Commit Graph

2849 Commits

Author SHA1 Message Date
Dan Brown
773be963ba
Updated auth changes to work with remember me 2021-08-07 22:32:19 +01:00
Dan Brown
ef9354a0cb
Verified mfa session expires on logout
Since sessions are invalidated upon logout.
2021-08-07 21:53:13 +01:00
Dan Brown
39a205ed28
Quick test of email confirmation routes and fix of tests 2021-08-07 21:18:59 +01:00
Dan Brown
70f39757b1
Updated API auth handling of email confirmations
Email confirmations are now done within the guard during auth checking
instead of at the middleware layer.
2021-08-05 22:07:08 +01:00
Dan Brown
c429cf7818
Merge branch 'v21.05.x' 2021-08-04 21:32:29 +01:00
Dan Brown
65ebffa002
Updated when github actions run 2021-08-04 21:22:53 +01:00
Dan Brown
a04064f981
Updated php dependancies up minor versions 2021-08-04 21:10:55 +01:00
Dan Brown
7d19057e68
Fixed issue where user id still used on profile pages
Updated to use slugs and added testing to cover.
2021-08-04 21:08:51 +01:00
Dan Brown
0de0507137
Added vb.net code language option
Related to #2869
2021-08-04 20:56:34 +01:00
Dan Brown
7a8954ee65
Fixed audit log user dropdown usability issue
User search input blur would trigger the submission of the search
filters which would cause strange thing where you'd click on a search
filtered user which would blur the input hence submit, but the user
would think they've clicked the user and the page would reload but the
input had not updated at that point.

Related to #2863
2021-08-04 20:48:23 +01:00
Francesco Franchina
a3ad840bdd Adding Lithuanian language 2021-08-03 23:42:34 +02:00
Dan Brown
9b271e559f
Worked on MFA setup required flow
- Restructured some of the route naming to be a little more consistent.
- Moved the routes about to be more logically in one place.
- Created a new middleware to handle the auth of people that should be
  allowed access to mfa setup routes, since these could be used by
  existing logged in users or by people needing to setup MFA on access.
- Added testing to cover MFA setup required flow.
- Added TTL and method tracking to session last-login tracking system.
2021-08-02 22:02:25 +01:00
Dan Brown
4597069083
Added Backup code verification logic
Also added testing to cover as part of this in addition to adding the
core backup code handling required.

Also added the standardised translations for switching mfa mode and
adding testing for this switching.
2021-08-02 16:35:37 +01:00
Dan Brown
a3f19ebe96
Added TOTP verification upon access 2021-08-02 15:04:43 +01:00
Dan Brown
1af5bbf3f7
Added login redirect system to confirm/mfa
Also continued a bit on the MFA verification system.
Moved some MFA routes to public space using updated login service to get
the current user that is either logged in or last attempted login (With
correct creds).
2021-07-18 16:52:31 +01:00
Dan Brown
1278fb4969
Started moving MFA and email confirmation to new login flow
Instead of being soley middleware based.
2021-07-17 18:24:50 +01:00
Dan Brown
9249addb5c
Updated all login events to route through single service 2021-07-17 17:45:00 +01:00
Dan Brown
78f9c01519
Started on some MFA access-time checks
Discovered some difficult edge cases:
- User image loading in header bar when using local_secure storage
- 404s showing user-specific visible content due to content listing on
  404 page since user is in semi-logged in state. Maybe need to go
  through and change up how logins are handled to centralise and
  provide us better control at login time to prevent any auth level.
2021-07-16 23:23:36 +01:00
Dan Brown
f696aa5eea
Added the ability to remove an MFA method
Includes testing to cover
2021-07-14 21:27:21 +01:00
Dan Brown
7c86c26cd0
Added command to reset user MFA
Includes tests to cover the command.
2021-07-14 20:50:36 +01:00
Dan Brown
cfc0c593db
Added MFA indicator to user list
Also fixed issue with showing incorrect MFA method count on user edit
page changes done in last commit
2021-07-14 20:19:05 +01:00
Dan Brown
bb43acef21
Added MFA setup link on user edit view 2021-07-14 20:06:41 +01:00
Dan Brown
09c2814dc7
Added role based MFA control
- Added new DB column for control and role updated create/update actions.
- Created new middleware as a start to actual enforcement logic.
- Added indicator to role list of whether MFA is enforced.
2021-07-03 13:34:48 +01:00
Dan Brown
1c43602f4b
Merge branch 'v21.05.x' 2021-07-03 12:02:13 +01:00
Dan Brown
b1ee1a856f
Updated php dependancies for minor release 2021-07-03 11:57:32 +01:00
Dan Brown
4da72aa267
Fixed issue with translation loading without theme
System was using the empty state return from theme_path,
when no theme was configured, for loading in languages
which would result in the root path being looked up upon.

This changes the theme_path helper to return null in cases a theme
is not configured instead of empty string to help prevent assumed
return path will be legitimate, and to help enforce error case
handling.

For #2836
2021-07-03 11:53:46 +01:00
Dan Brown
529971c534
Added backup code setup flow
- Includes testing to cover flow.
- Moved TOTP logic to its own controller.
- Added some extra totp tests.
2021-07-02 20:53:33 +01:00
Dan Brown
83c8f73142
Covered TOTP setup with testing 2021-07-02 19:51:30 +01:00
Dan Brown
916a82616f
Complete base flow for TOTP setup
- Includes DB storage and code validation.
- Extracted TOTP work to its own service file.
- Still needs testing to cover this side of things.
2021-06-30 22:10:02 +01:00
Dan Brown
d25cd83d8e
Added TOTP generation view and started verification stage
Also updated MFA setup view to have settings-like listed interface to
make it possible to extend with extra options in the future.
2021-06-29 22:06:49 +01:00
Dan Brown
efb6a6b457
Started barebones work of MFA system 2021-06-28 22:02:45 +01:00
Dan Brown
f295ab87b4
Updated comments of theme event to match usage 2021-06-28 21:17:10 +01:00
Dan Brown
ca8be9af3c
Swapped PHPCS for StyleCI
Trying out StyleCI as an automated easy way to ensure code style is
consistent across the PHP codebase.
PHPCS+PHPCBF was good but I wouldn't run it enough then I'd get paranoid
about running it with pending PRs. Better to let the robots stay on top
of things.
2021-06-26 16:40:29 +01:00
Dan Brown
0155525945
Merge pull request #2820 from BookStackApp/analysis-6470L9
Apply fixes from StyleCI
2021-06-26 16:28:09 +01:00
Dan Brown
934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown
3a402f6adc
Review of #2682, Also added parent deletion link on restore
On restore, added a link to the parent deletion restore if any exists
on a cascading parent. Added a test to cover this case to ensure its shown.

Also tweaked default empty state message on recycle bin item list to align
with new column count.

Also done a little existing code cleanup including a getUrl helper on
the deletion items.

Related to #2682 & #2594
2021-06-26 12:12:11 +01:00
Dan Brown
8a9505bf8c
Merge branch 'master' of https://github.com/arjvand/BookStack into arjvand-master 2021-06-26 11:19:21 +01:00
Dan Brown
265f5db03f
Reviewed #2393, Removed image guessing and added testing
For review of meta tag additions as per PR #2393.
This commit removes any image guesswork and only uses images that have
been set by the author for the specific content.
This also adds tests to cover the expected OG tags.
2021-06-23 20:42:48 +01:00
Dan Brown
58fa7679bc
Merge branch 'create-content-meta-tags' of https://github.com/james-geiger/BookStack into james-geiger-create-content-meta-tags 2021-06-23 20:11:07 +01:00
Dan Brown
992f03a3c0
Added markdown export endpoints to API
- Added tests to cover.
- Added slight extra spaces at content joins.
2021-06-22 21:39:29 +01:00
Dan Brown
57ea2e92ec
Updated markdown export implementation
- Removed ZIP system for now, until the idea can be fleshed out.
- Added testing to cover.
- Upgraded used library.
- Added custom handling for BookStack callouts.
- Added HTML cleanup to better produce output for things like code
  blocks.
2021-06-22 21:02:18 +01:00
Dan Brown
9af636bd48
Merge branch 'markdown-export' of https://github.com/nikhiljha/BookStack-1 into nikhiljha-markdown-export 2021-06-22 19:12:24 +01:00
Dan Brown
3dda622f0a
Added a "skip to content" link.
Closes #2810
2021-06-15 20:58:45 +01:00
Dan Brown
7d951b842c
Made social account detach a POST request
Closes #2808
2021-06-14 22:37:58 +01:00
Dan Brown
94bf5b8fbb
Added test for social account detach 2021-06-14 22:30:53 +01:00
Dan Brown
3d5899d28c
Fixed issue with using old non-existing reference in controller
Also done a little code cleanup.
2021-06-13 14:16:09 +01:00
Dan Brown
917d7428d6
Updated composer.lock 2021-06-13 14:06:56 +01:00
Dan Brown
bcc01bd8ff
New Crowdin updates (#2790)
* New translations common.php (Indonesian)

* New translations entities.php (Indonesian)

* New translations errors.php (Indonesian)

* New translations auth.php (Chinese Simplified)

* New translations auth.php (Chinese Simplified)

* New translations errors.php (Indonesian)

* New translations entities.php (Indonesian)

* New translations errors.php (Indonesian)

* New translations settings.php (Indonesian)

* New translations validation.php (Indonesian)

* New translations settings.php (Spanish, Argentina)
2021-06-13 14:04:23 +01:00
Dan Brown
2c34a99248
Merge pull request #2791 from BookStackApp/attachments_open_in_browser
Attachment serving without forced download
2021-06-13 14:03:08 +01:00
Dan Brown
789d17ab3f
Updated platform deps and development version number 2021-06-13 13:57:29 +01:00