mokaddem
a8b5da4be2
chg: [statistics] Added Attribute count
2019-11-16 13:12:37 -05:00
Jakub Onderka
688bab2778
chg: [internal] Simplify UserController::admin_edit
2019-10-11 20:35:27 +02:00
iglocska
b44063e7d1
fix: [internal] missing org object for users/view
2019-10-10 15:13:34 +02:00
iglocska
15b10bbcf7
new: [user settings] Added restrictions for certain settings
...
- based on role permissions
- enforce the checks on set/delete
- add it to the UI elements
- /users/view /admin/users/view now include the user settings in a simplified format
2019-10-10 11:58:26 +02:00
mokaddem
8c4799fb99
chg: [user:me] Added `Role` object in the return value for the rest context
2019-10-07 16:35:22 +02:00
Jakub Onderka
a9f6af9fcb
chg: [user] GPG key fetching by server
2019-09-23 22:09:02 +02:00
Andras Iklody
6b42f089cd
Merge pull request #5129 from JakubOnderka/array-copy-remove
...
chg: [users] Remove unused method UsersController::arrayCopy
2019-09-10 11:32:30 +02:00
Jakub Onderka
1cd2ff5ca6
chg: [users] Remove unused method UsersController::arrayCopy
2019-09-09 23:37:37 +02:00
Jakub Onderka
50a0f564c6
fix: [audit] Correct title in audit log when admin edit user
2019-09-09 19:34:38 +02:00
iglocska
75acd63c46
fix: [security] Fix to a vulnerability related to the server index
...
- along with various support tools
- more information coming soon
2019-09-09 13:00:21 +02:00
iglocska
5916de9d5e
fix: [API] Fixed output of the attribute histogram
...
- no more STIX-ish barf inducing numeric string keys for dictionaries
2019-08-27 10:34:29 +02:00
iglocska
96475f59f6
fix: [admin] Invalid domain restriction check for site admins, fixes #5035
2019-08-22 10:41:30 +02:00
iglocska
ed1e55b76b
fix: [API] Fixed an edge case when the attribute historgram throws a notice error
...
- no idea how to reproduce it, the organisation referenced in an event orgc_id not existing is a pre-condition
- fixes #4880
2019-07-29 16:28:42 +02:00
iglocska
64fafa1913
fix: [api fix] Deletes broken due to invalid boolean
...
- /facepalm
2019-07-10 13:55:33 +02:00
iglocska
ed401d88be
fix: [API] delete http requests properly accepted by some /delete endpoints
2019-07-10 11:57:21 +02:00
mokaddem
f850abcdaa
fix: [galaxyMatrix] Handle case if deprecated galaxy does not exists
2019-06-12 14:12:06 +02:00
mokaddem
52ae153c0e
Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixImprovements
2019-06-11 15:56:10 +02:00
mokaddem
11a4bdb959
chg: [restSearch:attack] Only expose attack return format to the `event`
...
scope
2019-06-11 15:50:51 +02:00
mokaddem
acef3a0168
chg: [galaxyMatrix:stats] Only take into account occurences of galaxy
...
once per event
2019-06-11 15:09:02 +02:00
mokaddem
fed5556976
fix: [galaxyMatrix:export] Removed multiple bugs providing inconsistent
...
result
2019-06-11 14:13:17 +02:00
iglocska
36b43f1306
fix: [security] Org admins could reset credentials for site admins
...
- org admins have the inherent ability to reset passwords for all of their org's users
- this however could be abused if for some reason the host org of an instance would create org admins
- the org admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them
- the potential for abuse is very circumstancial as it requires the host org to create lower privilege org admins instead of the usual site admins
- only org admins of the same organisation as the site admin could abuse this
- as reported by Raymond Schippers
2019-06-11 11:05:34 +02:00
mokaddem
4fafb1541c
chg: [galaxyMatrix] Transformed query into cakephp model query
2019-05-15 11:55:22 +02:00
mokaddem
0c69e739cc
new: [statistics:galaxyMatrix] Added filtering capabilities
2019-05-15 11:12:09 +02:00
mokaddem
4fbe857f90
chg: [galaxyMatrix] Added sorting by score. Fix #4608
2019-05-13 15:07:38 +02:00
mokaddem
d3013a9252
fix: [stats:galaxyMatrix] No longer trim the end of the cluster name
2019-04-23 08:49:04 +02:00
iglocska
7a1dbe4c1f
fix: [API] role_id is not required when POSTing users if a default role is set on the instance
2019-04-04 13:42:06 +02:00
4ekin
c32d3bce32
fix: Fixed i18n strings in Controllers
2019-04-02 16:57:41 +03:00
mokaddem
d60095112f
Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixStat
2019-03-15 11:18:34 +01:00
iglocska
7b34e8cacb
fix: [API] resetting the authkey didn't respond with the new key before, making automation difficult.
2019-03-12 22:03:34 +01:00
mokaddem
04798bf7e4
new: [galaxyMatrix] Added possibility to pick a galaxy to view it's
...
statistic.
2019-03-12 15:36:00 +01:00
iglocska
66ad17a1ee
new: [API] exposed change_pw function to the API, fixes #4256
2019-03-02 23:47:13 +01:00
mokaddem
1ed609872c
chg: simplified condition 2
2019-02-15 15:04:07 +01:00
mokaddem
7a2010fb0e
chg: [galaxy_matrix] TEMPORARY - Merge scores of both deprecated and mitre-attack
...
galaxy namespace for the matrix view.
This commit aims to still have correct scores in the galaxy_matrix until the fixMitreTags functions is not live and running
2019-02-15 14:41:55 +01:00
mokaddem
12ed3457e8
chg: [galaxy_matrix] cleanup in variable names to be more generic
2019-02-15 09:24:52 +01:00
mokaddem
a5653e86ea
new: [matrix] Replaced the Att&ck matrix by a generic matrix viewer,
...
allowing custom matrix to be displayed.
Also added the external id to the chosen input.
2019-02-12 13:59:51 +01:00
mokaddem
431529c81c
chg: [attackMatrix] UI: improved color scale - WiP
2019-02-11 17:54:29 +01:00
iglocska
9afd0d8600
fix: [redirect] Correctly redirect to the requested URL after a login, fixes #4005 , fixes #1301
2019-01-28 17:02:04 +01:00
iglocska
2d0259ce13
fix: [CS] coding standards script re-run
2018-11-23 14:11:33 +01:00
mokaddem
2152493dd0
chg: [users/emails] Better comments
2018-11-09 13:42:28 +01:00
mokaddem
6bb31fbb1d
chg: [users/email] Changed behavior of sending mail to avoid code duplication
...
If an additional parameter is passed to the url, it will only shows the result of submitting the form without the submission
2018-11-09 13:38:52 +01:00
mokaddem
296128fe54
fix: [users/emails] submission fix + cleaned code + comments
2018-11-09 12:12:06 +01:00
mokaddem
651861d1d8
new: [users/mails] Added possibility to send a mail to all users of the same organisation
2018-11-09 11:48:39 +01:00
mokaddem
9b44050e1c
new: [users/mails] add confirmation popup before sending mails
2018-11-09 11:23:32 +01:00
iglocska
333cafca76
chg: [statistics] Show % of users with pgp keys
2018-10-30 14:58:49 +01:00
iglocska
3bdcca617e
new: [statistics] Added local org and user/org counts
2018-10-30 14:51:27 +01:00
iglocska
c54538766e
Merge branch '2.4' into feature/api_rework
2018-08-21 13:39:34 +02:00
iglocska
1eded5f3c7
fix: [statistics] Solve the issue with the unfiltered total counters in the user and org statistics
2018-08-21 13:37:47 +02:00
iglocska
12ac58f0e1
fix: [statistics] fixed an issue where the org statistics didn't correctly apply the local filters
...
- both local and external just showed the sum totals instead of the individual pools
2018-08-21 13:34:59 +02:00
iglocska
f675fb8b29
Merge branch '2.4' into feature/api_rework
2018-08-17 14:49:09 +02:00
Sami Mokaddem
212c11290d
fix: [usersStat] allow fetching json of statistics/users
2018-08-13 11:39:25 +00:00
Anthony Vaccaro
1b68005bbe
Add a permission check to the change password page.
...
The 'MISP.disableUserSelfManagement' config variable is checked
when rendering the link to the change password page, but is not checked
when rendering the page itself. This could lead to unauthorised
password changes by users with existing accounts on the MISP
instance.
2018-08-13 15:55:51 +10:00
iglocska
0694263e15
Merge branch '2.4' into feature/api_rework
2018-08-09 16:51:20 +02:00
iglocska
4fa5834cbc
new: [PGP] Added fingerprint to /users/verifyGPG
2018-08-06 17:00:15 +02:00
iglocska
34ba484b06
chg: [cleanup] Removed todos from userscontroller that have become irrelevant
2018-08-04 22:48:19 +02:00
iglocska
a81894f14c
chg: [CS] Changed to PSR-2
...
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
2018-07-19 11:48:22 +02:00
iglocska
71bb60a702
new: [Statistics] Added a new tab to the statistics showing the user/organisation additions over the past month/year
2018-07-13 12:08:29 +02:00
iglocska
6ffacc1e23
fix: [security] Brute force protection can be bypased with a PUT request
...
- fixes an issue where brute forcing the login would work by using PUT requests
- as reported by Silver Saks from CCDCOE
2018-06-21 15:48:32 +02:00
iglocska
87c152d9f3
fix: Use common code-path for user init via the login page and the CLI
...
- also, be consistent with initial settings
2018-06-20 07:32:52 +02:00
Sami Mokaddem
e3988c73ad
new: [attackMatrix] Also consider attack galaxy at event level in the
...
heatmap
fix: [attackMatrix] Typo in ATT&CK + division by 0 in gradiendTool
2018-06-18 14:51:29 +00:00
Sami Mokaddem
3a27009775
Merge remote-tracking branch 'upstream/2.4' into attack
2018-06-18 12:18:31 +00:00
Sami Mokaddem
929946f055
new: [attackMatrix] added instance UUID in rest response
2018-06-18 12:04:38 +00:00
Sami Mokaddem
8d145086f0
new: [attackMatrix] statistic about attack tags used in the instance
...
chg: [attackMatrix] moved functions in to model and matrix view into elements
2018-06-18 09:58:20 +00:00
iglocska
48feb7b7d2
new: [functionality] Kick user out if the session is expired instead of only doing it on a page load
2018-06-12 16:09:50 +02:00
iglocska
68b8266584
new: New flash message system, fixes #3252
...
- 3 types of flash messages (success, error, warning)
- uses bootstrap's own classes/structure
2018-05-16 19:32:38 +02:00
iglocska
b325a5d2a4
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-05-08 07:52:32 +02:00
Sami Mokaddem
680311f68f
chg: [Controllers] sets the ajax variable globally
...
As well as removing useless set in controllers and accessing it instead
of passing through the request.
2018-05-07 14:44:59 +00:00
iglocska
2f8686aec3
fix: Don't redirect users to terms page if no terms page is set
2018-05-06 22:42:21 +02:00
iglocska
41fdf6da8b
new: Allow further role settings
...
- exclude a role from non site admin assignment
- set max memory usage and execution time / role
2018-03-24 21:43:46 +01:00
iglocska
a596d5800f
fix: Run the db update before trying to add users/orgs
2018-02-02 19:52:43 +01:00
iglocska
7772b9c43e
new: Disable the viewing of a full organisation list by normal users
...
- Only site admins and sharing group editors can see organisation lists
- this includes the org index and various statistics
- Keep in mind: Sharing group editors CAN see the full organisation list - otherwise they wouldn't be able to create sharing groups.
- Also, users CAN enumerate organisations that have created ANY data on the instance by looking at the given data
- this includes events, proposals, discussion entries, etc
2018-01-13 16:55:01 +01:00
iglocska
4af2136645
fix: Sanitise the list of fields fetched for the admin user index
...
- as reported by @deralexxx
2018-01-12 11:34:29 +01:00
iglocska
13d4a1d197
chg: Added sane default org_id to users/add API
...
- takes current user's org_id as the default
2017-12-14 16:32:08 +01:00
iglocska
05a89f5e87
Merge branch '2.4' into feature/tag_filter_rework
2017-11-30 22:28:35 +01:00
iglocska
c9b4f8c6ab
fix: Added db changes needed for the user domain restrictions along with restricting the user self edit action
2017-11-28 11:52:01 +01:00
iglocska
69423a8bcf
new: Add restrictions for e-mail addresses to certain domains
...
TODO: tie it into the user edit action
2017-11-27 10:22:37 +01:00
iglocska
7d5890b2fc
fix: Leaking of hashed passwords in the audit logs fixed
...
- Scope was limited due to the audit log access restrictions to site/org admins
2017-11-24 11:55:16 +01:00
iglocska
8794af9118
fix: Expose /users/view/me to the API, fixes #2679
2017-11-23 15:44:38 +01:00
Milan Pikula
3626f3ce67
change behavior of login page to return to original page after authentication
2017-11-22 17:15:51 +01:00
iglocska
67d9cd6a6c
new: Include user action in zmq
2017-11-16 12:15:39 +01:00
iglocska
943f18d6cc
new: push the action for user updates/creations/logins along with the user object to the ZMQ channel
2017-11-16 08:58:53 +01:00
iglocska
3e5b1179c5
fix: Histogram rework
...
- removed junk debug
- fixed group by issue
- better performance
2017-11-08 11:58:19 +01:00
iglocska
68f4833893
new: First version of the zmq reimplementation
2017-10-27 09:10:46 +02:00
iglocska
cfcaf0d410
chg: Made the current password confirmation requirement for any user profile edits optional
...
- default setting is having it off
- incredibly frustrating feature is now only enabled on demand
2017-08-18 09:05:20 +02:00
Richie B2B
34853d0811
Initialize $abortPost in edit()
...
Avoid notices about "Undefined variable: abortPost" in debug.log
2017-08-17 13:14:24 +02:00
Richie B2B
4a8538aec5
Rebuild _authenticateObjects cache in mixed authentication setups
...
When CertAuth is mixed with normal FormAuthentication the upgrade from Simple to Blowfish did not happen because of the internal _authenticateObjects cache. Calling constructAuthenticate() rebuilds this cache.
2017-08-16 17:33:55 +02:00
iglocska
6d18aa23ec
fix: Remove the notice thrown if no valid user exists for the given e-mail
2017-08-11 11:18:34 +02:00
iglocska
952fff6252
fix: Fixes to several cases of reflected XSS, fixes #2381
...
- as reported by @import-au
- Additionally enforce content-type on all async APIs called by the UI using CakeResponse
2017-08-08 21:37:03 +02:00
iglocska
3317f56ca1
fix: Upgraded hashing algorithm used and added requirement to confirm password for user profile changes
...
- Added method to upgrade all passwords to blowfish transparently
- All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed
- Thanks to cert.govt.nz for the security report.
2017-07-12 15:38:34 +02:00
iglocska
6c7c40e773
fix: Further performance tweaks to the feed fetcher
2017-07-07 12:58:51 +02:00
iglocska
b3b6ef6767
fix: Initial password reset functionality
...
- invalid parameters sent for new users in the on-demand reset
- been bugged for 4 months, but became somewhat obsolete with the automatic notification so no one noticed
2017-05-30 15:40:54 +02:00
Ángel González
926895733b
Cosmetic changes
...
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
2017-05-08 00:45:57 +02:00
iglocska
de10619d1a
new: Added attributes / event average to statistics
2017-04-13 17:23:49 +02:00
iglocska
a524eb74b9
fix: No notify field set in user creation throws error
2017-04-13 16:39:47 +02:00
iglocska
77ef188457
new: Password complexity defaults tightened, also passowrd requirements shown to users, fixes #2117
2017-04-11 10:04:07 +02:00
iglocska
3b6807ef72
new: Rework of the restsearch APIs
...
- allows for alternate download types (supported for now: openioc)
- major refactor of the openioc export
- refactor of the CIDR tool
2017-03-31 19:27:34 +02:00
iglocska
38138e0871
chg: Some changes to the users
...
- added date created/modified in the backend
- added date created in the users index
- passowrd reset for a user now shows a warning if no pgp/smime key are set and the user might not be getting the email
2017-03-10 16:17:14 +01:00
iglocska
d2758d71a6
fix: Potential fix for a weird issue blocking the editing of users, fixes #1992
2017-03-01 15:16:42 +01:00
iglocska
2184ca4e70
Merge branch '2.4' into 2.4.67
2017-02-24 19:55:46 +01:00
iglocska
153c03835c
chg: Added warnings about the user's encryption status in the quick mailer
2017-02-23 09:13:03 +01:00
iglocska
6c15295bf9
fix: Some fixes for the new user admin features
2017-02-23 08:56:27 +01:00
iglocska
e9edeed22c
new: User management convenience functions added
...
- quick e-mail: send an e-mail to a user quickly
- orgadmin: see the org admins of a user and contact them
- pgp key issues shown on the user view
- pgp fingerprint shown on the user view
- copy paste auth keys and pgp keys quickly by clicking on them
2017-02-22 17:12:32 +01:00
iglocska
80acf81743
new: Added PGP fingerprint and PGP key status to user view
2017-02-22 10:55:24 +01:00
Adrien RAFFIN
8e844c91ef
feature: Add support for user creation with authkey
2017-02-21 15:26:56 +01:00
iglocska
2db4751f65
fix: Added eventids to the toplist API
2017-02-17 17:21:43 +01:00
iglocska
e8cdd8f94e
new: Added links to all events that match sightings sources in the sightings top list
2017-02-17 17:19:43 +01:00
iglocska
971289cb38
new: Added sighting top list to the statistics
2017-02-17 16:53:47 +01:00
Adrien RAFFIN
3507e15ebf
fix: update default field of organisation when creating new accounts
2017-02-16 10:44:43 +01:00
iglocska
b6ce529f3a
new: Send out credentials directly during user creation
2017-02-02 11:11:51 +01:00
iglocska
7db510832a
new: Added API access to the statistics
...
- first iteration, this is a bit more complex to get it right than this implementation
- data cleanup to make the results somewhat more useful
- raw data needs to be documented
- available APIs:
- /users/statistics/data.json
- /users/statistics/orgs.json
- /users/statistics/tags.json
- /users/statistics/attributehistogram.json
2017-02-01 23:42:26 +01:00
iglocska
5b54171364
fix: Allow users to fetch their PGP keys
2016-12-29 13:34:41 +01:00
iglocska
5ea6c4ba87
fix: Issue with new installations not correctly setting the default password for the initial user
2016-12-10 14:22:58 +01:00
Iglocska
e46cbd0991
new: First iteration of the galaxies (WIP)
2016-12-05 00:47:34 +01:00
Iglocska
24f3f7f0c8
fix: Some small fixes to the add user API, affects #1621
...
- Do not force change_pw/termsaccepted default settings based on role when using the API
- Some cleanup
2016-11-07 03:30:16 +01:00
cristian bell
1d8d02428e
sorts the "Attributes per organization" array by the total number of attr, highest on top.
2016-11-05 09:57:52 +01:00
Iglocska
69172e8525
fix: Fixed an issue with an incorrect condition on the admin index
2016-11-04 15:58:38 +01:00
Iglocska
c76d358535
new: Added new statistics page, fixes #1648 , fixes #1557
...
- brought back the quick organisation overview as it's a much missed feature
- added treemap for tags
- brought attribute histogram into statistics page
- more coming in the future
2016-11-04 13:14:03 +01:00
Iglocska
ad5c14474e
fix: Fixed some merge issues
2016-11-02 11:42:17 +01:00
Iglocska
39ae6bce6d
Merge branch 'features/userapi' into 2.4
...
Conflicts:
app/Controller/UsersController.php
2016-11-02 11:38:58 +01:00
Iglocska
fbfa8ac450
fix: Fixes an invalid check allowing user profile modifications to target different users within the org
...
- User edit had an incorrect check that allowed a normal user edit on a different account within the same org
- Also removed the deprectated option for this function to be used by org/site admins to be used as an alternative to the admin edit
- as reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
2016-11-02 11:32:00 +01:00
Iglocska
e047ca0c21
new: Added admin user APIs
...
- The following urls are now available via the API:
- /admin/users/add
- /admin/users/edit/id
- /admin/users/view/id
- /admin/users/index
- /users/resetauthkey/id
- For add and edit, sending a GET request will describe the APIs
- New API response system's initial implementation, to be used for other APIs in the future
- standardised responses
- standardised error codes
- convenience functions
- TODO:
- tie non admin functions into the APIs (maybe?)
- reuse the new API system for other APIs
2016-10-28 01:49:21 +02:00
Iglocska
d41574f305
chg: Further work on the user APIs
2016-10-23 22:57:24 +02:00
Iglocska
8cc30bc6ba
new: First commit for the user API rework and the new response handler
2016-10-22 15:28:57 +02:00
Iglocska
6f1c2454e7
fix: Fixes an issue where adding a new user allowed an invalid role choice
...
- as reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
2016-10-21 15:33:14 +02:00
Iglocska
1d3d5386aa
fix: Fixes an issue where an invalid role could be assigned to a user
...
- As reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
2016-10-21 15:29:44 +02:00
Iglocska
a761867117
chg: Cleanup of removed functionality
2016-10-04 14:12:46 +02:00
Iglocska
72ff6c76c3
fix: Various fixes to the user index, fixes #1597 , fixes #1598
...
- highlight deleted users
- use the same index for the org user view (without the filter options)
- fixes the pagination of the users when viewing it through the organisation view
2016-10-04 10:56:52 +02:00
Iglocska
aaad44aa38
fix: Fixes to the API request e-mail
2016-09-20 09:59:03 +02:00
Cristian Bell
c2f71c96da
fix: fixes a bug introduced by f37963fde4
where on API request the user itself receives an e-mail and not his org_admin or site_admin
2016-09-20 09:35:12 +02:00
iglocska
ba9b084f48
Merge branch '2.4' into 1541
2016-09-18 13:12:11 +02:00
Cristian Bell
4f288bd23f
fix: removing some unused code.
2016-09-16 16:15:26 +02:00
Andreas Ziegler
25e52a6786
chg: remove some references to variables
2016-09-15 17:08:58 +02:00
Iglocska
ab50d00b15
fix: Fix the broken bruteforce protection
...
- Moved the bruteforce protection directly to the login action
- Fixed the datetime format used by the protection
- Cleaned up the logging of failed attempts
2016-09-12 11:20:26 +02:00
Andreas Ziegler
4b8a82098d
chg: replace 4 spaces after tab by double tab
2016-09-05 00:45:51 +02:00
Iglocska
b992fa7b64
fix: Notify the user requesting API key access if e-mailing is disabled on the instance
2016-09-04 00:14:03 +02:00
Iglocska
fdc70d3ccc
Merge branch '2.4' into apirequest
2016-09-04 00:08:51 +02:00
Iglocska
651edc6a81
chg: Changed the response of the functionality in the PR to be in line with other ajax request responses in MISP
2016-09-04 00:08:02 +02:00
Iglocska
f9e6180c06
fix: cleanup of missing whitespaces in PR
2016-09-03 23:58:13 +02:00
iglocska
7a159dbb93
fix: fixed an issue where fetching the PGP key without entering an e-mail address in the user creation form wasn't handled cleanly
2016-09-02 21:53:56 +02:00
Cristian Bell
f37963fde4
Merge branch 'fix_1311_only_show_API/authkey_to_user_with_rights' of https://github.com/cristianbell/MISP into cristianbell-fix_1311_only_show_API/authkey_to_user_with_rights
2016-09-02 15:35:11 +02:00
Andreas Ziegler
9bf0e16ac6
new: add basic experimental support for PostgreSQL
2016-08-31 04:11:49 +02:00
iglocska
df6baa01f4
new: Add default role to the user creation, fixes #256
2016-08-29 14:49:14 +02:00
iglocska
822b0bf8fa
chg: Cleanup of the controllers and models
...
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
2016-08-25 11:38:37 +02:00
Cristian Bell
c19fa90e92
chg: only show API/authkey to user with API key rights, fixes #1311
...
- code improvements as per @iglocska 's comments. thanks.
2016-08-24 09:59:38 +02:00
Cristian Bell
139de84952
chg: only show API/authkey to user with API key rights, fixes #1311
...
- adds some missing code parts from the initial commit.
2016-08-23 17:12:55 +02:00
Cristian Bell
7774f52fe7
chg: only show API/authkey to user with API key rights, fixes #1311
2016-08-23 16:20:39 +02:00
Andreas Ziegler
fb655c2ff9
chg: use 1/0 not true/false for conditions & other boolean sqlquery elements
2016-08-17 18:52:22 +02:00
Andreas Ziegler
4a37f4edbc
chg: remove obsolete backticks from sql queries
...
backticks are only necessary to escape reserved keywords.
as backticks are MySQL-specific, having them only where really necessary
makes integrating support for other DBMS easier.
2016-08-15 06:26:25 +02:00
Cristian Bell
9a80586599
chg: redundant members list and organisations page - tab versus 4spaces
2016-08-04 14:36:20 +02:00
Cristian Bell
72b9bdbb84
chg: redundant members list and organisations page
2016-08-04 13:45:10 +02:00
Iglocska
9522c96d54
Revert "Revert "chg: remove obsolete uuid() wrapper""
...
This reverts commit bae6eadfe7
.
2016-07-11 00:59:47 +02:00
Iglocska
bae6eadfe7
Revert "chg: remove obsolete uuid() wrapper"
...
This reverts commit 77ca0f8dd4
.
2016-07-08 14:50:00 +02:00
Andreas Ziegler
77ca0f8dd4
chg: remove obsolete uuid() wrapper
2016-07-07 15:13:16 +02:00
Andreas Ziegler
958aa7c414
use consistent spacing around else if
2016-06-04 15:49:54 +02:00
Andreas Ziegler
985451642e
add space after keywords if/for/foreach/while/switch/catch
2016-06-04 15:45:39 +02:00
Andreas Ziegler
0fe692c56a
remove whitespace at end of line
2016-06-04 01:10:45 +02:00
Andreas Ziegler
898ea1d97c
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Iglocska
6e9a448cbd
fix: Cannot delete users, fixes #1200
2016-06-03 17:43:27 +02:00
Andras Iklody
ac4afa35c2
Merge pull request #1193 from rotanid/defaults
...
add some defaults
2016-06-03 02:10:00 +02:00
Andreas Ziegler
8c21fa27d0
add some variable defaults
2016-06-03 01:44:07 +02:00
Andreas Ziegler
0fcf9a02f7
remove/update obsolete code
2016-06-03 01:42:27 +02:00
Andreas Ziegler
bdf21b782b
remove unused functions
2016-06-03 01:42:27 +02:00
Andras Iklody
5a137fcc95
Merge pull request #1165 from rotanid/misc2
...
misc cleanup round 2
2016-06-03 01:38:36 +02:00
Andreas Ziegler
790d3b5ac0
UsersController.php: remove duplicate array key
2016-05-31 18:27:56 +02:00
Andreas Ziegler
898f795271
fix upper/lowercase issues
2016-05-31 18:01:59 +02:00
Andreas Ziegler
a9d7175d8d
remove commented out codelines
2016-05-31 18:01:54 +02:00
Andreas Ziegler
b746763dfe
reformatting, indention, comment fixes
2016-05-31 17:34:46 +02:00
Iglocska
becb42d860
fix: removed duplicate array keys, fixes #1162
2016-05-23 21:50:53 +02:00
Iglocska
6b6877099a
fix: Added the option for users to see and undelete attributes if an event was created by their org, fixes #1144
...
- Also some minor fixes to the ACL
2016-05-20 11:20:03 +02:00
Iglocska
467abda0d6
Merge branch 'feature/news' into 2.4
2016-05-20 10:20:12 +02:00
Iglocska
e16371e255
chg: Some cleanup of old unused stuff
2016-05-20 09:07:51 +02:00
Iglocska
d02adf2085
new: Added the news functionality back
...
- admins can add/edit/delete news items
- users get redirected if there is a newsitem that they haven't seen yet
2016-05-20 01:17:26 +02:00
Iglocska
69811db568
Merge branch '2.4' of https://github.com/MISP/MISP into 2.4
2016-05-18 11:15:59 +02:00
Iglocska
4e94913504
fix: Contact Users Form Email Issue fixed, fixes #1130
2016-05-18 11:15:11 +02:00
iglocska
73375042e6
Merge branch '2.4' of https://github.com/MISP/MISP into 2.4
2016-05-13 20:47:10 +02:00
iglocska
9434a2364f
fix: Fixes to issues with MYSQL >= 5.7
2016-05-13 20:44:16 +02:00
Iglocska
d26bb9d927
Merge branch '2.4' of https://github.com/MISP/MISP into 2.4
2016-05-09 08:55:46 +02:00
Iglocska
151c782d23
chg: Further work on the attribute soft delete
2016-05-06 23:34:26 +02:00
I-am-Sherlocked
3640379272
Update UsersController.php
...
Grouping by Organization.name will throw a MySQL error
"Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'misp.Organisation.id' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by"
in "Request URL: /users/memberslist" , since Organization.name is not a unique field. Grouping by Organization.id instead will fix the issue.
2016-05-05 12:36:30 -07:00
Iglocska
267caa3315
Merge branch '2.4' into smime
...
Conflicts:
app/Controller/AppController.php
2016-04-25 23:12:57 +02:00
Iglocska
24c7fa61fe
Merge branch 'permissionfix' into 2.4
2016-04-18 17:41:59 +02:00
Iglocska
1ecc4c2f37
Fixed a capitalisation fail
2016-04-18 14:06:17 +02:00
devnull-
4e02c8464a
Add function verifyCertificate & update of fields
2016-04-04 19:19:58 +02:00
Iglocska
b342a071b8
Added the authkey to the admin user index, including filtering / searching for them
2016-03-28 09:02:15 +02:00
Iglocska
afaa537b82
First implementation of the new auth mechanism
2016-03-15 23:04:20 +01:00
Iglocska
f5d2887195
List Organisation in alphabetical order for new users, fixes #989
...
- Fixes an issue where organisations in both the admin add and admin edit user views were not sorted alphabetically
- delays Przemek enrage timer
2016-03-09 17:16:10 +01:00
Iglocska
95ac7ad294
If a user is disabled then he should not receive mass admin e-mails
...
- however, if an admin specifically chooses to e-mail him/her it will still work
2016-03-02 10:39:49 +01:00
Iglocska
150f5284ca
Fix to an invalid org lookup when regenerating a user's authkey as an org admin
2016-02-17 16:16:02 +01:00
Iglocska
419bf41d82
Fixed the reset button on the dashboard
2016-02-16 14:46:50 +01:00
Iglocska
51621335c0
Show last login for each user on the admin index
2016-02-16 01:18:39 +01:00
Iglocska
08df3082e6
Forgot to add save...
2016-02-16 01:11:25 +01:00
Iglocska
8f90ab85cf
Some tuning to the previous commit
2016-02-16 01:10:03 +01:00
Iglocska
5cc9655f11
Refresh auth on dashboard
2016-02-16 01:04:43 +01:00
Iglocska
4c14d3a859
Merge branch '2.4' into features/delegation
...
Conflicts:
app/Controller/AppController.php
app/Model/AppModel.php
app/Model/Event.php
app/Model/Log.php
app/Model/Server.php
app/View/Elements/footer.ctp
app/webroot/css/main.css
2016-02-12 05:56:32 +01:00
Iglocska
a1ffdc7790
First finished version
2016-02-12 05:47:06 +01:00
William Robinet
4fea371c4b
Fix permissions
2016-02-11 17:03:51 +01:00
Iglocska
430f8ea479
URL fallback when adding users fails for the sync user dropdown
2016-01-26 10:03:46 +01:00
Iglocska
be62a6b053
Entering a valid controller/action and an invalid one produced a different result pre-auth
...
- not authenticated users now automatically get redirected to the login page, no matter what action they requested
- This as a nice side effect also removed the bug that was caused by a site admin looking at an admin function before logging out / timing out and being incorrectly redirected to /admin/users/login
2016-01-21 14:52:06 +01:00
Iglocska
b92c1c8db4
Added full text search to organisation index, fixes #803
...
- also some fixes and enhancements in general for this
2016-01-19 16:25:54 +01:00
Iglocska
aab2752cbe
Sort orgs alphabetically in user index filters
2016-01-13 15:56:59 +01:00
Iglocska
f9d60d1b2c
Small fix to the contact users form for org admins
2016-01-12 15:36:58 +01:00