Commit Graph

4665 Commits

Author SHA1 Message Date
Dan Brown
8cbaa3e27c
SAML2: Fixed non-spec point of logout, Improved redirect location
This changes the point-of-logout to be within the initial part of the
SAML logout flow, as per 5.3.2 of the SAML spec, processing step 2.
This also improves the logout redirect handling to use the global
redirect suggestion so that auto-login handling is properly taken into
account.

Added tests to cover.
Manual testing performed against keycloak.
For #4713
2023-12-08 18:42:13 +00:00
Dan Brown
4c0b7f3123
Merge pull request #4714 from BookStackApp/oidc_logout
OIDC RP-Initiated logout
2023-12-07 18:00:32 +00:00
Dan Brown
7312300d53
OIDC: Update example env option to reflect correct default 2023-12-07 17:59:48 +00:00
Dan Brown
81d256aebd
OIDC RP Logout: Fixed issues during testing
- Disabled by default due to strict rejection by auth systems.
- Fixed issue when autoloading logout URL, but not provided in
  autodiscovery response.
- Added proper handling for if the logout URL contains a query string
  already.
- Added extra tests to cover.
- Forced config endpoint to be used, if set as a string, instead of
  autodiscovery endpoint.
2023-12-07 17:45:17 +00:00
Dan Brown
a72e0fee70
Tests: Fixed debug test to work with social class changes 2023-12-06 16:57:15 +00:00
Dan Brown
f32cfb4292
OIDC RP Logout: Added autodiscovery support and test cases 2023-12-06 16:41:50 +00:00
Dan Brown
bba7dcce49
Auth: Refactored OIDC RP-logout PR code, Extracted logout
Extracted logout to the login service so the logic can be shared instead
of re-implemented at each stage. For this, the SocialAuthService was
split so the driver management is in its own class, so it can be used
elsewhere without use (or circular dependencies) of the
SocialAuthService.

During review of #4467
2023-12-06 13:49:53 +00:00
Dan Brown
cc10d1ddfc
Merge branch 'fix/oidc-logout' into development 2023-12-06 12:14:43 +00:00
Dan Brown
0254527bd9
RTL: Made a range of fixes & improvments for RTL text
- Updated HTML exports to have auto direction to properly react to RTL
  text when in the content.
- Fixed RTL spacing issues in new editor design changes.
- Fixed pointer arrow being angled wrong on RTL languages.

Related to #4645
2023-12-05 18:53:48 +00:00
Dan Brown
11853361b0
SAML2: Included parsed groups in dump data
Updated code style of class while there.
Removed redundant check and string translation used.

For #4706
2023-12-03 19:36:03 +00:00
Dan Brown
596f7314cd
Merge branch 'v23-10' into development 2023-12-03 18:57:07 +00:00
Dan Brown
1011d61713
Merge pull request #4688 from BookStackApp/include-parser
New include tag parser
2023-11-27 21:54:18 +00:00
Dan Brown
652d5417bf
Includes: Added back support for parse theme event
Managed to do this in an API-compatible way although resuling output may
differ due to new dom handling in general, although user content is used
inline to remain as comptable as possible.
2023-11-27 21:39:43 +00:00
Dan Brown
b569827114
Includes: Added ID de-duplicating and more thorough clean-up 2023-11-27 20:16:27 +00:00
Dan Brown
71c93c8878
Includes: Switched page to new system
- Added mulit-level depth parsing.
- Updating usage of HTML doc in page content to be efficient.
- Removed now redundant PageContentTest cases.
- Made some include system fixes based upon testing.
2023-11-27 19:54:47 +00:00
Dan Brown
4874dc1304
Includes: Updated logic regarding parent block els, added tests
Expanded tests with many more cases, and added fixes for failed
scenarios.
Updated logic to specifically handling parent <p> tags, and now assume
compatibility with parent block types elswhere to allow use in a
variety of scenarios (td, details, blockquote etc...).
2023-11-25 17:32:00 +00:00
Dan Brown
c88eb729a4
Includes: Added block-level handling to new include system
Implements block promoting to body (including position choosing based
upon likely tag position within parent) and block splitting where we're
only a single depth down from the body child.
2023-11-24 23:39:16 +00:00
Dan Brown
75936454cc
Includes: Developed to get new system working with inline includes
Adds logic for locating and splitting text nodes.
Adds specific classes to offload tag/content specific logic.
2023-11-23 14:29:07 +00:00
Dan Brown
04d21c8a97
Includes: Started foundations for new include tag parser 2023-11-22 22:14:28 +00:00
Dan Brown
15d7161428
Images: Prevented base64 extraction without permission
Also added content sniffing as an extra check.
Added tests to cover.
2023-11-20 13:32:31 +00:00
Dan Brown
9b1f820596
Images: Forced intervention loading via specific method
Updated image loading for intervention library to be via a specific
'initFromBinary' method to avoid being overly accepting of input types
and mechansisms.

For CVE-2023-6199
2023-11-19 16:34:29 +00:00
Dan Brown
2fb873f7ef
Favicon: Moved resizing to specific resizer class 2023-11-19 15:57:19 +00:00
Dan Brown
22a9cf1e48
LogicalTheme: Added events for registering web routes
Added to allow easier registration of routes.
Added for normal web and authed routes.
Included testing to cover.
2023-11-17 13:45:57 +00:00
Dan Brown
37a17e858a
HTML: Tweaked output from full HtmlDocument
Saves specifically the document element on output to HTML, since this
results in just the outer HTML being saved while not including the extra
XML tags which would show up before with the changes to force utf8
usage.
2023-11-14 17:23:05 +00:00
Dan Brown
eab9c1081e
Merge pull request #4673 from BookStackApp/html_doc_alignment
HTML: Aligned and standardised DOMDocument usage
2023-11-14 17:22:30 +00:00
Dan Brown
db7b11fe93
HTML: Aligned and standardised DOMDocument usage
Adds a thin wrapper for DOMDocument to simplify and align usage within
all areas of BookStack.
Also means we move away from old depreacted mb_convert_encoding usage.

Closes #4638
2023-11-14 15:46:32 +00:00
Dan Brown
3a6f50e668
Merge pull request #4661 from BookStackApp/tinymce_update
WYSIWYG: Updated TinyMCE from 6.5.1 to 6.7.2
2023-11-14 13:15:32 +00:00
Dan Brown
76417efd6f
Merge branch 'Man-in-Black-patch-1' into development 2023-11-14 10:40:30 +00:00
Dan Brown
d41fd7a8dd
Notifications: Review of PR to include path path #4629
- Merged book and chapter name items to a single page path list item
  which has links to parent page/chapter.
- Added permission filtering to page path elements.
- Added page path to also be on comment notifications.
- Updated testing to cover.
- Added new Message Line objects to support.

Done during review of #4629
2023-11-14 10:38:34 +00:00
Sascha
65ac197be4
Added book name to the mail template
added book name

synced with actual file from dev branch

added book name

add book name

added book name

extended with chaptername

extended with chapter name

Update PageUpdateNotification.php

Update notifications.php

Update notifications.php

Update notifications.php

correction of chapter syntax

correction of chapter syntax
2023-11-14 10:38:34 +00:00
Dan Brown
bff1f502bb
JS: Removed random extra import 2023-11-09 13:36:00 +00:00
Dan Brown
f8ebbb7553
WYSIWYG: Updated TinyMCE from 6.5.1 to 6.7.2 2023-11-09 13:34:00 +00:00
Dan Brown
48f115291a
Updated translator attribution before release v23.10.2 2023-11-07 15:12:15 +00:00
Dan Brown
6cd38a8ace
Merge branch 'development' of github.com:BookStackApp/BookStack into development 2023-11-07 15:09:54 +00:00
Dan Brown
fa6ac211b6
Dropdowns: Fixed bad direction logic, added dynmaic height
Changes since adding notifications would cause direction to be assessed
upon max height of 80vh, which caused large dropdowns like the audit log
dropdown to drop up and/or go offscreen.
This restores the default assessment of 500px, and adds dynamic
max-height adjustment to provide more room for large dropdowns.

For #4652
2023-11-07 15:07:11 +00:00
Dan Brown
1310db19ca
Updated translations with latest Crowdin changes (#4643) 2023-11-07 14:40:53 +00:00
Dan Brown
ea0469e61a
PWA: Prevent passing credentials to avoid redirection issues
For #4649
More of a patch around the issue for now.
Have opened #4656 to properly address.
2023-11-07 14:33:37 +00:00
Dan Brown
889b0dae3b
Updated translations with latest Crowdin changes (#4631) 2023-11-02 14:30:34 +00:00
Dan Brown
48bda115aa
Langs: Enabled Nynorsk option, updated translator attribution 2023-11-02 14:17:56 +00:00
Dan Brown
9dd05b8751
MD Editor: Fixed lack of toolbar BG when in fullscreen
For #4641
2023-11-02 12:41:07 +00:00
Dan Brown
02d140120a
Editor toolbox: Updated tabs to use link color
Change due to link color being more suitable in this case since it's not
specifically a block with light text which is what app color is suited
for.
Specifically better for dark mode when a dark app color is used.

For #4630
2023-11-02 12:34:57 +00:00
Dan Brown
38ac3c959b
Page JS: Improved block jumping and highlighting
- Updated anchor scroll change to open up details blocks if the target
  exists within.
- Updated highlighting and animation implementation to fix hardly visible highlighting.
- Removed old, now unused, handing of CM instances in details blocks.

Related to #4637.
2023-11-01 18:49:47 +00:00
Dan Brown
324e403ae5
JS Events: Added CM pre/post init events
To allow hacking of all CodeMirror instances.
Closes #4639.
2023-11-01 17:56:52 +00:00
Dan Brown
fce7190257
Testing: Added PHP8.3 support
Also fixed text which could through deprecation notice due to not having
a properly formed comment in use.
For #4633
2023-10-31 15:52:01 +00:00
Dan Brown
c640db8434
Readme: Updated sponsorship links and language contribution info
- Updated sponsor text since it only mentioned GitHub, nothing else.
- Updated translation contribution info to dissuade code-based
  contributions due to issues with conflicts/sync.
2023-10-30 17:13:39 +00:00
Dan Brown
49b286cd34
Demo mode: Updated my account access to be more selective 2023-10-30 12:07:18 +00:00
Dan Brown
e006f9674f
Langs: Updated translators and locale list pre v23.10 2023-10-30 11:41:36 +00:00
Dan Brown
8bffcebd64
Updated translations with latest Crowdin changes (#4523) 2023-10-30 11:16:19 +00:00
Dan Brown
7c4dc981cd
Middlware: Prevented caching of all app requests
Previously we'd prevent caching of authed responses for security
(prevent back cache or proxy caching) but caching could still be an
issue in non-auth scenarios due to CSRF (eg. returning to login screen after
session expiry).

For #4600
2023-10-23 13:32:15 +01:00
Dan Brown
9b4f1fb981
Styles: Aligned empty state alignment & consistency
- Fixed inital empty state margins/paddings to be aligned and not differ
when lists are empty.
- Aligned button/action display when viewing empty entities.
- Fixed use of non-existing permission in books for book empty state
  button.

Fixes #4563
2023-10-23 11:53:19 +01:00