Commit Graph

1194 Commits

Author SHA1 Message Date
Dan Brown
ef9354a0cb
Verified mfa session expires on logout
Since sessions are invalidated upon logout.
2021-08-07 21:53:13 +01:00
Dan Brown
39a205ed28
Quick test of email confirmation routes and fix of tests 2021-08-07 21:18:59 +01:00
Dan Brown
70f39757b1
Updated API auth handling of email confirmations
Email confirmations are now done within the guard during auth checking
instead of at the middleware layer.
2021-08-05 22:07:08 +01:00
Dan Brown
9b271e559f
Worked on MFA setup required flow
- Restructured some of the route naming to be a little more consistent.
- Moved the routes about to be more logically in one place.
- Created a new middleware to handle the auth of people that should be
  allowed access to mfa setup routes, since these could be used by
  existing logged in users or by people needing to setup MFA on access.
- Added testing to cover MFA setup required flow.
- Added TTL and method tracking to session last-login tracking system.
2021-08-02 22:02:25 +01:00
Dan Brown
4597069083
Added Backup code verification logic
Also added testing to cover as part of this in addition to adding the
core backup code handling required.

Also added the standardised translations for switching mfa mode and
adding testing for this switching.
2021-08-02 16:35:37 +01:00
Dan Brown
a3f19ebe96
Added TOTP verification upon access 2021-08-02 15:04:43 +01:00
Dan Brown
1af5bbf3f7
Added login redirect system to confirm/mfa
Also continued a bit on the MFA verification system.
Moved some MFA routes to public space using updated login service to get
the current user that is either logged in or last attempted login (With
correct creds).
2021-07-18 16:52:31 +01:00
Dan Brown
1278fb4969
Started moving MFA and email confirmation to new login flow
Instead of being soley middleware based.
2021-07-17 18:24:50 +01:00
Dan Brown
9249addb5c
Updated all login events to route through single service 2021-07-17 17:45:00 +01:00
Dan Brown
78f9c01519
Started on some MFA access-time checks
Discovered some difficult edge cases:
- User image loading in header bar when using local_secure storage
- 404s showing user-specific visible content due to content listing on
  404 page since user is in semi-logged in state. Maybe need to go
  through and change up how logins are handled to centralise and
  provide us better control at login time to prevent any auth level.
2021-07-16 23:23:36 +01:00
Dan Brown
f696aa5eea
Added the ability to remove an MFA method
Includes testing to cover
2021-07-14 21:27:21 +01:00
Dan Brown
7c86c26cd0
Added command to reset user MFA
Includes tests to cover the command.
2021-07-14 20:50:36 +01:00
Dan Brown
cfc0c593db
Added MFA indicator to user list
Also fixed issue with showing incorrect MFA method count on user edit
page changes done in last commit
2021-07-14 20:19:05 +01:00
Dan Brown
bb43acef21
Added MFA setup link on user edit view 2021-07-14 20:06:41 +01:00
Dan Brown
09c2814dc7
Added role based MFA control
- Added new DB column for control and role updated create/update actions.
- Created new middleware as a start to actual enforcement logic.
- Added indicator to role list of whether MFA is enforced.
2021-07-03 13:34:48 +01:00
Dan Brown
1c43602f4b
Merge branch 'v21.05.x' 2021-07-03 12:02:13 +01:00
Dan Brown
4da72aa267
Fixed issue with translation loading without theme
System was using the empty state return from theme_path,
when no theme was configured, for loading in languages
which would result in the root path being looked up upon.

This changes the theme_path helper to return null in cases a theme
is not configured instead of empty string to help prevent assumed
return path will be legitimate, and to help enforce error case
handling.

For #2836
2021-07-03 11:53:46 +01:00
Dan Brown
529971c534
Added backup code setup flow
- Includes testing to cover flow.
- Moved TOTP logic to its own controller.
- Added some extra totp tests.
2021-07-02 20:53:33 +01:00
Dan Brown
916a82616f
Complete base flow for TOTP setup
- Includes DB storage and code validation.
- Extracted TOTP work to its own service file.
- Still needs testing to cover this side of things.
2021-06-30 22:10:02 +01:00
Dan Brown
d25cd83d8e
Added TOTP generation view and started verification stage
Also updated MFA setup view to have settings-like listed interface to
make it possible to extend with extra options in the future.
2021-06-29 22:06:49 +01:00
Dan Brown
efb6a6b457
Started barebones work of MFA system 2021-06-28 22:02:45 +01:00
Dan Brown
f295ab87b4
Updated comments of theme event to match usage 2021-06-28 21:17:10 +01:00
Dan Brown
934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown
3a402f6adc
Review of #2682, Also added parent deletion link on restore
On restore, added a link to the parent deletion restore if any exists
on a cascading parent. Added a test to cover this case to ensure its shown.

Also tweaked default empty state message on recycle bin item list to align
with new column count.

Also done a little existing code cleanup including a getUrl helper on
the deletion items.

Related to #2682 & #2594
2021-06-26 12:12:11 +01:00
Dan Brown
265f5db03f
Reviewed #2393, Removed image guessing and added testing
For review of meta tag additions as per PR #2393.
This commit removes any image guesswork and only uses images that have
been set by the author for the specific content.
This also adds tests to cover the expected OG tags.
2021-06-23 20:42:48 +01:00
Dan Brown
58fa7679bc
Merge branch 'create-content-meta-tags' of https://github.com/james-geiger/BookStack into james-geiger-create-content-meta-tags 2021-06-23 20:11:07 +01:00
Dan Brown
992f03a3c0
Added markdown export endpoints to API
- Added tests to cover.
- Added slight extra spaces at content joins.
2021-06-22 21:39:29 +01:00
Dan Brown
57ea2e92ec
Updated markdown export implementation
- Removed ZIP system for now, until the idea can be fleshed out.
- Added testing to cover.
- Upgraded used library.
- Added custom handling for BookStack callouts.
- Added HTML cleanup to better produce output for things like code
  blocks.
2021-06-22 21:02:18 +01:00
Dan Brown
9af636bd48
Merge branch 'markdown-export' of https://github.com/nikhiljha/BookStack-1 into nikhiljha-markdown-export 2021-06-22 19:12:24 +01:00
Dan Brown
3d5899d28c
Fixed issue with using old non-existing reference in controller
Also done a little code cleanup.
2021-06-13 14:16:09 +01:00
Dan Brown
2c34a99248
Merge pull request #2791 from BookStackApp/attachments_open_in_browser
Attachment serving without forced download
2021-06-13 14:03:08 +01:00
Dan Brown
b5caaa73b7
Fixed content parsing break with line html comment
Fixes issues thrown in custom HMTL head & page content filtering when
the content is comprised of only a single HTML comment.
Adds tests to cover.

For #2804
2021-06-13 12:53:04 +01:00
Dan Brown
7997300f96
Added front-end toggle and testing of inline attachments 2021-06-06 13:55:56 +01:00
Dan Brown
888f435651
Added back-end attachments-in-browser support
A query string will cause attachments to be provided inline
with an appropriate mime type.
Remaining actions:
- Tests
- Front-end functionality
- Config option?
2021-06-06 00:51:06 +01:00
Dan Brown
0627efe5e9
Updated base64 image extraction to use url instead of path
To ensure it works with all storage types and follows the format of
manually uploaded image content
2021-06-04 22:59:31 +01:00
Dan Brown
bb00c331e4
Ordered entity permission roles by display name
Closes #2782
2021-06-04 22:36:30 +01:00
Dan Brown
24eef03fb9
Added croatian to required arrays/lists 2021-06-02 21:55:30 +01:00
Dan Brown
39928e1c63
Reviewed base64 image upload support
- Added test cases to cover.
- Altered parsing logic to be a little less reliant on regex.
- Added new iamge repo method for creating from data.
- Added extension validation and additional type support.
- Done some cleanup of common operations within PageContent.
- Added message to API docs/method to mention image usage.

For #2700 and #2631.
2021-06-02 21:34:34 +01:00
Dan Brown
40ca50e44f
Merge branch 'master' of https://github.com/awarre/BookStack into awarre-master 2021-06-02 20:25:20 +01:00
Dan Brown
1fa90e4f12
Converted another couple of tests from browserkit 2021-05-29 23:42:21 +01:00
Dan Brown
ed6ec341df
Added testing to cover next/previous navigation
For #2511
2021-05-29 12:49:10 +01:00
Dan Brown
0cfff6ab6f
Reviewed and refactored next/previous navigation button implementation
- Updated styling to include item name.
- Extracted used text to translations.
- Updated the design to better suit the surrounding blocks.
- Removed newly added model/repo methods.
- Moved core logic out of controller and instead into a "NextPreviousContentLocator"
helper with re-uses the output from the book-tree generation.
- Also added the system to chapters.

For #2511
2021-05-29 12:39:41 +01:00
Dan Brown
7ca66c5d5e
Merge branch 'prev-next-button' of https://github.com/shubhamosmosys/BookStack into shubhamosmosys-prev-next-button 2021-05-26 22:13:19 +01:00
Dan Brown
eb76e882c5
Added deletion of revisions on page delete
Added testing to cover.
Closes #2668
2021-05-26 16:40:56 +01:00
Dan Brown
df0e03cd07
Reviewed PR to add import user avatars va LDAP
- Reduced options to single new configuration paramter instead of two.
- Moved more logic into UserAvatars class.
- Updated LDAP avatar import to also run on login when no image is
  currently set.
- Added thumbnail fetching to search requests.
- Added testing to cover.

Related to PR #2320, and issue #1161
2021-05-24 18:54:08 +01:00
Dan Brown
85db812fea
Merge branch 'master' of https://github.com/jasonhoule/BookStack into jasonhoule-master 2021-05-24 17:06:50 +01:00
Dan Brown
3eaf03a7ac
Reviewed tag in seach work
- Refactored some tag code bits while reviewing.
- Updated tag design in search listing to be more subtle.
- Moved tags out of entity-list-item-basic template and instead moved
  them into entity-list-item, below the existing content.
- Tweaked existing tag colors a little.
- Changed tag icon to be more tag-like.
- Added tag-on-search test case.

Review of #2487, Related to #2462
2021-05-24 16:12:09 +01:00
Dan Brown
7d94da10fb
Merge branch 'v21.04.x' 2021-05-24 13:08:51 +01:00
Dan Brown
c7322a71f7
Added theme add social driver redirect configuration callback
Allows someone using the theme system to configure the social driver
before a redirect action occurs, by passing a callback as an additional
param to the theme 'addSocialDriver' method.
2021-05-24 12:55:45 +01:00
Dan Brown
2c3523f6a1
Updated image permission setting logic
To ensure thhat the visibility is still set on local storage options
since the previous recent changes could cause problems where in
scenarios where the server user could not read images uploaded by the
php process user.

Closes #2758
2021-05-24 12:09:28 +01:00
Dan Brown
ba8ba5c634
Added testing to favourite system
- Also removed some old view service references.
- Updated TopFavourites query to be based on favourites table and join
  in the views instead of the other way around, so that favourites still
show even if they have no views.
2021-05-23 14:34:36 +01:00
Dan Brown
c2069f37cc
Added deletion of favourites on entity/user delete 2021-05-23 13:41:56 +01:00
Dan Brown
1e0aa7ee2c
Added favourites page with link from header and home 2021-05-23 13:34:08 +01:00
Dan Brown
27942f5ce8
Deleted redundant complex relationmultimodel query class 2021-05-22 14:07:57 +01:00
Dan Brown
d0ff79ea60
Revamped some complex queries, added favourites to home
- Removed old view system and started use of new query classes instead.
- Finished off RelationMultiModelQuery but found it was less efficient
than x-many queries due to the amount of tables being scanned.
Adding now for history but will delete as not used.
- Updated recently viewed to use same query system as popular items
  rather than running and joining x-entities queries.
- Added "Most Viewed Faviourites" listing to homepages.
2021-05-22 14:05:28 +01:00
Dan Brown
3de02566bf
Started building system for cross-model queries 2021-05-19 23:37:23 +01:00
Dan Brown
93fd869ba3
Started refactoring of view service
Phasing out the view service from being a generic 'service' class,
moving the core create/delete methods into the model.
The idea is that the existing query work will need to interlink
with the favourite system so maybe we have a (or many composable)
query building classes rather than mixing query building and
create/delete work as per the old service.
2021-05-16 10:49:37 +01:00
Dan Brown
bf8e7f3393
Started addition of favourite system 2021-05-16 00:29:56 +01:00
Dan Brown
68ef6a842f
Fixed issue thrown upon empty markdown content save
Closes #2741
2021-05-15 17:33:53 +01:00
Dan Brown
c1f070a136
Handle acl set of images differently for s3 and s3-like
Related to #2739
2021-05-15 17:25:51 +01:00
Dan Brown
c2cc1ec5e5
Adjusted dompdf font path to writable folder
Related to #2746
2021-05-15 12:19:36 +01:00
Dan Brown
9e7bcacf8c
Moved NotifyException render work from handler to exception
As continued from last commit.
2021-05-08 19:00:09 +01:00
Dan Brown
7be7d7d1e7
Updated not-found image path handling to have better ux
Added test to cover.
Started refactoring some of the app error handling in
the process of this.

Fixes #2696
2021-05-08 18:49:58 +01:00
Dan Brown
9cf4191079 Reviewed and updated SAML2 authncontext option
Added tests to cover.
Changed default to align with existing default.
Added env option parsing.
For #1998
2021-05-08 13:07:25 +01:00
Dan Brown
b8e2d75014 Merge branch 'ivir-authncontext' of https://github.com/ivir/BookStack into ivir-ivir-authncontext 2021-05-08 12:13:27 +01:00
Dan Brown
43b6633183 Filtered scripts in custom HTML head for exports
Since it appeared to cause problems in some scenarios.
Related to #2490
2021-05-03 23:59:52 +01:00
Dan Brown
83b576eb19
Prevented "Recently Viewed" homepage list showing non-user-viewed items
Triggered when the user has no/limited views. Added a test to cover.
Closes #2703
2021-04-27 21:05:01 +01:00
Dan Brown
f8cdd6e80d
Reduced calls for s3-based uploads
Combined the public ACL update into the put operation.
2021-04-27 20:36:42 +01:00
awarre
f8b5a0fd50 Add base64 image support 2021-04-20 23:41:21 +00:00
Dan Brown
60ffe6a993 Updated packages and added better upload failure logging
To fix #2689
Updates all packages but mainly focused on aws-sdk
2021-04-19 20:16:49 +01:00
Dan Brown
e4660a5ba2
Aligned facade accessor 2021-04-09 21:03:02 +01:00
Dan Brown
f02cfd8271 Removed mentions of 'mail' mail driver
Closes #2657
2021-03-27 15:56:36 +00:00
Dan Brown
5c9c1d1a4b Updated shelf sort to allow default sort, added testing
Done during review of #2515
2021-03-21 23:06:15 +00:00
Dan Brown
ab4c5a55b8 Merge branch 'feature/sort-shelf-books' of git://github.com/guillaumehanotel/BookStack into guillaumehanotel-feature/sort-shelf-books 2021-03-21 21:52:39 +00:00
Dan Brown
43c2fc3c37 Updated dev-docker setup to not alter phpunit.xml
Tested on my machine via fresh dev instance with tests passing.
May need old users to drop their old volume data.
2021-03-21 17:42:10 +00:00
Dan Brown
371033a0f2 Merge branch 'master' into docker-tests 2021-03-21 16:49:22 +00:00
Dan Brown
06706a2d9c Added user filter to audit log
Included testing to cover.
Closes #2472
2021-03-21 15:04:32 +00:00
Dan Brown
691db40a33 Added login/register theme events 2021-03-19 21:54:50 +00:00
Dan Brown
2ae89f2c32 Added the possibility of social provider extension via theme
Also started docs page
2021-03-19 16:22:47 +00:00
Dan Brown
9d37af9453 Added web-middleware based theme events 2021-03-17 12:56:56 +00:00
Dan Brown
c61c3bc608 Started backend theme system
Allows customization of back-end components via event-driven handling
from the theme folder.
2021-03-16 17:14:03 +00:00
Dan Brown
1420f239fc Made session cookie path dynamic based on APP_URL 2021-03-16 13:03:07 +00:00
Dan Brown
3d0e1bc9db Merge branch 'master' of git://github.com/ckleemann/BookStack into ckleemann-master 2021-03-16 12:45:12 +00:00
Dan Brown
71ccb90ef4 Amended owned by search filter to use slugs 2021-03-15 18:27:03 +00:00
Dan Brown
c8564b7792 Merge branch 'search-owned-by-me' of git://github.com/benediktvolke/BookStack into benediktvolke-search-owned-by-me 2021-03-15 18:21:09 +00:00
Dan Brown
215c69acb2 Merge image name cleaning functions
Updated testing for changes and to check existing of new expected file
name.
Related to #2611
2021-03-14 23:20:21 +00:00
Dan Brown
c1f67372a7 Merge branch 'master' of git://github.com/webfoersterei/BookStack into webfoersterei-master 2021-03-14 22:55:30 +00:00
Dan Brown
b929c0adbb Performed further cleanup in permission service 2021-03-14 20:32:33 +00:00
Dan Brown
1e5951a75f Done a refactor pass on PermissionService
Could do with splitting out into seperate query/build classess really.
Closes #2633.
2021-03-14 19:52:07 +00:00
Dan Brown
a644f64c6b
Merge branch 'v0.31.x' 2021-03-13 15:37:44 +00:00
Dan Brown
339d4ec355
Fixed misalignment of page and chapter parent book
Could occur when a chapter was moved with deleted pages.
Fixes #2632
2021-03-13 15:18:37 +00:00
Dan Brown
da929d5edc Updates search to use user slugs 2021-03-10 22:51:18 +00:00
Dan Brown
124c4d0778 Updated register paths to include user slugs 2021-03-10 22:37:53 +00:00
Dan Brown
19d79b6a0f Started rolling out user slugs to model and core controllers 2021-03-09 23:06:12 +00:00
Dan Brown
3a9caea846 Started work on user slugs
Related to #2525
2021-03-08 22:34:22 +00:00
Dan Brown
98a1e57ba9 Ran phpcbf and updated phpcs.xml 2021-03-07 22:24:05 +00:00
Dan Brown
1f2fd58e28 Merge branch 'master' of git://github.com/Ereza/BookStack into Ereza-master 2021-03-07 17:25:07 +00:00
Dan Brown
d731a4f695 Updated language lists with Bosnian, Indonesian, Latvian & Portuguese 2021-03-07 17:02:28 +00:00
Timo Förster
745d15d200
Allow uploads of files containing dots in filename. Closes BookStackApp/BookStack#2217 2021-03-04 22:27:20 +01:00
Dan Brown
4d4a57d1bf Converted some tests from BrowserKit, Updated shared helpers 2021-03-03 22:11:00 +00:00
Dan Brown
382f155f76
Better aligned handler with core laravel 2021-03-02 21:59:12 +00:00
Philip
111835f402 Adding APP_VIEWS_BOOKSHELF to .ENV 2021-02-25 07:51:38 +01:00
ckleemann
3fc935d4bb
Introduce an env variable for the Session Cookie Path 2021-02-20 14:25:28 +01:00
Benedikt Volke
6616065d82 Add filter method to search runner 2021-02-14 11:39:18 +01:00
Dan Brown
1a4797abc4 Updated update-url command to handle array values
Also added message to clear the cache after running.
For #2546
2021-02-11 23:14:37 +00:00
Dan Brown
ae353bb3f4 Updated update-url command to look at setting values
For #2546
Need to consider new JSON-array based setting values.
2021-02-10 23:47:58 +00:00
Dan Brown
54f5bf9437 Aligned setting helper with new get method changes
Also removed old unsused facade that existed for settings.
2021-02-10 23:21:49 +00:00
James Geiger
a0bfdf0e5c Code cleanup, bug squashing 2021-02-09 01:27:27 -06:00
James Geiger
7ef17bb394 PageContent return null issue 2021-02-09 00:21:07 -06:00
James Geiger
48587d2c38 Code cleanup, refactor
Updated to use Str::length for entity descriptions.
Moved function to get first image in page to PageContent class.
2021-02-09 00:16:24 -06:00
Dan Brown
b0f4500c34 Added env option for setting dark mode default
Also allowed config-centralised default user settings for this change
and bought existing user-level view options into that default settings
system to be cleaner in code usage.

For #2081
2021-02-07 23:12:05 +00:00
Dan Brown
af032f8993 Tweaked LDAP TLS Implementation
- Moved the ldap function out to our separate service for easier
  testing.
- Added testing for the option.
- Moved tls_insecure part back up above connection start as found more
  reliable there.

Done a lot of real-connection testing during this review.
Used wireshare to ensure TLS connection does take place.
Found LDAP_TLS_INSECURE=false can action unreliably, restarting php-fpm
helped.
Tested both trusted and untrusted certificates.
2021-02-07 20:00:04 +00:00
Dan Brown
f177b02cae Merge branch 'master' of git://github.com/Body4/BookStack into Body4-master 2021-02-07 18:33:10 +00:00
Dan Brown
5323cb5224 Removed some old front-end md rendering elements
Also ensured revisions were not created more often than expected.
Summary field null check was triggering revision save even when empty
since it was still in request.

Related to #1846
2021-02-06 23:11:20 +00:00
Dan Brown
9a05223e7d
Merge branch 'v0.31.x' 2021-02-06 14:22:19 +00:00
Dan Brown
a7e3c26fe3
Fixed markdown content on revision restore
Closes #2496
2021-02-06 14:14:38 +00:00
Dan Brown
37de4e2e0a
Added test for markdown page revision restore
Also added md change detection in revision saving.
2021-02-06 13:51:05 +00:00
Dan Brown
61a911dd39
Removed "isA" usages from trashcan 2021-02-06 13:29:39 +00:00
Aleksandr Sazhin
cc5d0ef4cf
Update TrashCan.php
bookshelf
2021-02-06 13:23:12 +00:00
Eduard Ereza Martínez
7893e8229f Add Catalan translation 2021-02-04 00:55:01 +01:00
Aleksandr Sazhin
88f6d3f241
Update TrashCan.php
bookshelf
2021-02-03 10:03:54 +03:00
Abijeet
a0c605faae Docker: Fix PHP tests
This creates another mysql_testing database during db service setup

Replace server with env tags in phpunit.xml in order to force
override certain parameters when tests are run. See:
https://github.com/sebastianbergmann/phpunit/issues/2353 for more
information.

Rename primary developer Docker database from bookstack-test to
bookstack-dev. bookstack-test is used as the mysql_testing database
2021-01-31 18:54:24 +05:30
Guillaume Hanotel
a7848b916b Improve sorting Shelf Books 2021-01-31 04:28:25 +01:00
Dan Brown
44c41e9e4d Updated footer links to be a configurable list
Made so footer link ordering, names and urls can be set.
Cleaned up some of the setting-service and added support for array
setting types, which are cleaned on entry and stored as json with a new
type indicator column on the settings table for auto-decode.
Also added testing to cover this feature.

Related to #1973 and #854
2021-01-31 00:23:15 +00:00
Guillaume Hanotel
26ba056302 Sort Books within Shelves 2021-01-29 08:02:18 +01:00
Dan Brown
3df6c9ac05 Updated service provider reference, added phpunit env var 2021-01-28 22:46:15 +00:00
Shubham Tiwari
99c42033b1 Add prev and next button to navigate through different pages 2021-01-27 10:15:28 +05:30
Dan Brown
7ba6962707
Removed lesser-used middleware and updated localization middleware
So that DB/User access is not explicitly enforced.
Same for GlobalViewData middleware although that was also just doubling
up on ways to access user/auth info.
Also cleaned up Localization Middleware doc blocks.
2021-01-17 13:41:43 +00:00
Dan Brown
6eda1c1fb2
Added status endpoint
For #2467
2021-01-17 13:21:57 +00:00
Dan Brown
da7c686541
Made books and shelf listing views slightly more efficient 2021-01-10 23:12:51 +00:00
Dan Brown
d0a7a8b890
Improved some query efficiencies on user list 2021-01-10 23:02:30 +00:00
Dan Brown
28c706fee3
Added strikethrough support to back-end md rendering
Needed to tweak the default library strikethrough extension
so that it uses the same element as front-end.
Added testing to cover.
For #2470.
2021-01-10 23:01:11 +00:00
Dan Brown
e5a96b0cb0
Added test case for avatar failed fetch
Fixed non-imported log issue while there.
For #2449
2021-01-10 13:29:13 +00:00
Dan Brown
526be33ab2
Fixed page copying not retaining content
Was when there was no markdown content.
Added tests to cover both HTML and markdown scenarios.
Also removed old console.log

Related to #2463
2021-01-09 19:39:09 +00:00
Dan Brown
831f441879
Added in table + tasklist markdown rendering
For parity with markdown-it renderer.
Added tests to cover.
For #2452
2021-01-09 19:04:23 +00:00
Dan Brown
bbfb330b92
Added check of owner field for manage-permissions-own
This permission was still checking based on created-by.
Updated testing to specifically check the owner since the tests
were passing by the fact of matching creator and owner.

Fixes #2445
2021-01-04 18:07:39 +00:00
Dan Brown
20729a618f
Fixed markdown content not stored on first page save
HTML content was still saved.
This changes makes the back-end check for md content
instead of html to ensure that gets stored in cases
where both are sent to the system.

Closes #2446
2021-01-04 17:52:08 +00:00
Dan Brown
14ea6c9de3
Made fixes/updates during pre-release review
- Fixed page editor default focus not working as expected due to
  misnamed attribute.
- Added owned_by to relevant areas of the API including the docs.
- Made book relation on page accessible even if deleted since it could cause an issue on views, such as audit trail, when the relation is accessed when the book is deleted.
2021-01-03 22:29:58 +00:00
Dan Brown
75a795ab72
Made a couple of fixes during testing
- Updated audit table so long entity names did not squish everything
  else.
- Added filtering to view service popular list so that recycle binned
  items did not cause issues.
2021-01-03 19:02:50 +00:00
Dan Brown
024b0d8a64
Fixed restore revision save order, Added restore summary testing
Found during review of #2353, A revision would be stored before a
restore which would result with a duplicate revision and the new summary
would be assigned against the wrong content.
This change saves the revison after restore and adds test to check the
content and summary text.
2021-01-02 16:42:05 +00:00
Dan Brown
83d77d5166
Merge branch 'master' of git://github.com/rondaa/BookStack into rondaa-master 2021-01-02 16:25:59 +00:00
Dan Brown
e53e4f85c7
Aligned norwegian lang with others and used correct locale 2021-01-02 15:58:23 +00:00
Dan Brown
a04a800258
Merge branch 'master' of git://github.com/Swoy/BookStack into Swoy-master 2021-01-02 15:45:18 +00:00
Dan Brown
92922288dd
Added iframe CSP, improved session cookie security
Added iframe CSP headers with configuration via .env.
Updated session cookies to be lax by default, dynamically changing to
none when iframes configured to allow third-party control.
Updated cookie security to be auto-secure if a https APP_URL is set.

Related to #2427 and #2207.
2021-01-02 02:43:50 +00:00
Dan Brown
588fd7d165
Fixed short editor in firefox and optimised some queries
Optimised permission fetching so that it won't initialise a bunch
of models for the role permissions and instead does a manual
query to get the data directly.
2021-01-02 01:22:41 +00:00
Dan Brown
b43f997dab
Added manual type conversion to fix failing tests 2021-01-01 18:38:54 +00:00
Dan Brown
5e686bb624
Added user ownership migrate to delete screen. 2021-01-01 18:31:01 +00:00
Dan Brown
99b14621f9
Moved permission updating to its own tool
And added support for owner changing.
2021-01-01 17:49:48 +00:00
Dan Brown
da9083bf1f
Fixed view path 2020-12-31 17:27:23 +00:00
Dan Brown
8833b5bc3b
Added user-select input 2020-12-31 17:25:20 +00:00
Dan Brown
4c580d1571
Added owners to entity creation and updated tests 2020-12-30 22:18:28 +00:00
Dan Brown
b493becadf
Started change for entities to have concept of owners 2020-12-30 18:25:35 +00:00
James Geiger
e458411f91 Create Open Graph meta tags for book/page/chapter/shelf 2020-12-21 23:20:13 -06:00
Dan Brown
4e82d93350
Updated wording of image cleanup option
As per #2352
2020-12-18 22:59:47 +00:00
Dan Brown
cf04a0d818
Merge branch 'v0.30.x' 2020-12-18 14:16:13 +00:00
Dan Brown
2acef3c2ec
Fixed issue where restricted page content in plaintext export
The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible.

As per #2414
2020-12-18 13:56:00 +00:00
Dan Brown
9884cca00c
Merge branch 'v0.30.x' 2020-12-17 21:47:59 +00:00
Dan Brown
3f3fad7113
Fixed book-tree-gen page visibility issue
When book trees were generated, pages in chapters where ALL pages within
were not supposed to be visibile, would be visible due to the code
falling back on the raw relation which would not account for
permissions.

This has now been changed so that a custom 'visible_pages' attribute is set and used by any book tree structures, to ensure it does not fall back to the raw relation.

Added an extra test to cover.

For #2414
2020-12-17 17:31:18 +00:00
Dan Brown
00308ad4ab
Cleaned up some user/image areas of the app
Further cleanup of docblocks and standardisation of repos.
2020-12-08 23:46:38 +00:00
Dan Brown
6c09334ba0
Fixed issue where page export contain system would miss images 2020-12-06 22:23:21 +00:00
Dan Brown
65b2c90522
Merge branch 'v0.30.x' 2020-12-06 21:32:01 +00:00
Dan Brown
884664bfe9
Ensured base64 images are read from image upload folder
Also removed unused storage systems and updated testing.
2020-12-06 15:34:18 +00:00
Dan Brown
8911e3f441
Removed http fetching from image base64 generation 2020-12-06 14:24:22 +00:00
Dan Brown
7d38c96a23
Removed generic "UploadService" which was doing very little 2020-12-06 12:58:40 +00:00
Dan Brown
0b01a77c16
Swapped out HTML diff implementation for own, removes tidy depdendancy 2020-11-29 19:08:13 +00:00
Dan Brown
bf8716bb22
Fixed bad collection/array mixing causing error on seed 2020-11-28 16:42:12 +00:00
Dan Brown
8aedba14a3
Added page export API controller 2020-11-28 15:39:40 +00:00
Dan Brown
53bcfe528d
Added pages API doc examples
Made some tweaks to related content and other examples while there.
2020-11-28 15:21:54 +00:00
Dan Brown
1c8102bb89
Started pages API 2020-11-22 14:56:19 +00:00
Dan Brown
ebeca256f0
Updated old exportService name in controllers 2020-11-22 01:26:14 +00:00
Dan Brown
a042e22481
Focused base Entity class cleanup
Removed some common functions from other entities.
Aligned implementation of getUrl()
Cleaned phpdocs and added typehinting.
Also extracted sibling search logic out of controller.
2020-11-22 01:20:38 +00:00
Dan Brown
ef1b98019a
Fixed some mis-refactoring and split search service
Search service broken into index and runner tools.
2020-11-22 00:17:45 +00:00
Dan Brown
c7a2d568bf
Moved models to folder, renamed managers to tools
Tools seems to fit better since the classes were a bit of a mixed bunch
and did not always manage.
Also simplified the structure of the SlugGenerator class.
Also focused EntityContext on shelves and simplified to use session
helper.
2020-11-21 23:20:54 +00:00
Dan Brown
66917520cb
Service provider and other cleanup
- Removed old 'exposeTranslations' system to instead use new component
 option system.
- Extracted validation rules into their own service provider.
- Cleaned up some formatting/comments in the repos.
2020-11-21 17:52:49 +00:00
Dan Brown
5e01c30882
Aligned constructors across controller classes
Since they no longer needed to run the parent contructor
since the parent constructor was no longer needed.
2020-11-21 17:08:37 +00:00
Dan Brown
f76a2a69f7
Cleaned up api docs implementation, added missing titles 2020-11-21 17:03:24 +00:00
Dan Brown
c0680d5717
Added latest activity into users list view 2020-11-20 20:10:18 +00:00
Dan Brown
bd6a1a66d1
Implemented remainder of activity types
Also fixed audit log to work for non-entity items.
2020-11-20 19:33:11 +00:00
Dan Brown
da37700ac2
Implemented user, api_tokem & role activity logging
Also refactored some role content, primarily updating the permission
controller to be RoleController since it only dealt with roles.
2020-11-20 18:53:01 +00:00
Dan Brown
3f7180fa99
Started widening of activity logging
In progress, Need to implement much of the logging in controllers.
Also cleaned up base controller along the way.
2020-11-18 23:40:39 +00:00
Boddy4
20f9a50cee LDAP: Added TLS support 2020-11-18 01:05:29 +01:00
Dan Brown
712ccd23c4
Updated activities table format
Renamed some columns to be more generic and applicable.
Removed now redundant book_id column.
Allowed nullable entity morph columns for non-entity activity.

Ran tests and made required changes.
2020-11-08 00:03:19 +00:00
Dan Brown
ee7e1122d3
Removed use of book_id in activity 2020-11-07 23:15:13 +00:00
Dan Brown
c157dc3490
Organised activity types and moved most to repos
Repos are generally better since otherwise we end up duplicating
things between front-end and API.

Types moved to by CONST values within a class for better visibilty
of usage and listing of types.
2020-11-07 22:37:27 +00:00
Dan Brown
4824ef2760
Merge pull request #2283 from BookStackApp/recycle_bin
Recycle Bin Implementation
2020-11-07 15:10:17 +00:00
Dan Brown
b4da081552
Checked over recycle bin parent/child flows 2020-11-07 15:05:13 +00:00
Dan Brown
df10b508d8
Enhanced how activities are shown on items in recycle bin 2020-11-07 14:28:50 +00:00
Dan Brown
ec3aeb3315
Added recycle bin auto-clear lifetime functionality 2020-11-07 13:58:23 +00:00
Dan Brown
483cb41665
Started testing work for recycle bin implementation 2020-11-06 12:54:39 +00:00
Anthony Ronda
34dc4a1b6d Automatic Restored Revision Changelog Summary Text 2020-11-03 20:46:47 -05:00
Dan Brown
3e70c661a1
Cleaned up duplicate code in recycle-bin restore 2020-11-02 22:54:00 +00:00
Dan Brown
9e033709a7
Added per-item recycle-bin delete and restore 2020-11-02 22:47:48 +00:00
Dan Brown
82e671a06d
Re-aligned init files with Laravel default
Removed the custom init elements that we added in 2017 to
custom load the helpers file and instead load via composer.

Also removed laravel-microscope package due to not running due to
helpers file.
2020-10-31 23:05:48 +00:00
Dan Brown
474770af51
Merge branch 'fixes' of git://github.com/imanghafoori1/BookStack into imanghafoori1-fixes 2020-10-31 22:11:27 +00:00
Dan Brown
6d8b0605a0
Merge branch 'xss_and_redir_patch' of git://github.com/PercussiveElbow/BookStack into xss_and_redirect 2020-10-31 15:19:33 +00:00
Dan Brown
349162ea13
Prevented possible XSS via link attachments
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
PercussiveElbow
bbd1384acb XSS and redirect fixes with test cases 2020-10-27 01:34:51 +00:00
Ole Aldric
36daa09441 Update Localization.php in Middleware with "no" tag for estimate. 2020-10-19 12:43:41 +02:00
Ole Aldric
4c5566755f updated config to also include Norwegian 2020-10-19 12:35:05 +02:00
imanghafoori
704b808e9e fixes from laravel-microscope 2020-10-16 18:40:10 +03:30