Lachlan Tripolone
a3d0f7478f
Move settings category layouts into their own view folder
2024-10-11 10:42:48 +11:00
Lachlan Tripolone
b9b5003239
Refactor SettingController to validate categies by existing view files
2024-10-11 10:40:38 +11:00
Dan Brown
8b9bcc1768
Search: Fixed last commented filter when using table prefixes
analyse-php / build (push) Has been cancelled
lint-php / build (push) Has been cancelled
test-js / build (push) Has been cancelled
test-migrations / build (8.1) (push) Has been cancelled
test-migrations / build (8.2) (push) Has been cancelled
test-migrations / build (8.3) (push) Has been cancelled
test-php / build (8.1) (push) Has been cancelled
test-php / build (8.2) (push) Has been cancelled
test-php / build (8.3) (push) Has been cancelled
2024-10-05 15:20:04 +01:00
Dan Brown
51287d545b
Searching: Fixed some form search issues
...
- Form was not retaining certain filters
- Form request handling of entity type set wrong filter name
Added test to cover.
2024-10-05 14:49:30 +01:00
Dan Brown
966ff91386
Search: Prevented negated terms filling in UI inputs
...
Added test to cover.
2024-10-03 19:40:11 +01:00
Dan Brown
cd84d08157
Search: Added exact/filter/tag term negation support
2024-10-03 19:27:03 +01:00
Dan Brown
93c677a6a9
Searching: Added negation support to UI and term handling
...
Updated/added tests to cover.
Support for actual search queries still remains.
2024-10-03 15:59:50 +01:00
Dan Brown
177cfd72bf
Search: Added structure for search term inputs
...
Sets things up to allow more complex terms ready to handle negation.
2024-10-02 17:31:45 +01:00
Dan Brown
e65655594f
Merge branch 'feature/opensearch' into development
analyse-php / build (push) Waiting to run
lint-js / build (push) Waiting to run
lint-php / build (push) Waiting to run
test-js / build (push) Waiting to run
test-migrations / build (8.1) (push) Waiting to run
test-migrations / build (8.2) (push) Waiting to run
test-migrations / build (8.3) (push) Waiting to run
test-php / build (8.1) (push) Waiting to run
test-php / build (8.2) (push) Waiting to run
test-php / build (8.3) (push) Waiting to run
2024-09-30 17:21:51 +01:00
Dan Brown
f583354748
Maintenance: Removed stray dd from last commit
analyse-php / build (push) Waiting to run
lint-php / build (push) Waiting to run
test-migrations / build (8.1) (push) Waiting to run
test-migrations / build (8.2) (push) Waiting to run
test-migrations / build (8.3) (push) Waiting to run
test-php / build (8.1) (push) Waiting to run
test-php / build (8.2) (push) Waiting to run
test-php / build (8.3) (push) Waiting to run
2024-09-29 16:50:48 +01:00
Dan Brown
d12e8ec923
Users: Improved user response for failed invite sending
...
Added specific handling to show relevant error message when user
creation fails due to invite sending errors, while also returning user
to the form with previous input.
Includes test to cover.
For #5195
2024-09-29 16:41:18 +01:00
Dan Brown
89f84c9a95
Pages: Updated editor field to always be set
...
- Migration for setting on existing pages
- Added test to cover simple new page scenario
For #5117
2024-09-29 14:36:41 +01:00
Dan Brown
6103a22feb
Exports: Made pdf command timeout configurable
...
lint-php / build (push) Has been cancelled
analyse-php / build (push) Has been cancelled
test-migrations / build (8.1) (push) Has been cancelled
test-migrations / build (8.2) (push) Has been cancelled
test-migrations / build (8.3) (push) Has been cancelled
test-php / build (8.1) (push) Has been cancelled
test-php / build (8.2) (push) Has been cancelled
test-php / build (8.3) (push) Has been cancelled
Added test to cover.
For #5119
2024-09-27 16:33:58 +01:00
Dan Brown
b35b62d59f
Merge branch 'lexical' into development
2024-09-27 12:04:01 +01:00
Dan Brown
8b32e6c15a
Page Editors: Added switching/options for new lexical editor
2024-09-22 20:06:55 +01:00
Maximilian Walter
476c2be5a6
Add XML for OpenSearch
2024-09-09 22:54:33 +02:00
Dan Brown
9aa3442a17
API: Fixed lacking permission enforcement on book contents
2024-08-29 14:43:21 +01:00
Dan Brown
c68d154f0f
LDAP: Updated tests for recursive group changes
2024-08-28 21:16:18 +01:00
Dan Brown
1b4ed69f41
LDAP: Updated recursive group search to query by DN
...
Added test to cover, added pre-change.
Need to test post-changes and fix tests.
2024-08-28 15:39:05 +01:00
Dan Brown
1f2506221a
API: Updated docs with consistent types, fixed users response example
...
For #5178 and #5183
2024-08-27 12:23:36 +01:00
Dan Brown
897bb338f9
CSP: Updated handling of drawio URL to consider port
...
Previously if a custom port was used in the DRAWIO option it would not
be considered in the CSP handling, which would block loading.
Added test to cover.
For #5107
2024-07-14 16:06:18 +01:00
Dan Brown
767699a066
OIDC: Fixed incorrect detection of group detail population
...
An empty (but valid formed) groups list provided via the OIDC ID token
would be considered as a lacking detail, and therefore trigger a lookup
to the userinfo endpoint in an attempt to get that information.
This fixes this to properly distinguish between not-provided and empty
state, to avoid userinfo where provided as valid but empty.
Includes test to cover.
For #5101
2024-07-14 14:21:16 +01:00
DanielGordonIT
9b0ef85f77
Wraps file extension comparison components in strtolower()
...
This avoids the issue where replacing file.PNG with newfile.png fails due to "PNG" not being equal to "png"
2024-07-03 15:50:25 -04:00
Dan Brown
11a7ccc37e
SAML: Set static type to pass static checks
...
Not totally clear if underlying code can actually return null, but
playing it safe to remain as-is for now for patch release.
2024-06-10 10:31:35 +01:00
Dan Brown
a8ce199e0d
Pages: Fixed unused changelog on first page publish
...
Included test to cover.
For #5056
2024-06-09 17:18:23 +01:00
Dan Brown
3406846c82
Images: Updated GIF handling to use native methods
...
Changes GIF image thumbnail handling to direcly load via gd instead of
going through interventions own handling (which supports frames) since
we don't need animation for our thumbnails, and since performance issues
could arise with GIFs that have large frame counts.
For #5029
2024-06-09 17:00:58 +01:00
Dan Brown
bddc6ae66b
Roles: Added max validation for role external auth id field
...
For #5037
2024-06-08 20:33:34 +01:00
Dan Brown
d133f904d3
Auth: Changed email confirmations to use login attempt user
...
Negates the need for a public confirmation resend form
since we can instead just send direct to the last session login attempter.
2024-05-20 17:23:15 +01:00
Dan Brown
69af9e0dbd
Routes: Added throttling to a range of auth-related endpoints
...
Some already throttled in some means, but this adds a simple ip-based
non-request-specific layer to many endpoints.
Related to #4993
2024-05-20 14:00:58 +01:00
Dan Brown
5651d2c43d
Config: Reverted change to cache directory
...
Change made during Laravel 10 updates to align (Laravel made this change
much earlier in 5.x series) but it caused issues due to folder not
pre-existing and due to potentiall permission issues.
(CLI could create this during update, with non-compatible permissions
for webserver).
For #4999
2024-05-18 20:40:26 +01:00
Angelo Geant Gaviola
79f5be4170
Fixed notification preferences URL in email
2024-05-14 17:04:23 +08:00
Dan Brown
67df127c26
API: Added to, and updated, testing to cover audit log additions
2024-05-05 15:44:58 +01:00
Dan Brown
3946158e88
API: Added audit log list endpoint
...
Not yested covered with testing.
Changes database columns for more presentable names and for future use
to connect additional model types.
For #4316
2024-05-04 16:28:18 +01:00
Dan Brown
dd251d9e62
Merge branch 'nesges/development' into development
2024-05-04 14:00:40 +01:00
Dan Brown
5c28bcf865
Registration: Reviewed added simple honeypot, added testing
...
Also cleaned up old RegistrationController syntax.
Review of #4970
2024-05-04 13:59:41 +01:00
Dan Brown
b0720777be
Merge pull request #4985 from BookStackApp/ldap_ca_cert_control
...
LDAP CA TLS Cert Option, PR Review and continuation
2024-05-02 23:16:16 +01:00
Dan Brown
8087123f2e
LDAP: Review, testing and update of LDAP TLS CA cert control
...
Review of #4913
Added testing to cover option.
Updated option so it can be used for a CA directory, or a CA file.
Updated option name to be somewhat abstracted from original underling
PHP option.
Tested against Jumpcloud.
Testing took hours due to instability which was due to these settings
sticking and being unstable on change until php process restart.
Also due to little documentation for these options.
X_TLS_CACERTDIR option needs cert files to be named via specific hashes
which can be achieved via c_rehash utility.
This also adds detail on STARTTLS failure, which took a long time to
discover due to little detail out there for deeper PHP LDAP debugging.
2024-05-02 23:11:31 +01:00
Dan Brown
6b681961e5
LDAP: Updated default user filter placeholder format
...
To not conflict with env variables, and to align with placeholders used
for PDF gen command.
Added test to cover, including old format supported for
back-compatibility.
For #4967
2024-04-28 12:29:57 +01:00
Dan Brown
f0dd33c1b4
PDF: Added tests for pdf command, fixed old tests for changes
2024-04-26 15:39:40 +01:00
Dan Brown
1c7128c2cb
PDF: Added implmentation of command PDF option
...
Tested quickly manually but not yet covered by PHPUnit tests.
2024-04-24 16:09:53 +01:00
Dan Brown
40200856af
PDF: Removed barryvdh snappy to use snappy direct
...
Also simplifies config format, and updates snappy implmentation to use
the new config file.
Not yet tested.
2024-04-24 15:13:44 +01:00
Dan Brown
bb6670d395
PDF: Started new command option, merged options, simplified dompdf
...
- Updated DOMPDF to direcly use library instead of depending on barry
wrapper.
- Merged existing export options file into single exports file.
- Defined option for new command option.
Related to #4732
2024-04-22 16:40:42 +01:00
Dan Brown
8b14a701a4
OIDC Userinfo: Fixed issues with validation logic from changes
...
Also updated test to suit validation changes
2024-04-19 16:43:51 +01:00
Dan Brown
0958909cd9
OIDC Userinfo: Added additional tests to cover jwks usage
2024-04-19 15:05:00 +01:00
Dan Brown
b18cee3dc4
OIDC Userinfo: Added JWT signed response support
...
Not yet tested, nor checked all response validations.
2024-04-19 14:12:27 +01:00
nesges
31272e60b6
add ambrosia-container to registration form as honeypot for bots: new form field "username" must not be filled
2024-04-19 09:35:09 +02:00
Dan Brown
fa543bbd4d
OIDC Userinfo: Started writing tests to cover userinfo calling
2024-04-17 23:26:56 +01:00
Dan Brown
7d7cd32ca7
OIDC Userinfo: Added userinfo data validation, seperated from id token
...
Wrapped userinfo response in its own class for additional handling and
validation.
Updated userdetails to take abstract claim data, to be populated by
either userinfo data or id token data.
2024-04-17 18:23:58 +01:00
Dan Brown
a71c8c60b7
OIDC: Extracted user detail handling to own OidcUserDetails class
...
Allows a proper defined object instead of an array an extracts related
logic out of OidcService.
Updated userinfo to only be called if we're missing details.
2024-04-16 18:14:22 +01:00
Dan Brown
9183e7f2fe
OIDC Userinfo: Labelled changes to be made during review
2024-04-16 15:52:55 +01:00