MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,076 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

500 Commits (40ce38efec260b95705ddae52b60418298d8635d)

Author SHA1 Message Date
mokaddem 748bc65daa
new: [users:index] Batch toggleable fields 2021-05-05 14:30:20 +02:00
Jeroen Pinoy 13b605622d
chg: [UsageData] fix active proposal count, exclude deleted entries 2021-05-04 20:08:35 +02:00
Jakub Onderka 88f6038b28 new: [log] Audit Log statistics 2021-05-03 13:44:44 +02:00
iglocska ad37454e89
Merge branch '2.4' into develop 2021-04-28 15:34:49 +02:00
iglocska ef9370514f
fix: [emailing] password resets and OTP didn't handle line breaks correctly 2021-04-28 15:33:50 +02:00
mokaddem bacf072c59
chg: [users:index] Migrated view to factory 2021-04-28 09:14:54 +02:00
Loïc Fortemps 5eb67f0fd9
fix: [UI] Correctly display last login time 
Until now, we were showing the "one before last" login time, this fixes the issue
 2021-04-27 15:42:01 +02:00
Jakub Onderka d99a6d0ca4 fix: [UI] Wrong org id for galaxy matrix stats 2021-04-23 10:17:15 +02:00
Jakub Onderka ab84aecc48 new: [authkeys] Copy key info when resetting key 2021-03-03 09:23:07 +01:00
iglocska b08befbf26
Merge branch '2.4' into develop 2021-03-03 00:07:02 +01:00
Andras Iklody ef21065e33
Merge pull request #7092 from lfortemps/patch-2 
fix: [email_otp] Trim value for increased UX
 2021-03-02 23:46:23 +01:00
Alexandre Dulaunoy eec55c3438
Merge branch '2.4' into develop 2021-02-27 10:26:38 +01:00
Loïc Fortemps 08f4211841
fix: [email_otp] Trim value for increased UX 2021-02-25 13:30:49 +01:00
Loïc Fortemps 7ce4a8a305
fix: [email_otp] skip OTP for disabled users 2021-02-25 13:17:26 +01:00
Jakub Onderka 0ba05044bf fix: [internal] Really disable password change 2021-02-22 20:45:42 +01:00
iglocska 0e280c443f
fix: [API] password reset was broken for admins 2021-02-22 14:16:43 +01:00
Jakub Onderka 294e4a620b fix: [login] Correctly convert old password hash to blowfish 2021-01-21 10:34:59 +01:00
Jakub Onderka 2bdd086dc4 fix: [login] Convert old password hash to blowfish 2021-01-20 21:15:03 +01:00
Jakub Onderka 9896f67358 new: [security] New setting Security.username_in_response_header 2020-12-17 13:50:25 +01:00
Jakub Onderka 49b85ed33c chg: [internal] Load just necessary info when loading homepage info 2020-12-17 13:49:32 +01:00
Jakub Onderka 7f0d06ae4d chg: [internal] Move user checks to one place 2020-12-17 13:49:32 +01:00
Jakub Onderka becbf95c37 new: [UI] Download GPG public key from GPG homedir 2020-12-17 13:19:55 +01:00
Jakub Onderka aba8317d89 new: [UI] Find org images also by uuid and support SVG images 2020-12-13 13:09:39 +01:00
Jakub Onderka b382c98be0
Merge pull request #6744 from JakubOnderka/user-filter 
new: [UI] Make possible to filter users by active/disabled
 2020-12-11 17:16:51 +01:00
Jakub Onderka 583314bc02 new: [UI] Make possible to filter users by active/disabled 2020-12-11 16:44:55 +01:00
Jakub Onderka 20053ea32c fix: [security] Do not leak org names when hide_organisation_index_from_users enabled 2020-12-10 23:01:08 +01:00
Jakub Onderka 2c7d6e4466 new: [auth] Allow to enforce auth plugin authentication 2020-11-30 14:46:36 +01:00
Jakub Onderka 4b44db22a9 new: [test] Security test suite 2020-11-24 19:03:17 +01:00
Jakub Onderka 3b8b0019af new: [user] Setting `disable_user_add` to disable user creation by org admins 2020-11-14 17:44:17 +01:00
Jakub Onderka d7fff01b4e new: [user] Disabling password and login changes apply also for org admins 2020-11-14 17:44:16 +01:00
Jakub Onderka c8fcfaf5e2 new: [user] Allow to disable user login change 2020-11-14 17:44:16 +01:00
Jakub Onderka 8e76af6370 new: [user] Allow to disable user password change 2020-11-14 17:44:16 +01:00
iglocska 0bfac46701
chg: [user] views aligned with new authkeys 
- adding users should display the newly created authkey
- other views should not show anything
- API responses fixed
 2020-11-13 12:49:56 +01:00
iglocska dbffebe503
Merge branch '2.4' into CRUD 2020-11-11 11:19:23 +01:00
iglocska 5b256405c0
new: [advanced authkey] system 2020-11-11 10:46:38 +01:00
Jakub Onderka 5a4ba9cbc1 fix: [internal] Properly set login times for custom auth 2020-10-29 17:53:11 +01:00
iglocska 0b6da917d4
new: [advanced authkey] API key copy to the new system added to diagnostics 2020-10-20 08:35:21 +02:00
iglocska 62bbc95472
Merge branch '2.4' into CRUD 2020-10-20 02:01:21 +02:00
iglocska 617db7a337
chg: [user] admin view now loads advanced authkeys when appropriate 2020-10-20 01:48:51 +02:00
Jakub Onderka 461318de19 fix: [UI] Show warning if notification when creating new user could not be send 2020-10-13 12:28:20 +02:00
Golbark 3fb47d1cce chg: [internal] Using blocklist instead of blacklist 2020-09-01 16:27:36 +02:00
Jakub Onderka 3005ef8f6e fix: [otp] Allow to send encrypted OTP by mail 2020-08-20 19:58:24 +02:00
mokaddem fdade41e5e
chg: [users:acceptRegistration] Displays an error message if saved 
failed
Fix #6134
 2020-07-30 09:00:46 +02:00
mokaddem 6321e02e34
chg: [users:resgister] Use the trimmed data instead 2020-06-29 10:18:20 +02:00
mokaddem 89adde7e0b
fix: [user:registration] Report field validations to the user. Fix #6072 
and #6073
 2020-06-29 10:12:22 +02:00
mokaddem 41506cc7e7
fix: [users:change_pw] Return error message when trying to use the same 
password. Fix #5961
 2020-06-03 15:05:09 +02:00
Jakub Onderka 77e34ba41c
fix: [UI] Do not show Good-Bye when using custom logout 
Becuse without this patch, Good-Bye is show when user successfully log in.
 2020-05-21 17:10:28 +02:00
iglocska cd7d01306d
fix: [registration] acceptRegistration now accepts non User wrapped input 2020-05-06 21:40:04 +02:00
iglocska 9c52ed095a
fix: [users] accepting registration requests can throw a badly mapped exception 
- changed to 400
 2020-05-06 13:46:04 +02:00
iglocska d996b4093d
fix: [registrations] multi-delete fixed 2020-05-06 11:13:56 +02:00
iglocska f9cbe42aa8
new: [statistics] added contributing org count 2020-04-30 16:05:15 +02:00
iglocska 6ec8391e46
Merge branch '5726' into 2.4 2020-04-29 15:50:01 +02:00
iglocska a922bfa6f5
chg: [otp] monor changes 
- i18n
- function naming convention
 2020-04-29 15:49:15 +02:00
Jakub Onderka 79517ab430
fix: Correct flash message when sending e-mail 2020-04-25 23:06:10 +02:00
mokaddem e5c49e636c
chg: [users:registrations] Catch if no org_id was provided 2020-04-24 12:02:43 +02:00
mokaddem 6bff239740
chg: [user:registration] Added audit log 2020-04-22 10:04:07 +02:00
mokaddem 46a940acb8
chg: [user:acceptRegistration] Added fail message 2020-04-22 09:44:13 +02:00
mokaddem 56f69fb2ea
chg: [user:acceptRegistration] Default to instance's default role if 
role_id not passed
 2020-04-22 09:41:13 +02:00
mokaddem 47be5e75fe
chg: [user:regitration] Accept/Discard registration accept UUID as 
parameter
 2020-04-22 09:19:27 +02:00
mokaddem 86238031cf
fix: [user:registration] Default undefined message to empty string 2020-04-22 08:51:15 +02:00
Golbark 93ba84fd02 Hook into native authentication flow instead of beforefilter 
which prevents any after-auth bypass and rely on framework
session management.
 2020-04-20 12:24:47 +02:00
Golbark 3436bc6ae5 Merge branch '2.4' into email-otp-implementation 
Conflicts:
	app/Model/Server.php
 2020-04-20 12:16:25 +02:00
iglocska 48cbfd7536
new: [registration] fall back to the e-mail domain if no org info is provided 
- also, make the org info optional
 2020-04-07 22:46:35 +02:00
iglocska 70e1772bb0
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-04-07 22:21:37 +02:00
iglocska 78c1357593
fix: [user registration] reverted bug introduced in previous commit restricting the org choice to the suggested org if there was a match 2020-04-07 22:20:56 +02:00
mokaddem b3c114a13a
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-04-07 14:58:15 +02:00
mokaddem f7b5eb9628
fix: [user:email] Replaced query parameters by cake's named parameters. 
Hopefully fix #5745
 2020-04-07 14:56:26 +02:00
iglocska 1b65bfb843
fix: [user registration] minor bug fixes 2020-04-07 14:47:25 +02:00
iglocska 3241e95730
fix: [user registration] automatically convert selected orgs to local as described in the tool 2020-04-07 14:27:21 +02:00
iglocska ad4074c1d6
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-04-07 13:23:25 +02:00
iglocska 4ebc0a7988
new: [inbox] system added 
- user self-registration is the first use-case
- if the feature is enabled, users can unauthenticated send a registration request to MISP
  - request includes information on desired org and some privileges (sync / org admin / publisher)
- requests land in the inbox, admins can inspect the registration requests
  - they can accept/discard them individually or en masse
  - users will be notified of their credentials automatically
  - quick user creation if the user asks for an org that doesn't exist yet
 2020-04-07 13:21:01 +02:00
iglocska 83328f4e4c
chg: [publish alert] default added to user creation via the API 2020-03-29 08:56:55 +02:00
Golbark 9062881469 Add consistent i18n support for all strings. 2020-03-26 07:18:22 -07:00
Golbark d254d04365 Rely on session_id instead of user_id and address minor comments 2020-03-26 02:55:14 -07:00
Golbark 309bbc6814 new: usr: Implementation of email-based OTP 2020-03-25 07:45:09 -07:00
iglocska d7e3674987
new: [audit] Added user monitoring 
- site admins can set the monitoring flag on a user if the feature is enabled on the instance
- monitored users will have all requests logged along with POST bodies

- keep in mind this functionality is quite heavy and intrusive - so use it with care. The idea is that this allows us to track potentially malicious users during an investigation
 2020-03-25 11:49:33 +01:00
iglocska e5d775e9c8
fix: [message] user creation shouldn't include the "User notified of new credentials" part of the notification mesage if emailing is disabled 2020-03-19 11:08:09 +01:00
mokaddem f6c06d8e6b
fix: [user:login] Added support of `RFC822` for older PHP version 2020-03-11 10:48:52 +01:00
mokaddem 2ccf3dab76
fix: [user:resetAuthkey] Allows the function to be called 2020-03-09 09:02:06 +01:00
mokaddem 6fad7028b3
fix: [user:edit] Prevent password change with the current password 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 16:19:12 +01:00
mokaddem 40560b8873
fix: [user:edit] Correctly re-insert form data wipping password 
information
 2020-03-06 16:17:28 +01:00
mokaddem fc0ed4c9a0
chg: [login] Display last time the user logged in 2020-03-06 16:12:40 +01:00
mokaddem de80d340cf
fix: [user:resetauthkey] Method can only be accessed via POST request 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 15:58:08 +01:00
iglocska 612897d26f
chg: [clenaup] removed old dashboard 2020-03-02 23:05:08 +01:00
iglocska 0d4df7c98b
new: [Dashboard] system 
- Dashboard
  - modular similar to restSearch
  - build your own widgets
  - use a set of visualisation options (more coming!)
  - full access to internal functions for queries
  - auto discover core and 3rd party widgets
  - rearrange / configure widgets for each user individually
  - rearrange / resize widgets
  - settings can be configured by a site-admin on behalf of others
  - modules have a self-explain mode to guide users
  - caching mechanism for the modules / org

- set homepage / user
- various other fixes
 2020-03-01 18:05:21 +01:00
iglocska 8803f47a9e
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-02-10 14:33:39 +01:00
iglocska 934c828192
fix: [security] Further fixes to the bruteforce handling 
- resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged
  - as reported by Dawid Czarnecki
- several tightenings of the checks to avoid potential foul play
 2020-02-10 11:41:54 +01:00
mokaddem 6e66256f7a
Merge branch '2.4' of github.com:MISP/MISP into pr-5210 2020-02-10 11:09:14 +01:00
Andras Iklody 91a045c13f
Merge pull request #5208 from JakubOnderka/patch-34 
Simplify user profile logging
 2019-12-11 19:28:32 +01:00
iglocska ff333ccb85
fix: [internal] fixed the hacky removal of passwords on returned user objects for /users/edit 
- this commit gets 1*
 2019-11-29 16:12:33 +01:00
iglocska ca484ae1dc
fix: [API] /users/edit modifications 
- remove sanitised password when directly posting back a user object
- more graceful error handling if something goes critically wrong
 2019-11-29 12:40:18 +01:00
iglocska be4034d7a2
fix: [user API] users/edit now avoids having to set confirm_password when setting a password via the API 2019-11-29 12:16:27 +01:00
iglocska e6e28dfc27
fix: [API] Don't strip empty usersettings from users/view 2019-11-26 19:34:37 +01:00
iglocska 0c850c7cdb
fix: [API] users/edit fixed 2019-11-26 19:25:30 +01:00
iglocska dc1f9fcad9
fix: [internal] fixed weird user massage code 
- I have no idea what I was thinking there...
 2019-11-26 19:19:58 +01:00
iglocska 26459f1b63
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-11-26 19:04:34 +01:00
iglocska 958731920c
chg: [API] users/edit refactor 
- load only what is needed
- handle API requests in a cleaner way
 2019-11-26 19:03:53 +01:00
Andras Iklody 76656e8ed4
Merge pull request #5404 from MISP/feature-OrgsStats 
Added more Organisation statistics
 2019-11-26 13:00:13 +01:00
iglocska 8438db4565
fix: [user view] server issues fixed 2019-11-20 16:17:18 +01:00
mokaddem 806f443764
new: [statistics] Added organisation activity over time 2019-11-16 15:40:02 -05:00