grub2
+apt-get -y --no-upgrade install grub2-common
 sed -e 's/^GRUB_CMDLINE_LINUX="\(.*\)"$/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1 panic_on_oops=1 panic=5"/' -i /etc/default/grub
 update-grub
 

migrations/20180826004425-domains-hyphenate-caas.js

@@ -0,0 +1,23 @@
+'use strict';
+
+var async = require('async');
+
+exports.up = function(db, callback) {
+    // first check precondtion of domain entry in settings
+    db.all('SELECT * FROM domains', [ ], function (error, domains) {
+        if (error) return callback(error);
+
+        let caasDomains = domains.filter(function (d) { return d.provider === 'caas'; });
+
+        async.eachSeries(caasDomains, function (domain, iteratorCallback) {
+            let config = JSON.parse(domain.configJson);
+            config.hyphenatedSubdomains = true;
+
+            db.runSql('UPDATE domains SET configJson = ? WHERE domain = ?', [ JSON.stringify(config), domain.domain ], iteratorCallback);
+        }, callback);
+    });
+};
+
+exports.down = function(db, callback) {
+    callback();
+};

migrations/20180827211107-tokens-add-name.js

@@ -0,0 +1,12 @@
+'use strict';
+
+exports.up = function(db, callback) {
+    db.runSql('ALTER TABLE tokens ADD COLUMN name VARCHAR(64) DEFAULT ""', [], callback);
+};
+
+exports.down = function(db, callback) {
+    db.runSql('ALTER TABLE tokens DROP COLUMN name', function (error) {
+        if (error) console.error(error);
+        callback(error);
+    });
+};

migrations/schema.sql

@@ -41,6 +41,7 @@ CREATE TABLE IF NOT EXISTS groupMembers(
     FOREIGN KEY(userId) REFERENCES users(id));
 
 CREATE TABLE IF NOT EXISTS tokens(
+    name VARCHAR(64) DEFAULT "", // description
     accessToken VARCHAR(128) NOT NULL UNIQUE,
     identifier VARCHAR(128) NOT NULL,
     clientId VARCHAR(128),
@@ -50,7 +51,7 @@ CREATE TABLE IF NOT EXISTS tokens(
 
 CREATE TABLE IF NOT EXISTS clients(
     id VARCHAR(128) NOT NULL UNIQUE, // prefixed with cid- to identify token easily in auth routes
-    appId VARCHAR(128) NOT NULL,
+    appId VARCHAR(128) NOT NULL,     // name of the client (for external apps) or id of app (for built-in apps)
     type VARCHAR(16) NOT NULL,
     clientSecret VARCHAR(512) NOT NULL,
     redirectURI VARCHAR(512) NOT NULL,

package-lock.json

@@ -1708,6 +1708,41 @@
         "typedarray": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz"
       }
     },
+    "connect": {
+      "version": "3.6.6",
+      "resolved": "https://registry.npmjs.org/connect/-/connect-3.6.6.tgz",
+      "integrity": "sha1-Ce/2xVr3I24TcTWnJXSFi2eG9SQ=",
+      "requires": {
+        "debug": "2.6.9",
+        "finalhandler": "1.1.0",
+        "parseurl": "1.3.2",
+        "utils-merge": "1.0.1"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "2.6.9",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "finalhandler": {
+          "version": "1.1.0",
+          "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz",
+          "integrity": "sha1-zgtoVbRYU+eRsvzGgARtiCU91/U=",
+          "requires": {
+            "debug": "2.6.9",
+            "encodeurl": "1.0.2",
+            "escape-html": "1.0.3",
+            "on-finished": "2.3.0",
+            "parseurl": "1.3.2",
+            "statuses": "1.3.1",
+            "unpipe": "1.0.0"
+          }
+        }
+      }
+    },
     "connect-ensure-login": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/connect-ensure-login/-/connect-ensure-login-0.1.1.tgz",
@@ -2649,7 +2684,6 @@
       "version": "0.8.6",
       "resolved": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.8.6.tgz",
       "integrity": "sha1-QooiOv4DQl0s1tY0f99AxmkDVj0=",
-      "optional": true,
       "requires": {
         "nan": "https://registry.npmjs.org/nan/-/nan-2.8.0.tgz"
       }
@@ -2683,6 +2717,11 @@
         "safe-buffer": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz"
       }
     },
+    "ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
+    },
     "ejs": {
       "version": "2.6.1",
       "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.6.1.tgz",
@@ -3179,6 +3218,32 @@
       "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
       "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
     },
+    "fs-extra": {
+      "version": "0.6.4",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-0.6.4.tgz",
+      "integrity": "sha1-9G8MdbeEH40gCzNIzU1pHVoJnRU=",
+      "dev": true,
+      "requires": {
+        "jsonfile": "1.0.1",
+        "mkdirp": "0.3.5",
+        "ncp": "0.4.2",
+        "rimraf": "2.2.8"
+      },
+      "dependencies": {
+        "mkdirp": {
+          "version": "0.3.5",
+          "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.3.5.tgz",
+          "integrity": "sha1-3j5fiWHIjHh+4TaN+EmsRBPsqNc=",
+          "dev": true
+        },
+        "rimraf": {
+          "version": "2.2.8",
+          "resolved": "http://registry.npmjs.org/rimraf/-/rimraf-2.2.8.tgz",
+          "integrity": "sha1-5Dm+Kq7jJzIZUnMPmaiSnk/FBYI=",
+          "dev": true
+        }
+      }
+    },
     "fs.realpath": {
       "version": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
       "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
@@ -4525,6 +4590,12 @@
       "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=",
       "dev": true
     },
+    "jsonfile": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-1.0.1.tgz",
+      "integrity": "sha1-6l7+QLg2kLmGZ2FKc5L8YOhCwN0=",
+      "dev": true
+    },
     "jsonparse": {
       "version": "1.3.1",
       "resolved": "https://registry.npmjs.org/jsonparse/-/jsonparse-1.3.1.tgz",
@@ -5128,6 +5199,22 @@
         }
       }
     },
+    "mock-aws-s3": {
+      "version": "git+https://github.com/cloudron-io/mock-aws-s3.git#1306f1722b82897382a2339d52a94ded15003d8c",
+      "dev": true,
+      "requires": {
+        "fs-extra": "0.6.4",
+        "underscore": "1.8.3"
+      },
+      "dependencies": {
+        "underscore": {
+          "version": "1.8.3",
+          "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz",
+          "integrity": "sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI=",
+          "dev": true
+        }
+      }
+    },
     "modelo": {
       "version": "4.2.3",
       "resolved": "https://registry.npmjs.org/modelo/-/modelo-4.2.3.tgz",
@@ -5209,6 +5296,11 @@
         }
       }
     },
+    "ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
+    },
     "multiparty": {
       "version": "4.1.4",
       "resolved": "https://registry.npmjs.org/multiparty/-/multiparty-4.1.4.tgz",
@@ -5355,6 +5447,12 @@
       "integrity": "sha1-7XFfP+neArV6XmJS2QqWZ14fCFo=",
       "optional": true
     },
+    "ncp": {
+      "version": "0.4.2",
+      "resolved": "https://registry.npmjs.org/ncp/-/ncp-0.4.2.tgz",
+      "integrity": "sha1-q8xsvT7C7Spyn/bnwfqPAXhKhXQ=",
+      "dev": true
+    },
     "negotiator": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.1.tgz",
@@ -5912,6 +6010,14 @@
         }
       }
     },
+    "on-finished": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+      "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
+      "requires": {
+        "ee-first": "1.1.1"
+      }
+    },
     "once": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@@ -6061,6 +6167,11 @@
       "resolved": "https://registry.npmjs.org/parse-links/-/parse-links-0.1.0.tgz",
       "integrity": "sha1-afpighugBBX+c2MyNVIeRUe36CE="
     },
+    "parseurl": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",
+      "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M="
+    },
     "passport": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/passport/-/passport-0.4.0.tgz",
@@ -6761,7 +6872,7 @@
     "readdirp": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-2.1.0.tgz",
-      "integrity": "sha512-LgQ8mdp6hbxJUZz27qxVl7gmFM/0DfHRO52c5RUbKAgMvr81tour7YYWW1JYNmrXyD/o0Myy9/DC3fUYkqnyzg==",
+      "integrity": "sha1-TtCtBg3zBzMAxIRANz9y0cxkLXg=",
       "requires": {
         "graceful-fs": "4.1.11",
         "minimatch": "3.0.4",
@@ -7258,7 +7369,7 @@
     "rimraf": {
       "version": "2.6.2",
       "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz",
-      "integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==",
+      "integrity": "sha1-LtgVDSShbqhlHm1u8PR8QVjOejY=",
       "requires": {
         "glob": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz"
       }
@@ -7275,8 +7386,7 @@
     "safe-json-stringify": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/safe-json-stringify/-/safe-json-stringify-1.1.0.tgz",
-      "integrity": "sha512-EzBtUaFH9bHYPc69wqjp0efJI/DPNHdFbGE3uIMn4sVbO0zx8vZ8cG4WKxQfOpUOKsQyGBiT2mTqnCw+6nLswA==",
-      "optional": true
+      "integrity": "sha512-EzBtUaFH9bHYPc69wqjp0efJI/DPNHdFbGE3uIMn4sVbO0zx8vZ8cG4WKxQfOpUOKsQyGBiT2mTqnCw+6nLswA=="
     },
     "safer-buffer": {
       "version": "2.1.2",
@@ -7822,6 +7932,11 @@
         }
       }
     },
+    "statuses": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
+      "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4="
+    },
     "stdout-stream": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/stdout-stream/-/stdout-stream-1.4.0.tgz",
@@ -8486,6 +8601,11 @@
       "version": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
       "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
     },
+    "utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
+    },
     "uuid": {
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.2.1.tgz",

package.json

@@ -92,8 +92,7 @@
   "scripts": {
     "migrate_local": "DATABASE_URL=mysql://root:@localhost/box node_modules/.bin/db-migrate up",
     "migrate_test": "BOX_ENV=test DATABASE_URL=mysql://root:@localhost/boxtest node_modules/.bin/db-migrate up",
-    "test": "npm run migrate_test && src/test/setupTest && BOX_ENV=test ./node_modules/istanbul/lib/cli.js test $1 ./node_modules/mocha/bin/_mocha -- --exit -R spec ./src/test ./src/routes/test/[^a]*",
-    "test_all": "npm run migrate_test && src/test/setupTest && BOX_ENV=test ./node_modules/istanbul/lib/cli.js test $1 ./node_modules/mocha/bin/_mocha -- --exit -R spec ./src/test ./src/routes/test",
+    "test": "npm run migrate_test && src/test/setupTest && BOX_ENV=test ./node_modules/istanbul/lib/cli.js test $1 ./node_modules/mocha/bin/_mocha -- --exit -R spec ./src/test ./src/routes/test",
     "postmerge": "/bin/true",
     "precommit": "/bin/true",
     "prepush": "npm test",

scripts/cloudron-setup

@@ -44,6 +44,7 @@ fi
 initBaseImage="true"
 # provisioning data
 provider=""
+edition=""
 requestedVersion=""
 apiServerOrigin="https://api.cloudron.io"
 webServerOrigin="https://cloudron.io"
@@ -52,13 +53,16 @@ sourceTarballUrl=""
 rebootServer="true"
 baseDataDir=""
 
-args=$(getopt -o "" -l "help,skip-baseimage-init,data-dir:,provider:,version:,env:,prerelease,skip-reboot" -n "$0" -- "$@")
+echo "Running cloudron-setup with args : $@" > "${LOG_FILE}"
+
+args=$(getopt -o "" -l "help,skip-baseimage-init,data-dir:,provider:,version:,env:,prerelease,edition:,skip-reboot" -n "$0" -- "$@")
 eval set -- "${args}"
 
 while true; do
     case "$1" in
     --help) echo "See https://cloudron.io/documentation/installation/ on how to install Cloudron"; exit 0;;
     --provider) provider="$2"; shift 2;;
+    --edition) edition="$2"; shift 2;;
     --version) requestedVersion="$2"; shift 2;;
     --env)
         if [[ "$2" == "dev" ]]; then
@@ -94,7 +98,7 @@ fi
 
 # validate arguments in the absence of data
 if [[ -z "${provider}" ]]; then
-    echo "--provider is required (azure, cloudscale, digitalocean, ec2, exoscale, hetzner, lightsail, linode, ovh, rosehosting, scaleway, vultr or generic)"
+    echo "--provider is required (azure, digitalocean, ec2, exoscale, gce, hetzner, lightsail, linode, ovh, rosehosting, scaleway, vultr or generic)"
     exit 1
 elif [[  \
             "${provider}" != "ami" && \
@@ -104,6 +108,8 @@ elif [[  \
             "${provider}" != "digitalocean" && \
             "${provider}" != "ec2" && \
             "${provider}" != "exoscale" && \
+            "${provider}" != "galaxygate" && \
+            "${provider}" != "digitalocean" && \
             "${provider}" != "gce" && \
             "${provider}" != "hetzner" && \
             "${provider}" != "lightsail" && \
@@ -114,7 +120,7 @@ elif [[  \
             "${provider}" != "vultr" && \
             "${provider}" != "generic" \
         ]]; then
-    echo "--provider must be one of: azure, cloudscale.ch, digitalocean, ec2, exoscale, gce, hetzner, lightsail, linode, ovh, rosehosting, scaleway, vultr or generic"
+    echo "--provider must be one of: azure, cloudscale.ch, digitalocean, ec2, exoscale, galaxygate, gce, hetzner, lightsail, linode, ovh, rosehosting, scaleway, vultr or generic"
     exit 1
 fi
 
@@ -137,12 +143,12 @@ echo ""
 if [[ "${initBaseImage}" == "true" ]]; then
     echo "=> Updating apt and installing script dependencies"
     if ! apt-get update &>> "${LOG_FILE}"; then
-        echo "Could not update package repositories"
+        echo "Could not update package repositories. See ${LOG_FILE}"
         exit 1
     fi
 
     if ! apt-get install curl python3 ubuntu-standard -y &>> "${LOG_FILE}"; then
-        echo "Could not install setup dependencies (curl)"
+        echo "Could not install setup dependencies (curl). See ${LOG_FILE}"
         exit 1
     fi
 fi
@@ -169,6 +175,7 @@ fi
 data=$(cat <<EOF
 {
     "provider": "${provider}",
+    "edition": "${edition}",
     "apiServerOrigin": "${apiServerOrigin}",
     "webServerOrigin": "${webServerOrigin}",
     "version": "${version}"

setup/argparser.sh

@@ -14,6 +14,7 @@ arg_version=""
 arg_web_server_origin=""
 arg_provider=""
 arg_is_demo="false"
+arg_edition=""
 
 args=$(getopt -o "" -l "data:,retire-reason:,retire-info:" -n "$0" -- "$@")
 eval set -- "${args}"
@@ -55,6 +56,9 @@ while true; do
         arg_provider=$(echo "$2" | $json provider)
         [[ "${arg_provider}" == "" ]] && arg_provider="generic"
 
+        arg_edition=$(echo "$2" | $json edition)
+        [[ "${arg_edition}" == "" ]] && arg_edition=""
+
         shift 2
         ;;
     --) break;;
@@ -69,3 +73,4 @@ echo "fqdn: ${arg_fqdn}"
 echo "version: ${arg_version}"
 echo "web server: ${arg_web_server_origin}"
 echo "provider: ${arg_provider}"
+echo "edition: ${arg_edition}"

setup/start.sh

@@ -218,7 +218,8 @@ cat > "${CONFIG_DIR}/cloudron.conf" <<CONF_END
     "adminFqdn": "${arg_admin_fqdn}",
     "adminLocation": "${arg_admin_location}",
     "provider": "${arg_provider}",
-    "isDemo": ${arg_is_demo}
+    "isDemo": ${arg_is_demo},
+    "edition": "${arg_edition}"
 }
 CONF_END
 

src/accesscontrol.js

@@ -26,9 +26,9 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    config = require('./config.js'),
     DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:accesscontrol'),
-    settings = require('./settings.js'),
     tokendb = require('./tokendb.js'),
     users = require('./users.js'),
     UsersError = users.UsersError,
@@ -114,11 +114,7 @@ function scopesForUser(user, callback) {
 
     if (user.admin) return callback(null, exports.VALID_SCOPES);
 
-    settings.getSpacesConfig(function (error, spaces) {
-        if (error) return callback(error);
-
-        callback(null, spaces.enabled ? [ 'profile', 'apps', 'domains:read', 'users:read' ] : [ 'profile', 'apps:read' ]);
-    });
+    callback(null, config.isSpacesEnabled() ? [ 'profile', 'apps', 'domains:read', 'users:read' ] : [ 'profile', 'apps:read' ]);
 }
 
 function validateToken(accessToken, callback) {

src/apps.js

@@ -49,7 +49,6 @@ exports = module.exports = {
     PORT_TYPE_UDP: 'udp',
 
     // exported for testing
-    _validateHostname: validateHostname,
     _validatePortBindings: validatePortBindings,
     _validateAccessRestriction: validateAccessRestriction,
     _translatePortBindings: translatePortBindings
@@ -85,7 +84,6 @@ var appdb = require('./appdb.js'),
     split = require('split'),
     superagent = require('superagent'),
     taskmanager = require('./taskmanager.js'),
-    tld = require('tldjs'),
     TransformStream = require('stream').Transform,
     updateChecker = require('./updatechecker.js'),
     url = require('url'),
@@ -127,40 +125,6 @@ AppsError.BILLING_REQUIRED = 'Billing Required';
 AppsError.ACCESS_DENIED = 'Access denied';
 AppsError.BAD_CERTIFICATE = 'Invalid certificate';
 
-// Hostname validation comes from RFC 1123 (section 2.1)
-// Domain name validation comes from RFC 2181 (Name syntax)
-// https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names
-// We are validating the validity of the location-fqdn as host name (and not dns name)
-function validateHostname(location, domain, hostname) {
-    assert.strictEqual(typeof location, 'string');
-    assert.strictEqual(typeof domain, 'string');
-    assert.strictEqual(typeof hostname, 'string');
-
-    const RESERVED_LOCATIONS = [
-        constants.API_LOCATION,
-        constants.SMTP_LOCATION,
-        constants.IMAP_LOCATION
-    ];
-    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new AppsError(AppsError.BAD_FIELD, location + ' is reserved');
-
-    if (hostname === config.adminFqdn()) return new AppsError(AppsError.BAD_FIELD, location + ' is reserved');
-
-    // workaround https://github.com/oncletom/tld.js/issues/73
-    var tmp = hostname.replace('_', '-');
-    if (!tld.isValid(tmp)) return new AppsError(AppsError.BAD_FIELD, 'Hostname is not a valid domain name');
-
-    if (hostname.length > 253) return new AppsError(AppsError.BAD_FIELD, 'Hostname length exceeds 253 characters');
-
-    if (location) {
-        // label validation
-        if (location.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new AppsError(AppsError.BAD_FIELD, 'Invalid subdomain length');
-        if (location.match(/^[A-Za-z0-9-.]+$/) === null) return new AppsError(AppsError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot');
-        if (/^[-.]/.test(location)) return new AppsError(AppsError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot');
-    }
-
-    return null;
-}
-
 // validate the port bindings
 function validatePortBindings(portBindings, manifest) {
     assert.strictEqual(typeof portBindings, 'object');
@@ -240,6 +204,13 @@ function postProcess(app) {
     app.portBindings = result;
 }
 
+function addSpacesSuffix(location, user) {
+    if (user.admin || !config.isSpacesEnabled()) return location;
+
+    const spacesSuffix = user.username.replace(/\./g, '-');
+    return location === '' ? spacesSuffix : `${location}-${spacesSuffix}`;
+}
+
 function validateAccessRestriction(accessRestriction) {
     assert.strictEqual(typeof accessRestriction, 'object');
 
@@ -411,7 +382,7 @@ function get(appId, callback) {
             if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
 
             app.iconUrl = getIconUrlSync(app);
-            app.fqdn = domains.fqdn(app.location, app.domain, domainObject);
+            app.fqdn = domains.fqdn(app.location, domainObject);
 
             mailboxdb.getByOwnerId(app.id, function (error, mailboxes) {
                 if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
@@ -441,7 +412,7 @@ function getByIpAddress(ip, callback) {
                 if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
 
                 app.iconUrl = getIconUrlSync(app);
-                app.fqdn = domains.fqdn(app.location, app.domain, domainObject);
+                app.fqdn = domains.fqdn(app.location, domainObject);
 
                 mailboxdb.getByOwnerId(app.id, function (error, mailboxes) {
                     if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
@@ -468,7 +439,7 @@ function getAll(callback) {
                 if (error) return iteratorDone(new AppsError(AppsError.INTERNAL_ERROR, error));
 
                 app.iconUrl = getIconUrlSync(app);
-                app.fqdn = domains.fqdn(app.location, app.domain, domainObject);
+                app.fqdn = domains.fqdn(app.location, domainObject);
 
                 mailboxdb.getByOwnerId(app.id, function (error, mailboxes) {
                     if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
@@ -523,8 +494,9 @@ function mailboxNameForLocation(location, manifest) {
     return (location ? location : manifest.title.toLowerCase().replace(/[^a-zA-Z0-9]/g, '')) + '.app';
 }
 
-function install(data, auditSource, callback) {
+function install(data, user, auditSource, callback) {
     assert(data && typeof data === 'object');
+    assert(user && typeof user === 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
@@ -543,7 +515,8 @@ function install(data, auditSource, callback) {
         enableBackup = 'enableBackup' in data ? data.enableBackup : true,
         backupId = data.backupId || null,
         backupFormat = data.backupFormat || 'tgz',
-        ownerId = data.ownerId;
+        ownerId = data.ownerId,
+        alternateDomains = data.alternateDomains || [];
 
     assert(data.appStoreId || data.manifest); // atleast one of them is required
 
@@ -595,12 +568,14 @@ function install(data, auditSource, callback) {
             if (error && error.reason === DomainsError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such domain'));
             if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Could not get domain info:' + error.message));
 
-            var fqdn = domains.fqdn(location, domain, domainObject);
+            location = addSpacesSuffix(location, user);
+            alternateDomains.forEach(function (ad) { ad.subdomain = addSpacesSuffix(ad.subdomain, user); }); // TODO: validate these
 
-            error = validateHostname(location, domain, fqdn);
-            if (error) return callback(error);
+            error = domains.validateHostname(location, domainObject);
+            if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Bad location: ' + error.message));
 
             if (cert && key) {
+                let fqdn = domains.fqdn(location, domain, domainObject);
                 error = reverseProxy.validateCertificate(fqdn, cert, key);
                 if (error) return callback(new AppsError(AppsError.BAD_CERTIFICATE, error.message));
             }
@@ -616,7 +591,8 @@ function install(data, auditSource, callback) {
                 mailboxName: mailboxNameForLocation(location, manifest),
                 restoreConfig: backupId ? { backupId: backupId, backupFormat: backupFormat } : null,
                 enableBackup: enableBackup,
-                robotsTxt: robotsTxt
+                robotsTxt: robotsTxt,
+                alternateDomains: alternateDomains
             };
 
             appdb.add(appId, appStoreId, manifest, location, domain, ownerId, translatePortBindings(portBindings, manifest), data, function (error) {
@@ -642,6 +618,7 @@ function install(data, auditSource, callback) {
 
                     // save cert to boxdata/certs
                     if (cert && key) {
+                        let fqdn = domains.fqdn(location, domainObject);
                         if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, fqdn + '.user.cert'), cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message));
                         if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, fqdn + '.user.key'), key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message));
                     }
@@ -662,9 +639,10 @@ function install(data, auditSource, callback) {
     });
 }
 
-function configure(appId, data, auditSource, callback) {
+function configure(appId, data, user, auditSource, callback) {
     assert.strictEqual(typeof appId, 'string');
     assert(data && typeof data === 'object');
+    assert(user && typeof user === 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
@@ -725,19 +703,22 @@ function configure(appId, data, auditSource, callback) {
         if ('alternateDomains' in data) {
             // TODO validate all subdomains [{ domain: '', subdomain: ''}]
             values.alternateDomains = data.alternateDomains;
+            values.alternateDomains.forEach(function (ad) { ad.subdomain = addSpacesSuffix(ad.subdomain, user); }); // TODO: validate these
         }
 
         domains.get(domain, function (error, domainObject) {
             if (error && error.reason === DomainsError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such domain'));
             if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Could not get domain info:' + error.message));
 
-            var fqdn = domains.fqdn(location, domain, domainObject);
+            location = addSpacesSuffix(location, user);
 
-            error = validateHostname(location, domain, fqdn);
-            if (error) return callback(error);
+            error = domains.validateHostname(location, domainObject);
+            if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Bad location: ' + error.message));
 
             // save cert to boxdata/certs. TODO: move this to apptask when we have a real task queue
             if ('cert' in data && 'key' in data) {
+                let fqdn = domains.fqdn(location, domainObject);
+
                 if (data.cert && data.key) {
                     error = reverseProxy.validateCertificate(fqdn, data.cert, data.key);
                     if (error) return callback(new AppsError(AppsError.BAD_CERTIFICATE, error.message));
@@ -953,9 +934,10 @@ function restore(appId, data, auditSource, callback) {
     });
 }
 
-function clone(appId, data, auditSource, callback) {
+function clone(appId, data, user, auditSource, callback) {
     assert.strictEqual(typeof appId, 'string');
     assert.strictEqual(typeof data, 'object');
+    assert(user && typeof user === 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
@@ -994,8 +976,9 @@ function clone(appId, data, auditSource, callback) {
                 if (error && error.reason === DomainsError.NOT_FOUND) return callback(new AppsError(AppsError.EXTERNAL_ERROR, 'No such domain'));
                 if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Could not get domain info:' + error.message));
 
-                error = validateHostname(location, domain, domains.fqdn(location, domain, domainObject));
-                if (error) return callback(error);
+                location = addSpacesSuffix(location, user);
+                error = domains.validateHostname(location, domainObject);
+                if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Bad location: ' + error.message));
 
                 var newAppId = uuid.v4(), manifest = backupInfo.manifest;
 
@@ -1196,11 +1179,12 @@ function autoupdateApps(updateInfo, auditSource, callback) { // updateInfo is {
     function canAutoupdateApp(app, newManifest) {
         if ((semver.major(app.manifest.version) !== 0) && (semver.major(app.manifest.version) !== semver.major(newManifest.version))) return new Error('Major version change'); // major changes are blocking
 
-        var newTcpPorts = newManifest.tcpPorts || { };
-        var portBindings = app.portBindings; // this is never null
+        const newTcpPorts = newManifest.tcpPorts || { };
+        const newUdpPorts = newManifest.udpPorts || { };
+        const portBindings = app.portBindings; // this is never null
 
         for (let portName in portBindings) {
-            if (!(portName in newTcpPorts)) return new Error(`${portName} was in use but new update removes it`);
+            if (!(portName in newTcpPorts) && !(portName in newUdpPorts)) return new Error(`${portName} was in use but new update removes it`);
         }
 
         // it's fine if one or more (unused) keys got removed

src/appstore.js

@@ -95,6 +95,7 @@ function isFreePlan(subscription) {
     return !subscription || subscription.plan.id === 'free';
 }
 
+// See app.js install it will create a db record first but remove it again if appstore purchase fails
 function purchase(appId, appstoreId, callback) {
     assert.strictEqual(typeof appId, 'string');
     assert.strictEqual(typeof appstoreId, 'string');
@@ -102,41 +103,20 @@ function purchase(appId, appstoreId, callback) {
 
     if (appstoreId === '') return callback(null);
 
-    function doThePurchase() {
-        getAppstoreConfig(function (error, appstoreConfig) {
-            if (error) return callback(error);
-
-            var url = config.apiServerOrigin() + '/api/v1/users/' + appstoreConfig.userId + '/cloudrons/' + appstoreConfig.cloudronId + '/apps/' + appId;
-            var data = { appstoreId: appstoreId };
-
-            superagent.post(url).send(data).query({ accessToken: appstoreConfig.token }).timeout(30 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-                if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND));
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED));
-                if (result.statusCode === 402) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED, result.body.message));
-                if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App purchase failed. %s %j', result.status, result.body)));
-
-                callback(null);
-            });
-        });
-    }
-
-    getSubscription(function (error, result) {
+    getAppstoreConfig(function (error, appstoreConfig) {
         if (error) return callback(error);
 
-        // only check for app install count if on the free plan
-        if (result.id !== 'free') return doThePurchase();
+        var url = config.apiServerOrigin() + '/api/v1/users/' + appstoreConfig.userId + '/cloudrons/' + appstoreConfig.cloudronId + '/apps/' + appId;
+        var data = { appstoreId: appstoreId };
 
-        appdb.getAppStoreIds(function (error, result) {
-            if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+        superagent.post(url).send(data).query({ accessToken: appstoreConfig.token }).timeout(30 * 1000).end(function (error, result) {
+            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+            if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED));
+            if (result.statusCode === 402) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED, result.body.message));
+            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App purchase failed. %s %j', result.status, result.body)));
 
-            var count = result.filter(function (a) { return !!a.appStoreId; }).length;
-
-            // we only allow max of 2 app installations without a subscription
-            // WARNING install and clone in apps.js will first add the db record and then call purchase() so we test for more than 2 here
-            if (count > 2) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED, 'Too many apps installed'));
-
-            doThePurchase();
+            callback(null);
         });
     });
 }

src/apptask.js

@@ -46,7 +46,6 @@ var addons = require('./addons.js'),
     shell = require('./shell.js'),
     superagent = require('superagent'),
     sysinfo = require('./sysinfo.js'),
-    tld = require('tldjs'),
     util = require('util'),
     _ = require('underscore');
 
@@ -135,6 +134,20 @@ function createContainer(app, callback) {
     });
 }
 
+// Only delete the main container of the app, not destroy any docker addon created ones
+function deleteMainContainer(app, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    debugApp(app, 'deleting main app container');
+
+    docker.deleteContainer(app.containerId, function (error) {
+        if (error) return callback(new Error('Error deleting container: ' + error));
+
+        updateApp(app, { containerId: null }, callback);
+    });
+}
+
 function deleteContainers(app, callback) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof callback, 'function');
@@ -444,7 +457,7 @@ function install(app, callback) {
         removeCollectdProfile.bind(null, app),
         removeLogrotateConfig.bind(null, app),
         stopApp.bind(null, app),
-        deleteContainers.bind(null, app),
+        deleteMainContainer.bind(null, app),
         function teardownAddons(next) {
             // when restoring, app does not require these addons anymore. remove carefully to preserve the db passwords
             var addonsToRemove = !isRestoring
@@ -557,7 +570,7 @@ function configure(app, callback) {
         removeCollectdProfile.bind(null, app),
         removeLogrotateConfig.bind(null, app),
         stopApp.bind(null, app),
-        deleteContainers.bind(null, app),
+        deleteMainContainer.bind(null, app),
         unregisterAlternateDomains.bind(null, app, false /* all */),
         function (next) {
             if (!locationChanged) return next();
@@ -658,7 +671,7 @@ function update(app, callback) {
         removeCollectdProfile.bind(null, app),
         removeLogrotateConfig.bind(null, app),
         stopApp.bind(null, app),
-        deleteContainers.bind(null, app),
+        deleteMainContainer.bind(null, app),
         function deleteImageIfChanged(done) {
             if (app.manifest.dockerImage === app.updateConfig.manifest.dockerImage) return done();
 

src/backups.js

@@ -124,6 +124,7 @@ function testConfig(backupConfig, callback) {
 
     if (backupConfig.format !== 'tgz' && backupConfig.format !== 'rsync') return callback(new BackupsError(BackupsError.BAD_FIELD, 'unknown format'));
 
+    // remember to adjust the cron ensureBackup task interval accordingly
     if (backupConfig.intervalSecs < 6 * 60 * 60) return callback(new BackupsError(BackupsError.BAD_FIELD, 'Interval must be atleast 6 hours'));
 
     api(backupConfig.provider).testConfig(backupConfig, callback);
@@ -983,7 +984,7 @@ function ensureBackup(auditSource, callback) {
     getByStatePaged(backupdb.BACKUP_STATE_NORMAL, 1, 1, function (error, backups) {
         if (error) {
             debug('Unable to list backups', error);
-            return callback(error); // no point trying to backup if appstore is down
+            return callback(error);
         }
 
         settings.getBackupConfig(function (error, backupConfig) {

src/clients.js

@@ -68,7 +68,7 @@ ClientsError.NOT_FOUND = 'Not found';
 ClientsError.INTERNAL_ERROR = 'Internal Error';
 ClientsError.NOT_ALLOWED = 'Not allowed to remove this client';
 
-function validateName(name) {
+function validateClientName(name) {
     assert.strictEqual(typeof name, 'string');
 
     if (name.length < 1) return new ClientsError(ClientsError.BAD_FIELD, 'Name must be atleast 1 character');
@@ -79,6 +79,14 @@ function validateName(name) {
     return null;
 }
 
+function validateTokenName(name) {
+    assert.strictEqual(typeof name, 'string');
+
+    if (name.length > 64) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');
+
+    return null;
+}
+
 function add(appId, type, redirectURI, scope, callback) {
     assert.strictEqual(typeof appId, 'string');
     assert.strictEqual(typeof type, 'string');
@@ -89,7 +97,7 @@ function add(appId, type, redirectURI, scope, callback) {
     var error = accesscontrol.validateScopeString(scope);
     if (error) return callback(new ClientsError(ClientsError.INVALID_SCOPE, error.message));
 
-    error = validateName(appId);
+    error = validateClientName(appId);
     if (error) return callback(error);
 
     var id = 'cid-' + uuid.v4();
@@ -244,12 +252,17 @@ function delByAppIdAndType(appId, type, callback) {
     });
 }
 
-function addTokenByUserId(clientId, userId, expiresAt, callback) {
+function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
     assert.strictEqual(typeof clientId, 'string');
     assert.strictEqual(typeof userId, 'string');
     assert.strictEqual(typeof expiresAt, 'number');
+    assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
+    const name = options.name || '';
+    let error = validateTokenName(name);
+    if (error) return callback(error);
+
     get(clientId, function (error, result) {
         if (error) return callback(error);
 
@@ -265,7 +278,7 @@ function addTokenByUserId(clientId, userId, expiresAt, callback) {
 
                 var token = tokendb.generateToken();
 
-                tokendb.add(token, userId, result.id, expiresAt, authorizedScopes.join(','), function (error) {
+                tokendb.add(token, userId, result.id, expiresAt, authorizedScopes.join(','), name, function (error) {
                     if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
 
                     callback(null, {
@@ -282,17 +295,17 @@ function addTokenByUserId(clientId, userId, expiresAt, callback) {
 }
 
 // this issues a cid-cli token that does not require a password in various routes
-function issueDeveloperToken(userObject, ip, callback) {
+function issueDeveloperToken(userObject, auditSource, callback) {
     assert.strictEqual(typeof userObject, 'object');
-    assert.strictEqual(typeof ip, 'string');
+    assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
     const expiresAt = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
 
-    addTokenByUserId('cid-cli', userObject.id, expiresAt, function (error, result) {
+    addTokenByUserId('cid-cli', userObject.id, expiresAt, {}, function (error, result) {
         if (error) return callback(error);
 
-        eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'cli', ip: ip }, { userId: userObject.id, user: users.removePrivateFields(userObject) });
+        eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: userObject.id, user: users.removePrivateFields(userObject) });
 
         callback(null, result);
     });

src/cloudron.js

@@ -145,10 +145,10 @@ function getConfig(callback) {
             version: config.version(),
             progress: progress.getAll(),
             isDemo: config.isDemo(),
+            edition: config.edition(),
             memory: os.totalmem(),
             provider: config.provider(),
-            cloudronName: allSettings[settings.CLOUDRON_NAME_KEY],
-            spaces: allSettings[settings.SPACES_CONFIG_KEY] // here because settings route cannot be accessed by spaces users
+            cloudronName: allSettings[settings.CLOUDRON_NAME_KEY]
         });
     });
 }

src/config.js

@@ -24,6 +24,7 @@ exports = module.exports = {
     version: version,
     setVersion: setVersion,
     database: database,
+    edition: edition,
 
     // these values are derived
     adminOrigin: adminOrigin,
@@ -38,6 +39,12 @@ exports = module.exports = {
 
     isDemo: isDemo,
 
+    // feature flags based on editions (these have a separate license from standard edition)
+    isSpacesEnabled: isSpacesEnabled,
+    allowHyphenatedSubdomains: allowHyphenatedSubdomains,
+    allowOperatorActions: allowOperatorActions,
+    isAdminDomainLocked: isAdminDomainLocked,
+
     // for testing resets to defaults
     _reset: _reset
 };
@@ -76,7 +83,8 @@ function saveSync() {
         adminFqdn: data.adminFqdn,
         adminLocation: data.adminLocation,
         provider: data.provider,
-        isDemo: data.isDemo
+        isDemo: data.isDemo,
+        edition: data.edition
     };
 
     fs.writeFileSync(cloudronConfigFileName, JSON.stringify(conf, null, 4)); // functions are ignored by JSON.stringify
@@ -104,6 +112,7 @@ function initConfig() {
     data.sysadminPort = 3001;
     data.ldapPort = 3002;
     data.dockerProxyPort = 3003;
+    data.edition = '';
 
     // keep in sync with start.sh
     data.database = {
@@ -220,6 +229,22 @@ function isDemo() {
     return get('isDemo') === true;
 }
 
+function isSpacesEnabled() {
+    return get('edition') === 'education';
+}
+
+function allowHyphenatedSubdomains() {
+    return get('edition') === 'hostingprovider';
+}
+
+function allowOperatorActions() {
+    return get('edition') !== 'hostingprovider';
+}
+
+function isAdminDomainLocked() {
+    return get('edition') === 'hostingprovider';
+}
+
 function provider() {
     return get('provider');
 }
@@ -236,3 +261,6 @@ function dkimSelector() {
     return loc === 'my' ? 'cloudron' : `cloudron-${loc.replace(/\./g, '')}`;
 }
 
+function edition() {
+    return get('edition');
+}

src/cron.js

@@ -102,7 +102,7 @@ function recreateJobs(tz) {
 
     if (gJobs.backup) gJobs.backup.stop();
     gJobs.backup = new CronJob({
-        cronTime: '00 00 */6 * * *', // every 6 hours. backups.ensureBackup() will only trigger a backup once per day
+        cronTime: '00 00 */6 * * *', // check every 6 hours
         onTick: backups.ensureBackup.bind(null, AUDIT_SOURCE, NOOP_CALLBACK),
         start: true,
         timeZone: tz

src/dns/cloudflare.js

@@ -28,7 +28,7 @@ function translateRequestError(result, callback) {
     if (result.statusCode === 422) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
     if ((result.statusCode === 400 || result.statusCode === 401 || result.statusCode === 403) && result.body.errors.length > 0) {
         let error = result.body.errors[0];
-        let message = error.message;
+        let message = `message: ${error.message} statusCode: ${result.statusCode} code:${error.code}`;
         if (error.code === 6003) {
             if (error.error_chain[0] && error.error_chain[0].code === 6103) message = 'Invalid API Key';
             else message = 'Invalid credentials';
@@ -231,6 +231,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
 
     if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
     if (!dnsConfig.email || typeof dnsConfig.email !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'email must be a non-empty string'));
+    if ('hyphenatedSubdomains' in dnsConfig && typeof dnsConfig.hyphenatedSubdomains !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'hyphenatedSubdomains must be a boolean'));
 
     var credentials = {
         token: dnsConfig.token,

src/dns/digitalocean.js

@@ -201,6 +201,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if ('hyphenatedSubdomains' in dnsConfig && typeof dnsConfig.hyphenatedSubdomains !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'hyphenatedSubdomains must be a boolean'));
 
     var credentials = {
         token: dnsConfig.token,

src/dns/gandi.js

@@ -113,6 +113,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if ('hyphenatedSubdomains' in dnsConfig && typeof dnsConfig.hyphenatedSubdomains !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'hyphenatedSubdomains must be a boolean'));
 
     var credentials = {
         token: dnsConfig.token,

src/dns/gcdns.js

@@ -168,6 +168,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
     if (!dnsConfig.credentials || typeof dnsConfig.credentials !== 'object') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials must be an object'));
     if (typeof dnsConfig.credentials.client_email !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials.client_email must be a string'));
     if (typeof dnsConfig.credentials.private_key !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials.private_key must be a string'));
+    if ('hyphenatedSubdomains' in dnsConfig && typeof dnsConfig.hyphenatedSubdomains !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'hyphenatedSubdomains must be a boolean'));
 
     var credentials = getDnsCredentials(dnsConfig);
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

src/dns/godaddy.js

@@ -148,6 +148,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
 
     if (!dnsConfig.apiKey || typeof dnsConfig.apiKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'apiKey must be a non-empty string'));
     if (!dnsConfig.apiSecret || typeof dnsConfig.apiSecret !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'apiSecret must be a non-empty string'));
+    if ('hyphenatedSubdomains' in dnsConfig && typeof dnsConfig.hyphenatedSubdomains !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'hyphenatedSubdomains must be a boolean'));
 
     var credentials = {
         apiKey: dnsConfig.apiKey,

src/dns/manual.js

@@ -55,10 +55,13 @@ function verifyDnsConfig(dnsConfig, domain, zoneName, ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
+    if ('wildcard' in dnsConfig && typeof dnsConfig.wildcard !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'wildcard must be a boolean'));
+    if ('hyphenatedSubdomains' in dnsConfig && typeof dnsConfig.hyphenatedSubdomains !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'hyphenatedSubdomains must be a boolean'));
+
     var config = {
         wildcard: !!dnsConfig.wildcard,
         hyphenatedSubdomains: !!dnsConfig.hyphenatedSubdomains
-    }
+    };
 
     // Very basic check if the nameservers can be fetched
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {

src/dns/namecom.js

@@ -208,6 +208,10 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
+    if (typeof dnsConfig.username !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'username must be a string'));
+    if (typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a string'));
+    if ('hyphenatedSubdomains' in dnsConfig && typeof dnsConfig.hyphenatedSubdomains !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'hyphenatedSubdomains must be a boolean'));
+
     var credentials = {
         username: dnsConfig.username,
         token: dnsConfig.token,

src/dns/route53.js

@@ -114,7 +114,7 @@ function add(dnsConfig, zoneName, subdomain, type, values, callback) {
         };
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
-        route53.changeResourceRecordSets(params, function(error, result) {
+        route53.changeResourceRecordSets(params, function(error) {
             if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
             if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
             if (error && error.code === 'PriorRequestNotComplete') return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
@@ -235,6 +235,7 @@ function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
 
     if (!dnsConfig.accessKeyId || typeof dnsConfig.accessKeyId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'accessKeyId must be a non-empty string'));
     if (!dnsConfig.secretAccessKey || typeof dnsConfig.secretAccessKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'secretAccessKey must be a non-empty string'));
+    if ('hyphenatedSubdomains' in dnsConfig && typeof dnsConfig.hyphenatedSubdomains !== 'boolean') return callback(new DomainsError(DomainsError.BAD_FIELD, 'hyphenatedSubdomains must be a boolean'));
 
     var credentials = {
         accessKeyId: dnsConfig.accessKeyId,

src/domains.js

@@ -6,6 +6,7 @@ module.exports = exports = {
     getAll: getAll,
     update: update,
     del: del,
+    isLocked: isLocked,
 
     fqdn: fqdn,
     setAdmin: setAdmin,
@@ -19,12 +20,15 @@ module.exports = exports = {
     removePrivateFields: removePrivateFields,
     removeRestrictedFields: removeRestrictedFields,
 
+    validateHostname: validateHostname,
+
     DomainsError: DomainsError
 };
 
 var assert = require('assert'),
     caas = require('./caas.js'),
     config = require('./config.js'),
+    constants = require('./constants.js'),
     DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:domains'),
     domaindb = require('./domaindb.js'),
@@ -104,11 +108,54 @@ function verifyDnsConfig(config, domain, zoneName, provider, ip, callback) {
     api(provider).verifyDnsConfig(config, domain, zoneName, ip, callback);
 }
 
-function add(domain, zoneName, provider, config, fallbackCertificate, tlsConfig, callback) {
+function fqdn(location, domainObject) {
+    return location + (location ? (domainObject.config.hyphenatedSubdomains ? '-' : '.') : '') + domainObject.domain;
+}
+
+// Hostname validation comes from RFC 1123 (section 2.1)
+// Domain name validation comes from RFC 2181 (Name syntax)
+// https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names
+// We are validating the validity of the location-fqdn as host name (and not dns name)
+function validateHostname(location, domainObject) {
+    assert.strictEqual(typeof location, 'string');
+    assert.strictEqual(typeof domainObject, 'object');
+
+    const hostname = fqdn(location, domainObject);
+
+    const RESERVED_LOCATIONS = [
+        constants.API_LOCATION,
+        constants.SMTP_LOCATION,
+        constants.IMAP_LOCATION
+    ];
+    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new DomainsError(DomainsError.BAD_FIELD, location + ' is reserved');
+
+    if (hostname === config.adminFqdn()) return new DomainsError(DomainsError.BAD_FIELD, location + ' is reserved');
+
+    // workaround https://github.com/oncletom/tld.js/issues/73
+    var tmp = hostname.replace('_', '-');
+    if (!tld.isValid(tmp)) return new DomainsError(DomainsError.BAD_FIELD, 'Hostname is not a valid domain name');
+
+    if (hostname.length > 253) return new DomainsError(DomainsError.BAD_FIELD, 'Hostname length exceeds 253 characters');
+
+    if (location) {
+        // label validation
+        if (location.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new DomainsError(DomainsError.BAD_FIELD, 'Invalid subdomain length');
+        if (location.match(/^[A-Za-z0-9-.]+$/) === null) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot');
+        if (/^[-.]/.test(location)) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot');
+    }
+
+    if (domainObject.config.hyphenatedSubdomains) {
+        if (location.indexOf('.') !== -1) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain cannot contain a dot');
+    }
+
+    return null;
+}
+
+function add(domain, zoneName, provider, dnsConfig, fallbackCertificate, tlsConfig, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof zoneName, 'string');
     assert.strictEqual(typeof provider, 'string');
-    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof dnsConfig, 'object');
     assert.strictEqual(typeof fallbackCertificate, 'object');
     assert.strictEqual(typeof tlsConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
@@ -132,10 +179,12 @@ function add(domain, zoneName, provider, config, fallbackCertificate, tlsConfig,
         return callback(new DomainsError(DomainsError.BAD_FIELD, 'tlsConfig.provider must be caas, fallback or le-*'));
     }
 
+    if (dnsConfig.hyphenatedSubdomains && !config.allowHyphenatedSubdomains()) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Not allowed in this edition'));
+
     sysinfo.getPublicIp(function (error, ip) {
         if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, 'Error getting IP:' + error.message));
 
-        verifyDnsConfig(config, domain, zoneName, provider, ip, function (error, result) {
+        verifyDnsConfig(dnsConfig, domain, zoneName, provider, ip, function (error, result) {
             if (error && error.reason === DomainsError.ACCESS_DENIED) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Error adding A record. Access denied'));
             if (error && error.reason === DomainsError.NOT_FOUND) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Zone not found'));
             if (error && error.reason === DomainsError.EXTERNAL_ERROR) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Error adding A record: ' + error.message));
@@ -157,6 +206,10 @@ function add(domain, zoneName, provider, config, fallbackCertificate, tlsConfig,
     });
 }
 
+function isLocked(domain) {
+    return domain === config.adminDomain() && config.isAdminDomainLocked();
+}
+
 function get(domain, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof callback, 'function');
@@ -166,6 +219,8 @@ function get(domain, callback) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
         if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
 
+        result.locked = isLocked(domain);
+
         reverseProxy.getFallbackCertificate(domain, function (error, bundle) {
             if (error && error.reason !== ReverseProxyError.NOT_FOUND) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
 
@@ -187,15 +242,17 @@ function getAll(callback) {
     domaindb.getAll(function (error, result) {
         if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
 
+        result.forEach(function (r) { r.locked = isLocked(r.domain); });
+
         return callback(null, result);
     });
 }
 
-function update(domain, zoneName, provider, config, fallbackCertificate, tlsConfig, callback) {
+function update(domain, zoneName, provider, dnsConfig, fallbackCertificate, tlsConfig, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof zoneName, 'string');
     assert.strictEqual(typeof provider, 'string');
-    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof dnsConfig, 'object');
     assert.strictEqual(typeof fallbackCertificate, 'object');
     assert.strictEqual(typeof tlsConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
@@ -219,10 +276,12 @@ function update(domain, zoneName, provider, config, fallbackCertificate, tlsConf
             return callback(new DomainsError(DomainsError.BAD_FIELD, 'tlsConfig.provider must be caas, fallback or letsencrypt-*'));
         }
 
+        if (dnsConfig.hyphenatedSubdomains && !config.allowHyphenatedSubdomains()) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Not allowed in this edition'));
+
         sysinfo.getPublicIp(function (error, ip) {
             if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, 'Error getting IP:' + error.message));
 
-            verifyDnsConfig(config, domain, zoneName, provider, ip, function (error, result) {
+            verifyDnsConfig(dnsConfig, domain, zoneName, provider, ip, function (error, result) {
                 if (error && error.reason === DomainsError.ACCESS_DENIED) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Error adding A record. Access denied'));
                 if (error && error.reason === DomainsError.NOT_FOUND) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Zone not found'));
                 if (error && error.reason === DomainsError.EXTERNAL_ERROR) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Error adding A record:' + error.message));
@@ -251,6 +310,8 @@ function del(domain, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof callback, 'function');
 
+    if (domain === config.adminDomain()) return callback(new DomainsError(DomainsError.IN_USE));
+
     domaindb.del(domain, function (error) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
         if (error && error.reason === DatabaseError.IN_USE) return callback(new DomainsError(DomainsError.IN_USE));
@@ -260,7 +321,8 @@ function del(domain, callback) {
     });
 }
 
-function getName(domain, subdomain) {
+// returns the 'name' that needs to be inserted into zone
+function getName(domain, subdomain, type) {
     // support special caas domains
     if (domain.provider === 'caas') return subdomain;
 
@@ -268,7 +330,13 @@ function getName(domain, subdomain) {
 
     var part = domain.domain.slice(0, -domain.zoneName.length - 1);
 
-    return subdomain === '' ? part : (subdomain + (domain.config.hyphenatedSubdomains ? '-' : '.') + part);
+    if (subdomain === '') {
+        return part;
+    } else if (type === 'TXT') {
+        return `${subdomain}.${part}`;
+    } else {
+        return subdomain + (domain.config.hyphenatedSubdomains ? '-' : '.') + part;
+    }
 }
 
 function getDnsRecords(subdomain, domain, type, callback) {
@@ -280,7 +348,7 @@ function getDnsRecords(subdomain, domain, type, callback) {
     get(domain, function (error, result) {
         if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
 
-        api(result.provider).get(result.config, result.zoneName, getName(result, subdomain), type, function (error, values) {
+        api(result.provider).get(result.config, result.zoneName, getName(result, subdomain, type), type, function (error, values) {
             if (error) return callback(error);
 
             callback(null, values);
@@ -300,7 +368,7 @@ function upsertDnsRecords(subdomain, domain, type, values, callback) {
     get(domain, function (error, result) {
         if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
 
-        api(result.provider).upsert(result.config, result.zoneName, getName(result, subdomain), type, values, function (error) {
+        api(result.provider).upsert(result.config, result.zoneName, getName(result, subdomain, type), type, values, function (error) {
             if (error) return callback(error);
 
             callback(null);
@@ -320,7 +388,7 @@ function removeDnsRecords(subdomain, domain, type, values, callback) {
     get(domain, function (error, result) {
         if (error) return callback(error);
 
-        api(result.provider).del(result.config, result.zoneName, getName(result, subdomain), type, values, function (error) {
+        api(result.provider).del(result.config, result.zoneName, getName(result, subdomain, type), type, values, function (error) {
             if (error && error.reason !== DomainsError.NOT_FOUND) return callback(error);
 
             callback(null);
@@ -368,23 +436,19 @@ function setAdmin(domain, callback) {
     });
 }
 
-function fqdn(location, domain, domainObject) {
-    return location + (location ? (domainObject.config.hyphenatedSubdomains ? '-' : '.') : '') + domain;
-}
-
 // removes all fields that are strictly private and should never be returned by API calls
 function removePrivateFields(domain) {
-    var result = _.pick(domain, 'domain', 'zoneName', 'provider', 'config', 'tlsConfig', 'fallbackCertificate');
+    var result = _.pick(domain, 'domain', 'zoneName', 'provider', 'config', 'tlsConfig', 'fallbackCertificate', 'locked');
     if (result.fallbackCertificate) delete result.fallbackCertificate.key;  // do not return the 'key'. in caas, this is private
     return result;
 }
 
 // removes all fields that are not accessible by a normal user
 function removeRestrictedFields(domain) {
-    var result = _.pick(domain, 'domain', 'zoneName', 'provider');
+    var result = _.pick(domain, 'domain', 'zoneName', 'provider', 'locked');
 
     // always ensure config object
     result.config = { hyphenatedSubdomains: !!domain.config.hyphenatedSubdomains };
 
     return result;
-}
+}

src/ldap.js

@@ -28,37 +28,32 @@ var NOOP = function () {};
 var GROUP_USERS_DN = 'cn=users,ou=groups,dc=cloudron';
 var GROUP_ADMINS_DN = 'cn=admins,ou=groups,dc=cloudron';
 
-function getAppByRequest(req, callback) {
-    assert.strictEqual(typeof req, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
+// Will attach req.app if successful
+function authenticateApp(req, res, next) {
     var sourceIp = req.connection.ldap.id.split(':')[0];
-    if (sourceIp.split('.').length !== 4) return callback(new ldap.InsufficientAccessRightsError('Missing source identifier'));
+    if (sourceIp.split('.').length !== 4) return next(new ldap.InsufficientAccessRightsError('Missing source identifier'));
 
     apps.getByIpAddress(sourceIp, function (error, app) {
-        if (error) return callback(new ldap.OperationsError(error.message));
+        if (error) return next(new ldap.OperationsError(error.message));
+        if (!app) return next(new ldap.OperationsError('Could not detect app source'));
 
-        if (!app) return callback(new ldap.OperationsError('Could not detect app source'));
+        req.app = app;
 
-        callback(null, app);
+        next();
     });
 }
 
 function getUsersWithAccessToApp(req, callback) {
-    assert.strictEqual(typeof req, 'object');
+    assert.strictEqual(typeof req.app, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    getAppByRequest(req, function (error, app) {
-        if (error) return callback(error);
+    users.list(function (error, result) {
+        if (error) return callback(new ldap.OperationsError(error.toString()));
 
-        users.list(function (error, result) {
+        async.filter(result, apps.hasAccessTo.bind(null, req.app), function (error, allowedUsers) {
             if (error) return callback(new ldap.OperationsError(error.toString()));
 
-            async.filter(result, apps.hasAccessTo.bind(null, app), function (error, allowedUsers) {
-                if (error) return callback(new ldap.OperationsError(error.toString()));
-
-                callback(null, allowedUsers);
-            });
+            callback(null, allowedUsers);
         });
     });
 }
@@ -139,7 +134,7 @@ function userSearch(req, res, next) {
             var dn = ldap.parseDN('cn=' + entry.id + ',ou=users,dc=cloudron');
 
             var groups = [ GROUP_USERS_DN ];
-            if (entry.admin) groups.push(GROUP_ADMINS_DN);
+            if (entry.admin || req.app.ownerId === entry.id) groups.push(GROUP_ADMINS_DN);
 
             var displayName = entry.displayName || entry.username || ''; // displayName can be empty and username can be null
             var nameParts = displayName.split(' ');
@@ -159,7 +154,7 @@ function userSearch(req, res, next) {
                     givenName: firstName,
                     username: entry.username,
                     samaccountname: entry.username,      // to support ActiveDirectory clients
-                    isadmin: entry.admin ? 1 : 0,
+                    isadmin: (entry.admin || req.app.ownerId === entry.id) ? 1 : 0,
                     memberof: groups
                 }
             };
@@ -199,7 +194,7 @@ function groupSearch(req, res, next) {
 
         groups.forEach(function (group) {
             var dn = ldap.parseDN('cn=' + group.name + ',ou=groups,dc=cloudron');
-            var members = group.admin ? result.filter(function (entry) { return entry.admin; }) : result;
+            var members = group.admin ? result.filter(function (entry) { return entry.admin || req.app.ownerId === entry.id; }) : result;
 
             var obj = {
                 dn: dn.toString(),
@@ -248,7 +243,7 @@ function groupAdminsCompare(req, res, next) {
         // we only support memberuid here, if we add new group attributes later add them here
         if (req.attribute === 'memberuid') {
             var found = result.find(function (u) { return u.id === req.value; });
-            if (found && found.admin) return res.end(true);
+            if (found && (found.admin || req.app.ownerId == found.id)) return res.end(true);
         }
 
         res.end(false);
@@ -413,6 +408,7 @@ function mailingListSearch(req, res, next) {
     });
 }
 
+// Will attach req.user if successful
 function authenticateUser(req, res, next) {
     debug('user bind: %s (from %s)', req.dn.toString(), req.connection.ldap.id);
 
@@ -444,21 +440,18 @@ function authenticateUser(req, res, next) {
 }
 
 function authorizeUserForApp(req, res, next) {
-    assert(req.user);
+    assert.strictEqual(typeof req.user, 'object');
+    assert.strictEqual(typeof req.app, 'object');
 
-    getAppByRequest(req, function (error, app) {
-        if (error) return next(error);
+    apps.hasAccessTo(req.app, req.user, function (error, result) {
+        if (error) return next(new ldap.OperationsError(error.toString()));
 
-        apps.hasAccessTo(app, req.user, function (error, result) {
-            if (error) return next(new ldap.OperationsError(error.toString()));
+        // we return no such object, to avoid leakage of a users existence
+        if (!result) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
-            // we return no such object, to avoid leakage of a users existence
-            if (!result) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'ldap', appId: req.app.id, app: req.app }, { userId: req.user.id, user: users.removePrivateFields(req.user) });
 
-            eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'ldap', appId: app.id, app: app }, { userId: req.user.id, user: users.removePrivateFields(req.user) });
-
-            res.end();
-        });
+        res.end();
     });
 }
 
@@ -525,9 +518,9 @@ function start(callback) {
 
     gServer = ldap.createServer({ log: logger });
 
-    gServer.search('ou=users,dc=cloudron', userSearch);
-    gServer.search('ou=groups,dc=cloudron', groupSearch);
-    gServer.bind('ou=users,dc=cloudron', authenticateUser, authorizeUserForApp);
+    gServer.search('ou=users,dc=cloudron', authenticateApp, userSearch);
+    gServer.search('ou=groups,dc=cloudron', authenticateApp, groupSearch);
+    gServer.bind('ou=users,dc=cloudron', authenticateApp, authenticateUser, authorizeUserForApp);
 
     // http://www.ietf.org/proceedings/43/I-D/draft-srivastava-ldap-mail-00.txt
     gServer.search('ou=mailboxes,dc=cloudron', mailboxSearch);
@@ -538,8 +531,8 @@ function start(callback) {
     gServer.bind('ou=recvmail,dc=cloudron', authenticateMailbox);
     gServer.bind('ou=sendmail,dc=cloudron', authenticateMailbox);
 
-    gServer.compare('cn=users,ou=groups,dc=cloudron', groupUsersCompare);
-    gServer.compare('cn=admins,ou=groups,dc=cloudron', groupAdminsCompare);
+    gServer.compare('cn=users,ou=groups,dc=cloudron', authenticateApp, groupUsersCompare);
+    gServer.compare('cn=admins,ou=groups,dc=cloudron', authenticateApp, groupAdminsCompare);
 
     // this is the bind for addons (after bind, they might search and authenticate)
     gServer.bind('ou=addons,dc=cloudron', function(req, res /*, next */) {

src/mail.js

@@ -625,7 +625,7 @@ function txtRecordsWithSpf(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domains.getDnsRecords('', domain, 'TXT', function (error, txtRecords) {
-        if (error) return callback(error);
+        if (error) return new MailError(MailError.EXTERNAL_ERROR, error.message);
 
         debug('txtRecordsWithSpf: current txt records - %j', txtRecords);
 
@@ -741,10 +741,14 @@ function setDnsRecords(domain, callback) {
             async.mapSeries(records, function (record, iteratorCallback) {
                 domains.upsertDnsRecords(record.subdomain, record.domain, record.type, record.values, iteratorCallback);
             }, function (error, changeIds) {
-                if (error) debug('addDnsRecords: failed to update : %s. will retry', error);
-                else debug('addDnsRecords: records %j added with changeIds %j', records, changeIds);
+                if (error) {
+                    debug(`addDnsRecords: failed to update: ${error}`);
+                    return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));
+                }
 
-                callback(error);
+                debug('addDnsRecords: records %j added with changeIds %j', records, changeIds);
+
+                callback(null);
             });
         });
     });
@@ -772,6 +776,8 @@ function removeDomain(domain, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof callback, 'function');
 
+    if (domain === config.adminDomain()) return callback(new MailError(MailError.IN_USE));
+
     maildb.del(domain, function (error) {
         if (error && error.reason === DatabaseError.IN_USE) return callback(new MailError(MailError.IN_USE));
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, error.message));

src/mail_templates/user_added.ejs

@@ -4,15 +4,6 @@ Dear <%= cloudronName %> Admin,
 
 A new user with email <%= user.email %> was added to <%= cloudronName %>.
 
-<% if (inviteLink) { %>
-As requested, this user has not been sent an invitation email.
-
-To set a password and perform any configuration on behalf of the user, please use this link:
-<%= inviteLink %>
-
-<% } %>
-
-
 Powered by https://cloudron.io
 
 <% } else { %>
@@ -27,14 +18,6 @@ Powered by https://cloudron.io
     A new user with email <%= user.email %> was added to <%= cloudronName %>.
 </p>
 
-<% if (inviteLink) { %>
-<p>
-    As requested, this user has not been sent an invitation email.<br/>
-    <br/>
-    <a href="<%= inviteLink %>">Set a password and perform any configuration on behalf of the user</a>
-</p>
-<% } %>
-
 <br/>
 <br/>
 

src/mailer.js

@@ -238,7 +238,6 @@ function userAdded(user) {
 
         var templateData = {
             user: user,
-            inviteLink: `${config.adminOrigin()}/api/v1/session/account/setup.html?reset_token=${user.resetToken}&email=${encodeURIComponent(user.email)}`,
             cloudronName: mailConfig.cloudronName,
             cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar'
         };

src/routes/accesscontrol.js

@@ -5,13 +5,10 @@ exports = module.exports = {
     uninitialize: uninitialize,
 
     scope: scope,
-    websocketAuth: websocketAuth,
-    verifyAppOwnership: verifyAppOwnership
+    websocketAuth: websocketAuth
 };
 
 var accesscontrol = require('../accesscontrol.js'),
-    apps = require('../apps.js'),
-    AppsError = apps.AppsError,
     assert = require('assert'),
     BasicStrategy = require('passport-http').BasicStrategy,
     BearerStrategy = require('passport-http-bearer').Strategy,
@@ -21,7 +18,6 @@ var accesscontrol = require('../accesscontrol.js'),
     HttpError = require('connect-lastmile').HttpError,
     LocalStrategy = require('passport-local').Strategy,
     passport = require('passport'),
-    settings = require('../settings.js'),
     users = require('../users.js'),
     UsersError = users.UsersError;
 
@@ -142,25 +138,3 @@ function websocketAuth(requiredScopes, req, res, next) {
         next();
     });
 }
-
-function verifyAppOwnership(req, res, next) {
-    if (req.user.admin) return next();
-
-    const appCreate = !('id' in req.params);
-
-    settings.getSpacesConfig(function (error, spaces) {
-        if (error) return next(new HttpError(500, error));
-        if (!spaces.enabled) return next();
-
-        if (appCreate) return next(); // ok to install app
-
-        apps.get(req.params.id, function (error, app) {
-            if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
-            if (error) return next(new HttpError(500, error));
-
-            if (app.ownerId !== req.user.id) return next(new HttpError(401, 'Unauthorized'));
-
-            next();
-        });
-    });
-}

src/routes/apps.js

@@ -1,6 +1,8 @@
 'use strict';
 
 exports = module.exports = {
+    verifyOwnership: verifyOwnership,
+
     getApp: getApp,
     getApps: getApps,
     getAppIcon: getAppIcon,
@@ -30,6 +32,7 @@ exports = module.exports = {
 var apps = require('../apps.js'),
     AppsError = apps.AppsError,
     assert = require('assert'),
+    config = require('../config.js'),
     debug = require('debug')('box:routes/apps'),
     fs = require('fs'),
     HttpError = require('connect-lastmile').HttpError,
@@ -44,6 +47,25 @@ function auditSource(req) {
     return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };
 }
 
+function verifyOwnership(req, res, next) {
+    if (req.user.admin) return next();
+
+    if (!config.isSpacesEnabled()) return next();
+
+    const appCreate = !('id' in req.params);
+
+    if (appCreate) return next(); // ok to install app
+
+    apps.get(req.params.id, function (error, app) {
+        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
+        if (error) return next(new HttpError(500, error));
+
+        if (app.ownerId !== req.user.id) return next(new HttpError(401, 'Unauthorized'));
+
+        next();
+    });
+}
+
 function getApp(req, res, next) {
     assert.strictEqual(typeof req.params.id, 'string');
 
@@ -117,9 +139,14 @@ function installApp(req, res, next) {
 
     if (data.robotsTxt && typeof data.robotsTxt !== 'string') return next(new HttpError(400, 'robotsTxt must be a string'));
 
+    if ('alternateDomains' in data) {
+        if (!Array.isArray(data.alternateDomains)) return next(new HttpError(400, 'alternateDomains must be an array'));
+        if (data.alternateDomains.some(function (d) { return (typeof d.domain !== 'string' || typeof d.subdomain !== 'string'); })) return next(new HttpError(400, 'alternateDomains array must contain objects with domain and subdomain strings'));
+    }
+
     debug('Installing app :%j', data);
 
-    apps.install(data, auditSource(req), function (error, app) {
+    apps.install(data, req.user, auditSource(req), function (error, app) {
         if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, error.message));
         if (error && error.reason === AppsError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
         if (error && error.reason === AppsError.PORT_RESERVED) return next(new HttpError(409, 'Port ' + error.message + ' is reserved.'));
@@ -169,7 +196,7 @@ function configureApp(req, res, next) {
 
     debug('Configuring app id:%s data:%j', req.params.id, data);
 
-    apps.configure(req.params.id, data, auditSource(req), function (error) {
+    apps.configure(req.params.id, data, req.user, auditSource(req), function (error) {
         if (error && error.reason === AppsError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
         if (error && error.reason === AppsError.PORT_RESERVED) return next(new HttpError(409, 'Port ' + error.message + ' is reserved.'));
         if (error && error.reason === AppsError.PORT_CONFLICT) return next(new HttpError(409, 'Port ' + error.message + ' is already in use.'));
@@ -219,7 +246,7 @@ function cloneApp(req, res, next) {
     if (typeof data.domain !== 'string') return next(new HttpError(400, 'domain is required'));
     if (('portBindings' in data) && typeof data.portBindings !== 'object') return next(new HttpError(400, 'portBindings must be an object'));
 
-    apps.clone(req.params.id, data, auditSource(req), function (error, result) {
+    apps.clone(req.params.id, data, req.user, auditSource(req), function (error, result) {
         if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
         if (error && error.reason === AppsError.PORT_RESERVED) return next(new HttpError(409, 'Port ' + error.message + ' is reserved.'));
         if (error && error.reason === AppsError.PORT_CONFLICT) return next(new HttpError(409, 'Port ' + error.message + ' is already in use.'));

src/routes/clients.js

@@ -80,8 +80,9 @@ function addToken(req, res, next) {
     var data = req.body;
     var expiresAt = data.expiresAt ? parseInt(data.expiresAt, 10) : Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
     if (isNaN(expiresAt) || expiresAt <= Date.now()) return next(new HttpError(400, 'expiresAt must be a timestamp in the future'));
+    if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
 
-    clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, function (error, result) {
+    clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, { name: req.body.name || '' }, function (error, result) {
         if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
         if (error) return next(new HttpError(500, error));
         next(new HttpSuccess(201, { token: result }));

src/routes/developer.js

@@ -24,7 +24,8 @@ function login(req, res, next) {
             if (!verified) return next(new HttpError(401, 'Invalid totpToken'));
         }
 
-        clients.issueDeveloperToken(user, ip, function (error, result) {
+        const auditSource = { authType: 'cli', ip: ip };
+        clients.issueDeveloperToken(user, auditSource, function (error, result) {
             if (error) return next(new HttpError(500, error));
 
             next(new HttpSuccess(200, result));

src/routes/domains.js

@@ -5,7 +5,9 @@ exports = module.exports = {
     get: get,
     getAll: getAll,
     update: update,
-    del: del
+    del: del,
+
+    verifyDomainLock: verifyDomainLock
 };
 
 var assert = require('assert'),
@@ -14,6 +16,14 @@ var assert = require('assert'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
 
+function verifyDomainLock(req, res, next) {
+    assert.strictEqual(typeof req.params.domain, 'string');
+
+    if (domains.isLocked(req.params.domain)) return next(new HttpError(423, 'This domain is locked'));
+
+    next();
+}
+
 function add(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 

src/routes/mail.js

@@ -88,6 +88,7 @@ function setDnsRecords(req, res, next) {
 
     mail.setDnsRecords(req.params.domain, function (error) {
         if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
+        if (error && error.reason === MailError.EXTERNAL_ERROR) return next(new HttpError(503, error.message));
         if (error) return next(new HttpError(500, error));
 
         next(new HttpSuccess(201));

src/routes/oauth2.js

@@ -91,7 +91,7 @@ function initialize() {
             authcodedb.del(code, function (error) {
                 if(error) return callback(error);
 
-                clients.addTokenByUserId(client.id, authCode.userId, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, function (error, result) {
+                clients.addTokenByUserId(client.id, authCode.userId, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
                     if (error) return callback(error);
 
                     debug('exchange: new access token for client %s user %s token %s', client.id, authCode.userId, result.accessToken.slice(0, 6)); // partial token for security
@@ -104,7 +104,7 @@ function initialize() {
 
     // implicit token grant that skips issuing auth codes. this is used by our webadmin
     gServer.grant(oauth2orize.grant.token({ scopeSeparator: ',' }, function (client, user, ares, callback) {
-        clients.addTokenByUserId(client.id, user.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, function (error, result) {
+        clients.addTokenByUserId(client.id, user.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
             if (error) return callback(error);
 
             debug('grant token: new access token for client %s user %s token %s', client.id, user.id, result.accessToken.slice(0, 6)); // partial token for security
@@ -364,7 +364,7 @@ function accountSetup(req, res, next) {
                 if (error && error.reason === UsersError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
                 if (error) return next(new HttpError(500, error));
 
-                clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, function (error, result) {
+                clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
                     if (error) return next(new HttpError(500, error));
 
                     res.redirect(`${config.adminOrigin()}?accessToken=${result.accessToken}&expiresAt=${result.expires}`);
@@ -412,7 +412,7 @@ function passwordReset(req, res, next) {
             if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(406, error.message));
             if (error) return next(new HttpError(500, error));
 
-            clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, function (error, result) {
+            clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
                 if (error) return next(new HttpError(500, error));
 
                 res.redirect(`${config.adminOrigin()}?accessToken=${result.accessToken}&expiresAt=${result.expires}`);

src/routes/settings.js

@@ -23,10 +23,7 @@ exports = module.exports = {
     setAppstoreConfig: setAppstoreConfig,
 
     getPlatformConfig: getPlatformConfig,
-    setPlatformConfig: setPlatformConfig,
-
-    setSpacesConfig: setSpacesConfig,
-    getSpacesConfig: getSpacesConfig
+    setPlatformConfig: setPlatformConfig
 };
 
 var assert = require('assert'),
@@ -207,26 +204,6 @@ function setPlatformConfig(req, res, next) {
     });
 }
 
-function getSpacesConfig(req, res, next) {
-    settings.getSpacesConfig(function (error, config) {
-        if (error) return next(new HttpError(500, error));
-
-        next(new HttpSuccess(200, config));
-    });
-}
-
-function setSpacesConfig(req, res, next) {
-    assert.strictEqual(typeof req.body, 'object');
-
-    settings.setSpacesConfig(req.body, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === SettingsError.EXTERNAL_ERROR) return next(new HttpError(402, error.message));
-        if (error) return next(new HttpError(500, error));
-
-        next(new HttpSuccess(200, {}));
-    });
-}
-
 function getAppstoreConfig(req, res, next) {
     settings.getAppstoreConfig(function (error, result) {
         if (error) return next(new HttpError(500, error));

src/routes/test/apps-test.js

@@ -216,7 +216,7 @@ function startBox(done) {
             token_1 = tokendb.generateToken();
 
             // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-            tokendb.add(token_1, user_1_id, 'test-client-id',  Date.now() + 1000000, accesscontrol.SCOPE_ANY, callback);
+            tokendb.add(token_1, user_1_id, 'test-client-id',  Date.now() + 1000000, accesscontrol.SCOPE_APPS_READ, '', callback);
         },
 
         function (callback) {
@@ -359,7 +359,7 @@ describe('App API', function () {
             .send({ manifest: APP_MANIFEST, location: 'my', accessRestriction: null, domain: DOMAIN_0.domain })
             .end(function (err, res) {
                 expect(res.statusCode).to.equal(400);
-                expect(res.body.message).to.eql('my is reserved');
+                expect(res.body.message).to.contain('my is reserved');
                 done();
             });
     });
@@ -370,7 +370,7 @@ describe('App API', function () {
             .send({ manifest: APP_MANIFEST, location: constants.API_LOCATION, accessRestriction: null, domain: DOMAIN_0.domain })
             .end(function (err, res) {
                 expect(res.statusCode).to.equal(400);
-                expect(res.body.message).to.eql(constants.API_LOCATION + ' is reserved');
+                expect(res.body.message).to.contain(constants.API_LOCATION + ' is reserved');
                 done();
             });
     });
@@ -381,7 +381,7 @@ describe('App API', function () {
             .send({ manifest: APP_MANIFEST, location: APP_LOCATION, portBindings: 23, accessRestriction: null, domain: DOMAIN_0.domain })
             .end(function (err, res) {
                 expect(res.statusCode).to.equal(400);
-                expect(res.body.message).to.eql('portBindings must be an object');
+                expect(res.body.message).to.contain('portBindings must be an object');
                 done();
             });
     });
@@ -392,7 +392,7 @@ describe('App API', function () {
             .send({ manifest: APP_MANIFEST, location: APP_LOCATION, portBindings: {}, domain: DOMAIN_0.domain })
             .end(function (err, res) {
                 expect(res.statusCode).to.equal(400);
-                expect(res.body.message).to.eql('accessRestriction is required');
+                expect(res.body.message).to.contain('accessRestriction is required');
                 done();
             });
     });
@@ -403,7 +403,7 @@ describe('App API', function () {
             .send({ manifest: APP_MANIFEST, location: APP_LOCATION, portBindings: {}, accessRestriction: '', domain: DOMAIN_0.domain })
             .end(function (err, res) {
                 expect(res.statusCode).to.equal(400);
-                expect(res.body.message).to.eql('accessRestriction is required');
+                expect(res.body.message).to.contain('accessRestriction is required');
                 done();
             });
     });
@@ -598,11 +598,11 @@ describe('App API', function () {
             .end(function (error, result) {
                 expect(error).to.not.be.ok();
                 expect(result.statusCode).to.equal(200);
-                expect(new Date(result.body.expiresAt).toString()).to.not.be('Invalid Date');
-                expect(result.body.token).to.be.a('string');
+                expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');
+                expect(result.body.accessToken).to.be.a('string');
 
                 // overwrite non dev token
-                token = result.body.token;
+                token = result.body.accessToken;
 
                 superagent.post(SERVER_URL + '/api/v1/apps/install')
                     .query({ access_token: token })
@@ -630,6 +630,7 @@ describe('App installation', function () {
     this.timeout(100000);
 
     var apiHockInstance = hock.createHock({ throwOnUnmatched: false });
+    var apiHockServer;
 
     var validCert1, validKey1;
 
@@ -699,7 +700,7 @@ describe('App installation', function () {
             });
     });
 
-    it('installation - image created', function (done) {
+    xit('installation - image created', function (done) {
         expect(imageCreated).to.be.ok();
         done();
     });
@@ -915,7 +916,7 @@ describe('App installation', function () {
                 if (!err || err.code !== 'ECONNREFUSED') return setTimeout(waitForAppToDie, 500);
 
                 // wait for app status to be updated
-                superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID).query({ access_token: token_1 }).end(function (error, result) {
+                superagent.get(SERVER_URL + '/api/v1/apps/' + APP_ID).query({ access_token: token }).end(function (error, result) {
                     if (error || result.statusCode !== 200 || result.body.runState !== 'stopped') return setTimeout(waitForAppToDie, 500);
                     done();
                 });

src/routes/test/cloudron-test.js

@@ -167,7 +167,7 @@ describe('Cloudron', function () {
                             userId_1 = result.body.id;
 
                             // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-                            tokendb.add(token_1, userId_1, 'test-client-id',  Date.now() + 100000, 'cloudron', callback);
+                            tokendb.add(token_1, userId_1, 'test-client-id',  Date.now() + 100000, 'cloudron', '', callback);
                         });
                 }
             ], done);

src/routes/test/eventlog-test.js

@@ -63,7 +63,7 @@ function setup(done) {
             token_1 = tokendb.generateToken();
 
             // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-            tokendb.add(token_1, USER_1_ID, 'test-client-id',  Date.now() + 100000, accesscontrol.SCOPE_PROFILE, callback);
+            tokendb.add(token_1, USER_1_ID, 'test-client-id',  Date.now() + 100000, accesscontrol.SCOPE_PROFILE, '', callback);
         }
 
     ], done);

src/routes/test/groups-test.js

@@ -70,7 +70,7 @@ function setup(done) {
                     userId_1 = result.body.id;
 
                     // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-                    tokendb.add(token_1, userId_1, 'test-client-id',  Date.now() + 100000, accesscontrol.SCOPE_PROFILE, callback);
+                    tokendb.add(token_1, userId_1, 'test-client-id',  Date.now() + 100000, accesscontrol.SCOPE_PROFILE, '', callback);
                 });
         }
     ], done);

src/routes/test/profile-test.js

@@ -115,7 +115,7 @@ describe('Profile API', function () {
             var token = tokendb.generateToken();
             var expires = Date.now() - 2000; // 1 sec
 
-            tokendb.add(token, user_0.id, null, expires, 'profile', function (error) {
+            tokendb.add(token, user_0.id, null, expires, 'profile', 'tokenname', function (error) {
                 expect(error).to.not.be.ok();
 
                 superagent.get(SERVER_URL + '/api/v1/profile').query({ access_token: token }).end(function (error, result) {

src/routes/test/users-test.js

@@ -8,7 +8,6 @@
 var accesscontrol = require('../../accesscontrol.js'),
     async = require('async'),
     config = require('../../config.js'),
-    constants = require('../../constants.js'),
     database = require('../../database.js'),
     domains = require('../../domains.js'),
     tokendb = require('../../tokendb.js'),
@@ -17,7 +16,8 @@ var accesscontrol = require('../../accesscontrol.js'),
     mail = require('../../mail.js'),
     mailer = require('../../mailer.js'),
     superagent = require('superagent'),
-    server = require('../../server.js');
+    server = require('../../server.js'),
+    users = require('../../users.js');
 
 const SERVER_URL = 'http://localhost:' + config.get('port');
 
@@ -83,7 +83,7 @@ describe('Users API', function () {
     this.timeout(5000);
 
     var user_0, user_1, user_2, user_4;
-    var token = null;
+    var token = null, userToken = null;
     var token_1 = tokendb.generateToken();
 
     before(setup);
@@ -176,7 +176,7 @@ describe('Users API', function () {
         var token = tokendb.generateToken();
         var expires = Date.now() + 2000; // 1 sec
 
-        tokendb.add(token, user_0.id, null, expires, accesscontrol.SCOPE_PROFILE, function (error) {
+        tokendb.add(token, user_0.id, null, expires, accesscontrol.SCOPE_PROFILE, 'tokenname', function (error) {
             expect(error).to.not.be.ok();
 
             setTimeout(function () {
@@ -287,7 +287,7 @@ describe('Users API', function () {
                 user_1 = result.body;
 
                 // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-                tokendb.add(token_1, user_1.id, 'test-client-id',  Date.now() + 10000, accesscontrol.SCOPE_PROFILE, done);
+                tokendb.add(token_1, user_1.id, 'test-client-id',  Date.now() + 10000, accesscontrol.SCOPE_PROFILE, 'fromtest', done);
             });
     });
 
@@ -680,7 +680,7 @@ describe('Users API', function () {
 
         superagent.post(SERVER_URL + '/api/v1/users')
             .query({ access_token: token })
-            .send({ username: USERNAME_4, email: EMAIL_4, invite: false, password: 'tooweak' })
+            .send({ username: USERNAME_4, email: EMAIL_4, password: 'tooweak' })
             .end(function (error, result) {
                 expect(error).to.be.ok();
                 expect(result.statusCode).to.equal(400);
@@ -691,23 +691,23 @@ describe('Users API', function () {
     it('can create user with a password', function (done) {
         superagent.post(SERVER_URL + '/api/v1/users')
             .query({ access_token: token })
-            .send({ username: USERNAME_4, email: EMAIL_4, invite: false, password: 'Secret1#' })
+            .send({ username: USERNAME_4, email: EMAIL_4, password: 'Secret1#' })
             .end(function (error, result) {
                 expect(error).to.not.be.ok();
                 expect(result.statusCode).to.equal(201);
 
                 user_4 = result.body;
 
-                token = tokendb.generateToken();
+                userToken = tokendb.generateToken();
                 var expires = Date.now() + 2000; // 1 sec
 
-                tokendb.add(token, user_4.id, null, expires, accesscontrol.SCOPE_PROFILE, done);
+                tokendb.add(userToken, user_4.id, null, expires, accesscontrol.SCOPE_PROFILE, '', done);
             });
     });
 
     it('can get profile of user with pre-set password', function (done) {
         superagent.get(SERVER_URL + '/api/v1/profile')
-            .query({ access_token: token })
+            .query({ access_token: userToken })
             .end(function (err, res) {
                 expect(res.statusCode).to.equal(200);
 
@@ -716,5 +716,42 @@ describe('Users API', function () {
                 done();
             });
     });
+
+    // Change password
+    it('change password fails due to missing token', function (done) {
+        superagent.post(SERVER_URL + '/api/v1/users/' + user_0.id + '/password')
+            .send({ password: 'youdontsay' })
+            .end(function (error, result) {
+                expect(result.statusCode).to.equal(401);
+                done();
+            });
+    });
+
+    it('change password fails due to small password', function (done) {
+        superagent.post(SERVER_URL + '/api/v1/users/' + user_0.id + '/password')
+            .query({ access_token: token })
+            .send({ password: 'small' })
+            .end(function (error, result) {
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+    });
+
+    it('change password succeeds', function (done) {
+        superagent.post(SERVER_URL + '/api/v1/users/' + user_0.id + '/password')
+            .query({ access_token: token })
+            .send({ password: 'bigenough' })
+            .end(function (error, result) {
+                expect(result.statusCode).to.equal(204);
+                done();
+            });
+    });
+
+    it('did change the user password', function (done) {
+        users.verify(user_0.id, 'bigenough', function (error) {
+            expect(error).to.be(null);
+            done();
+        });
+    });
 });
 

src/routes/users.js

@@ -6,14 +6,17 @@ exports = module.exports = {
     list: list,
     create: create,
     remove: remove,
+    changePassword: changePassword,
     verifyPassword: verifyPassword,
     createInvite: createInvite,
     sendInvite: sendInvite,
     setGroups: setGroups,
-    transferOwnership: transferOwnership
+    transferOwnership: transferOwnership,
+    verifyOperator: verifyOperator
 };
 
 var assert = require('assert'),
+    config = require('../config.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     users = require('../users.js'),
@@ -24,6 +27,12 @@ function auditSource(req) {
     return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };
 }
 
+function verifyOperator(req, res, next) {
+    if (config.allowOperatorActions()) return next();
+
+    next(new HttpError(401, 'Not allowed in this edition'));
+}
+
 function create(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
@@ -186,4 +195,19 @@ function transferOwnership(req, res, next) {
 
         next(new HttpSuccess(200, {}));
     });
-}
+}
+
+function changePassword(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+    assert.strictEqual(typeof req.params.userId, 'string');
+
+    if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be a string'));
+
+    users.setPassword(req.params.userId, req.body.password, function (error) {
+        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
+        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(204));
+    });
+}

src/server.js

@@ -94,7 +94,7 @@ function initializeExpressSync() {
     var usersReadScope = routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_READ);
     var usersManageScope = routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_MANAGE);
     var appsReadScope = routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_READ);
-    var appsManageScope = [ routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_MANAGE), routes.accesscontrol.verifyAppOwnership ];
+    var appsManageScope = [ routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_MANAGE), routes.apps.verifyOwnership ];
     var settingsScope = routes.accesscontrol.scope(accesscontrol.SCOPE_SETTINGS);
     var mailScope = routes.accesscontrol.scope(accesscontrol.SCOPE_MAIL);
     var clientsScope = routes.accesscontrol.scope(accesscontrol.SCOPE_CLIENTS);
@@ -102,6 +102,9 @@ function initializeExpressSync() {
     var domainsManageScope = routes.accesscontrol.scope(accesscontrol.SCOPE_DOMAINS_MANAGE);
     var appstoreScope = routes.accesscontrol.scope(accesscontrol.SCOPE_APPSTORE);
 
+    const verifyOperator = routes.users.verifyOperator;
+    const verifyDomainLock = routes.domains.verifyDomainLock;
+
     // csrf protection
     var csrf = routes.oauth2.csrf();
 
@@ -126,10 +129,10 @@ function initializeExpressSync() {
     router.get ('/api/v1/cloudron/disks', cloudronScope, routes.cloudron.getDisks);
     router.get ('/api/v1/cloudron/logs/:unit', cloudronScope, routes.cloudron.getLogs);
     router.get ('/api/v1/cloudron/logstream/:unit', cloudronScope, routes.cloudron.getLogStream);
-    router.get ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, routes.ssh.getAuthorizedKeys);
-    router.put ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, routes.ssh.addAuthorizedKey);
-    router.get ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, routes.ssh.getAuthorizedKey);
-    router.del ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, routes.ssh.delAuthorizedKey);
+    router.get ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, verifyOperator, routes.ssh.getAuthorizedKeys);
+    router.put ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, verifyOperator, routes.ssh.addAuthorizedKey);
+    router.get ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, verifyOperator, routes.ssh.getAuthorizedKey);
+    router.del ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, verifyOperator, routes.ssh.delAuthorizedKey);
     router.get ('/api/v1/cloudron/eventlog', cloudronScope, routes.eventlog.get);
 
     // config route (for dashboard)
@@ -149,6 +152,7 @@ function initializeExpressSync() {
     router.get ('/api/v1/users/:userId', usersManageScope, routes.users.get); // this is manage scope because it returns non-restricted fields
     router.del ('/api/v1/users/:userId', usersManageScope, routes.users.verifyPassword, routes.users.remove);
     router.post('/api/v1/users/:userId', usersManageScope, routes.users.update);
+    router.post('/api/v1/users/:userId/password', usersManageScope, routes.users.changePassword);
     router.put ('/api/v1/users/:userId/groups', usersManageScope, routes.users.setGroups);
     router.post('/api/v1/users/:userId/send_invite', usersManageScope, routes.users.sendInvite);
     router.post('/api/v1/users/:userId/create_invite', usersManageScope, routes.users.createInvite);
@@ -208,7 +212,7 @@ function initializeExpressSync() {
     router.get ('/api/v1/apps/:id/logs',      appsManageScope, routes.apps.getLogs);
     router.get ('/api/v1/apps/:id/exec',      appsManageScope, routes.apps.exec);
     // websocket cannot do bearer authentication
-    router.get ('/api/v1/apps/:id/execws',    routes.accesscontrol.websocketAuth.bind(null, [ accesscontrol.SCOPE_APPS_MANAGE ]), routes.accesscontrol.verifyAppOwnership, routes.apps.execWebSocket);
+    router.get ('/api/v1/apps/:id/execws',    routes.accesscontrol.websocketAuth.bind(null, [ accesscontrol.SCOPE_APPS_MANAGE ]), routes.apps.verifyOwnership, routes.apps.execWebSocket);
     router.post('/api/v1/apps/:id/clone',     appsManageScope, routes.apps.cloneApp);
     router.get ('/api/v1/apps/:id/download',  appsManageScope, routes.apps.downloadFile);
     router.post('/api/v1/apps/:id/upload',    appsManageScope, multipart, routes.apps.uploadFile);
@@ -223,17 +227,15 @@ function initializeExpressSync() {
     router.post('/api/v1/settings/cloudron_name',      settingsScope, routes.settings.setCloudronName);
     router.get ('/api/v1/settings/cloudron_avatar',    settingsScope, routes.settings.getCloudronAvatar);
     router.post('/api/v1/settings/cloudron_avatar',    settingsScope, multipart, routes.settings.setCloudronAvatar);
-    router.get ('/api/v1/settings/backup_config',      settingsScope, routes.settings.getBackupConfig);
-    router.post('/api/v1/settings/backup_config',      settingsScope, routes.settings.setBackupConfig);
-    router.get ('/api/v1/settings/platform_config',      settingsScope, routes.settings.getPlatformConfig);
-    router.post('/api/v1/settings/platform_config',      settingsScope, routes.settings.setPlatformConfig);
-    router.get ('/api/v1/settings/spaces_config',      settingsScope, routes.settings.getSpacesConfig);
-    router.post('/api/v1/settings/spaces_config',      settingsScope, routes.settings.setSpacesConfig);
+    router.get ('/api/v1/settings/backup_config',      settingsScope, verifyOperator, routes.settings.getBackupConfig);
+    router.post('/api/v1/settings/backup_config',      settingsScope, verifyOperator, routes.settings.setBackupConfig);
+    router.get ('/api/v1/settings/platform_config',    settingsScope, verifyOperator, routes.settings.getPlatformConfig);
+    router.post('/api/v1/settings/platform_config',    settingsScope, verifyOperator, routes.settings.setPlatformConfig);
 
     router.get ('/api/v1/settings/time_zone',          settingsScope, routes.settings.getTimeZone);
     router.post('/api/v1/settings/time_zone',          settingsScope, routes.settings.setTimeZone);
-    router.get ('/api/v1/settings/appstore_config',    appstoreScope, routes.settings.getAppstoreConfig);
-    router.post('/api/v1/settings/appstore_config',    appstoreScope, routes.settings.setAppstoreConfig);
+    router.get ('/api/v1/settings/appstore_config',    appstoreScope, verifyOperator, routes.settings.getAppstoreConfig);
+    router.post('/api/v1/settings/appstore_config',    appstoreScope, verifyOperator, routes.settings.setAppstoreConfig);
 
     // email routes
     router.get ('/api/v1/mail/:domain',       mailScope, routes.mail.getDomain);
@@ -262,7 +264,7 @@ function initializeExpressSync() {
     router.del ('/api/v1/mail/:domain/lists/:name', mailScope, routes.mail.removeList);
 
     // feedback
-    router.post('/api/v1/feedback', cloudronScope, routes.cloudron.feedback);
+    router.post('/api/v1/feedback', cloudronScope, verifyOperator, routes.cloudron.feedback);
 
     // backup routes
     router.get ('/api/v1/backups', settingsScope, routes.backups.get);
@@ -271,9 +273,9 @@ function initializeExpressSync() {
     // domain routes
     router.post('/api/v1/domains', domainsManageScope, routes.domains.add);
     router.get ('/api/v1/domains', domainsReadScope, routes.domains.getAll);
-    router.get ('/api/v1/domains/:domain', domainsManageScope, routes.domains.get);  // this is manage scope because it returns non-restricted fields
-    router.put ('/api/v1/domains/:domain', domainsManageScope, routes.domains.update);
-    router.del ('/api/v1/domains/:domain', domainsManageScope, routes.users.verifyPassword, routes.domains.del);
+    router.get ('/api/v1/domains/:domain', domainsManageScope, verifyDomainLock, routes.domains.get);  // this is manage scope because it returns non-restricted fields
+    router.put ('/api/v1/domains/:domain', domainsManageScope, verifyDomainLock, routes.domains.update);
+    router.del ('/api/v1/domains/:domain', domainsManageScope, verifyDomainLock, routes.users.verifyPassword, routes.domains.del);
 
     // caas routes
     router.get('/api/v1/caas/config', cloudronScope, routes.caas.getConfig);

src/settings.js

@@ -38,9 +38,6 @@ exports = module.exports = {
     getPlatformConfig: getPlatformConfig,
     setPlatformConfig: setPlatformConfig,
 
-    getSpacesConfig: getSpacesConfig,
-    setSpacesConfig: setSpacesConfig,
-
     getAll: getAll,
 
     // booleans. if you add an entry here, be sure to fix getAll
@@ -53,7 +50,6 @@ exports = module.exports = {
     APPSTORE_CONFIG_KEY: 'appstore_config',
     CAAS_CONFIG_KEY: 'caas_config',
     PLATFORM_CONFIG_KEY: 'platform_config',
-    SPACES_CONFIG_KEY: 'spaces_config',
 
     // strings
     APP_AUTOUPDATE_PATTERN_KEY: 'app_autoupdate_pattern',
@@ -98,7 +94,6 @@ var gDefaults = (function () {
     result[exports.CAAS_CONFIG_KEY] = {};
     result[exports.EMAIL_DIGEST] = true;
     result[exports.PLATFORM_CONFIG_KEY] = {};
-    result[exports.SPACES_CONFIG_KEY] = { enabled: false };
 
     return result;
 })();
@@ -358,32 +353,6 @@ function setEmailDigest(enabled, callback) {
     });
 }
 
-function getSpacesConfig(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    settingsdb.get(exports.SPACES_CONFIG_KEY, function (error, value) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.SPACES_CONFIG_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
-
-        callback(null, JSON.parse(value));
-    });
-}
-
-function setSpacesConfig(value, callback) {
-    assert.strictEqual(typeof value, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    if ('enabled' in value && typeof value.enabled !== 'boolean') return callback(new SettingsError(SettingsError.BAD_FIELD, 'enabled must be a boolean'));
-
-    settingsdb.set(exports.SPACES_CONFIG_KEY, JSON.stringify(value), function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
-
-        exports.events.emit(exports.SPACES_CONFIG_KEY, value);
-
-        callback(null);
-    });
-}
-
 function getCaasConfig(callback) {
     assert.strictEqual(typeof callback, 'function');
 
@@ -506,7 +475,7 @@ function getAll(callback) {
         result[exports.DYNAMIC_DNS_KEY] = !!result[exports.DYNAMIC_DNS_KEY];
 
         // convert JSON objects
-        [exports.BACKUP_CONFIG_KEY, exports.UPDATE_CONFIG_KEY, exports.APPSTORE_CONFIG_KEY, exports.PLATFORM_CONFIG_KEY, exports.SPACES_CONFIG_KEY ].forEach(function (key) {
+        [exports.BACKUP_CONFIG_KEY, exports.UPDATE_CONFIG_KEY, exports.APPSTORE_CONFIG_KEY, exports.PLATFORM_CONFIG_KEY ].forEach(function (key) {
             result[key] = typeof result[key] === 'object' ? result[key] : safe.JSON.parse(result[key]);
         });
 

src/setup.js

@@ -247,7 +247,7 @@ function activate(username, password, email, displayName, ip, auditSource, callb
         if (error && error.reason === UsersError.BAD_FIELD) return callback(new SetupError(SetupError.BAD_FIELD, error.message));
         if (error) return callback(new SetupError(SetupError.INTERNAL_ERROR, error));
 
-        clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, function (error, result) {
+        clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
             if (error) return callback(new SetupError(SetupError.INTERNAL_ERROR, error));
 
             eventlog.add(eventlog.ACTION_ACTIVATE, auditSource, { });
@@ -322,6 +322,7 @@ function getStatus(callback) {
                 cloudronName: cloudronName,
                 adminFqdn: config.adminDomain() ? config.adminFqdn() : null,
                 activated: count !== 0,
+                edition: config.edition(),
                 webadminStatus: gWebadminStatus // only valid when !activated
             });
         });

src/test/apps-test.js

@@ -176,44 +176,6 @@ describe('Apps', function () {
         ], done);
     });
 
-    describe('validateHostname', function () {
-        it('does not allow admin subdomain', function () {
-            expect(apps._validateHostname('my', DOMAIN_0.domain, 'my.' + DOMAIN_0.domain)).to.be.an(Error);
-        });
-
-        it('cannot have >63 length subdomains', function () {
-            var s = Array(64).fill('s').join('');
-            expect(apps._validateHostname(s, 'example.com', s + '.example.com')).to.be.an(Error);
-            expect(apps._validateHostname(`dev.${s}`, 'example.com', `dev.${s}.example.com`)).to.be.an(Error);
-        });
-
-        it('allows only alphanumerics and hypen', function () {
-            expect(apps._validateHostname('#2r', 'example.com', '#2r.example.com')).to.be.an(Error);
-            expect(apps._validateHostname('a%b', 'example.com', 'a%b.example.com')).to.be.an(Error);
-            expect(apps._validateHostname('ab_', 'example.com', 'ab_.example.com')).to.be.an(Error);
-            expect(apps._validateHostname('ab.', 'example.com', 'ab.example.com')).to.be.an(Error);
-            expect(apps._validateHostname('ab..c', 'example.com', 'ab..c.example.com')).to.be.an(Error);
-            expect(apps._validateHostname('.ab', 'example.com', '.ab.example.com')).to.be.an(Error);
-            expect(apps._validateHostname('-ab', 'example.com', '-ab.example.com')).to.be.an(Error);
-            expect(apps._validateHostname('ab-', 'example.com', 'ab-.example.com')).to.be.an(Error);
-        });
-
-        it('total length cannot exceed 255', function () {
-            var s = '';
-            for (var i = 0; i < (255 - 'example.com'.length); i++) s += 's';
-
-            expect(apps._validateHostname(s, 'example.com', s + '.example.com')).to.be.an(Error);
-        });
-
-        it('allow valid domains', function () {
-            expect(apps._validateHostname('a', 'example.com', 'a.example.com')).to.be(null);
-            expect(apps._validateHostname('a0-x', 'example.com', 'a0-x.example.com')).to.be(null);
-            expect(apps._validateHostname('a0.x', 'example.com', 'a0-x.example.com')).to.be(null);
-            expect(apps._validateHostname('a0.x.y', 'example.com', 'a0.x.y.example.com')).to.be(null);
-            expect(apps._validateHostname('01', 'example.com', '01.example.com')).to.be(null);
-        });
-    });
-
     describe('validatePortBindings', function () {
         it('does not allow invalid host port', function () {
             expect(apps._validatePortBindings({ port: -1 }, { tcpPorts: { port: 5000 } })).to.be.an(Error);

src/test/appstore-test.js

@@ -129,14 +129,9 @@ describe('Appstore', function () {
             .post(`/api/v1/users/${APPSTORE_USER_ID}/cloudrons/${CLOUDRON_ID}/apps/${APP_ID}?accessToken=${APPSTORE_TOKEN}`, function () { return true; })
             .reply(201, {});
 
-        var scope2 = nock('http://localhost:6060')
-            .get(`/api/v1/users/${APPSTORE_USER_ID}/cloudrons/${CLOUDRON_ID}/subscription?accessToken=${APPSTORE_TOKEN}`, function () { return true; })
-            .reply(200, { subscription: { id: 'basic' }});
-
         appstore.purchase(APP_ID, APPSTORE_APP_ID, function (error) {
             expect(error).to.not.be.ok();
             expect(scope1.isDone()).to.be.ok();
-            expect(scope2.isDone()).to.be.ok();
 
             done();
         });

src/test/database-test.js

@@ -553,6 +553,7 @@ describe('database', function () {
 
     describe('token', function () {
         var TOKEN_0 = {
+            name: 'token0',
             accessToken: tokendb.generateToken(),
             identifier: '0',
             clientId: 'clientid-0',
@@ -560,6 +561,7 @@ describe('database', function () {
             scope: 'clients'
         };
         var TOKEN_1 = {
+            name: 'token1',
             accessToken: tokendb.generateToken(),
             identifier: '1',
             clientId: 'clientid-1',
@@ -567,6 +569,7 @@ describe('database', function () {
             scope: 'settings'
         };
         var TOKEN_2 = {
+            name: 'token2',
             accessToken: tokendb.generateToken(),
             identifier: '2',
             clientId: 'clientid-2',
@@ -582,14 +585,14 @@ describe('database', function () {
         });
 
         it('add succeeds', function (done) {
-            tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, function (error) {
+            tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name, function (error) {
                 expect(error).to.be(null);
                 done();
             });
         });
 
         it('add of same token fails', function (done) {
-            tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, function (error) {
+            tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name, function (error) {
                 expect(error).to.be.a(DatabaseError);
                 expect(error.reason).to.be(DatabaseError.ALREADY_EXISTS);
                 done();
@@ -642,7 +645,7 @@ describe('database', function () {
         });
 
         it('delByIdentifier succeeds', function (done) {
-            tokendb.add(TOKEN_1.accessToken, TOKEN_1.identifier, TOKEN_1.clientId, TOKEN_1.expires, TOKEN_1.scope, function (error) {
+            tokendb.add(TOKEN_1.accessToken, TOKEN_1.identifier, TOKEN_1.clientId, TOKEN_1.expires, TOKEN_1.scope, '', function (error) {
                 expect(error).to.be(null);
 
                 tokendb.delByIdentifier(TOKEN_1.identifier, function (error) {
@@ -661,7 +664,7 @@ describe('database', function () {
         });
 
         it('getByIdentifierAndClientId succeeds', function (done) {
-            tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, function (error) {
+            tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name, function (error) {
                 expect(error).to.be(null);
 
                 tokendb.getByIdentifierAndClientId(TOKEN_0.identifier, TOKEN_0.clientId, function (error, result) {
@@ -675,7 +678,7 @@ describe('database', function () {
         });
 
         it('delExpired succeeds', function (done) {
-            tokendb.add(TOKEN_2.accessToken, TOKEN_2.identifier, TOKEN_2.clientId, TOKEN_2.expires, TOKEN_2.scope, function (error) {
+            tokendb.add(TOKEN_2.accessToken, TOKEN_2.identifier, TOKEN_2.clientId, TOKEN_2.expires, TOKEN_2.scope, TOKEN_2.name, function (error) {
                 expect(error).to.be(null);
 
                 tokendb.delExpired(function (error, result) {
@@ -706,7 +709,7 @@ describe('database', function () {
         });
 
         it('delByClientId succeeds', function (done) {
-            tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, function (error) {
+            tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name, function (error) {
                 expect(error).to.be(null);
 
                 tokendb.delByClientId(TOKEN_0.clientId, function (error) {

src/test/dns-test.js

@@ -506,6 +506,7 @@ describe('dns provider', function () {
         before(function (done) {
             DOMAIN_0.provider = 'namecom';
             DOMAIN_0.config = {
+                username: 'fake',
                 token: TOKEN
             };
 

src/test/domains-test.js

@@ -0,0 +1,88 @@
+/* global it:false */
+/* global describe:false */
+/* global before:false */
+/* global after:false */
+
+'use strict';
+
+var async = require('async'),
+    config = require('../config.js'),
+    database = require('../database.js'),
+    domains = require('../domains.js'),
+    expect = require('expect.js'),
+    _ = require('underscore');
+
+describe('Domains', function () {
+    before(function (done) {
+        config._reset();
+
+        async.series([
+            database.initialize,
+            database._clear
+        ], done);
+    });
+
+    after(function (done) {
+        async.series([
+            database._clear,
+            database.uninitialize
+        ], done);
+    });
+
+    const domain = {
+        domain: 'example.com',
+        zoneName: 'example.com',
+        config: {}
+    };
+
+    describe('validateHostname', function () {
+        it('does not allow admin subdomain', function () {
+            config.setFqdn('example.com');
+            config.setAdminFqdn('my.example.com');
+
+            expect(domains.validateHostname('my', domain)).to.be.an(Error);
+        });
+
+        it('cannot have >63 length subdomains', function () {
+            var s = Array(64).fill('s').join('');
+            expect(domains.validateHostname(s, domain)).to.be.an(Error);
+            domain.zoneName = `dev.${s}.example.com`;
+            expect(domains.validateHostname(`dev.${s}`, domain)).to.be.an(Error);
+        });
+
+        it('allows only alphanumerics and hypen', function () {
+            expect(domains.validateHostname('#2r',   domain)).to.be.an(Error);
+            expect(domains.validateHostname('a%b',   domain)).to.be.an(Error);
+            expect(domains.validateHostname('ab_',   domain)).to.be.an(Error);
+            expect(domains.validateHostname('ab.',   domain)).to.be.an(Error);
+            expect(domains.validateHostname('ab..c', domain)).to.be.an(Error);
+            expect(domains.validateHostname('.ab',   domain)).to.be.an(Error);
+            expect(domains.validateHostname('-ab',   domain)).to.be.an(Error);
+            expect(domains.validateHostname('ab-',   domain)).to.be.an(Error);
+        });
+
+        it('total length cannot exceed 255', function () {
+            var s = '';
+            for (var i = 0; i < (255 - 'example.com'.length); i++) s += 's';
+
+            expect(domains.validateHostname(s, domain)).to.be.an(Error);
+        });
+
+        it('allow valid domains', function () {
+            expect(domains.validateHostname('a',        domain)).to.be(null);
+            expect(domains.validateHostname('a0-x',     domain)).to.be(null);
+            expect(domains.validateHostname('a0.x',     domain)).to.be(null);
+            expect(domains.validateHostname('a0.x.y',   domain)).to.be(null);
+            expect(domains.validateHostname('01',       domain)).to.be(null);
+        });
+
+        it('hyphenatedSubdomains', function () {
+            let domainCopy = _.extend({}, domain);
+            domainCopy.config.hyphenatedSubdomains = true;
+
+            expect(domains.validateHostname('a',        domain)).to.be(null);
+            expect(domains.validateHostname('a0-x',     domain)).to.be(null);
+            expect(domains.validateHostname('a0.x',     domain)).to.be.an(Error);
+        });
+    });
+});

src/test/janitor-test.js

@@ -33,7 +33,8 @@ describe('janitor', function () {
         identifier: '0',
         clientId: 'clientid-0',
         expires: Date.now() + 60 * 60 * 1000,
-        scope: 'settings'
+        scope: 'settings',
+        name: 'clientid0'
     };
     var TOKEN_1 = {
         accessToken: tokendb.generateToken(),
@@ -41,6 +42,7 @@ describe('janitor', function () {
         clientId: 'clientid-1',
         expires: Date.now() - 1000,
         scope: 'apps',
+        name: 'clientid1'
     };
 
     before(function (done) {
@@ -49,8 +51,8 @@ describe('janitor', function () {
             database._clear,
             authcodedb.add.bind(null, AUTHCODE_0.authCode, AUTHCODE_0.clientId, AUTHCODE_0.userId, AUTHCODE_0.expiresAt),
             authcodedb.add.bind(null, AUTHCODE_1.authCode, AUTHCODE_1.clientId, AUTHCODE_1.userId, AUTHCODE_1.expiresAt),
-            tokendb.add.bind(null, TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope),
-            tokendb.add.bind(null, TOKEN_1.accessToken, TOKEN_1.identifier, TOKEN_1.clientId, TOKEN_1.expires, TOKEN_1.scope)
+            tokendb.add.bind(null, TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name),
+            tokendb.add.bind(null, TOKEN_1.accessToken, TOKEN_1.identifier, TOKEN_1.clientId, TOKEN_1.expires, TOKEN_1.scope, TOKEN_1.name)
         ], done);
     });
 

src/test/ldap-test.js

@@ -540,6 +540,42 @@ describe('Ldap', function () {
                 });
             });
         });
+
+        it ('lists the owner as admin', function (done) {
+            // make a normal user the owner
+            appdb.update(APP_0.id, { ownerId: USER_1.id, accessRestriction: { users: [], groups: [ GROUP_ID ] } }, function (error) {
+                expect(error).to.be(null);
+
+                var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+                var opts = {
+                    filter: 'objectcategory=person'
+                };
+
+                client.search('ou=users,dc=cloudron', opts, function (error, result) {
+                    expect(error).to.be(null);
+                    expect(result).to.be.an(EventEmitter);
+
+                    var entries = [];
+
+                    result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                    result.on('error', done);
+                    result.on('end', function (result) {
+                        expect(result.status).to.equal(0);
+                        expect(entries.length).to.equal(2);
+                        entries.sort(function (a, b) { return a.username > b.username; });
+
+                        expect(entries[0].username).to.equal(USER_0.username.toLowerCase());
+                        expect(entries[1].username).to.equal(USER_1.username.toLowerCase());
+                        expect(entries[1].isadmin).to.equal('1');
+
+                        client.unbind();
+
+                        appdb.update(APP_0.id, { ownerId: USER_0.id, accessRestriction: null }, done);
+                    });
+                });
+            });
+        });
     });
 
     describe('search groups', function () {
@@ -706,6 +742,45 @@ describe('Ldap', function () {
                 });
             });
         });
+
+        it ('shows owner as admin', function (done) {
+            appdb.update(APP_0.id, { ownerId: USER_1.id, accessRestriction: { users: [], groups: [ GROUP_ID ] } }, function (error) {
+                expect(error).to.be(null);
+
+                var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+                var opts = {
+                    filter: '&(objectclass=group)(cn=*)'
+                };
+
+                client.search('ou=groups,dc=cloudron', opts, function (error, result) {
+                    expect(error).to.be(null);
+                    expect(result).to.be.an(EventEmitter);
+
+                    var entries = [];
+
+                    result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                    result.on('error', done);
+                    result.on('end', function (result) {
+                        expect(result.status).to.equal(0);
+                        expect(entries.length).to.equal(2);
+                        expect(entries[0].cn).to.equal('users');
+                        expect(entries[0].memberuid.length).to.equal(2);
+                        expect(entries[0].memberuid[0]).to.equal(USER_0.id);
+                        expect(entries[0].memberuid[1]).to.equal(USER_1.id);
+                        expect(entries[1].cn).to.equal('admins');
+
+                        expect(entries[1].memberuid.length).to.equal(2);
+                        expect(entries[1].memberuid[0]).to.equal(USER_0.id);
+                        expect(entries[1].memberuid[1]).to.equal(USER_1.id);
+
+                        client.unbind();
+
+                        appdb.update(APP_0.id, { ownerId: USER_0.id, accessRestriction: null }, done);
+                    });
+                });
+            });
+        });
     });
 
     function ldapSearch(dn, filter, callback) {

src/test/settings-test.js

@@ -120,21 +120,6 @@ describe('Settings', function () {
             });
         });
 
-        it('can set spaces config', function (done) {
-            settings.setSpacesConfig({ enabled: true }, function (error) {
-                expect(error).to.be(null);
-                done();
-            });
-        });
-
-        it('can get backup config', function (done) {
-            settings.getSpacesConfig(function (error, spacesConfig) {
-                expect(error).to.be(null);
-                expect(spacesConfig.enabled).to.be(true);
-                done();
-            });
-        });
-
         it('can enable mail digest', function (done) {
             settings.setEmailDigest(true, function (error) {
                 expect(error).to.be(null);

src/tokendb.js

@@ -22,7 +22,7 @@ var assert = require('assert'),
     DatabaseError = require('./databaseerror'),
     hat = require('./hat.js');
 
-var TOKENS_FIELDS = [ 'accessToken', 'identifier', 'clientId', 'scope', 'expires' ].join(',');
+var TOKENS_FIELDS = [ 'accessToken', 'identifier', 'clientId', 'scope', 'expires', 'name' ].join(',');
 
 function generateToken() {
     return hat(8 * 32); // TODO: make this stronger
@@ -40,16 +40,17 @@ function get(accessToken, callback) {
     });
 }
 
-function add(accessToken, identifier, clientId, expires, scope, callback) {
+function add(accessToken, identifier, clientId, expires, scope, name, callback) {
     assert.strictEqual(typeof accessToken, 'string');
     assert.strictEqual(typeof identifier, 'string');
     assert(typeof clientId === 'string' || clientId === null);
     assert.strictEqual(typeof expires, 'number');
     assert.strictEqual(typeof scope, 'string');
+    assert.strictEqual(typeof name, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('INSERT INTO tokens (accessToken, identifier, clientId, expires, scope) VALUES (?, ?, ?, ?, ?)',
-        [ accessToken, identifier, clientId, expires, scope ], function (error, result) {
+    database.query('INSERT INTO tokens (accessToken, identifier, clientId, expires, scope, name) VALUES (?, ?, ?, ?, ?, ?)',
+        [ accessToken, identifier, clientId, expires, scope, name ], function (error, result) {
             if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
             if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
 

src/updater.js

@@ -185,6 +185,7 @@ function doUpdate(boxUpdateInfo, callback) {
                 adminFqdn: config.adminFqdn(),
                 adminLocation: config.adminLocation(),
                 isDemo: config.isDemo(),
+                edition: config.edition(),
 
                 appstore: {
                     apiServerOrigin: config.apiServerOrigin()

src/userdb.js

@@ -162,12 +162,13 @@ function del(userId, callback) {
     // also cleanup the groupMembers table
     var queries = [];
     queries.push({ query: 'DELETE FROM groupMembers WHERE userId = ?', args: [ userId ] });
+    queries.push({ query: 'DELETE FROM tokens WHERE identifier = ?', args: [ userId ] });
     queries.push({ query: 'DELETE FROM users WHERE id = ?', args: [ userId ] });
 
     database.transaction(queries, function (error, result) {
         if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, error));
         if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result[1].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (result[2].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
 
         callback(error);
     });