MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,076 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

500 Commits (40ce38efec260b95705ddae52b60418298d8635d)

Author SHA1 Message Date
mokaddem a8b5da4be2
chg: [statistics] Added Attribute count 2019-11-16 13:12:37 -05:00
Jakub Onderka 688bab2778 chg: [internal] Simplify UserController::admin_edit 2019-10-11 20:35:27 +02:00
iglocska b44063e7d1
fix: [internal] missing org object for users/view 2019-10-10 15:13:34 +02:00
iglocska 15b10bbcf7
new: [user settings] Added restrictions for certain settings 
- based on role permissions
- enforce the checks on set/delete
- add it to the UI elements
- /users/view /admin/users/view now include the user settings in a simplified format
 2019-10-10 11:58:26 +02:00
mokaddem 8c4799fb99
chg: [user:me] Added `Role` object in the return value for the rest context 2019-10-07 16:35:22 +02:00
Jakub Onderka a9f6af9fcb chg: [user] GPG key fetching by server 2019-09-23 22:09:02 +02:00
Andras Iklody 6b42f089cd
Merge pull request #5129 from JakubOnderka/array-copy-remove 
chg: [users] Remove unused method UsersController::arrayCopy
 2019-09-10 11:32:30 +02:00
Jakub Onderka 1cd2ff5ca6 chg: [users] Remove unused method UsersController::arrayCopy 2019-09-09 23:37:37 +02:00
Jakub Onderka 50a0f564c6
fix: [audit] Correct title in audit log when admin edit user 2019-09-09 19:34:38 +02:00
iglocska 75acd63c46
fix: [security] Fix to a vulnerability related to the server index 
- along with various support tools
- more information coming soon
 2019-09-09 13:00:21 +02:00
iglocska 5916de9d5e
fix: [API] Fixed output of the attribute histogram 
- no more STIX-ish barf inducing numeric string keys for dictionaries
 2019-08-27 10:34:29 +02:00
iglocska 96475f59f6
fix: [admin] Invalid domain restriction check for site admins, fixes #5035 2019-08-22 10:41:30 +02:00
iglocska ed1e55b76b
fix: [API] Fixed an edge case when the attribute historgram throws a notice error 
- no idea how to reproduce it, the organisation referenced in an event orgc_id not existing is a pre-condition

- fixes #4880
 2019-07-29 16:28:42 +02:00
iglocska 64fafa1913
fix: [api fix] Deletes broken due to invalid boolean 
- /facepalm
 2019-07-10 13:55:33 +02:00
iglocska ed401d88be
fix: [API] delete http requests properly accepted by some /delete endpoints 2019-07-10 11:57:21 +02:00
mokaddem f850abcdaa fix: [galaxyMatrix] Handle case if deprecated galaxy does not exists 2019-06-12 14:12:06 +02:00
mokaddem 52ae153c0e Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixImprovements 2019-06-11 15:56:10 +02:00
mokaddem 11a4bdb959 chg: [restSearch:attack] Only expose attack return format to the `event` 
scope
 2019-06-11 15:50:51 +02:00
mokaddem acef3a0168 chg: [galaxyMatrix:stats] Only take into account occurences of galaxy 
once per event
 2019-06-11 15:09:02 +02:00
mokaddem fed5556976 fix: [galaxyMatrix:export] Removed multiple bugs providing inconsistent 
result
 2019-06-11 14:13:17 +02:00
iglocska 36b43f1306
fix: [security] Org admins could reset credentials for site admins 
- org admins have the inherent ability to reset passwords for all of their org's users
- this however could be abused if for some reason the host org of an instance would create org admins
  - the org admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them
- the potential for abuse is very circumstancial as it requires the host org to create lower privilege org admins instead of the usual site admins
- only org admins of the same organisation as the site admin could abuse this

- as reported by Raymond Schippers
 2019-06-11 11:05:34 +02:00
mokaddem 4fafb1541c chg: [galaxyMatrix] Transformed query into cakephp model query 2019-05-15 11:55:22 +02:00
mokaddem 0c69e739cc new: [statistics:galaxyMatrix] Added filtering capabilities 2019-05-15 11:12:09 +02:00
mokaddem 4fbe857f90 chg: [galaxyMatrix] Added sorting by score. Fix #4608 2019-05-13 15:07:38 +02:00
mokaddem d3013a9252 fix: [stats:galaxyMatrix] No longer trim the end of the cluster name 2019-04-23 08:49:04 +02:00
iglocska 7a1dbe4c1f fix: [API] role_id is not required when POSTing users if a default role is set on the instance 2019-04-04 13:42:06 +02:00
4ekin c32d3bce32 fix: Fixed i18n strings in Controllers 2019-04-02 16:57:41 +03:00
mokaddem d60095112f Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixStat 2019-03-15 11:18:34 +01:00
iglocska 7b34e8cacb fix: [API] resetting the authkey didn't respond with the new key before, making automation difficult. 2019-03-12 22:03:34 +01:00
mokaddem 04798bf7e4 new: [galaxyMatrix] Added possibility to pick a galaxy to view it's 
statistic.
 2019-03-12 15:36:00 +01:00
iglocska 66ad17a1ee new: [API] exposed change_pw function to the API, fixes #4256 2019-03-02 23:47:13 +01:00
mokaddem 1ed609872c chg: simplified condition 2 2019-02-15 15:04:07 +01:00
mokaddem 7a2010fb0e chg: [galaxy_matrix] TEMPORARY - Merge scores of both deprecated and mitre-attack 
galaxy namespace for the matrix view.

This commit aims to still have correct scores in the galaxy_matrix until the fixMitreTags functions is not live and running
 2019-02-15 14:41:55 +01:00
mokaddem 12ed3457e8 chg: [galaxy_matrix] cleanup in variable names to be more generic 2019-02-15 09:24:52 +01:00
mokaddem a5653e86ea new: [matrix] Replaced the Att&ck matrix by a generic matrix viewer, 
allowing custom matrix to be displayed.
Also added the external id to the chosen input.
 2019-02-12 13:59:51 +01:00
mokaddem 431529c81c chg: [attackMatrix] UI: improved color scale - WiP 2019-02-11 17:54:29 +01:00
iglocska 9afd0d8600 fix: [redirect] Correctly redirect to the requested URL after a login, fixes #4005, fixes #1301 2019-01-28 17:02:04 +01:00
iglocska 2d0259ce13 fix: [CS] coding standards script re-run 2018-11-23 14:11:33 +01:00
mokaddem 2152493dd0 chg: [users/emails] Better comments 2018-11-09 13:42:28 +01:00
mokaddem 6bb31fbb1d chg: [users/email] Changed behavior of sending mail to avoid code duplication 
If an additional parameter is passed to the url, it will only shows the result of submitting the form without the submission
 2018-11-09 13:38:52 +01:00
mokaddem 296128fe54 fix: [users/emails] submission fix + cleaned code + comments 2018-11-09 12:12:06 +01:00
mokaddem 651861d1d8 new: [users/mails] Added possibility to send a mail to all users of the same organisation 2018-11-09 11:48:39 +01:00
mokaddem 9b44050e1c new: [users/mails] add confirmation popup before sending mails 2018-11-09 11:23:32 +01:00
iglocska 333cafca76 chg: [statistics] Show % of users with pgp keys 2018-10-30 14:58:49 +01:00
iglocska 3bdcca617e new: [statistics] Added local org and user/org counts 2018-10-30 14:51:27 +01:00
iglocska c54538766e Merge branch '2.4' into feature/api_rework 2018-08-21 13:39:34 +02:00
iglocska 1eded5f3c7 fix: [statistics] Solve the issue with the unfiltered total counters in the user and org statistics 2018-08-21 13:37:47 +02:00
iglocska 12ac58f0e1 fix: [statistics] fixed an issue where the org statistics didn't correctly apply the local filters 
- both local and external just showed the sum totals instead of the individual pools
 2018-08-21 13:34:59 +02:00
iglocska f675fb8b29 Merge branch '2.4' into feature/api_rework 2018-08-17 14:49:09 +02:00
Sami Mokaddem 212c11290d fix: [usersStat] allow fetching json of statistics/users 2018-08-13 11:39:25 +00:00
Anthony Vaccaro 1b68005bbe Add a permission check to the change password page. 
The 'MISP.disableUserSelfManagement' config variable is checked
when rendering the link to the change password page, but is not checked
when rendering the page itself. This could lead to unauthorised
password changes by users with existing accounts on the MISP
instance.
 2018-08-13 15:55:51 +10:00
iglocska 0694263e15 Merge branch '2.4' into feature/api_rework 2018-08-09 16:51:20 +02:00
iglocska 4fa5834cbc new: [PGP] Added fingerprint to /users/verifyGPG 2018-08-06 17:00:15 +02:00
iglocska 34ba484b06 chg: [cleanup] Removed todos from userscontroller that have become irrelevant 2018-08-04 22:48:19 +02:00
iglocska a81894f14c chg: [CS] Changed to PSR-2 
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
 2018-07-19 11:48:22 +02:00
iglocska 71bb60a702 new: [Statistics] Added a new tab to the statistics showing the user/organisation additions over the past month/year 2018-07-13 12:08:29 +02:00
iglocska 6ffacc1e23 fix: [security] Brute force protection can be bypased with a PUT request 
- fixes an issue where brute forcing the login would work by using PUT requests
- as reported by Silver Saks from CCDCOE
 2018-06-21 15:48:32 +02:00
iglocska 87c152d9f3 fix: Use common code-path for user init via the login page and the CLI 
- also, be consistent with initial settings
 2018-06-20 07:32:52 +02:00
Sami Mokaddem e3988c73ad new: [attackMatrix] Also consider attack galaxy at event level in the 
heatmap
fix: [attackMatrix] Typo in ATT&CK + division by 0 in gradiendTool
 2018-06-18 14:51:29 +00:00
Sami Mokaddem 3a27009775 Merge remote-tracking branch 'upstream/2.4' into attack 2018-06-18 12:18:31 +00:00
Sami Mokaddem 929946f055 new: [attackMatrix] added instance UUID in rest response 2018-06-18 12:04:38 +00:00
Sami Mokaddem 8d145086f0 new: [attackMatrix] statistic about attack tags used in the instance 
chg: [attackMatrix] moved functions in to model and matrix view into elements
 2018-06-18 09:58:20 +00:00
iglocska 48feb7b7d2 new: [functionality] Kick user out if the session is expired instead of only doing it on a page load 2018-06-12 16:09:50 +02:00
iglocska 68b8266584 new: New flash message system, fixes #3252 
- 3 types of flash messages (success, error, warning)
- uses bootstrap's own classes/structure
 2018-05-16 19:32:38 +02:00
iglocska b325a5d2a4 Merge branch '2.4' of github.com:MISP/MISP into 2.4 2018-05-08 07:52:32 +02:00
Sami Mokaddem 680311f68f chg: [Controllers] sets the ajax variable globally 
As well as removing useless set in controllers and accessing it instead
of passing through the request.
 2018-05-07 14:44:59 +00:00
iglocska 2f8686aec3 fix: Don't redirect users to terms page if no terms page is set 2018-05-06 22:42:21 +02:00
iglocska 41fdf6da8b new: Allow further role settings 
- exclude a role from non site admin assignment
- set max memory usage and execution time / role
 2018-03-24 21:43:46 +01:00
iglocska a596d5800f fix: Run the db update before trying to add users/orgs 2018-02-02 19:52:43 +01:00
iglocska 7772b9c43e new: Disable the viewing of a full organisation list by normal users 
- Only site admins and sharing group editors can see organisation lists
  - this includes the org index and various statistics
- Keep in mind: Sharing group editors CAN see the full organisation list - otherwise they wouldn't be able to create sharing groups.
- Also, users CAN enumerate organisations that have created ANY data on the instance by looking at the given data
  - this includes events, proposals, discussion entries, etc
 2018-01-13 16:55:01 +01:00
iglocska 4af2136645 fix: Sanitise the list of fields fetched for the admin user index 
- as reported by @deralexxx
 2018-01-12 11:34:29 +01:00
iglocska 13d4a1d197 chg: Added sane default org_id to users/add API 
- takes current user's org_id as the default
 2017-12-14 16:32:08 +01:00
iglocska 05a89f5e87 Merge branch '2.4' into feature/tag_filter_rework 2017-11-30 22:28:35 +01:00
iglocska c9b4f8c6ab fix: Added db changes needed for the user domain restrictions along with restricting the user self edit action 2017-11-28 11:52:01 +01:00
iglocska 69423a8bcf new: Add restrictions for e-mail addresses to certain domains 
TODO: tie it into the user edit action
 2017-11-27 10:22:37 +01:00
iglocska 7d5890b2fc fix: Leaking of hashed passwords in the audit logs fixed 
- Scope was limited due to the audit log access restrictions to site/org admins
 2017-11-24 11:55:16 +01:00
iglocska 8794af9118 fix: Expose /users/view/me to the API, fixes #2679 2017-11-23 15:44:38 +01:00
Milan Pikula 3626f3ce67 change behavior of login page to return to original page after authentication 2017-11-22 17:15:51 +01:00
iglocska 67d9cd6a6c new: Include user action in zmq 2017-11-16 12:15:39 +01:00
iglocska 943f18d6cc new: push the action for user updates/creations/logins along with the user object to the ZMQ channel 2017-11-16 08:58:53 +01:00
iglocska 3e5b1179c5 fix: Histogram rework 
- removed junk debug
- fixed group by issue
- better performance
 2017-11-08 11:58:19 +01:00
iglocska 68f4833893 new: First version of the zmq reimplementation 2017-10-27 09:10:46 +02:00
iglocska cfcaf0d410 chg: Made the current password confirmation requirement for any user profile edits optional 
- default setting is having it off
- incredibly frustrating feature is now only enabled on demand
 2017-08-18 09:05:20 +02:00
Richie B2B 34853d0811 Initialize $abortPost in edit() 
Avoid notices about "Undefined variable: abortPost" in debug.log
 2017-08-17 13:14:24 +02:00
Richie B2B 4a8538aec5 Rebuild _authenticateObjects cache in mixed authentication setups 
When CertAuth is mixed with normal FormAuthentication the upgrade from Simple to Blowfish did not happen because of the internal _authenticateObjects cache. Calling constructAuthenticate() rebuilds this cache.
 2017-08-16 17:33:55 +02:00
iglocska 6d18aa23ec fix: Remove the notice thrown if no valid user exists for the given e-mail 2017-08-11 11:18:34 +02:00
iglocska 952fff6252 fix: Fixes to several cases of reflected XSS, fixes #2381 
- as reported by @import-au

- Additionally enforce content-type on all async APIs called by the UI using CakeResponse
 2017-08-08 21:37:03 +02:00
iglocska 3317f56ca1 fix: Upgraded hashing algorithm used and added requirement to confirm password for user profile changes 
- Added method to upgrade all passwords to blowfish transparently
- All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed

- Thanks to cert.govt.nz for the security report.
 2017-07-12 15:38:34 +02:00
iglocska 6c7c40e773 fix: Further performance tweaks to the feed fetcher 2017-07-07 12:58:51 +02:00
iglocska b3b6ef6767 fix: Initial password reset functionality 
- invalid parameters sent for new users in the on-demand reset
- been bugged for 4 months, but became somewhat obsolete with the automatic notification so no one noticed
 2017-05-30 15:40:54 +02:00
Ángel González 926895733b Cosmetic changes 
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
 2017-05-08 00:45:57 +02:00
iglocska de10619d1a new: Added attributes / event average to statistics 2017-04-13 17:23:49 +02:00
iglocska a524eb74b9 fix: No notify field set in user creation throws error 2017-04-13 16:39:47 +02:00
iglocska 77ef188457 new: Password complexity defaults tightened, also passowrd requirements shown to users, fixes #2117 2017-04-11 10:04:07 +02:00
iglocska 3b6807ef72 new: Rework of the restsearch APIs 
- allows for alternate download types (supported for now: openioc)
- major refactor of the openioc export
- refactor of the CIDR tool
 2017-03-31 19:27:34 +02:00
iglocska 38138e0871 chg: Some changes to the users 
- added date created/modified in the backend
- added date created in the users index
- passowrd reset for a user now shows a warning if no pgp/smime key are set and the user might not be getting the email
 2017-03-10 16:17:14 +01:00
iglocska d2758d71a6 fix: Potential fix for a weird issue blocking the editing of users, fixes #1992 2017-03-01 15:16:42 +01:00
iglocska 2184ca4e70 Merge branch '2.4' into 2.4.67 2017-02-24 19:55:46 +01:00
iglocska 153c03835c chg: Added warnings about the user's encryption status in the quick mailer 2017-02-23 09:13:03 +01:00
iglocska 6c15295bf9 fix: Some fixes for the new user admin features 2017-02-23 08:56:27 +01:00
iglocska e9edeed22c new: User management convenience functions added 
- quick e-mail: send an e-mail to a user quickly
- orgadmin: see the org admins of a user and contact them
- pgp key issues shown on the user view
- pgp fingerprint shown on the user view
- copy paste auth keys and pgp keys quickly by clicking on them
 2017-02-22 17:12:32 +01:00
iglocska 80acf81743 new: Added PGP fingerprint and PGP key status to user view 2017-02-22 10:55:24 +01:00
Adrien RAFFIN 8e844c91ef feature: Add support for user creation with authkey 2017-02-21 15:26:56 +01:00
iglocska 2db4751f65 fix: Added eventids to the toplist API 2017-02-17 17:21:43 +01:00
iglocska e8cdd8f94e new: Added links to all events that match sightings sources in the sightings top list 2017-02-17 17:19:43 +01:00
iglocska 971289cb38 new: Added sighting top list to the statistics 2017-02-17 16:53:47 +01:00
Adrien RAFFIN 3507e15ebf fix: update default field of organisation when creating new accounts 2017-02-16 10:44:43 +01:00
iglocska b6ce529f3a new: Send out credentials directly during user creation 2017-02-02 11:11:51 +01:00
iglocska 7db510832a new: Added API access to the statistics 
- first iteration, this is a bit more complex to get it right than this implementation
- data cleanup to make the results somewhat more useful
- raw data needs to be documented

- available APIs:
  - /users/statistics/data.json
  - /users/statistics/orgs.json
  - /users/statistics/tags.json
  - /users/statistics/attributehistogram.json
 2017-02-01 23:42:26 +01:00
iglocska 5b54171364 fix: Allow users to fetch their PGP keys 2016-12-29 13:34:41 +01:00
iglocska 5ea6c4ba87 fix: Issue with new installations not correctly setting the default password for the initial user 2016-12-10 14:22:58 +01:00
Iglocska e46cbd0991 new: First iteration of the galaxies (WIP) 2016-12-05 00:47:34 +01:00
Iglocska 24f3f7f0c8 fix: Some small fixes to the add user API, affects #1621 
- Do not force change_pw/termsaccepted default settings based on role when using the API
- Some cleanup
 2016-11-07 03:30:16 +01:00
cristian bell 1d8d02428e sorts the "Attributes per organization" array by the total number of attr, highest on top. 2016-11-05 09:57:52 +01:00
Iglocska 69172e8525 fix: Fixed an issue with an incorrect condition on the admin index 2016-11-04 15:58:38 +01:00
Iglocska c76d358535 new: Added new statistics page, fixes #1648, fixes #1557 
- brought back the quick organisation overview as it's a much missed feature
- added treemap for tags
- brought attribute histogram into statistics page

- more coming in the future
 2016-11-04 13:14:03 +01:00
Iglocska ad5c14474e fix: Fixed some merge issues 2016-11-02 11:42:17 +01:00
Iglocska 39ae6bce6d Merge branch 'features/userapi' into 2.4 
Conflicts:
	app/Controller/UsersController.php
 2016-11-02 11:38:58 +01:00
Iglocska fbfa8ac450 fix: Fixes an invalid check allowing user profile modifications to target different users within the org 
- User edit had an incorrect check that allowed a normal user edit on a different account within the same org
- Also removed the deprectated option for this function to be used by org/site admins to be used as an alternative to the admin edit

- as reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
 2016-11-02 11:32:00 +01:00
Iglocska e047ca0c21 new: Added admin user APIs 
- The following urls are now available via the API:
  - /admin/users/add
  - /admin/users/edit/id
  - /admin/users/view/id
  - /admin/users/index
  - /users/resetauthkey/id

- For add and edit, sending a GET request will describe the APIs

- New API response system's initial implementation, to be used for other APIs in the future
  - standardised responses
  - standardised error codes
  - convenience functions

- TODO:
  - tie non admin functions into the APIs (maybe?)
  - reuse the new API system for other APIs
 2016-10-28 01:49:21 +02:00
Iglocska d41574f305 chg: Further work on the user APIs 2016-10-23 22:57:24 +02:00
Iglocska 8cc30bc6ba new: First commit for the user API rework and the new response handler 2016-10-22 15:28:57 +02:00
Iglocska 6f1c2454e7 fix: Fixes an issue where adding a new user allowed an invalid role choice 
- as reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
 2016-10-21 15:33:14 +02:00
Iglocska 1d3d5386aa fix: Fixes an issue where an invalid role could be assigned to a user 
- As reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
 2016-10-21 15:29:44 +02:00
Iglocska a761867117 chg: Cleanup of removed functionality 2016-10-04 14:12:46 +02:00
Iglocska 72ff6c76c3 fix: Various fixes to the user index, fixes #1597, fixes #1598 
- highlight deleted users
- use the same index for the org user view (without the filter options)
- fixes the pagination of the users when viewing it through the organisation view
 2016-10-04 10:56:52 +02:00
Iglocska aaad44aa38 fix: Fixes to the API request e-mail 2016-09-20 09:59:03 +02:00
Cristian Bell c2f71c96da fix: fixes a bug introduced by f37963fde4 where on API request the user itself receives an e-mail and not his org_admin or site_admin 2016-09-20 09:35:12 +02:00
iglocska ba9b084f48 Merge branch '2.4' into 1541 2016-09-18 13:12:11 +02:00
Cristian Bell 4f288bd23f fix: removing some unused code. 2016-09-16 16:15:26 +02:00
Andreas Ziegler 25e52a6786 chg: remove some references to variables 2016-09-15 17:08:58 +02:00
Iglocska ab50d00b15 fix: Fix the broken bruteforce protection 
- Moved the bruteforce protection directly to the login action
- Fixed the datetime format used by the protection
- Cleaned up the logging of failed attempts
 2016-09-12 11:20:26 +02:00
Andreas Ziegler 4b8a82098d chg: replace 4 spaces after tab by double tab 2016-09-05 00:45:51 +02:00
Iglocska b992fa7b64 fix: Notify the user requesting API key access if e-mailing is disabled on the instance 2016-09-04 00:14:03 +02:00
Iglocska fdc70d3ccc Merge branch '2.4' into apirequest 2016-09-04 00:08:51 +02:00
Iglocska 651edc6a81 chg: Changed the response of the functionality in the PR to be in line with other ajax request responses in MISP 2016-09-04 00:08:02 +02:00
Iglocska f9e6180c06 fix: cleanup of missing whitespaces in PR 2016-09-03 23:58:13 +02:00
iglocska 7a159dbb93 fix: fixed an issue where fetching the PGP key without entering an e-mail address in the user creation form wasn't handled cleanly 2016-09-02 21:53:56 +02:00
Cristian Bell f37963fde4 Merge branch 'fix_1311_only_show_API/authkey_to_user_with_rights' of https://github.com/cristianbell/MISP into cristianbell-fix_1311_only_show_API/authkey_to_user_with_rights 2016-09-02 15:35:11 +02:00
Andreas Ziegler 9bf0e16ac6 new: add basic experimental support for PostgreSQL 2016-08-31 04:11:49 +02:00
iglocska df6baa01f4 new: Add default role to the user creation, fixes #256 2016-08-29 14:49:14 +02:00
iglocska 822b0bf8fa chg: Cleanup of the controllers and models 
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
 2016-08-25 11:38:37 +02:00
Cristian Bell c19fa90e92 chg: only show API/authkey to user with API key rights, fixes #1311 
- code improvements as per @iglocska 's comments.  thanks.
 2016-08-24 09:59:38 +02:00
Cristian Bell 139de84952 chg: only show API/authkey to user with API key rights, fixes #1311 
- adds some missing code parts from the initial commit.
 2016-08-23 17:12:55 +02:00
Cristian Bell 7774f52fe7 chg: only show API/authkey to user with API key rights, fixes #1311 2016-08-23 16:20:39 +02:00
Andreas Ziegler fb655c2ff9 chg: use 1/0 not true/false for conditions & other boolean sqlquery elements 2016-08-17 18:52:22 +02:00
Andreas Ziegler 4a37f4edbc chg: remove obsolete backticks from sql queries 
backticks are only necessary to escape reserved keywords.
as backticks are MySQL-specific, having them only where really necessary
 makes integrating support for other DBMS easier.
 2016-08-15 06:26:25 +02:00
Cristian Bell 9a80586599 chg: redundant members list and organisations page - tab versus 4spaces 2016-08-04 14:36:20 +02:00
Cristian Bell 72b9bdbb84 chg: redundant members list and organisations page 2016-08-04 13:45:10 +02:00
Iglocska 9522c96d54 Revert "Revert "chg: remove obsolete uuid() wrapper"" 
This reverts commit bae6eadfe7.
 2016-07-11 00:59:47 +02:00
Iglocska bae6eadfe7 Revert "chg: remove obsolete uuid() wrapper" 
This reverts commit 77ca0f8dd4.
 2016-07-08 14:50:00 +02:00
Andreas Ziegler 77ca0f8dd4 chg: remove obsolete uuid() wrapper 2016-07-07 15:13:16 +02:00
Andreas Ziegler 958aa7c414 use consistent spacing around else if 2016-06-04 15:49:54 +02:00
Andreas Ziegler 985451642e add space after keywords if/for/foreach/while/switch/catch 2016-06-04 15:45:39 +02:00
Andreas Ziegler 0fe692c56a remove whitespace at end of line 2016-06-04 01:10:45 +02:00
Andreas Ziegler 898ea1d97c remove whitespace (space/tab) from empty lines 2016-06-04 01:08:16 +02:00
Iglocska 6e9a448cbd fix: Cannot delete users, fixes #1200 2016-06-03 17:43:27 +02:00
Andras Iklody ac4afa35c2 Merge pull request #1193 from rotanid/defaults 
add some defaults
 2016-06-03 02:10:00 +02:00
Andreas Ziegler 8c21fa27d0 add some variable defaults 2016-06-03 01:44:07 +02:00
Andreas Ziegler 0fcf9a02f7 remove/update obsolete code 2016-06-03 01:42:27 +02:00
Andreas Ziegler bdf21b782b remove unused functions 2016-06-03 01:42:27 +02:00
Andras Iklody 5a137fcc95 Merge pull request #1165 from rotanid/misc2 
misc cleanup round 2
 2016-06-03 01:38:36 +02:00
Andreas Ziegler 790d3b5ac0 UsersController.php: remove duplicate array key 2016-05-31 18:27:56 +02:00
Andreas Ziegler 898f795271 fix upper/lowercase issues 2016-05-31 18:01:59 +02:00
Andreas Ziegler a9d7175d8d remove commented out codelines 2016-05-31 18:01:54 +02:00
Andreas Ziegler b746763dfe reformatting, indention, comment fixes 2016-05-31 17:34:46 +02:00
Iglocska becb42d860 fix: removed duplicate array keys, fixes #1162 2016-05-23 21:50:53 +02:00
Iglocska 6b6877099a fix: Added the option for users to see and undelete attributes if an event was created by their org, fixes #1144 
- Also some minor fixes to the ACL
 2016-05-20 11:20:03 +02:00
Iglocska 467abda0d6 Merge branch 'feature/news' into 2.4 2016-05-20 10:20:12 +02:00
Iglocska e16371e255 chg: Some cleanup of old unused stuff 2016-05-20 09:07:51 +02:00
Iglocska d02adf2085 new: Added the news functionality back 
- admins can add/edit/delete news items
- users get redirected if there is a newsitem that they haven't seen yet
 2016-05-20 01:17:26 +02:00
Iglocska 69811db568 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2016-05-18 11:15:59 +02:00
Iglocska 4e94913504 fix: Contact Users Form Email Issue fixed, fixes #1130 2016-05-18 11:15:11 +02:00
iglocska 73375042e6 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2016-05-13 20:47:10 +02:00
iglocska 9434a2364f fix: Fixes to issues with MYSQL >= 5.7 2016-05-13 20:44:16 +02:00
Iglocska d26bb9d927 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2016-05-09 08:55:46 +02:00
Iglocska 151c782d23 chg: Further work on the attribute soft delete 2016-05-06 23:34:26 +02:00
I-am-Sherlocked 3640379272 Update UsersController.php 
Grouping by Organization.name will throw a MySQL error 
"Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'misp.Organisation.id' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by" 
in "Request URL: /users/memberslist" , since Organization.name is not a unique field. Grouping by Organization.id instead will fix the issue.
 2016-05-05 12:36:30 -07:00
Iglocska 267caa3315 Merge branch '2.4' into smime 
Conflicts:
	app/Controller/AppController.php
 2016-04-25 23:12:57 +02:00
Iglocska 24c7fa61fe Merge branch 'permissionfix' into 2.4 2016-04-18 17:41:59 +02:00
Iglocska 1ecc4c2f37 Fixed a capitalisation fail 2016-04-18 14:06:17 +02:00
devnull- 4e02c8464a Add function verifyCertificate & update of fields 2016-04-04 19:19:58 +02:00
Iglocska b342a071b8 Added the authkey to the admin user index, including filtering / searching for them 2016-03-28 09:02:15 +02:00
Iglocska afaa537b82 First implementation of the new auth mechanism 2016-03-15 23:04:20 +01:00
Iglocska f5d2887195 List Organisation in alphabetical order for new users, fixes #989 
- Fixes an issue where organisations in both the admin add and admin edit user views were not sorted alphabetically
- delays Przemek enrage timer
 2016-03-09 17:16:10 +01:00
Iglocska 95ac7ad294 If a user is disabled then he should not receive mass admin e-mails 
- however, if an admin specifically chooses to e-mail him/her it will still work
 2016-03-02 10:39:49 +01:00
Iglocska 150f5284ca Fix to an invalid org lookup when regenerating a user's authkey as an org admin 2016-02-17 16:16:02 +01:00
Iglocska 419bf41d82 Fixed the reset button on the dashboard 2016-02-16 14:46:50 +01:00
Iglocska 51621335c0 Show last login for each user on the admin index 2016-02-16 01:18:39 +01:00
Iglocska 08df3082e6 Forgot to add save... 2016-02-16 01:11:25 +01:00
Iglocska 8f90ab85cf Some tuning to the previous commit 2016-02-16 01:10:03 +01:00
Iglocska 5cc9655f11 Refresh auth on dashboard 2016-02-16 01:04:43 +01:00
Iglocska 4c14d3a859 Merge branch '2.4' into features/delegation 
Conflicts:
	app/Controller/AppController.php
	app/Model/AppModel.php
	app/Model/Event.php
	app/Model/Log.php
	app/Model/Server.php
	app/View/Elements/footer.ctp
	app/webroot/css/main.css
 2016-02-12 05:56:32 +01:00
Iglocska a1ffdc7790 First finished version 2016-02-12 05:47:06 +01:00
William Robinet 4fea371c4b Fix permissions 2016-02-11 17:03:51 +01:00
Iglocska 430f8ea479 URL fallback when adding users fails for the sync user dropdown 2016-01-26 10:03:46 +01:00
Iglocska be62a6b053 Entering a valid controller/action and an invalid one produced a different result pre-auth 
- not authenticated users now automatically get redirected to the login page, no matter what action they requested
- This as a nice side effect also removed the bug that was caused by a site admin looking at an admin function before logging out / timing out and being incorrectly redirected to /admin/users/login
 2016-01-21 14:52:06 +01:00
Iglocska b92c1c8db4 Added full text search to organisation index, fixes #803 
- also some fixes and enhancements in general for this
 2016-01-19 16:25:54 +01:00
Iglocska aab2752cbe Sort orgs alphabetically in user index filters 2016-01-13 15:56:59 +01:00
Iglocska f9d60d1b2c Small fix to the contact users form for org admins 2016-01-12 15:36:58 +01:00