Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,960 Commits 18 Branches 197 Tags 95 MiB
3e97fdf827
Commit Graph

2960 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Brown
8c01c55684
Added token and key handling elements for oidc jwt 
- Got basic signing support and structure checking done.
- Need to run through actual claim checking before providing details
  back to app.
 2021-10-11 19:05:16 +01:00
Dan Brown
69301f7575
Merge pull request #2965 from Haxatron/master 
Update DOMPDF chroot directory
 2021-10-11 10:25:28 +01:00
Dan Brown
8ce696dff6
Started on a custom oidc oauth provider 2021-10-10 19:14:08 +01:00
Haxatron
b043257d9a
Update dompdf.php 
base_path => public_path
 2021-10-10 01:06:08 +08:00
Dan Brown
ca764caf2d
Added throttling to password reset requests 2021-10-08 23:19:37 +01:00
Dan Brown
543ea6ef71
Updated translator attribution before release v21.08.5 2021-10-08 22:24:32 +01:00
Dan Brown
a9b3df537f
Applied changes from styleci 2021-10-08 22:23:17 +01:00
Dan Brown
c2339ac9db
New Crowdin updates (#2953) 
* New translations settings.php (Chinese Simplified)

* New translations entities.php (Slovak)

* New translations entities.php (Portuguese, Brazilian)

* New translations entities.php (Slovenian)

* New translations entities.php (Swedish)

* New translations entities.php (Turkish)

* New translations entities.php (Ukrainian)

* New translations entities.php (Chinese Simplified)

* New translations entities.php (Chinese Traditional)

* New translations entities.php (Indonesian)

* New translations entities.php (Portuguese)

* New translations entities.php (Persian)

* New translations entities.php (Spanish, Argentina)

* New translations entities.php (Croatian)

* New translations entities.php (Latvian)

* New translations entities.php (Bosnian)

* New translations entities.php (Norwegian Bokmal)

* New translations entities.php (Russian)

* New translations entities.php (Polish)

* New translations entities.php (Vietnamese)

* New translations entities.php (Danish)

* New translations entities.php (French)

* New translations entities.php (Spanish)

* New translations entities.php (Arabic)

* New translations entities.php (Bulgarian)

* New translations entities.php (Catalan)

* New translations entities.php (Czech)

* New translations entities.php (German)

* New translations entities.php (Dutch)

* New translations entities.php (Hebrew)

* New translations entities.php (Hungarian)

* New translations entities.php (Italian)

* New translations entities.php (Japanese)

* New translations entities.php (Korean)

* New translations entities.php (Lithuanian)

* New translations entities.php (German Informal)

* New translations entities.php (French)

* New translations entities.php (Spanish)

* New translations settings.php (Czech)

* New translations entities.php (Czech)

* New translations activities.php (Czech)

* New translations auth.php (Czech)

* New translations common.php (Czech)

* New translations validation.php (Czech)

* New translations entities.php (Portuguese)

* New translations settings.php (Portuguese)

* New translations entities.php (Portuguese)

* New translations activities.php (Portuguese)

* New translations auth.php (Portuguese)

* New translations common.php (Portuguese)

* New translations validation.php (Portuguese)

* New translations entities.php (Chinese Simplified)

* New translations entities.php (Chinese Simplified)

* New translations activities.php (Ukrainian)

* New translations activities.php (Ukrainian)
 2021-10-08 22:22:01 +01:00
Dan Brown
41541df6ec
Added testing to cover work done in last commit 
Relevant to comments in 7224fbcc89.
Added test cases. Ensured they failed pre-commit.
Also tested a range of the altered endpoints manually on both local and
s3-like filesystems.
 2021-10-08 21:47:59 +01:00
Dan Brown
7224fbcc89
Added protections against path traversal in file system operations 
- Files within the storage/ path could be accessed via path traversal
  references in content, accessed upon HTML export.
- This addresses this via two layers:
  - Scoped local flysystem filesystems down to the specific image &
    file folders since flysystem has built-in checking against the
    escaping of the root folder.
  - Added path normalization before enforcement of uploads/{images,file}
    prefix to prevent traversal at a path level.

Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/
 2021-10-08 17:47:14 +01:00
Dan Brown
81d6b1b016
Fixed search query issues when table prefixes are used 
- Old raw select query was causing bad select clause in query
  when table prefixes were active.
 2021-10-08 15:25:12 +01:00
Dan Brown
41ac69adb1
Forced response cache revalidation on logged-in responses 
- Prevents authenticated responses being visible when back button
  pressed in browser.
- Previously, 'no-cache, private' was added by default by Symfony which
  would have prevents proxy cache issues but this adds no-store and a
  max-age option to also invalidate all caching.

Thanks to @haxatron via huntr.dev
Ref: https://huntr.dev/bounties/6cda9df9-4987-4e1c-b48f-855b6901ef53/
 2021-10-08 15:22:09 +01:00
Dan Brown
41438adbd1
Continued review of #2169 
- Removed uneeded custom refresh or logout actions for OIDC.
- Restructured how the services and guards are setup for external auth
  systems. SAML2 and OIDC now directly share a lot more logic.
- Renamed any OpenId references to OIDC or OpenIdConnect
- Removed non-required CSRF excemption for OIDC

Not tested, Come to roadblock due to lack of PHP8 support in upstream
dependancies. Certificate was deemed to be non-valid on every test
attempt due to changes in PHP8.
 2021-10-06 23:05:26 +01:00
Dan Brown
2ec0aa85ca
Started refactor for merge of OIDC 
- Made oidc config more generic to not be overly reliant on the library
  based upon learnings from saml2 auth.
- Removed any settings that are redundant or not deemed required for
  initial implementation.
- Reduced some methods down where not needed.
- Renamed OpenID to OIDC
- Updated .env.example.complete to align with all options and their
  defaults

Related to #2169
 2021-10-06 17:12:01 +01:00
Dan Brown
193d7fb3fe
Merge branch 'openid' of https://github.com/jasperweyne/BookStack into jasperweyne-openid 2021-10-06 13:18:21 +01:00
Dan Brown
55be75dee2
Merge pull request #2957 from BookStackApp/dependabot/composer/composer/composer-2.1.9 
Bump composer/composer from 2.1.8 to 2.1.9
 2021-10-06 10:52:02 +01:00
dependabot[bot]
644bbebb6e
Bump composer/composer from 2.1.8 to 2.1.9 
Bumps [composer/composer](https://github.com/composer/composer) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/composer/composer/compare/2.1.8...2.1.9)

---
updated-dependencies:
- dependency-name: composer/composer
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-05 20:57:31 +00:00
Dan Brown
f99af807d0
Reviewed and refactored additional editor draft save warnings 
- Added testing to cover warning cases.
- Refactored logic to be simpler and move much of the business out of
  the controller.
- Added new message that's more suitable to the case this was handling.
- For detecting an outdated draft, checked the draft created_at time
  instead of updated_at to better fit the scenario being checked.
- Updated some method types to align with those potentially being used
  in the logic of the code.
- Added a cache of shown messages on the front-end to prevent them
  re-showing on every save during the session, even if dismissed.
 2021-10-04 20:26:55 +01:00
Dan Brown
756b55bbff
Merge branch 'conflict_warnings' of https://github.com/MatthieuParis/BookStack into MatthieuParis-conflict_warnings 2021-10-04 17:10:40 +01:00
Dan Brown
e37bbf2925
Updated translator attribution before release v21.08.4 2021-10-04 16:24:17 +01:00
Dan Brown
ec61e45a2b
New Crowdin updates (#2926) 
* New translations settings.php (French)

* New translations auth.php (French)

* New translations settings.php (French)

* New translations entities.php (French)

* New translations activities.php (French)

* New translations common.php (French)

* New translations entities.php (French)

* New translations common.php (French)

* New translations components.php (French)

* New translations settings.php (French)

* New translations auth.php (French)

* New translations settings.php (Russian)

* New translations validation.php (Russian)

* New translations settings.php (Russian)

* New translations auth.php (Russian)

* New translations settings.php (Russian)

* New translations auth.php (Russian)

* New translations entities.php (French)

* New translations auth.php (French)

* New translations entities.php (French)

* New translations auth.php (French)

* New translations settings.php (French)

* New translations validation.php (French)

* New translations settings.php (French)

* New translations entities.php (French)

* New translations errors.php (French)

* New translations passwords.php (French)

* New translations settings.php (French)

* New translations entities.php (French)

* New translations settings.php (French)

* New translations entities.php (German)

* New translations settings.php (German)

* New translations entities.php (German Informal)

* New translations settings.php (German Informal)

* New translations settings.php (German)

* New translations settings.php (German Informal)

* New translations settings.php (French)

* New translations settings.php (Vietnamese)

* New translations settings.php (Slovenian)

* New translations settings.php (Swedish)

* New translations settings.php (Turkish)

* New translations settings.php (Ukrainian)

* New translations settings.php (Chinese Simplified)

* New translations settings.php (Chinese Traditional)

* New translations settings.php (Portuguese, Brazilian)

* New translations settings.php (Portuguese)

* New translations settings.php (Indonesian)

* New translations settings.php (Persian)

* New translations settings.php (Spanish, Argentina)

* New translations settings.php (Croatian)

* New translations settings.php (Latvian)

* New translations settings.php (Bosnian)

* New translations settings.php (Slovak)

* New translations settings.php (Polish)

* New translations settings.php (Russian)

* New translations settings.php (Czech)

* New translations settings.php (German)

* New translations settings.php (German Informal)

* New translations settings.php (Spanish)

* New translations settings.php (Arabic)

* New translations settings.php (Bulgarian)

* New translations settings.php (Catalan)

* New translations settings.php (Danish)

* New translations settings.php (Dutch)

* New translations settings.php (Hebrew)

* New translations settings.php (Hungarian)

* New translations settings.php (Italian)

* New translations settings.php (Japanese)

* New translations settings.php (Korean)

* New translations settings.php (Lithuanian)

* New translations settings.php (Norwegian Bokmal)

* New translations settings.php (Spanish)

* New translations activities.php (Slovak)

* New translations errors.php (Slovak)

* New translations settings.php (Slovak)

* New translations auth.php (Slovak)

* New translations common.php (Slovak)

* New translations entities.php (Slovak)

* New translations settings.php (Slovak)

* New translations activities.php (Slovak)

* New translations settings.php (French)

* New translations settings.php (Russian)

* New translations settings.php (German)

* New translations settings.php (Polish)

* New translations validation.php (Polish)

* New translations auth.php (Vietnamese)

* New translations auth.php (Vietnamese)

* New translations activities.php (Vietnamese)

* New translations common.php (Vietnamese)

* New translations entities.php (Vietnamese)

* New translations settings.php (Chinese Simplified)

* New translations settings.php (Italian)

* New translations auth.php (Italian)

* New translations common.php (Italian)

* New translations common.php (German)

* New translations common.php (German Informal)

* New translations settings.php (German)

* New translations common.php (German)

* New translations common.php (German Informal)

* New translations errors.php (German)
 2021-10-04 16:22:16 +01:00
Dan Brown
d3a9645161
Allowed page includes on custom home 
For #2279
Old hold-over for when include content permissions were handled less
delicately.
 2021-10-04 11:26:26 +01:00
Dan Brown
505d7e604e
Applied StyleCI changes 2021-09-29 23:53:11 +01:00
Dan Brown
025442fcd9
Reviewed addition to db table prefix 
Review of #2935

- Removed from .env files and added warnings for use if found in config
  file.
- Updated permission service to use whereColumn queries to auto-handle
  use of prefixes.
 2021-09-29 18:41:11 +01:00
Dan Brown
0f66c8a0cc
Merge branch 'floviolleau-db-prefixes' of https://github.com/floviolleau/BookStack into floviolleau-floviolleau-db-prefixes 2021-09-29 18:13:38 +01:00
Dan Brown
887a79f130
Reviewed adding IP recording to activity & audit log 
Review of #2936

- Added testing to cover
- Added APP_PROXIES to .env.example.complete with details.
- Renamed migration to better align the name and to set the migration
  date to fit with production deploy order.
- Removed index from IP column in migration since an index does not yet
  provide any value.
- Updated table header text label.
- Prevented IP recording when in demo mode.
 2021-09-26 17:18:12 +01:00
Dan Brown
8972f7b212
Merge branch 'log-ip-address' of https://github.com/johnroyer/BookStack into johnroyer-log-ip-address 2021-09-26 16:17:28 +01:00
Dan Brown
c100560bd9
Applied style ci changes again 2021-09-26 15:49:25 +01:00
Dan Brown
05d99a312d
Applied styleci changes 2021-09-26 15:48:22 +01:00
Dan Brown
5c7eb0df57
Caught old string helper function usage 
Found by Laravel Shift Workbench
 2021-09-26 15:41:11 +01:00
Dan Brown
c32b315cd7
Standardised facade usage to use via their FQCN 
Done via Laravel Shift Workbench
 2021-09-26 15:37:55 +01:00
Zero
c0da5616f3 Fix coding style 2021-09-23 11:07:13 +08:00
Zero
6418824139 Update translation file 2021-09-20 11:29:14 +08:00
Zero
b834f58e87 Add user IP into audit table 2021-09-20 11:29:14 +08:00
Zero
8efaeb068b Save user IP to audit log 2021-09-20 11:29:14 +08:00
Zero
5cf0c99e32 Add IP column 2021-09-20 11:29:14 +08:00
floviolleau
dbfa2d58ed
Allow to use DB tables prefix 2021-09-19 14:33:54 +02:00
floviolleau
f8abad1e3b
Allow to use DB tables prefix 2021-09-19 14:32:35 +02:00
floviolleau
1a8ae41263
Allow to use DB tables prefix 2021-09-19 14:31:18 +02:00
floviolleau
00af40ab14
Allow to use DB tables prefix 2021-09-19 14:28:57 +02:00
Dan Brown
ffdfdc7449
Fixed dodgy test helper signature causing tests to fail 
Just needed some argument defaults to make them optional for existing
uses.
 2021-09-18 21:29:42 +01:00
Dan Brown
ba075b46f9
Merge pull request #2928 from BookStackApp/browserkit_removal 
Convert old BrowserKit tests
 2021-09-18 21:28:16 +01:00
Dan Brown
c08c8d7aa3
Applied styleci style changes 2021-09-18 21:21:44 +01:00
Dan Brown
6454e24657
Removed browserkit testing from project 
Converted last bits of the roles tests and removed dependancies.
Updated other PHP dependancies at the same time.
 2021-09-18 21:20:38 +01:00
Dan Brown
d74255df5d
Started updating RolesTest away from Browserkit 2021-09-18 00:33:03 +01:00
Dan Brown
a4d9bca9e1
Converted AuthTest away from BrowserKit 
Moved some user managment tests out to more relevant classess along the
way.
Found some tweaks to make for email confirmation routing as part of
this.
 2021-09-17 23:44:54 +01:00
Dan Brown
90c759e5ca
Rewrote entity permissions tests to be non-browser-kit 2021-09-17 22:35:28 +01:00
Dan Brown
5d93dd258e
Finished moving EntityTests out to new TestCase files 2021-09-17 21:29:16 +01:00
Dan Brown
de8cceb0f7
Moved more tests out of EntityTest 2021-09-15 22:18:37 +01:00
Dan Brown
8a7408bd31
Fixed social auth login audit log messages 
Was logging the whole social account instance instead of just the
method.
Updated tests to cover.

Fixes #2930
 2021-09-15 20:55:10 +01:00