Commit Graph

471 Commits

Author SHA1 Message Date
Dan Brown
6f1b88a6a6
Change email confirmation from own middle to trait
Email confirmation middleware caused more mess than good, As caused
priority issues and it depended on auth actions. Instead its now a trai
used on auth middlewares.

Also used 'EncryptCookies' middleware on API instead of custom
decryption in custom middleware since we'd need to do replicate all the
same actions anyway. Shouldn't have too much effect since it only
actions over cookies that exist, of which none should be there for most
API requests.

Also split out some large guard functions to be a little more readable
and appease codeclimate.
2019-12-30 15:49:20 +00:00
Dan Brown
349b4629be
Extracted API auth into guard
Also implemented more elegant solution to allowing session auth for API
routes; A new 'StartSessionIfCookieExists' middleware, which wraps the
default 'StartSession' middleware will run for API routes which only
sets up the session if a session cookie is found on the request. Also
decrypts only the session cookie.

Also cleaned some TokenController codeclimate warnings.
2019-12-30 14:51:28 +00:00
Dan Brown
3de55ee645
Linked new API token system into middleware
Base logic in place but needs review and refactor to see if can better
fit into Laravel using 'Guard' system. Currently has issues due to
cookies in use from active session on API.
2019-12-30 02:16:07 +00:00
Lior Broshi
80a50f1ecb added rtl support for hebrew + added to localMap 2019-12-29 23:06:54 +02:00
Dan Brown
2cfa37399c
Fixed some empty-expiry conditions of token ui flows 2019-12-29 20:18:37 +00:00
Dan Brown
692fc46c7d
Removed token 'client' text, avoid confusion w/ oAuth
- Instead have a token_id and a secret.
   - Displayed a 'Token ID' and 'Token Secret'.
2019-12-29 20:07:28 +00:00
Dan Brown
832fbd65af
Added testing coverage to user API token interfaces 2019-12-29 19:46:46 +00:00
Dan Brown
dccb279c84
Built out interfaces & endpoints for API token managment 2019-12-29 17:03:52 +00:00
Dan Brown
d336ba6874
Started work on API token controls
- Added access-api permission.
- Started user profile UI work.
- Created database table and model for tokens.
- Fixed incorrect templates down migration :(
2019-12-29 13:02:26 +00:00
Dan Brown
04137e7c98
Started core API route work 2019-12-28 14:58:07 +00:00
Dan Brown
6f9cad2106
Merge pull request #1793 from abublihi/master
Fix An Exception
2019-12-27 16:52:07 +00:00
Dan Brown
e06f9f7fe3
Removed setting override system due to confusing behaviour
- Was only used to disable registration when LDAP was enabled.
- Caused saved option not to show on settings page causing confusion.
- Extended setting logic where used to take ldap into account instead of
global override.
- Added warning on setting page to show registration enable setting is
not used while ldap is active.

For #1541
2019-12-22 13:19:17 +00:00
Dan Brown
017703ff1a
Updated page delete to return to chapter if within one
- Added test to cover

Closes #1715
2019-12-16 11:54:53 +00:00
Daniel Seiler
afa501e75b Recall previous route when manually clicking login 2019-12-14 08:41:22 +01:00
abublihi
23a716a3ac Fix "Declaration of Middleware\TrustProxies::handle should be compatible with Fideloper\Proxy\TrustProxies::handle" 2019-11-20 14:00:20 +03:00
Dan Brown
c33ef4b9b2
Added tests to cover saml and added controller middleware 2019-11-17 19:15:37 +00:00
Dan Brown
6d899f3b17
Added icon for saml, added saml to register page, updated complete env 2019-11-17 16:07:06 +00:00
Dan Brown
aef6eb81e4
Added SAML singleLogoutService capabilities 2019-11-17 15:40:36 +00:00
Dan Brown
3a17ba2cb9
Started using OneLogin SAML lib directly
- Aligned and formatted config options.
- Provided way to override onelogin lib options if required.
- Added endpoints in core bookstack routes.
- Provided way to debug details provided by idp and formatted by
bookstack.
- Started on test work
- Handled case of email address already in use.
2019-11-17 13:26:43 +00:00
Dan Brown
bb1f43cbd8
Merge branch 'feature/saml' of git://github.com/Xiphoseer/BookStack into Xiphoseer-feature/saml 2019-11-16 12:42:45 +00:00
jakob
6cd26e23a8 Allow toggling between grid and list view in shelf view (shelves.show) 2019-10-30 11:23:42 +01:00
jakob
bea983ab85 Download and assign avatar when creating LDAP user in database. Fixes issue #1161 2019-10-29 22:18:02 +00:00
Dan Brown
a2370f7c9d
Merge branch 'feature-send-test-email' of git://github.com/timoschwarzer/BookStack into timoschwarzer-feature-send-test-email 2019-10-23 19:53:51 +01:00
Dan Brown
f1d7699df5
Updated Korean to be correct country code 2019-10-18 14:27:41 +01:00
Dan Brown
df98deb59d
Added Turkish to locale system 2019-10-17 14:01:19 +01:00
Timo Schwarzer
61a9139bf0
Add feature to send test e-mails 2019-10-16 08:24:33 +02:00
Dan Brown
31f5786e01
Entity Repo & Controller Refactor (#1690)
* Started mass-refactoring of the current entity repos

* Rewrote book tree logic

- Now does two simple queries instead of one really complex one.
- Extracted logic into its own class.
- Remove model-level akward union field listing.
- Logic now more readable than being large separate query and
compilation functions.

* Extracted and split book sort logic

* Finished up Book controller/repo organisation

* Refactored bookshelves controllers and repo parts

* Fixed issues found via phpunit

* Refactored Chapter controller

* Updated Chapter export controller

* Started Page controller/repo refactor

* Refactored another chunk of PageController

* Completed initial pagecontroller refactor pass

* Fixed tests and continued reduction of old repos

* Removed old page remove and further reduced entity repo

* Removed old entity repo, split out page controller

* Ran phpcbf and split out some page content methods

* Tidied up some EntityProvider elements

* Fixed issued caused by viewservice change
2019-10-05 12:55:01 +01:00
Christopher Wilkinson
4ad4dfa55a
Show bookshelves that a book belongs to on a book view
Closes #1598
2019-09-27 00:45:22 +01:00
Dan Brown
7cd956b24b
Removed some unused parameters and fixed env test logic 2019-09-20 01:18:59 +01:00
Dan Brown
8b550991a4
Refactored some core entity actions
- Created BookChild class to share some page/chapter logic.
- Gave entities the power to generate their own permissions and slugs.
- Moved bits out of BaseController constructor since it was overly
sticky.
- Moved slug generation logic into its own class.
- Created a facade for permissions due to high use.
- Fixed failing test issues from last commits
2019-09-20 00:18:28 +01:00
Dan Brown
f7a5a0705b
Moved shelf book append logic 2019-09-19 18:20:09 +01:00
Dan Brown
615b2de433
Simplified activity facade interface
Also cleaned up any other bits along the way.
2019-09-19 18:03:17 +01:00
Dan Brown
2a2cc858f0
Refactored notification showing and global view data 2019-09-19 15:12:10 +01:00
Dan Brown
60d0f96cd7
Extracted some methods into a BookRepo 2019-09-15 23:28:23 +01:00
Dan Brown
d28abf24d4
Split out export actions into own controllers 2019-09-15 22:33:27 +01:00
Dan Brown
3281925375
Standardised how request is injected into controller methods
Puts it in-line with how Laravel recommend.
2019-09-15 18:53:30 +01:00
Dan Brown
be08dc1588
Ran phpcbf and updated helpers typehinting 2019-09-15 18:29:51 +01:00
Dan Brown
cbf9d701af
Updated to laravel 6 2019-09-14 14:12:39 +01:00
Dan Brown
140298bd96
Updated to Laravel 5.8 2019-09-13 23:58:40 +01:00
Dan Brown
6917ea088f
Upgraded app to Laravel 5.7 2019-09-06 23:36:16 +01:00
Dan Brown
213e9d2941
Upgraded to Laravel 5.6 2019-09-06 22:14:39 +01:00
Dan Brown
b27a5c7fb8
Made a mass of accessibility improvements
- Changed default focus styles
- Updated dropdowns with keyboard navigation
- Updated modals with esc exiting
- Added accessibility attirbutes where needed
- Made many more elements focusable
- Updated hover effects of many items to also apply when focused within

Related to #1320 and #1198
2019-08-24 18:29:02 +01:00
Dan Brown
666213a4d4
Removed html dir tag for now, Updated lang format 2019-08-18 18:57:35 +01:00
Dan Brown
3acea12f1c
Merge branch 'unicode' of git://github.com/kostasdizas/BookStack into kostasdizas-unicode 2019-08-18 18:51:20 +01:00
Dan Brown
42d8548960
Finished new user invite flow 2019-08-18 13:11:30 +01:00
Dan Brown
e5155a5dcb
Refactored confirm actions to their own controller 2019-08-18 10:47:59 +01:00
Dan Brown
44330bdd24
Start user invite system 2019-08-17 15:52:33 +01:00
Dan Brown
20c36d58a6
Merge pull request #1527 from BookStackApp/129-page-templates
Page Templates Implementation
2019-08-11 20:21:17 +01:00
Dan Brown
de3e9ab094
Added ability to use templates
- Added replace, append and prepend actions for template content into
both the WYSIWYG editor and markdown editor.
- Added further testing to cover.
2019-08-11 20:04:43 +01:00
Daniel Seiler
bda0082461 Add login and automatic registration; Prepare Group sync 2019-08-06 23:42:46 +02:00
Dan Brown
421dd93ffd
Merge branch 'v0.26' 2019-08-06 21:50:56 +01:00
Dan Brown
f417675b1d
Prevented normal users from changing own email
To address #1542

Updates to only allow email changes by users with the users-manage role
permission.
2019-08-06 21:29:42 +01:00
Daniel Seiler
3c41b15be6 Initial work on SAML integration 2019-08-05 20:06:39 +02:00
Dan Brown
4b0c4e621a
Replaced use of custom 'baseUrl' helper with 'url'
Also changed up how base URL setting was being done
by manipulating incoming request URLs instead of
altering then on generation.
2019-08-04 14:26:39 +01:00
Dan Brown
30da105812
Started refactor of URL system to better extend Laravel 2019-07-21 21:32:08 +01:00
Dan Brown
15c39c1976
Updated JS translations to be inserted from back-end
Removes old awkward JS translations endpoint.
New system still a little akward in code but not now in process.

Also extracted out page editors into their own files.

Closes #1258
2019-07-06 14:52:25 +01:00
Kostas Dizas
86f56dd22b
Added locale and text direction to html templates 2019-06-11 23:01:08 +01:00
Dan Brown
282c45f088
Updated roadmap & dev version, removed dupe locale mappings 2019-06-11 22:45:41 +01:00
Dan Brown
13c0386e84
Updated string functions to use mulitbyte versions where needed
Fixes #816
2019-05-25 16:15:19 +01:00
Dan Brown
97ffbaa740
Fixed issue where books titles could be leaked via shelf home view
- Also added test to cover
Fixes #1425
2019-05-07 22:42:48 +01:00
Dan Brown
ba09dad1fe
Fixed shelf activity display & updated book sort operation 2019-05-05 15:54:22 +01:00
Dan Brown
3f83c548f8
Ran phpcbf 2019-05-05 14:54:37 +01:00
Dan Brown
8c190324ac
Updated existing image tests to reflect changes
- Also added some new tests
2019-05-04 18:11:19 +01:00
Dan Brown
79f6dc00a3
Change image-selector to not use manager
- Now changes the images directly for user, system & cover.
- Extra permission checks added to edit & delete actions.
2019-05-04 15:50:29 +01:00
Dan Brown
cb832a2c10
Started diversion to not using image manager for cover/system/user 2019-04-27 14:55:23 +01:00
Dan Brown
a87ae16010
Started extraction of image controller to separate controllers 2019-04-27 14:18:00 +01:00
Dan Brown
aeb1fc4d49
Started rewriting back-end image managment 2019-04-21 15:52:29 +01:00
Christopher Wilkinson
c8cf6731e2 Add min length validation on name on register form & add sign up link 2019-04-16 12:18:51 +01:00
Dan Brown
7f3f6e65b9
Aligned item creation wording and updated shelf-book-add logic 2019-04-15 20:45:04 +01:00
Christopher Wilkinson
d3cd369247 Fix phpcs issues 2019-04-15 09:27:17 +01:00
Christopher Wilkinson
faa3a8b842 Add button to add a book directly from a shelf view 2019-04-15 09:27:17 +01:00
Dan Brown
9406b4d4c9
Updated view toggle to store date
Also added test for user list order preferences
2019-04-14 13:01:51 +01:00
Dan Brown
b12ae6d11b
Added bookshelves to breadcrumbs
- Updated breadcrumb dropdown switchers and back-end sibling code to handle new breadcrumbs.
- Added breadcrumb view composer and EntityContext system to mangage
tracking if in the context of a bookshelf.
2019-04-07 18:28:11 +01:00
Dan Brown
221a483b40
Standardised view referencing to dot-notation 2019-04-07 12:00:09 +01:00
Dan Brown
0a06e2bce3
Actioned some todo items, Cleaned old grid css 2019-04-07 09:57:48 +01:00
Dan Brown
7cda9b026e
Updated tests to suit layout changes, Updated 404 page
- Also replaced 'or' usage in templates with null coalescing operator
2019-04-06 18:36:17 +01:00
Dan Brown
745a0bb98d
Updated custom homepage views 2019-04-06 17:31:59 +01:00
Dan Brown
aedff7dc6d
Added book selector to books sort
Now more efficient rather than listing all books in the system.
2019-04-06 16:59:04 +01:00
Dan Brown
17969c0bbf
Added shelves and search shortcuts to profile page 2019-04-06 16:21:20 +01:00
Dan Brown
37bf7f11e4
Implemented new design in entity selector
- Also showed entity path in search.
- Cleaned popular entity fetch logic.
- Cleaned entity selector JS code a little
2019-03-30 16:54:15 +00:00
Dan Brown
53a26a365c
Merge branch 'master' into 2019-design 2019-03-30 13:17:29 +00:00
Dan Brown
193e2ffebe
Prevent dbl exts. on img upload, Randomized attachment upload names 2019-03-24 19:08:21 +00:00
Dan Brown
f5fe524e6c
Added extension whitelist for image uploads
- A continuation of the security issues addressed in v0.25.3
2019-03-21 19:43:15 +00:00
Dan Brown
37b91b6b0e
Hardened image file validation by removing custom validation
- Added test to check PHP files cannot be uploaded as an image.
2019-03-20 23:59:55 +00:00
Dan Brown
5f2d226f09
Merge branch 'master' into 2019-design 2019-03-10 21:40:02 +00:00
Dan Brown
6be2d3f28c
Merge branch 'Copy-For-View-Only' of git://github.com/mark-james/BookStack into mark-james-Copy-For-View-Only 2019-03-09 16:12:12 +00:00
Dan Brown
98a4359198
Updated user language select to use correct default
- Updated localisation system to take note of system defaul locale
before replacing the current locale
Fixes #1316
2019-03-07 21:09:23 +00:00
Dan Brown
035a0d8efb
Added experimental breadcrumb traversal 2019-02-24 15:57:35 +00:00
Dan Brown
f1e571a57c
Made shelf listing more unique & efficient
- Now includes listing of all books within.
2019-02-16 17:13:01 +00:00
Dan Brown
a112c11df8
Re-ordered and updated main settings page 2019-02-16 14:17:35 +00:00
Dan Brown
3286f29a61
Merge branch 'master' into 2019-design 2019-02-09 14:58:38 +00:00
Dan Brown
5325870271
Updated auth pages to new design, Removed public layout 2019-02-03 17:34:15 +00:00
Dan Brown
138f5d5c4f
Updated user and shelf views to new design 2019-02-03 13:45:45 +00:00
Dan Brown
20988962fe
Migrated a whole load more page/chapter/shelf views 2019-02-02 11:41:41 +00:00
Dan Brown
32603362a6
Updated a bunch of book views 2019-01-31 20:37:12 +00:00
Dan Brown
36424a24b5
Added ability for date format strings to be localized by back-end
Requires the locale to be installed on the system-side.
Closes #1214
2019-01-19 12:11:18 +00:00
Dan Brown
0efed43389
Converted more views to new layout and made breadcrumbs more flexible 2019-01-13 15:54:55 +00:00
Dan Brown
163a57cf70
Merge branch 'master' into 2019-design 2019-01-13 14:10:27 +00:00
Dan Brown
a2087fe3ff
Made delete permissions a requirement for move operations
Closes #1200
2019-01-05 14:39:40 +00:00
Mark James
99c6d70c51 Initial updates to allow for page copy when the user can read the page but can't update it. 2018-12-31 17:01:49 +11:00