mokaddem
748bc65daa
new: [users:index] Batch toggleable fields
2021-05-05 14:30:20 +02:00
Jeroen Pinoy
13b605622d
chg: [UsageData] fix active proposal count, exclude deleted entries
2021-05-04 20:08:35 +02:00
Jakub Onderka
88f6038b28
new: [log] Audit Log statistics
2021-05-03 13:44:44 +02:00
iglocska
ad37454e89
Merge branch '2.4' into develop
2021-04-28 15:34:49 +02:00
iglocska
ef9370514f
fix: [emailing] password resets and OTP didn't handle line breaks correctly
2021-04-28 15:33:50 +02:00
mokaddem
bacf072c59
chg: [users:index] Migrated view to factory
2021-04-28 09:14:54 +02:00
Loïc Fortemps
5eb67f0fd9
fix: [UI] Correctly display last login time
...
Until now, we were showing the "one before last" login time, this fixes the issue
2021-04-27 15:42:01 +02:00
Jakub Onderka
d99a6d0ca4
fix: [UI] Wrong org id for galaxy matrix stats
2021-04-23 10:17:15 +02:00
Jakub Onderka
ab84aecc48
new: [authkeys] Copy key info when resetting key
2021-03-03 09:23:07 +01:00
iglocska
b08befbf26
Merge branch '2.4' into develop
2021-03-03 00:07:02 +01:00
Andras Iklody
ef21065e33
Merge pull request #7092 from lfortemps/patch-2
...
fix: [email_otp] Trim value for increased UX
2021-03-02 23:46:23 +01:00
Alexandre Dulaunoy
eec55c3438
Merge branch '2.4' into develop
2021-02-27 10:26:38 +01:00
Loïc Fortemps
08f4211841
fix: [email_otp] Trim value for increased UX
2021-02-25 13:30:49 +01:00
Loïc Fortemps
7ce4a8a305
fix: [email_otp] skip OTP for disabled users
2021-02-25 13:17:26 +01:00
Jakub Onderka
0ba05044bf
fix: [internal] Really disable password change
2021-02-22 20:45:42 +01:00
iglocska
0e280c443f
fix: [API] password reset was broken for admins
2021-02-22 14:16:43 +01:00
Jakub Onderka
294e4a620b
fix: [login] Correctly convert old password hash to blowfish
2021-01-21 10:34:59 +01:00
Jakub Onderka
2bdd086dc4
fix: [login] Convert old password hash to blowfish
2021-01-20 21:15:03 +01:00
Jakub Onderka
9896f67358
new: [security] New setting Security.username_in_response_header
2020-12-17 13:50:25 +01:00
Jakub Onderka
49b85ed33c
chg: [internal] Load just necessary info when loading homepage info
2020-12-17 13:49:32 +01:00
Jakub Onderka
7f0d06ae4d
chg: [internal] Move user checks to one place
2020-12-17 13:49:32 +01:00
Jakub Onderka
becbf95c37
new: [UI] Download GPG public key from GPG homedir
2020-12-17 13:19:55 +01:00
Jakub Onderka
aba8317d89
new: [UI] Find org images also by uuid and support SVG images
2020-12-13 13:09:39 +01:00
Jakub Onderka
b382c98be0
Merge pull request #6744 from JakubOnderka/user-filter
...
new: [UI] Make possible to filter users by active/disabled
2020-12-11 17:16:51 +01:00
Jakub Onderka
583314bc02
new: [UI] Make possible to filter users by active/disabled
2020-12-11 16:44:55 +01:00
Jakub Onderka
20053ea32c
fix: [security] Do not leak org names when hide_organisation_index_from_users enabled
2020-12-10 23:01:08 +01:00
Jakub Onderka
2c7d6e4466
new: [auth] Allow to enforce auth plugin authentication
2020-11-30 14:46:36 +01:00
Jakub Onderka
4b44db22a9
new: [test] Security test suite
2020-11-24 19:03:17 +01:00
Jakub Onderka
3b8b0019af
new: [user] Setting `disable_user_add` to disable user creation by org admins
2020-11-14 17:44:17 +01:00
Jakub Onderka
d7fff01b4e
new: [user] Disabling password and login changes apply also for org admins
2020-11-14 17:44:16 +01:00
Jakub Onderka
c8fcfaf5e2
new: [user] Allow to disable user login change
2020-11-14 17:44:16 +01:00
Jakub Onderka
8e76af6370
new: [user] Allow to disable user password change
2020-11-14 17:44:16 +01:00
iglocska
0bfac46701
chg: [user] views aligned with new authkeys
...
- adding users should display the newly created authkey
- other views should not show anything
- API responses fixed
2020-11-13 12:49:56 +01:00
iglocska
dbffebe503
Merge branch '2.4' into CRUD
2020-11-11 11:19:23 +01:00
iglocska
5b256405c0
new: [advanced authkey] system
2020-11-11 10:46:38 +01:00
Jakub Onderka
5a4ba9cbc1
fix: [internal] Properly set login times for custom auth
2020-10-29 17:53:11 +01:00
iglocska
0b6da917d4
new: [advanced authkey] API key copy to the new system added to diagnostics
2020-10-20 08:35:21 +02:00
iglocska
62bbc95472
Merge branch '2.4' into CRUD
2020-10-20 02:01:21 +02:00
iglocska
617db7a337
chg: [user] admin view now loads advanced authkeys when appropriate
2020-10-20 01:48:51 +02:00
Jakub Onderka
461318de19
fix: [UI] Show warning if notification when creating new user could not be send
2020-10-13 12:28:20 +02:00
Golbark
3fb47d1cce
chg: [internal] Using blocklist instead of blacklist
2020-09-01 16:27:36 +02:00
Jakub Onderka
3005ef8f6e
fix: [otp] Allow to send encrypted OTP by mail
2020-08-20 19:58:24 +02:00
mokaddem
fdade41e5e
chg: [users:acceptRegistration] Displays an error message if saved
...
failed
Fix #6134
2020-07-30 09:00:46 +02:00
mokaddem
6321e02e34
chg: [users:resgister] Use the trimmed data instead
2020-06-29 10:18:20 +02:00
mokaddem
89adde7e0b
fix: [user:registration] Report field validations to the user. Fix #6072
...
and #6073
2020-06-29 10:12:22 +02:00
mokaddem
41506cc7e7
fix: [users:change_pw] Return error message when trying to use the same
...
password. Fix #5961
2020-06-03 15:05:09 +02:00
Jakub Onderka
77e34ba41c
fix: [UI] Do not show Good-Bye when using custom logout
...
Becuse without this patch, Good-Bye is show when user successfully log in.
2020-05-21 17:10:28 +02:00
iglocska
cd7d01306d
fix: [registration] acceptRegistration now accepts non User wrapped input
2020-05-06 21:40:04 +02:00
iglocska
9c52ed095a
fix: [users] accepting registration requests can throw a badly mapped exception
...
- changed to 400
2020-05-06 13:46:04 +02:00
iglocska
d996b4093d
fix: [registrations] multi-delete fixed
2020-05-06 11:13:56 +02:00
iglocska
f9cbe42aa8
new: [statistics] added contributing org count
2020-04-30 16:05:15 +02:00
iglocska
6ec8391e46
Merge branch '5726' into 2.4
2020-04-29 15:50:01 +02:00
iglocska
a922bfa6f5
chg: [otp] monor changes
...
- i18n
- function naming convention
2020-04-29 15:49:15 +02:00
Jakub Onderka
79517ab430
fix: Correct flash message when sending e-mail
2020-04-25 23:06:10 +02:00
mokaddem
e5c49e636c
chg: [users:registrations] Catch if no org_id was provided
2020-04-24 12:02:43 +02:00
mokaddem
6bff239740
chg: [user:registration] Added audit log
2020-04-22 10:04:07 +02:00
mokaddem
46a940acb8
chg: [user:acceptRegistration] Added fail message
2020-04-22 09:44:13 +02:00
mokaddem
56f69fb2ea
chg: [user:acceptRegistration] Default to instance's default role if
...
role_id not passed
2020-04-22 09:41:13 +02:00
mokaddem
47be5e75fe
chg: [user:regitration] Accept/Discard registration accept UUID as
...
parameter
2020-04-22 09:19:27 +02:00
mokaddem
86238031cf
fix: [user:registration] Default undefined message to empty string
2020-04-22 08:51:15 +02:00
Golbark
93ba84fd02
Hook into native authentication flow instead of beforefilter
...
which prevents any after-auth bypass and rely on framework
session management.
2020-04-20 12:24:47 +02:00
Golbark
3436bc6ae5
Merge branch '2.4' into email-otp-implementation
...
Conflicts:
app/Model/Server.php
2020-04-20 12:16:25 +02:00
iglocska
48cbfd7536
new: [registration] fall back to the e-mail domain if no org info is provided
...
- also, make the org info optional
2020-04-07 22:46:35 +02:00
iglocska
70e1772bb0
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2020-04-07 22:21:37 +02:00
iglocska
78c1357593
fix: [user registration] reverted bug introduced in previous commit restricting the org choice to the suggested org if there was a match
2020-04-07 22:20:56 +02:00
mokaddem
b3c114a13a
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2020-04-07 14:58:15 +02:00
mokaddem
f7b5eb9628
fix: [user:email] Replaced query parameters by cake's named parameters.
...
Hopefully fix #5745
2020-04-07 14:56:26 +02:00
iglocska
1b65bfb843
fix: [user registration] minor bug fixes
2020-04-07 14:47:25 +02:00
iglocska
3241e95730
fix: [user registration] automatically convert selected orgs to local as described in the tool
2020-04-07 14:27:21 +02:00
iglocska
ad4074c1d6
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2020-04-07 13:23:25 +02:00
iglocska
4ebc0a7988
new: [inbox] system added
...
- user self-registration is the first use-case
- if the feature is enabled, users can unauthenticated send a registration request to MISP
- request includes information on desired org and some privileges (sync / org admin / publisher)
- requests land in the inbox, admins can inspect the registration requests
- they can accept/discard them individually or en masse
- users will be notified of their credentials automatically
- quick user creation if the user asks for an org that doesn't exist yet
2020-04-07 13:21:01 +02:00
iglocska
83328f4e4c
chg: [publish alert] default added to user creation via the API
2020-03-29 08:56:55 +02:00
Golbark
9062881469
Add consistent i18n support for all strings.
2020-03-26 07:18:22 -07:00
Golbark
d254d04365
Rely on session_id instead of user_id and address minor comments
2020-03-26 02:55:14 -07:00
Golbark
309bbc6814
new: usr: Implementation of email-based OTP
2020-03-25 07:45:09 -07:00
iglocska
d7e3674987
new: [audit] Added user monitoring
...
- site admins can set the monitoring flag on a user if the feature is enabled on the instance
- monitored users will have all requests logged along with POST bodies
- keep in mind this functionality is quite heavy and intrusive - so use it with care. The idea is that this allows us to track potentially malicious users during an investigation
2020-03-25 11:49:33 +01:00
iglocska
e5d775e9c8
fix: [message] user creation shouldn't include the "User notified of new credentials" part of the notification mesage if emailing is disabled
2020-03-19 11:08:09 +01:00
mokaddem
f6c06d8e6b
fix: [user:login] Added support of `RFC822` for older PHP version
2020-03-11 10:48:52 +01:00
mokaddem
2ccf3dab76
fix: [user:resetAuthkey] Allows the function to be called
2020-03-09 09:02:06 +01:00
mokaddem
6fad7028b3
fix: [user:edit] Prevent password change with the current password
...
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
2020-03-06 16:19:12 +01:00
mokaddem
40560b8873
fix: [user:edit] Correctly re-insert form data wipping password
...
information
2020-03-06 16:17:28 +01:00
mokaddem
fc0ed4c9a0
chg: [login] Display last time the user logged in
2020-03-06 16:12:40 +01:00
mokaddem
de80d340cf
fix: [user:resetauthkey] Method can only be accessed via POST request
...
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
2020-03-06 15:58:08 +01:00
iglocska
612897d26f
chg: [clenaup] removed old dashboard
2020-03-02 23:05:08 +01:00
iglocska
0d4df7c98b
new: [Dashboard] system
...
- Dashboard
- modular similar to restSearch
- build your own widgets
- use a set of visualisation options (more coming!)
- full access to internal functions for queries
- auto discover core and 3rd party widgets
- rearrange / configure widgets for each user individually
- rearrange / resize widgets
- settings can be configured by a site-admin on behalf of others
- modules have a self-explain mode to guide users
- caching mechanism for the modules / org
- set homepage / user
- various other fixes
2020-03-01 18:05:21 +01:00
iglocska
8803f47a9e
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2020-02-10 14:33:39 +01:00
iglocska
934c828192
fix: [security] Further fixes to the bruteforce handling
...
- resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged
- as reported by Dawid Czarnecki
- several tightenings of the checks to avoid potential foul play
2020-02-10 11:41:54 +01:00
mokaddem
6e66256f7a
Merge branch '2.4' of github.com:MISP/MISP into pr-5210
2020-02-10 11:09:14 +01:00
Andras Iklody
91a045c13f
Merge pull request #5208 from JakubOnderka/patch-34
...
Simplify user profile logging
2019-12-11 19:28:32 +01:00
iglocska
ff333ccb85
fix: [internal] fixed the hacky removal of passwords on returned user objects for /users/edit
...
- this commit gets 1*
2019-11-29 16:12:33 +01:00
iglocska
ca484ae1dc
fix: [API] /users/edit modifications
...
- remove sanitised password when directly posting back a user object
- more graceful error handling if something goes critically wrong
2019-11-29 12:40:18 +01:00
iglocska
be4034d7a2
fix: [user API] users/edit now avoids having to set confirm_password when setting a password via the API
2019-11-29 12:16:27 +01:00
iglocska
e6e28dfc27
fix: [API] Don't strip empty usersettings from users/view
2019-11-26 19:34:37 +01:00
iglocska
0c850c7cdb
fix: [API] users/edit fixed
2019-11-26 19:25:30 +01:00
iglocska
dc1f9fcad9
fix: [internal] fixed weird user massage code
...
- I have no idea what I was thinking there...
2019-11-26 19:19:58 +01:00
iglocska
26459f1b63
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2019-11-26 19:04:34 +01:00
iglocska
958731920c
chg: [API] users/edit refactor
...
- load only what is needed
- handle API requests in a cleaner way
2019-11-26 19:03:53 +01:00
Andras Iklody
76656e8ed4
Merge pull request #5404 from MISP/feature-OrgsStats
...
Added more Organisation statistics
2019-11-26 13:00:13 +01:00
iglocska
8438db4565
fix: [user view] server issues fixed
2019-11-20 16:17:18 +01:00
mokaddem
806f443764
new: [statistics] Added organisation activity over time
2019-11-16 15:40:02 -05:00