Commit Graph

63 Commits

Author SHA1 Message Date
Dan Brown
811be3a36a
Added option to change the OIDC claim regarded as the ID
Defined via a OIDC_EXTERNAL_ID_CLAIM env option.
For #3914
2023-01-26 16:43:15 +00:00
Dan Brown
24f82749ff
Updated OIDC group attr option name
To match the existing option name for display names.
Closes #3704
2022-09-06 16:33:17 +01:00
Dan Brown
e537d0c4e8
Merge pull request #3656 from BookStackApp/x_linking
Link reference tracking & updating
2022-08-29 17:45:05 +01:00
Dan Brown
d134639eca
Doubled default revision limit
Due to potential increase of revision entries due to auto-changes.
2022-08-23 16:32:07 +01:00
Dan Brown
b987bea37a
Added OIDC group sync functionality
Is generally aligned with out SAML2 group sync functionality, but for
OIDC based upon feedback in #3004.
Neeeded the tangental addition of being able to define custom scopes on
the initial auth request as some systems use this to provide additional
id token claims such as groups.

Includes tests to cover.
Tested live using Okta.
2022-08-02 16:56:56 +01:00
Dan Brown
cf73e5f2c6
Tweaked wording aroung the IP address precision option 2022-07-23 13:46:13 +01:00
Dan Brown
4e8995c3d0
Added ability to adjust stored IP address precision
Included tests to cover.

For #3560
2022-07-23 13:41:29 +01:00
Dan Brown
8b211ed461
Review and update of login auto initiation PR
For PR #3406

- Updated naming from 'redirect' to 'initate/initation'.
- Updated phpunit.xml and .env.example.complete files with the new
  option.
- Cleaned up controller logic a bit.
- Added content and design to the new initation view to not leave user
  on a blank view for a while.
- Added non-JS button to initiation view as fallback option for
  progression.
- Moved new test to it's own Test class and expanded with additional
  scenario tests for better functionality coverage.
2022-06-21 15:32:18 +01:00
Dan Brown
ac7b2dd1bf
Tweaked DRAW.IO params in complete .env file to show configure param 2022-04-27 17:52:35 +01:00
Dan Brown
0887c39694
Updated example env with LDAP group dump option 2022-03-29 11:49:02 +01:00
Dan Brown
856fca8289
Updated CSP with frame-src rules
- Configurable via 'ALLOWED_IFRAME_SOURCES' .env option.
- Also updated how CSP rules are set, with a single header being used
  instead of many.
- Also applied CSP rules to HTML export outputs.
- Updated tests to cover.

For #3314
2022-03-07 14:27:41 +00:00
Dan Brown
48d0095aa2
Added mysql-ssl-ca option to complete .env 2022-03-02 21:51:18 +00:00
Dan Brown
a709fd04b5
Added option to configure PDF export paper size
For #995
2022-01-30 17:40:42 +00:00
Dan Brown
d00ac3101d
Allowed database queue usage where desired 2021-12-13 18:34:18 +00:00
Dan Brown
867cbe15ea
Added link to OIDC docs in .env.example.complete 2021-12-07 13:45:43 +00:00
Dan Brown
85154fff69
Added an env configurable file upload size limit
Replaces the old suggestion of setting JS head 'window.uploadLimit'
variable. This new env option will be used by back-end validation and
front-end libs/logic too.

Limits already likely exist within prod environments at a PHP and
webserver level but this allows an app-level limit and centralises the
option on the BookStack side into the .env

Closes #3033
2021-11-14 22:03:22 +00:00
Dan Brown
98072ba4a9
Reviewed SAML SLS changes for ADFS, #2902
- Migrated env usages to config.
- Removed potentially unneeded config options or auto-set signed options
  based upon provision of certificate.
- Aligned SP certificate env option naming with similar IDP option.

Tested via AFDS on windows server 2019. To test on other providers.
2021-10-23 17:26:01 +01:00
Dan Brown
2e9ac21b38
Merge branch 'master' of https://github.com/theodor-franke/BookStack into theodor-franke-master 2021-10-21 14:04:23 +01:00
Dan Brown
06a0d829c8
Added OIDC basic autodiscovery support 2021-10-12 23:00:52 +01:00
Dan Brown
2ec0aa85ca
Started refactor for merge of OIDC
- Made oidc config more generic to not be overly reliant on the library
  based upon learnings from saml2 auth.
- Removed any settings that are redundant or not deemed required for
  initial implementation.
- Reduced some methods down where not needed.
- Renamed OpenID to OIDC
- Updated .env.example.complete to align with all options and their
  defaults

Related to #2169
2021-10-06 17:12:01 +01:00
Dan Brown
193d7fb3fe
Merge branch 'openid' of https://github.com/jasperweyne/BookStack into jasperweyne-openid 2021-10-06 13:18:21 +01:00
Dan Brown
025442fcd9
Reviewed addition to db table prefix
Review of #2935

- Removed from .env files and added warnings for use if found in config
  file.
- Updated permission service to use whereColumn queries to auto-handle
  use of prefixes.
2021-09-29 18:41:11 +01:00
Dan Brown
0f66c8a0cc
Merge branch 'floviolleau-db-prefixes' of https://github.com/floviolleau/BookStack into floviolleau-floviolleau-db-prefixes 2021-09-29 18:13:38 +01:00
Dan Brown
887a79f130
Reviewed adding IP recording to activity & audit log
Review of #2936

- Added testing to cover
- Added APP_PROXIES to .env.example.complete with details.
- Renamed migration to better align the name and to set the migration
  date to fit with production deploy order.
- Removed index from IP column in migration since an index does not yet
  provide any value.
- Updated table header text label.
- Prevented IP recording when in demo mode.
2021-09-26 17:18:12 +01:00
floviolleau
dbfa2d58ed
Allow to use DB tables prefix 2021-09-19 14:33:54 +02:00
Dan Brown
bee5e2c7ca
Added untrusted server fetching control
WKHTMLtoPDF provides limited control for external fetching
so that will now be disabled by default unless
ALLOW_UNTRUSTED_SERVER_FETCHING=true is specifically set.
This new option will also control DOMPDF fetching.
2021-08-31 20:22:42 +01:00
Franke
75749ef336 Fixed SAML logout for ADFS. 2021-08-30 14:35:11 +02:00
Dan Brown
fdabafffda
Added thumbnail attribute to complete .env 2021-05-30 15:22:58 +01:00
Dan Brown
9cf4191079 Reviewed and updated SAML2 authncontext option
Added tests to cover.
Changed default to align with existing default.
Added env option parsing.
For #1998
2021-05-08 13:07:25 +01:00
Dan Brown
b8e2d75014 Merge branch 'ivir-authncontext' of https://github.com/ivir/BookStack into ivir-ivir-authncontext 2021-05-08 12:13:27 +01:00
Dan Brown
f02cfd8271 Removed mentions of 'mail' mail driver
Closes #2657
2021-03-27 15:56:36 +00:00
Dan Brown
1420f239fc Made session cookie path dynamic based on APP_URL 2021-03-16 13:03:07 +00:00
Dan Brown
3d0e1bc9db Merge branch 'master' of git://github.com/ckleemann/BookStack into ckleemann-master 2021-03-16 12:45:12 +00:00
Philip
111835f402 Adding APP_VIEWS_BOOKSHELF to .ENV 2021-02-25 07:51:38 +01:00
ckleemann
3fc935d4bb
Introduce an env variable for the Session Cookie Path 2021-02-20 14:25:28 +01:00
Dan Brown
b0f4500c34 Added env option for setting dark mode default
Also allowed config-centralised default user settings for this change
and bought existing user-level view options into that default settings
system to be cleaner in code usage.

For #2081
2021-02-07 23:12:05 +00:00
Dan Brown
f177b02cae Merge branch 'master' of git://github.com/Body4/BookStack into Body4-master 2021-02-07 18:33:10 +00:00
Dan Brown
92922288dd
Added iframe CSP, improved session cookie security
Added iframe CSP headers with configuration via .env.
Updated session cookies to be lax by default, dynamically changing to
none when iframes configured to allow third-party control.
Updated cookie security to be auto-secure if a https APP_URL is set.

Related to #2427 and #2207.
2021-01-02 02:43:50 +00:00
Boddy4
20f9a50cee LDAP: Added TLS support 2020-11-18 01:05:29 +01:00
Dan Brown
4824ef2760
Merge pull request #2283 from BookStackApp/recycle_bin
Recycle Bin Implementation
2020-11-07 15:10:17 +00:00
Dan Brown
ec3aeb3315
Added recycle bin auto-clear lifetime functionality 2020-11-07 13:58:23 +00:00
Dan Brown
8b0f5e7000
Updated draw.io references to diagrams.net
Related to #2044
2020-09-28 20:45:38 +01:00
Dan Brown
73b4c6d947
Fixed some wording in example env 2020-09-19 23:09:08 +01:00
Dan Brown
2ed0317129
Updated functionality for logging failed access
- Added testing to cover.
- Linked logging into Laravel's monolog logging system and made log
channel configurable.
- Updated env var names to be specific to login access.
- Added extra locations as to where failed logins would be captured.

Related to #1881 and #728
2020-07-28 12:59:43 +01:00
Dan Brown
2f6ff07347
Merge branch 'auth' of git://github.com/benrubson/BookStack into benrubson-auth 2020-07-28 10:46:40 +01:00
Jasper Weyne
07a6d7655f First basic OpenID Connect implementation 2020-07-01 23:27:50 +02:00
benrubson
58df3ad956 Log failed accesses option 2020-05-03 16:20:02 +02:00
Dan Brown
5f61620cc2
Added support for changing the draw.io instance URL
- Allowed DRAWIO env option to be passed as URL to point to instance.
- Updated tests to check URL gets passed to pages correctly.
- Update default URL to be the default theme.

For #826
2020-04-05 17:27:16 +01:00
Jan Mareš
034478409e Add support Windows Authentication via SAML 2020-04-03 14:05:07 +02:00
Dan Brown
29cc35a304
Added dump_user_details option to LDAP and added binary attribute decode option
Related to #1872
2020-02-15 20:31:23 +00:00