Commit Graph

86 Commits

Author SHA1 Message Date
Dan Brown
8ea3855e02
ZIP Import: Added upload handling
Some checks are pending
analyse-php / build (push) Waiting to run
lint-php / build (push) Waiting to run
test-migrations / build (8.1) (push) Waiting to run
test-migrations / build (8.2) (push) Waiting to run
test-migrations / build (8.3) (push) Waiting to run
test-php / build (8.1) (push) Waiting to run
test-php / build (8.2) (push) Waiting to run
test-php / build (8.3) (push) Waiting to run
Split attachment service storage work out so it can be shared.
2024-11-02 20:48:21 +00:00
Dan Brown
c4ec50d437
ZIP Exports: Got zip format validation functionally complete
Some checks failed
analyse-php / build (push) Has been cancelled
lint-php / build (push) Has been cancelled
test-migrations / build (8.1) (push) Has been cancelled
test-migrations / build (8.2) (push) Has been cancelled
test-migrations / build (8.3) (push) Has been cancelled
test-php / build (8.1) (push) Has been cancelled
test-php / build (8.2) (push) Has been cancelled
test-php / build (8.3) (push) Has been cancelled
2024-10-30 15:26:23 +00:00
Dan Brown
b50b7b667d
ZIP Exports: Started import validation 2024-10-30 13:13:41 +00:00
Dan Brown
42b9700673
ZIP Exports: Finished up format doc, move files, started builder
Some checks failed
test-migrations / build (8.3) (push) Has been cancelled
analyse-php / build (push) Has been cancelled
lint-js / build (push) Has been cancelled
lint-php / build (push) Has been cancelled
test-js / build (push) Has been cancelled
test-migrations / build (8.1) (push) Has been cancelled
test-migrations / build (8.2) (push) Has been cancelled
test-php / build (8.1) (push) Has been cancelled
test-php / build (8.2) (push) Has been cancelled
test-php / build (8.3) (push) Has been cancelled
Moved all existing export related app files into their new own dir.
2024-10-15 16:14:11 +01:00
Dan Brown
d133f904d3
Auth: Changed email confirmations to use login attempt user
Negates the need for a public confirmation resend form
since we can instead just send direct to the last session login attempter.
2024-05-20 17:23:15 +01:00
Dan Brown
1c7128c2cb
PDF: Added implmentation of command PDF option
Tested quickly manually but not yet covered by PHPUnit tests.
2024-04-24 16:09:53 +01:00
Dan Brown
c13fd2a9e6
PHPStan: Fixed larastan loading and address some level2 issues 2023-12-10 14:58:05 +00:00
Dan Brown
5af3041b9b
Thumbnails: Added OOM handling and regen endpoint
- Added some level of app out-of-memory handling so we can show a proper
  error message upon OOM events.
- Added endpoint and image-manager button/action for regenerating
  thumbnails for an image so they can be re-created upon failure.
2023-09-29 13:54:08 +01:00
Dan Brown
59da7666b5
Uploads: Added user-facing message for Laravel post limit handling
Uploads over the post max size Would previously error without a
clean user facing message. This catches that error to provide a
user friendly message, compatible with our common error handling.

Tested on image manager handling.
Added test to cover.
2023-09-25 13:48:23 +01:00
Dan Brown
6e098905d4
Theme: Added handling for functions.php file load error
This adds specific handling for functions.php error loading to re-throw
errors wrapped in a more descriptive message, to make it clear the error
is due to an issue in their functions.php file.

Decided to throw and stop, rather than ignore & continue, to be on the
safe side in the event auth-level (or other security level) customizations
have been made via functions.php.

Adds test to cover.
Closes #4504
2023-09-12 12:34:02 +01:00
Dan Brown
bae0e80cee
Merge pull request #4320 from devdot/improve-api-auth-exception
Improve ApiAuthException control flow
2023-06-25 23:35:19 +01:00
Thomas Kuschan
74097bd47c Simplify ApiAuthException control flow
Remove unnecessary UnauthorizedException
and make ApiAuthException compatible with HttpExceptionInterface.

Move the creation of a rsponse for the exception
from ApiAuthenticate middleware into the application exception handler.
2023-06-16 10:00:02 +02:00
Thomas Kuschan
7249d947ec Change JsonDebugException to Responsable interface
In all other exceptions, when a Response is supposed to be returned,
the Responsable interface is used instead of render.
2023-06-16 09:53:12 +02:00
Dan Brown
e72cf61f7e
Exceptions: Added some types, simplified some classes
During review of #4291
2023-06-15 17:07:40 +01:00
Thomas Kuschan
34d8268b2b Refactor notify exception to clean up api exception handling 2023-06-14 11:08:20 +02:00
Thomas Kuschan
321a459421 Refactor exception handling by using interface 2023-06-13 18:52:02 +02:00
Thomas Kuschan
9ba7d1e6c5 Fix "HTTP 500 on not found" bug #4290 2023-06-08 10:50:12 +02:00
Dan Brown
295cd01605
Played around with a new app structure 2023-05-17 17:56:55 +01:00
Dan Brown
5e8ec56196
Fixed issues found from tests 2023-02-06 20:41:33 +00:00
Dan Brown
008e7a4d25
Followed Laravel 9 update steps and file changes 2023-02-06 16:58:29 +00:00
Dan Brown
16e023985d
Prevented inadvertant logging during MFA flow
- Added StoppedAuthenticationException to dontReport list.
- Added test to cover.

Closes #3468
2022-05-30 18:31:08 +01:00
Dan Brown
328bc88f02
Fixed LDAP_DUMP_* options when data contains binary
Dumping details that were binary, such as the jpegphoto data, would
cause the dump to fail on the encoding to JSON.
This change forces content to be UTF8 before dumping.
Updated existing test to cover.

Closes #3396
2022-05-09 15:57:50 +01:00
Dan Brown
ce566bea2a
Updated OIDC error handling for better error reporting
Fixes issue where certain errors would not show to the user
due to extra navigation jumps which lost the error message
in the process.
This simplifies and aligns exceptions with more directly
handled exception usage at the controller level.

Fixes #3264
2022-02-24 14:16:09 +00:00
Dan Brown
c8be6ee8a6
Addressed test failures from users API changes 2022-02-04 01:02:13 +00:00
Dan Brown
eb653bda16
Added user-create API endpoint
- Required extracting logic into repo.
- Changed some existing creation paths to standardise behaviour.
- Added test to cover new endpoint.
- Added extra test for user delete to test migration.
- Changed how permission errors are thrown to ensure the right status
  code can be reported when handled in API.
2022-02-04 00:26:19 +00:00
Dan Brown
d8c45f5746
Changed model loading and permission checking on book sort
Models are now loaded into their own map to then be used for sorting and
reporting back of changed books. Prevents akward logic ordering issues
of before where some bits of code assumed/hoped for loaded models on
abstract data structures.

New levels of permissions are now checked for items within the
sort operation. Needs testing to cover.
2022-01-04 21:09:34 +00:00
Dan Brown
b4fa82e329
Fixed related permissions query not considering drafts
Page-related items added on drafts could be visible in certain scenarios
since the applied permissions query filters would not consider
page draft visibility.
This commit alters queries on related items to apply such filtering.

Included test to cover API scenario.
Thanks to @haxatron for reporting.
2021-11-30 00:06:17 +00:00
Dan Brown
f139cded78
Laravel 8 shift squash & merge (#3029)
* Temporarily moved back config path
* Apply Laravel coding style
* Shift exception handler
* Shift HTTP kernel and middleware
* Shift service providers
* Convert options array to fluent methods
* Shift to class based routes
* Shift console routes
* Ignore temporary framework files
* Shift to class based factories
* Namespace seeders
* Shift PSR-4 autoloading
* Shift config files
* Default config files
* Shift Laravel dependencies
* Shift return type of base TestCase methods
* Shift cleanup
* Applied stylci style changes
* Reverted config files location
* Applied manual changes to Laravel 8 shift

Co-authored-by: Shift <shift@laravelshift.com>
2021-10-30 21:29:59 +01:00
Dan Brown
f77236aa38
Laravel 7.x Shift (#3011)
* Apply Laravel coding style
* Shift bindings
* Shift core files
* Shift to Throwable
* Add laravel/ui dependency
* Shift Eloquent methods
* Shift config files
* Shift Laravel dependencies
* Shift cleanup
* Shift test config and references
* Applied styleci changes
* Applied fixes post shift to laravel 7

Co-authored-by: Shift <shift@laravelshift.com>
2021-10-26 22:04:18 +01:00
Dan Brown
6e325de226
Applied latest styles changes from style CI 2021-10-16 16:01:59 +01:00
Dan Brown
263384cf99
Merge branch 'oidc' 2021-10-16 15:51:13 +01:00
Dan Brown
f3c147d33b
Applied latest styleci changes 2021-10-15 14:16:45 +01:00
Dan Brown
ffa4377e65
Added testing to cover debug view 2021-10-14 17:40:22 +01:00
Dan Brown
9b8bb49a33
Added custom whoops-based debug view
Provides a simple bookstack focused view that does not rely on JavaScript.
Contains links to BookStack specific resources in addition to commonly
desired debug details.
2021-10-14 15:33:08 +01:00
Dan Brown
41438adbd1
Continued review of #2169
- Removed uneeded custom refresh or logout actions for OIDC.
- Restructured how the services and guards are setup for external auth
  systems. SAML2 and OIDC now directly share a lot more logic.
- Renamed any OpenId references to OIDC or OpenIdConnect
- Removed non-required CSRF excemption for OIDC

Not tested, Come to roadblock due to lack of PHP8 support in upstream
dependancies. Certificate was deemed to be non-valid on every test
attempt due to changes in PHP8.
2021-10-06 23:05:26 +01:00
Dan Brown
193d7fb3fe
Merge branch 'openid' of https://github.com/jasperweyne/BookStack into jasperweyne-openid 2021-10-06 13:18:21 +01:00
Dan Brown
a4d9bca9e1
Converted AuthTest away from BrowserKit
Moved some user managment tests out to more relevant classess along the
way.
Found some tweaks to make for email confirmation routing as part of
this.
2021-09-17 23:44:54 +01:00
Dan Brown
64785ed9da Apply fixes from StyleCI 2021-08-21 14:49:40 +00:00
Dan Brown
39a205ed28
Quick test of email confirmation routes and fix of tests 2021-08-07 21:18:59 +01:00
Dan Brown
1af5bbf3f7
Added login redirect system to confirm/mfa
Also continued a bit on the MFA verification system.
Moved some MFA routes to public space using updated login service to get
the current user that is either logged in or last attempted login (With
correct creds).
2021-07-18 16:52:31 +01:00
Dan Brown
934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown
9e7bcacf8c
Moved NotifyException render work from handler to exception
As continued from last commit.
2021-05-08 19:00:09 +01:00
Dan Brown
7be7d7d1e7
Updated not-found image path handling to have better ux
Added test to cover.
Started refactoring some of the app error handling in
the process of this.

Fixes #2696
2021-05-08 18:49:58 +01:00
Dan Brown
98a1e57ba9 Ran phpcbf and updated phpcs.xml 2021-03-07 22:24:05 +00:00
Dan Brown
382f155f76
Better aligned handler with core laravel 2021-03-02 21:59:12 +00:00
Jasper Weyne
07a6d7655f First basic OpenID Connect implementation 2020-07-01 23:27:50 +02:00
Dan Brown
19bfc8ad37
Prevented entity "Not Found" events from being logged
- Added testing to cover, which was more hassle than thought
  since Laravel did not have built in log test helpers, so:
- Added Log testing helper.

Related to #2110
2020-05-23 11:28:59 +01:00
Dan Brown
8ce38d2158
Fixed not shown existing-email warning on new ldap user
- Reduced the amount of different exceptions from LDAP attempt so they
can be handled more consistently.
- Added test to cover.
- Also cleaned up LDAP tests to reduce boilterplate mocks.

Fixes #2048
2020-04-26 12:13:00 +01:00
Dan Brown
3991fbe726
Checked over and aligned registration option behavior across all auth options
- Added tests to cover
2020-02-02 17:31:00 +00:00
Dan Brown
575b85021d
Started alignment of auth services
- Removed LDAP specific logic from login controller, placed in Guard.
- Created safer base user provider for ldap login, to be used for SAML
soon.
- Moved LDAP auth work from user provider to guard.
2020-02-01 11:42:22 +00:00