Commit Graph

756 Commits

Author SHA1 Message Date
Dan Brown
47e645909e
Reviewed #1688, Show parent shelves on books page
- Moved list to the left of the page to align with other navigational
items.
- Hid list of no shelves, to help hide shelf references if not in use.
- Tweaked test to ensure it wasn't finding shelf name in breadcrumb
rather than list being tested.
2020-04-09 17:29:22 +01:00
Dan Brown
898cedf536
Merge branch 'feature/#1598' of git://github.com/cw1998/BookStack into cw1998-feature/#1598 2020-04-09 17:18:37 +01:00
Dan Brown
e83d2eedbb
Added "update-url" command to find/replace url in the database
- Also aligned format of command descriptions.

Targeted most common columns.
Have not done revisions for the sake of keeping that
content true to how it was originally stored but could
cause unexpected behaviour.

For #1225
2020-04-09 16:59:26 +01:00
Dan Brown
5f61620cc2
Added support for changing the draw.io instance URL
- Allowed DRAWIO env option to be passed as URL to point to instance.
- Updated tests to check URL gets passed to pages correctly.
- Update default URL to be the default theme.

For #826
2020-04-05 17:27:16 +01:00
Dan Brown
ea9e9565ef
Removed bmp and tiff support from uploaded images.
Fixes #1990
2020-04-05 16:15:05 +01:00
Dan Brown
3500182c5f
Updated drawing uploads to use user id in image name
- Instead of user name.
- Due to issues with advanced charts like emoji zero-width-joiners.
- Could also have security concerns on untrusted instances with certain
webserver config due to double extension possibilities.

Closes #1993
2020-04-04 00:48:32 +01:00
Dan Brown
64942268b8
Added Slovenian to available language options
Related to #1946
2020-03-14 22:24:27 +00:00
Dan Brown
7f6cbead33
Performed review of "public intended" functionality provided in #1817
- Updated logic to take url from referrer rather than pass as a query parameter.
- Added tests to cover functionality.
- Updated 404 page with login action button if not signed in.
- Updated 404 page with text to indicate permissions may be affecting visibility.

Related to #1817 and #1706
2020-03-14 18:29:31 +00:00
Dan Brown
a95588dc2e
Merge branch 'feature/public-login-redirect' of git://github.com/Xiphoseer/BookStack into Xiphoseer-feature/public-login-redirect 2020-03-14 17:46:30 +00:00
Dan Brown
200772da72
Merge branch 'validation_fixes' of git://github.com/TBK/BookStack into TBK-validation_fixes 2020-03-14 12:42:59 +00:00
Dan Brown
59aefe5371
Updated social auth to take name from email if empty
- Added tests to cover.

Fixes #1853
2020-03-10 19:09:22 +00:00
Dan Brown
30db8af460
Merge branch 'master' of git://github.com/ch0wm3in/BookStack into ch0wm3in-master 2020-03-06 20:10:57 +00:00
Dan Brown
b94b945fb0
Merge branch 'master' of git://github.com/Binternet/BookStack into Binternet-master 2020-03-04 22:22:08 +00:00
Dan Brown
34616ac195
Updated lanauge lists to match latest translations 2020-03-04 22:14:25 +00:00
TBK
57f587a78b
Allow book, shelf, settings & profile form input validation to skip image 2020-03-04 00:17:53 +01:00
TBK
d3737d5a87
Remove redundant getImageValidationRules method 2020-03-04 00:17:49 +01:00
TBK
5cd56f63ff
Change check to verify that request is present and contains a file 2020-03-04 00:17:45 +01:00
Dan Brown
01b95d91ba
Fixed side-effect in binary LDAP handling
- Was not stripping prefix when sending value to LDAP server in search.
- Updated test to cover.
2020-02-15 22:35:15 +00:00
Dan Brown
29cc35a304
Added dump_user_details option to LDAP and added binary attribute decode option
Related to #1872
2020-02-15 20:31:23 +00:00
Dan Brown
6caedc7a37
Fixed issues preventing breadcrumb navigation menus from opening
- Added tests to cover endpoint

Fixes #1884
2020-02-15 19:09:33 +00:00
Dan Brown
5978d9a0d3
Updated cover image methods so image parameter is not optional but still nullable 2020-02-15 18:38:36 +00:00
Dan Brown
98ab3c1ffb
Merge branch 'new_bookshelf_cover_fix' of git://github.com/TBK/BookStack into TBK-new_bookshelf_cover_fix 2020-02-15 18:34:45 +00:00
Dan Brown
ccd50fe918
Aligned export styles a little better and fixed potential DOMPDF css error
- Removed different PDF template used on pages.
- Updated export view files to have the intended format passed.
- Shared the export CSS amoung the export templates.

Should hopefully address #1886
2020-02-15 15:34:06 +00:00
Dan Brown
14363edb73
Fixed LDAP error thrown by not found user details
- Added testing to cover.

Related to #1876
2020-02-15 14:44:36 +00:00
Dan Brown
49386b42da
Updated email test send to show error on failure
- Added test to cover
- Closes #1874
2020-02-15 14:13:15 +00:00
TBK
9533e0646e
Fix for missing cover on create new shelf 2020-02-14 20:33:07 +01:00
ch0wm3in
c1fe81466f
Fixed 'interaction_required' response for azure
Azure Conditional Access policy 2FA returns 'interaction_required' 400 response https://github.com/SocialiteProviders/Providers/issues/208
2020-02-12 15:03:55 +01:00
Dan Brown
9d77cca734
Cleaned setting section redirect path 2020-02-02 17:57:21 +00:00
Dan Brown
b4f2b73590
Updated settings-save action to return to the same section 2020-02-02 17:35:16 +00:00
Dan Brown
3991fbe726
Checked over and aligned registration option behavior across all auth options
- Added tests to cover
2020-02-02 17:31:00 +00:00
Dan Brown
e6c6de0848
Simplified guard names and rolled out guard route checks
- Included tests to cover for LDAP and SAML
- Updated wording for external auth id option.
- Updated 'assertPermissionError' test case to be usable in BrowserKitTests
2020-02-02 13:10:21 +00:00
Dan Brown
5d08ec3cef
Fixed failing tests caused by auth changes 2020-02-02 12:00:41 +00:00
Dan Brown
e743cd3f60
Added files missed in previous commit 2020-02-02 10:59:03 +00:00
Dan Brown
3470a6a140
Aligned SAML2 system with LDAP implementation in terms of guards and UI 2020-02-01 16:11:56 +00:00
Dan Brown
7728931f15
Set more appropriate login validation and broken up LDAP guide a bit 2020-02-01 14:30:23 +00:00
Dan Brown
575b85021d
Started alignment of auth services
- Removed LDAP specific logic from login controller, placed in Guard.
- Created safer base user provider for ldap login, to be used for SAML
soon.
- Moved LDAP auth work from user provider to guard.
2020-02-01 11:42:22 +00:00
Dan Brown
92690d1ae9
Moved socal auth routes to their own controller
Also cleaned some phpdocs and extracted register actions to their own
service.
2020-01-26 14:42:50 +00:00
Dan Brown
5ff89a1abb
Added danish to language arrays 2020-01-18 16:10:16 +00:00
Dan Brown
be554b9c79
Added configurable API throttling, Handled API errors standardly 2020-01-18 15:03:28 +00:00
Dan Brown
b9fb655b60
Added "Getting Started" API docs 2020-01-18 14:03:11 +00:00
Dan Brown
8016f1121e
Refined docs view, Added example requests 2020-01-18 09:48:30 +00:00
Dan Brown
45b5e631e2
Added a view for the API docs 2020-01-15 20:18:02 +00:00
Dan Brown
bed2498667
Started work on generating API docs 2020-01-12 16:25:14 +00:00
Dan Brown
04a8614136
Filled out base Book API endpoints, added example responses 2020-01-12 14:45:54 +00:00
Dan Brown
a8595d8aaf
Fixed test class names + add perm. check to api session auth 2020-01-01 17:01:36 +00:00
Dan Brown
a7a97a53f1
Added API listing filtering & cleaned ApiAuthenticate returns
API listing endpoint filter can be found via &filter[name]=my+book query
parameters. There are a range of operators that can be used such as
&filter[id:gte]=4
2020-01-01 16:33:47 +00:00
Dan Brown
3cacda6762
Added expiry checking to API token auth
- Added test to cover to ensure its checked going forward
2019-12-30 19:51:41 +00:00
Dan Brown
3d11cba223
Added testing coverage to API token auth 2019-12-30 19:42:46 +00:00
Dan Brown
6f1b88a6a6
Change email confirmation from own middle to trait
Email confirmation middleware caused more mess than good, As caused
priority issues and it depended on auth actions. Instead its now a trai
used on auth middlewares.

Also used 'EncryptCookies' middleware on API instead of custom
decryption in custom middleware since we'd need to do replicate all the
same actions anyway. Shouldn't have too much effect since it only
actions over cookies that exist, of which none should be there for most
API requests.

Also split out some large guard functions to be a little more readable
and appease codeclimate.
2019-12-30 15:49:20 +00:00
Dan Brown
349b4629be
Extracted API auth into guard
Also implemented more elegant solution to allowing session auth for API
routes; A new 'StartSessionIfCookieExists' middleware, which wraps the
default 'StartSession' middleware will run for API routes which only
sets up the session if a session cookie is found on the request. Also
decrypts only the session cookie.

Also cleaned some TokenController codeclimate warnings.
2019-12-30 14:51:28 +00:00