- better handling of empty parameters
- added the mock functionality to both API and UI, this will generate the e-mail to be sent and return it with no actual sending happening
- defaulting to mock if emailing is disabled
- fixed some minor bugs
This option not only sets the location of the gpgconf binary, but
if set to false, disables behaviour that shuts down running agents
when a Crypt_GPG object is destroyed. This behaviour would also
kill any long-running or daemonised agents that are running and
configured in the gpg.homedir directory.
- fixes a nasty issue with saving users failing when ZMQ is enabled on instances installed after 2.4.69
- fixes a typo that caused invalid user changes being pushed to the ZMQ channel
- Added method to upgrade all passwords to blowfish transparently
- All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed
- Thanks to cert.govt.nz for the security report.
- added date created/modified in the backend
- added date created in the users index
- passowrd reset for a user now shows a warning if no pgp/smime key are set and the user might not be getting the email
- quick e-mail: send an e-mail to a user quickly
- orgadmin: see the org admins of a user and contact them
- pgp key issues shown on the user view
- pgp fingerprint shown on the user view
- copy paste auth keys and pgp keys quickly by clicking on them
- opened up the organisations controller to API actions
- this includes index/add/edit/delete
- uses the still new-ish standardised REST library
- send GET requests to add/edit to view the parameters
- reworked the org index to paginate 60 items instead of 20 and to have a view all button
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
backticks are only necessary to escape reserved keywords.
as backticks are MySQL-specific, having them only where really necessary
makes integrating support for other DBMS easier.
- tied into auto upgrade system
- tied into server settings
- some cleanup of overly verbose debug
- Enforcing enable/disable everywhere
- Changed temporary file structure
- The password change forced on users by administrators couldn't save new passwords
- instead it reset the password to a new random password
- Resetting the password of such users via the admin interface should fix the issue
- Alternatively manually setting the password also fixes it
- contact e-mail recipients were incorrectly set resulting in the e-mails landing at the wrong recipient
- disabled users were not excluded from certain e-mails
- until now the encryption of emails happened in a try catch block
- however, crypt_gpg throws a fatal error instead of an exception, killing the background worker
- added an extra checking algorithm that will test the key for a valid encryption key (encryption enabled + not expired)
- if it's not there, it will just log an error message and continue execution of the other e-mails
- Changing the auth key now creates a log entry that inclues the user's ID, e-mail address old and new autkeys
- Also removed the logging of the hashed password for newly created users
Also, reworked a lot of remaining distribution checks not handled by the main fetch methods
Conflicts:
VERSION.json
app/Controller/AttributesController.php
app/Controller/ShadowAttributesController.php
app/View/ShadowAttributes/add.ctp
app/View/ShadowAttributes/edit.ctp
- Fixed a critical bug in the XML export
- As of recently XML exports include relations as they were missing before
- the sanitisation of the event info field in related attributes was incorrectly sanitized of unicode characters
- this can lead to the XML export breaking and also for affected events to be blocked from synchronisation
- Proposal fixes
- fixed an invalid uuid generation that lead to an exception
- fixed the attachments for proposals still using the old attachment system that disallows most filenames
- added the automatic creation of hashes for attachment proposals
Merging all the new changes from master
Conflicts:
VERSION.json
app/Console/Command/AdminShell.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Log.php
app/Model/Server.php
app/Model/User.php
app/View/Elements/side_menu.ctp
app/View/Pages/administration.ctp
app/View/Users/admin_index.ctp
- MISP will now fetch a list of all keys matching the e-mail address from the MIT server from the user edit view
- A popup will present all the matching keys (with the creation date, key ID, email addresses associated - and the fingerprint when hovering over them)
- Once the admin clicks on one, it will fetch the desired key
- future enhancement possibility: move the second stage (the actual key fetch) to the server side instead of a direct ajax query from the user's browser
- HIDS exports did not include filename|hash types
- Sending a password reset / welcome message picked the opposite subject line
- line breaks were sent as literals.
- users can specify an alternate gnupg executable
- Since GnuPG2 is not compatible with the last stable CryptGPG version, there are 3 options for CentOS / Red Hat users:
1. Don't use a passphrase for the server's PGP key
2. Install the beta version of CryptGPG (1.4.0b4)
3. Install GnuPG classic and point MISP to the executable
- This patch enables option 3, administrators can point MISP to the alternate executable in the server settings
- this commit is mostly here to capture what was changed in hotfix 2.3.69
- e-mailing completely reworked, all e-mails now flow through the same method
- that method will handle all encryption and the decisions whether to send e-mails unencrypted to users without an encryption key, whether to keep the body of the e-mail untruncated, etc
- all e-mails are now also logged here (including the reason of a potential failure)
- new server settings for default template messages for password resets / new user welcome messages
- admin e-mail interface reworked and org admins now also have access to the features
- password resets / new user for site and org admins (where applicable) - quickly reset the password of a user and alert them using the pre-defined reset template
=====
- Tuned the freetext import to really accept free-text. Let me know if you have any tips for tuning the detection further!
- it now breaks the passed string on whitespace and line-break and tries to resolve the rest. Filename resolution tightened to exclude anthing that starts or ends with a .
iglocska
Alexandre Dulaunoy