1896 Commits

Author	SHA1	Message	Date
Rashad	90a8070518	Eager loading for titles	2024-10-21 03:01:33 +05:30
Rashad	3e656efb00	Added include func for search api	2024-10-21 02:42:49 +05:30
Dan Brown	7c39dd5cba	ZIP Export: Started building link/ref handling	2024-10-20 19:56:56 +01:00
Dan Brown	21ccfa97dd	ZIP Export: Expanded page & added base attachment handling	2024-10-19 15:41:07 +01:00
Dan Brown	42b9700673	ZIP Exports: Finished up format doc, move files, started builder ... Moved all existing export related app files into their new own dir.	2024-10-15 16:14:11 +01:00
Dan Brown	6f1c54d018	Users: Changed name validation to min:1 instead of 2 ... Would cause scenarios where users could be created with 1 char, but then fail to update due to validation differences. Added test to cover. For #5263	2024-10-15 11:07:41 +01:00
Dan Brown	4dc75bad05	Settings: Added test to cover setting category by view	2024-10-11 13:33:07 +01:00
Lachlan Tripolone	a3d0f7478f	Move settings category layouts into their own view folder	2024-10-11 10:42:48 +11:00
Lachlan Tripolone	b9b5003239	Refactor SettingController to validate categies by existing view files	2024-10-11 10:40:38 +11:00
Dan Brown	8b9bcc1768	Search: Fixed last commented filter when using table prefixes	2024-10-05 15:20:04 +01:00
Dan Brown	51287d545b	Searching: Fixed some form search issues ... - Form was not retaining certain filters - Form request handling of entity type set wrong filter name Added test to cover.	2024-10-05 14:49:30 +01:00
Dan Brown	966ff91386	Search: Prevented negated terms filling in UI inputs ... Added test to cover.	2024-10-03 19:40:11 +01:00
Dan Brown	cd84d08157	Search: Added exact/filter/tag term negation support	2024-10-03 19:27:03 +01:00
Dan Brown	93c677a6a9	Searching: Added negation support to UI and term handling ... Updated/added tests to cover. Support for actual search queries still remains.	2024-10-03 15:59:50 +01:00
Dan Brown	177cfd72bf	Search: Added structure for search term inputs ... Sets things up to allow more complex terms ready to handle negation.	2024-10-02 17:31:45 +01:00
Dan Brown	e65655594f	Merge branch 'feature/opensearch' into development	2024-09-30 17:21:51 +01:00
Dan Brown	f583354748	Maintenance: Removed stray dd from last commit	2024-09-29 16:50:48 +01:00
Dan Brown	d12e8ec923	Users: Improved user response for failed invite sending ... Added specific handling to show relevant error message when user creation fails due to invite sending errors, while also returning user to the form with previous input. Includes test to cover. For #5195	2024-09-29 16:41:18 +01:00
Dan Brown	89f84c9a95	Pages: Updated editor field to always be set ... - Migration for setting on existing pages - Added test to cover simple new page scenario For #5117	2024-09-29 14:36:41 +01:00
Dan Brown	6103a22feb	Exports: Made pdf command timeout configurable ... Added test to cover. For #5119	2024-09-27 16:33:58 +01:00
Dan Brown	b35b62d59f	Merge branch 'lexical' into development	2024-09-27 12:04:01 +01:00
Dan Brown	8b32e6c15a	Page Editors: Added switching/options for new lexical editor	2024-09-22 20:06:55 +01:00
Maximilian Walter	476c2be5a6	Add XML for OpenSearch	2024-09-09 22:54:33 +02:00
Dan Brown	9aa3442a17	API: Fixed lacking permission enforcement on book contents	2024-08-29 14:43:21 +01:00
Dan Brown	c68d154f0f	LDAP: Updated tests for recursive group changes	2024-08-28 21:16:18 +01:00
Dan Brown	1b4ed69f41	LDAP: Updated recursive group search to query by DN ... Added test to cover, added pre-change. Need to test post-changes and fix tests.	2024-08-28 15:39:05 +01:00
Dan Brown	1f2506221a	API: Updated docs with consistent types, fixed users response example ... For #5178 and #5183	2024-08-27 12:23:36 +01:00
Dan Brown	897bb338f9	CSP: Updated handling of drawio URL to consider port ... Previously if a custom port was used in the DRAWIO option it would not be considered in the CSP handling, which would block loading. Added test to cover. For #5107	2024-07-14 16:06:18 +01:00
Dan Brown	767699a066	OIDC: Fixed incorrect detection of group detail population ... An empty (but valid formed) groups list provided via the OIDC ID token would be considered as a lacking detail, and therefore trigger a lookup to the userinfo endpoint in an attempt to get that information. This fixes this to properly distinguish between not-provided and empty state, to avoid userinfo where provided as valid but empty. Includes test to cover. For #5101	2024-07-14 14:21:16 +01:00
DanielGordonIT	9b0ef85f77	Wraps file extension comparison components in strtolower() ... This avoids the issue where replacing file.PNG with newfile.png fails due to "PNG" not being equal to "png"	2024-07-03 15:50:25 -04:00
Dan Brown	11a7ccc37e	SAML: Set static type to pass static checks ... Not totally clear if underlying code can actually return null, but playing it safe to remain as-is for now for patch release.	2024-06-10 10:31:35 +01:00
Dan Brown	a8ce199e0d	Pages: Fixed unused changelog on first page publish ... Included test to cover. For #5056	2024-06-09 17:18:23 +01:00
Dan Brown	3406846c82	Images: Updated GIF handling to use native methods ... Changes GIF image thumbnail handling to direcly load via gd instead of going through interventions own handling (which supports frames) since we don't need animation for our thumbnails, and since performance issues could arise with GIFs that have large frame counts. For #5029	2024-06-09 17:00:58 +01:00
Dan Brown	bddc6ae66b	Roles: Added max validation for role external auth id field ... For #5037	2024-06-08 20:33:34 +01:00
Dan Brown	d133f904d3	Auth: Changed email confirmations to use login attempt user ... Negates the need for a public confirmation resend form since we can instead just send direct to the last session login attempter.	2024-05-20 17:23:15 +01:00
Dan Brown	69af9e0dbd	Routes: Added throttling to a range of auth-related endpoints ... Some already throttled in some means, but this adds a simple ip-based non-request-specific layer to many endpoints. Related to #4993	2024-05-20 14:00:58 +01:00
Dan Brown	5651d2c43d	Config: Reverted change to cache directory ... Change made during Laravel 10 updates to align (Laravel made this change much earlier in 5.x series) but it caused issues due to folder not pre-existing and due to potentiall permission issues. (CLI could create this during update, with non-compatible permissions for webserver). For #4999	2024-05-18 20:40:26 +01:00
Angelo Geant Gaviola	79f5be4170	Fixed notification preferences URL in email	2024-05-14 17:04:23 +08:00
Dan Brown	67df127c26	API: Added to, and updated, testing to cover audit log additions	2024-05-05 15:44:58 +01:00
Dan Brown	3946158e88	API: Added audit log list endpoint ... Not yested covered with testing. Changes database columns for more presentable names and for future use to connect additional model types. For #4316	2024-05-04 16:28:18 +01:00
Dan Brown	dd251d9e62	Merge branch 'nesges/development' into development	2024-05-04 14:00:40 +01:00
Dan Brown	5c28bcf865	Registration: Reviewed added simple honeypot, added testing ... Also cleaned up old RegistrationController syntax. Review of #4970	2024-05-04 13:59:41 +01:00
Dan Brown	b0720777be	Merge pull request #4985 from BookStackApp/ldap_ca_cert_control ... LDAP CA TLS Cert Option, PR Review and continuation	2024-05-02 23:16:16 +01:00
Dan Brown	8087123f2e	LDAP: Review, testing and update of LDAP TLS CA cert control ... Review of #4913 Added testing to cover option. Updated option so it can be used for a CA directory, or a CA file. Updated option name to be somewhat abstracted from original underling PHP option. Tested against Jumpcloud. Testing took hours due to instability which was due to these settings sticking and being unstable on change until php process restart. Also due to little documentation for these options. X_TLS_CACERTDIR option needs cert files to be named via specific hashes which can be achieved via c_rehash utility. This also adds detail on STARTTLS failure, which took a long time to discover due to little detail out there for deeper PHP LDAP debugging.	2024-05-02 23:11:31 +01:00
Dan Brown	6b681961e5	LDAP: Updated default user filter placeholder format ... To not conflict with env variables, and to align with placeholders used for PDF gen command. Added test to cover, including old format supported for back-compatibility. For #4967	2024-04-28 12:29:57 +01:00
Dan Brown	f0dd33c1b4	PDF: Added tests for pdf command, fixed old tests for changes	2024-04-26 15:39:40 +01:00
Dan Brown	1c7128c2cb	PDF: Added implmentation of command PDF option ... Tested quickly manually but not yet covered by PHPUnit tests.	2024-04-24 16:09:53 +01:00
Dan Brown	40200856af	PDF: Removed barryvdh snappy to use snappy direct ... Also simplifies config format, and updates snappy implmentation to use the new config file. Not yet tested.	2024-04-24 15:13:44 +01:00
Dan Brown	bb6670d395	PDF: Started new command option, merged options, simplified dompdf ... - Updated DOMPDF to direcly use library instead of depending on barry wrapper. - Merged existing export options file into single exports file. - Defined option for new command option. Related to #4732	2024-04-22 16:40:42 +01:00
Dan Brown	8b14a701a4	OIDC Userinfo: Fixed issues with validation logic from changes ... Also updated test to suit validation changes	2024-04-19 16:43:51 +01:00
Dan Brown	0958909cd9	OIDC Userinfo: Added additional tests to cover jwks usage	2024-04-19 15:05:00 +01:00
Dan Brown	b18cee3dc4	OIDC Userinfo: Added JWT signed response support ... Not yet tested, nor checked all response validations.	2024-04-19 14:12:27 +01:00
nesges	31272e60b6	add ambrosia-container to registration form as honeypot for bots: new form field "username" must not be filled	2024-04-19 09:35:09 +02:00
Dan Brown	fa543bbd4d	OIDC Userinfo: Started writing tests to cover userinfo calling	2024-04-17 23:26:56 +01:00
Dan Brown	7d7cd32ca7	OIDC Userinfo: Added userinfo data validation, seperated from id token ... Wrapped userinfo response in its own class for additional handling and validation. Updated userdetails to take abstract claim data, to be populated by either userinfo data or id token data.	2024-04-17 18:23:58 +01:00
Dan Brown	a71c8c60b7	OIDC: Extracted user detail handling to own OidcUserDetails class ... Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details.	2024-04-16 18:14:22 +01:00
Dan Brown	9183e7f2fe	OIDC Userinfo: Labelled changes to be made during review	2024-04-16 15:52:55 +01:00
Dan Brown	d640411adb	OIDC: Cleaned up provider settings, added extra validation ... - Added endpoint validation to ensure HTTPS as per spec - Added some missing types - Removed redirectUri from OidcProviderSettings since it's not a provider-based setting, but a setting for the oauth client, so extracted that back to service.	2024-04-16 15:19:51 +01:00
Dan Brown	dc6013fd7e	Merge branch 'development' into lukeshu/oidc-development	2024-04-16 14:57:36 +01:00
Dan Brown	f05ec4cc26	Tags: Stopped recycle bin tags being counted on index ... For #4892 Added test to cover.	2024-04-15 18:44:59 +01:00
Dan Brown	ee40adf11a	Merge pull request #4921 from BookStackApp/v24-02 ... v23.02.3 changes	2024-04-05 15:21:05 +01:00
Dan Brown	19f78dbe6c	WYSIWYG descriptions: Allowed anchor target attrs ... Allowed since this is a control in the editor UI, but would previously be stripped by editor config & server-side filtering. For #4925	2024-04-03 16:46:53 +01:00
Dan Brown	a33dbcb04a	References: Fixed references count/list recycle bin interaction ... Count and reference list would get references then attempt to load entities, which could fail to load if in the recycle bin. This updates the queries to effectively ignore references for items we can't see (in recycle bin). Added test to cover. For #4918	2024-04-01 17:08:53 +01:00
Matt Moore	06ef95dc5f	Change to allow override of CA CERT for LDAPS ... Using the env LDAP_TLS_CACERTFILE to set a file to use to override the CA CERT used to verify LDAPS connections. This is to make this process easier for docker use.	2024-03-26 16:30:04 +00:00
Dan Brown	a2fd80954b	Licensing: Added links and tests for new licenses endpoint ... For #4907	2024-03-23 22:04:18 +00:00
Dan Brown	0c524c7c8f	Licensing: Added licenses app view ... Extracted many methods to a new "MetaController" in the process.	2024-03-23 16:31:13 +00:00
Dan Brown	28d6292278	Framework: Addressed deprecations	2024-03-17 16:52:19 +00:00
Dan Brown	2345fd4677	Deps: Updated intervention library from 2 to 3 ... Major version change, required some changes to API For #4903	2024-03-17 16:03:12 +00:00
Dan Brown	d6b7717985	Framework: Fixed issues breaking tests ... For #4903	2024-03-16 15:26:34 +00:00
Dan Brown	794671ef32	Framework: Upgrade from Laravel 9 to 10 ... Following Laravel guidance and GitHub diff. Not yet in tested state with app-specific changes made.	2024-03-16 15:12:14 +00:00
Dan Brown	77f125208e	Page nav: Fixed nbsp being represented as nothing ... Now represented in page nav using a normal space to avoid complete removal of space. Added test to cover. For #4836	2024-03-09 15:52:09 +00:00
Dan Brown	b7d4bd5bce	Breadcrumbs: Set book/shelf lists to use name ordering ... Previously in database order (id) which is not predictable nor parsable for users. For #4876	2024-03-09 15:24:44 +00:00
Dan Brown	8e01345f14	Entity popular queriy: Loaded parents for selector breadcrumbs	2024-02-28 13:20:24 +00:00
Dan Brown	f5f96f84e7	404: Fixed entity list issue with entity with non-visible parent ... Adds our mixed entity list loader to popular queries for more efficient loading.	2024-02-28 13:08:06 +00:00
Dan Brown	2009d4d6a8	Translations: Updated translator attribution, added serbian to locales	2024-02-28 12:29:09 +00:00
Dan Brown	a75d5b8bc1	Sessions: Prevent image urls being part of session URL history ... To prevent them being considered for redirects. Includes test to cover. For #4863	2024-02-22 11:23:59 +00:00
Dan Brown	055bbf17de	Theme System: Added AUTH_PRE_REGISTER logical event ... Included tests to cover. Manually tested on standard and social (GitHub) auth. For #4833	2024-02-21 15:30:29 +00:00
Dan Brown	ff8daad22b	Merge pull request #4827 from BookStackApp/query_revamp ... Update of entity loading to be more efficient and avoid global addSelects	2024-02-11 15:56:32 +00:00
Dan Brown	1ea2ac864a	Queries: Update API to align data with previous versions ... Ensures fields returned match API docs and previous versions of BookStack where we were accidentally returning more fields than expected. Updates tests to cover many of these. Also updated clockwork to ignore image requests for less noisy debugging. Also updated chapter page query to not be loading all page data, via new query in PageQueries.	2024-02-11 15:42:37 +00:00
Dan Brown	ed9c013f6e	Queries: Addressed failing test cases from recent changes	2024-02-08 17:18:03 +00:00
Dan Brown	ed21a6d798	Queries: Updated old use-specific entity query classes ... - Updated name to align, and differentate from new 'XQueries' clases. - Removed old sketchy base class with app resolving workarounds, to a proper injection-based approach. - Also fixed wrong translation text used in PageQueries.	2024-02-08 16:39:59 +00:00
Dan Brown	b77ab6f3af	Queries: Moved out or removed some class-level items ... Also ran auto-removal of unused imports across app folder.	2024-02-07 22:41:45 +00:00
Dan Brown	546cfb0dcc	Queries: Extracted static page,chapter,shelf queries to classes	2024-02-07 21:58:27 +00:00
Dan Brown	483410749b	Queries: Updated all app book static query uses	2024-02-07 16:37:36 +00:00
Dan Brown	c95f4ca40f	Queries: Migrated revision repo queries to new class	2024-02-07 15:09:16 +00:00
Dan Brown	222c665018	Queries: Extracted PageRepo queries to own class ... Started new class for PageRevisions too as part of these changes	2024-02-05 17:35:49 +00:00
Dan Brown	8e78b4c43e	Queries: Extracted chapter repo queries to class ... Updated query classes to align to interface for common aligned operations. Extracted repeated string-identifier-based finding from page/chapter repos to shared higher-level entity queries.	2024-02-05 15:59:20 +00:00
Mikhail Shashin	9fa68fd8ab	Update PWA manifest orientation to any ... Changed the orientation settings in PwaManifestBuilder.php from 'portrait' to 'any'. This allows the PWA to adjust to any screen orientation, enhancing user flexibility.	2024-02-05 04:28:22 +03:00
Dan Brown	3886aedf54	Queries: Migrated bookshelf repo queries to new class	2024-02-04 19:32:19 +00:00
Dan Brown	1559b0acd1	Queries: Migrated BookRepo queries to new query class ... Also moved to a non-static approach, and added a high-level class to allow easy access to all other entity queries, for use in mixed-entity scenarios and easier/simpler injection.	2024-02-04 17:35:16 +00:00
Dan Brown	a70ed81908	DB: Started update of entity loading to avoid global selects ... Removes page/chpater addSelect global query, to load book slug, and instead extracts base queries to be managed in new static class, while updating specific entitiy relation loading to use our more efficient MixedEntityListLoader where appropriate. Related to #4823	2024-02-04 14:39:36 +00:00
Dan Brown	2460e7c56e	Plonker Remediation: Removed dd line left in from debugging	2024-02-01 12:57:26 +00:00
Dan Brown	779f09bff6	Merge branch 'chapter-templates' into development	2024-02-01 12:55:38 +00:00
Dan Brown	43a72fb9a5	Default chapter templates: Added tests, extracted repo logic ... - Updated existing book tests to be generic to all default templates, and updated with chapter testing. - Extracted repeated logic in the Book/Chapter repos to be shared in the BaseRepo. Review of #4750	2024-02-01 12:51:47 +00:00
Dan Brown	4137cf9c8f	Default chapter templates: Updated api docs and tests ... Also applied minor tweaks to some wording and logic. During review of #4750	2024-02-01 12:22:16 +00:00
Dan Brown	fee9045dac	Comments: Removed remaining uses of redundant 'text' field ... Opened #4821 to remove the DB field in a few releases time.	2024-01-31 16:35:58 +00:00
Dan Brown	06901b878f	Comments: Added HTML filter on load, tinymce elem filtering ... - Added filter on load to help prevent potentially dangerous comment HTML in DB at load time (if it gets passed input filtering, or is existing). - Added TinyMCE valid_elements for input wysiwygs, to gracefully degrade content at point of user-view, rather than surprising the user by stripping content, which TinyMCE would show, post-save.	2024-01-31 16:20:22 +00:00
Dan Brown	e9a19d5878	Comments: Added wysiwyg link selector, updated tests, removed command ... - Updated existing tests with recent back-end changes, mainly to use HTML data. - Removed old comment regen command that's no longer required.	2024-01-31 14:22:04 +00:00
Dan Brown	adf0baebb9	Comments: Added back-end HTML support, fixed editor focus ... Also fixed handling of editors when moved in DOM, to properly remove then re-init before & after move to avoid issues.	2024-01-30 15:16:58 +00:00
Dan Brown	5c92b72fdd	Comments: Added input wysiwyg for creating/updating comments ... Not supporting old content, existing HTML or updating yet.	2024-01-30 14:27:09 +00:00