Dan Brown
c9c0e5e16f
Fixed guest user email showing in TOTP setup url
...
- Occured during enforced MFA setup upon login.
- Added test to cover.
Fixes #2971
2021-10-14 18:02:16 +01:00
Dan Brown
d21b60079c
Merge pull request #2977 from BookStackApp/custom_debug_view
...
Added custom whoops-based debug view
2021-10-14 17:41:06 +01:00
Dan Brown
ffa4377e65
Added testing to cover debug view
2021-10-14 17:40:22 +01:00
Dan Brown
9b8bb49a33
Added custom whoops-based debug view
...
Provides a simple bookstack focused view that does not rely on JavaScript.
Contains links to BookStack specific resources in addition to commonly
desired debug details.
2021-10-14 15:33:08 +01:00
Dan Brown
855409bc4f
Fixed lack of oidc discovery filtering during testing
...
Tested oidc system on okta, Keycloak & Auth0
2021-10-14 13:37:55 +01:00
Dan Brown
a5d72aa458
Fleshed out testing for OIDC system
2021-10-13 16:51:27 +01:00
Dan Brown
c167f40af3
Renamed OIDC files to all be aligned
2021-10-12 23:04:28 +01:00
Dan Brown
06a0d829c8
Added OIDC basic autodiscovery support
2021-10-12 23:00:52 +01:00
Dan Brown
790723dfc5
Added further OIDC core class testing
2021-10-12 16:48:54 +01:00
Dan Brown
f3d54e4a2d
Added positive test case for OIDC implementation
...
- To continue coverage and spec cases next.
2021-10-12 00:01:51 +01:00
Dan Brown
6b182a435a
Got OIDC custom solution to a functional state
...
- Validation of all key/token elements now in place.
- Signing key system updated to work with jwk-style array or with
file:// path to pem key.
2021-10-11 23:00:45 +01:00
Dan Brown
8c01c55684
Added token and key handling elements for oidc jwt
...
- Got basic signing support and structure checking done.
- Need to run through actual claim checking before providing details
back to app.
2021-10-11 19:05:16 +01:00
Dan Brown
69301f7575
Merge pull request #2965 from Haxatron/master
...
Update DOMPDF chroot directory
2021-10-11 10:25:28 +01:00
Dan Brown
8ce696dff6
Started on a custom oidc oauth provider
2021-10-10 19:14:08 +01:00
Haxatron
b043257d9a
Update dompdf.php
...
base_path => public_path
2021-10-10 01:06:08 +08:00
Dan Brown
ca764caf2d
Added throttling to password reset requests
2021-10-08 23:19:37 +01:00
Dan Brown
543ea6ef71
Updated translator attribution before release v21.08.5
2021-10-08 22:24:32 +01:00
Dan Brown
a9b3df537f
Applied changes from styleci
2021-10-08 22:23:17 +01:00
Dan Brown
c2339ac9db
New Crowdin updates ( #2953 )
...
* New translations settings.php (Chinese Simplified)
* New translations entities.php (Slovak)
* New translations entities.php (Portuguese, Brazilian)
* New translations entities.php (Slovenian)
* New translations entities.php (Swedish)
* New translations entities.php (Turkish)
* New translations entities.php (Ukrainian)
* New translations entities.php (Chinese Simplified)
* New translations entities.php (Chinese Traditional)
* New translations entities.php (Indonesian)
* New translations entities.php (Portuguese)
* New translations entities.php (Persian)
* New translations entities.php (Spanish, Argentina)
* New translations entities.php (Croatian)
* New translations entities.php (Latvian)
* New translations entities.php (Bosnian)
* New translations entities.php (Norwegian Bokmal)
* New translations entities.php (Russian)
* New translations entities.php (Polish)
* New translations entities.php (Vietnamese)
* New translations entities.php (Danish)
* New translations entities.php (French)
* New translations entities.php (Spanish)
* New translations entities.php (Arabic)
* New translations entities.php (Bulgarian)
* New translations entities.php (Catalan)
* New translations entities.php (Czech)
* New translations entities.php (German)
* New translations entities.php (Dutch)
* New translations entities.php (Hebrew)
* New translations entities.php (Hungarian)
* New translations entities.php (Italian)
* New translations entities.php (Japanese)
* New translations entities.php (Korean)
* New translations entities.php (Lithuanian)
* New translations entities.php (German Informal)
* New translations entities.php (French)
* New translations entities.php (Spanish)
* New translations settings.php (Czech)
* New translations entities.php (Czech)
* New translations activities.php (Czech)
* New translations auth.php (Czech)
* New translations common.php (Czech)
* New translations validation.php (Czech)
* New translations entities.php (Portuguese)
* New translations settings.php (Portuguese)
* New translations entities.php (Portuguese)
* New translations activities.php (Portuguese)
* New translations auth.php (Portuguese)
* New translations common.php (Portuguese)
* New translations validation.php (Portuguese)
* New translations entities.php (Chinese Simplified)
* New translations entities.php (Chinese Simplified)
* New translations activities.php (Ukrainian)
* New translations activities.php (Ukrainian)
2021-10-08 22:22:01 +01:00
Dan Brown
41541df6ec
Added testing to cover work done in last commit
...
Relevant to comments in 7224fbcc89
.
Added test cases. Ensured they failed pre-commit.
Also tested a range of the altered endpoints manually on both local and
s3-like filesystems.
2021-10-08 21:47:59 +01:00
Dan Brown
7224fbcc89
Added protections against path traversal in file system operations
...
- Files within the storage/ path could be accessed via path traversal
references in content, accessed upon HTML export.
- This addresses this via two layers:
- Scoped local flysystem filesystems down to the specific image &
file folders since flysystem has built-in checking against the
escaping of the root folder.
- Added path normalization before enforcement of uploads/{images,file}
prefix to prevent traversal at a path level.
Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/
2021-10-08 17:47:14 +01:00
Dan Brown
81d6b1b016
Fixed search query issues when table prefixes are used
...
- Old raw select query was causing bad select clause in query
when table prefixes were active.
2021-10-08 15:25:12 +01:00
Dan Brown
41ac69adb1
Forced response cache revalidation on logged-in responses
...
- Prevents authenticated responses being visible when back button
pressed in browser.
- Previously, 'no-cache, private' was added by default by Symfony which
would have prevents proxy cache issues but this adds no-store and a
max-age option to also invalidate all caching.
Thanks to @haxatron via huntr.dev
Ref: https://huntr.dev/bounties/6cda9df9-4987-4e1c-b48f-855b6901ef53/
2021-10-08 15:22:09 +01:00
Dan Brown
41438adbd1
Continued review of #2169
...
- Removed uneeded custom refresh or logout actions for OIDC.
- Restructured how the services and guards are setup for external auth
systems. SAML2 and OIDC now directly share a lot more logic.
- Renamed any OpenId references to OIDC or OpenIdConnect
- Removed non-required CSRF excemption for OIDC
Not tested, Come to roadblock due to lack of PHP8 support in upstream
dependancies. Certificate was deemed to be non-valid on every test
attempt due to changes in PHP8.
2021-10-06 23:05:26 +01:00
Dan Brown
2ec0aa85ca
Started refactor for merge of OIDC
...
- Made oidc config more generic to not be overly reliant on the library
based upon learnings from saml2 auth.
- Removed any settings that are redundant or not deemed required for
initial implementation.
- Reduced some methods down where not needed.
- Renamed OpenID to OIDC
- Updated .env.example.complete to align with all options and their
defaults
Related to #2169
2021-10-06 17:12:01 +01:00
Dan Brown
193d7fb3fe
Merge branch 'openid' of https://github.com/jasperweyne/BookStack into jasperweyne-openid
2021-10-06 13:18:21 +01:00
Dan Brown
55be75dee2
Merge pull request #2957 from BookStackApp/dependabot/composer/composer/composer-2.1.9
...
Bump composer/composer from 2.1.8 to 2.1.9
2021-10-06 10:52:02 +01:00
dependabot[bot]
644bbebb6e
Bump composer/composer from 2.1.8 to 2.1.9
...
Bumps [composer/composer](https://github.com/composer/composer ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/composer/composer/releases )
- [Changelog](https://github.com/composer/composer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/composer/composer/compare/2.1.8...2.1.9 )
---
updated-dependencies:
- dependency-name: composer/composer
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-10-05 20:57:31 +00:00
Dan Brown
f99af807d0
Reviewed and refactored additional editor draft save warnings
...
- Added testing to cover warning cases.
- Refactored logic to be simpler and move much of the business out of
the controller.
- Added new message that's more suitable to the case this was handling.
- For detecting an outdated draft, checked the draft created_at time
instead of updated_at to better fit the scenario being checked.
- Updated some method types to align with those potentially being used
in the logic of the code.
- Added a cache of shown messages on the front-end to prevent them
re-showing on every save during the session, even if dismissed.
2021-10-04 20:26:55 +01:00
Dan Brown
756b55bbff
Merge branch 'conflict_warnings' of https://github.com/MatthieuParis/BookStack into MatthieuParis-conflict_warnings
2021-10-04 17:10:40 +01:00
Dan Brown
e37bbf2925
Updated translator attribution before release v21.08.4
2021-10-04 16:24:17 +01:00
Dan Brown
ec61e45a2b
New Crowdin updates ( #2926 )
...
* New translations settings.php (French)
* New translations auth.php (French)
* New translations settings.php (French)
* New translations entities.php (French)
* New translations activities.php (French)
* New translations common.php (French)
* New translations entities.php (French)
* New translations common.php (French)
* New translations components.php (French)
* New translations settings.php (French)
* New translations auth.php (French)
* New translations settings.php (Russian)
* New translations validation.php (Russian)
* New translations settings.php (Russian)
* New translations auth.php (Russian)
* New translations settings.php (Russian)
* New translations auth.php (Russian)
* New translations entities.php (French)
* New translations auth.php (French)
* New translations entities.php (French)
* New translations auth.php (French)
* New translations settings.php (French)
* New translations validation.php (French)
* New translations settings.php (French)
* New translations entities.php (French)
* New translations errors.php (French)
* New translations passwords.php (French)
* New translations settings.php (French)
* New translations entities.php (French)
* New translations settings.php (French)
* New translations entities.php (German)
* New translations settings.php (German)
* New translations entities.php (German Informal)
* New translations settings.php (German Informal)
* New translations settings.php (German)
* New translations settings.php (German Informal)
* New translations settings.php (French)
* New translations settings.php (Vietnamese)
* New translations settings.php (Slovenian)
* New translations settings.php (Swedish)
* New translations settings.php (Turkish)
* New translations settings.php (Ukrainian)
* New translations settings.php (Chinese Simplified)
* New translations settings.php (Chinese Traditional)
* New translations settings.php (Portuguese, Brazilian)
* New translations settings.php (Portuguese)
* New translations settings.php (Indonesian)
* New translations settings.php (Persian)
* New translations settings.php (Spanish, Argentina)
* New translations settings.php (Croatian)
* New translations settings.php (Latvian)
* New translations settings.php (Bosnian)
* New translations settings.php (Slovak)
* New translations settings.php (Polish)
* New translations settings.php (Russian)
* New translations settings.php (Czech)
* New translations settings.php (German)
* New translations settings.php (German Informal)
* New translations settings.php (Spanish)
* New translations settings.php (Arabic)
* New translations settings.php (Bulgarian)
* New translations settings.php (Catalan)
* New translations settings.php (Danish)
* New translations settings.php (Dutch)
* New translations settings.php (Hebrew)
* New translations settings.php (Hungarian)
* New translations settings.php (Italian)
* New translations settings.php (Japanese)
* New translations settings.php (Korean)
* New translations settings.php (Lithuanian)
* New translations settings.php (Norwegian Bokmal)
* New translations settings.php (Spanish)
* New translations activities.php (Slovak)
* New translations errors.php (Slovak)
* New translations settings.php (Slovak)
* New translations auth.php (Slovak)
* New translations common.php (Slovak)
* New translations entities.php (Slovak)
* New translations settings.php (Slovak)
* New translations activities.php (Slovak)
* New translations settings.php (French)
* New translations settings.php (Russian)
* New translations settings.php (German)
* New translations settings.php (Polish)
* New translations validation.php (Polish)
* New translations auth.php (Vietnamese)
* New translations auth.php (Vietnamese)
* New translations activities.php (Vietnamese)
* New translations common.php (Vietnamese)
* New translations entities.php (Vietnamese)
* New translations settings.php (Chinese Simplified)
* New translations settings.php (Italian)
* New translations auth.php (Italian)
* New translations common.php (Italian)
* New translations common.php (German)
* New translations common.php (German Informal)
* New translations settings.php (German)
* New translations common.php (German)
* New translations common.php (German Informal)
* New translations errors.php (German)
2021-10-04 16:22:16 +01:00
Dan Brown
d3a9645161
Allowed page includes on custom home
...
For #2279
Old hold-over for when include content permissions were handled less
delicately.
2021-10-04 11:26:26 +01:00
Dan Brown
505d7e604e
Applied StyleCI changes
2021-09-29 23:53:11 +01:00
Dan Brown
025442fcd9
Reviewed addition to db table prefix
...
Review of #2935
- Removed from .env files and added warnings for use if found in config
file.
- Updated permission service to use whereColumn queries to auto-handle
use of prefixes.
2021-09-29 18:41:11 +01:00
Dan Brown
0f66c8a0cc
Merge branch 'floviolleau-db-prefixes' of https://github.com/floviolleau/BookStack into floviolleau-floviolleau-db-prefixes
2021-09-29 18:13:38 +01:00
Dan Brown
887a79f130
Reviewed adding IP recording to activity & audit log
...
Review of #2936
- Added testing to cover
- Added APP_PROXIES to .env.example.complete with details.
- Renamed migration to better align the name and to set the migration
date to fit with production deploy order.
- Removed index from IP column in migration since an index does not yet
provide any value.
- Updated table header text label.
- Prevented IP recording when in demo mode.
2021-09-26 17:18:12 +01:00
Dan Brown
8972f7b212
Merge branch 'log-ip-address' of https://github.com/johnroyer/BookStack into johnroyer-log-ip-address
2021-09-26 16:17:28 +01:00
Dan Brown
c100560bd9
Applied style ci changes again
2021-09-26 15:49:25 +01:00
Dan Brown
05d99a312d
Applied styleci changes
2021-09-26 15:48:22 +01:00
Dan Brown
5c7eb0df57
Caught old string helper function usage
...
Found by Laravel Shift Workbench
2021-09-26 15:41:11 +01:00
Dan Brown
c32b315cd7
Standardised facade usage to use via their FQCN
...
Done via Laravel Shift Workbench
2021-09-26 15:37:55 +01:00
Zero
c0da5616f3
Fix coding style
2021-09-23 11:07:13 +08:00
Zero
6418824139
Update translation file
2021-09-20 11:29:14 +08:00
Zero
b834f58e87
Add user IP into audit table
2021-09-20 11:29:14 +08:00
Zero
8efaeb068b
Save user IP to audit log
2021-09-20 11:29:14 +08:00
Zero
5cf0c99e32
Add IP column
2021-09-20 11:29:14 +08:00
floviolleau
dbfa2d58ed
Allow to use DB tables prefix
2021-09-19 14:33:54 +02:00
floviolleau
f8abad1e3b
Allow to use DB tables prefix
2021-09-19 14:32:35 +02:00
floviolleau
1a8ae41263
Allow to use DB tables prefix
2021-09-19 14:31:18 +02:00