Jakub Onderka
ad8666369c
new: [CLI] cake User init command
...
Deprecate cake UserInit
2024-01-14 17:35:25 +01:00
Jakub Onderka
edd6d3f157
Merge pull request #9473 from JakubOnderka/logging
...
chg: [internal] Do not log in audit log last_api_access
2024-01-04 16:38:02 +01:00
Jakub Onderka
b5fe0722eb
fix: [internal] Session destroy
2024-01-04 16:16:52 +01:00
Jakub Onderka
6b0fb4a638
chg: [internal] Refactor UserController::_postlogin
2024-01-04 12:20:38 +01:00
Jakub Onderka
9d81da4df2
fix: [internal] Fix view user login history
2024-01-04 11:24:36 +01:00
Jakub Onderka
54fa92be71
fix: [internal] Code style
2024-01-04 10:11:14 +01:00
Jakub Onderka
786becad1a
chg: [internal] Code cleanup for user login profile
2023-12-22 22:52:02 +01:00
iglocska
5bed463416
chg: [logging] fail silently if logging entry can't be saved
...
- can happen when the log change is too large for example
- no need to roll back / break sync for example if a log entry is too large, just fail silently.
2023-12-07 15:17:58 +01:00
iglocska
c124df0e47
fix: [password reset] required current password for token based reset
2023-12-07 10:31:50 +01:00
iglocska
4215285443
fix: [Alert on suspicious logins] disabled by default
...
- requires logs table to be better indexed currently to not be a bottleneck (user_id and action fields)
- Will be made default in an upcoming version once the performance issues are resolved
2023-12-01 22:10:50 +01:00
Christophe Vandeplas
7f9d7c9e44
fix: [login] fixes bad fix and catches first login after update
2023-11-30 11:16:42 +01:00
iglocska
ac8f507d55
fix: [user login profile] skip checks for ancient php versions
2023-11-29 12:16:14 +01:00
Christophe Vandeplas
7e2cb89f97
Feature/user login profiles2 ( #9379 )
...
* new: [userloginprofiles] start over with previous code
* fix: [user_login_profiles] fixes catching up the backlog
* chg: [userloginprofile] email to org_admin for suspicious login
* chg: [userloginprofile] only inform new device
* chg: [userloginprofiles] view_login_history instead of view_auth_history
* chg: [userloginprofile] make login history visually better
* chg: [userloginprofile] inform admins of malicious report
* fix: [userloginprofile] cleanup
* fix: [userloginprofile] fixes Attribute include in Console
* fix: [userloginprofile] db schema and changes
* chg: [CI] log emails
* chg: [PyMISP] branch change
* chg: [test] test
* fix: [userloginprofile] unique rows
* fix: [userloginprofile] unique rows
* chg: [cleanup]
* Revert "chg: [PyMISP] branch change"
This reverts commit 3f6fb46fee
.
* fix: [userloginprofile] fix worksers with monolog=1.25 browcap=5.1
* fix: [db] dump schema version
* fix: [CI] newer php versions
* fix: [composer] php version
* fix: [php] revert to normal php7.4 tests
---------
Co-authored-by: iglocska <andras.iklody@gmail.com>
2023-11-24 13:47:59 +01:00
iglocska
f2ff8441e3
fix: [user search] in index, removed old style authkey as a valid search field
2023-10-24 19:56:31 +02:00
Jeroen Pinoy
2f790c2f17
[users:totp] set correct rest response action for totp_delete ( #9303 )
2023-09-28 10:57:01 +02:00
Jeroen Pinoy
7ce06cad9f
new: [Users] add last password change timestamp for users
2023-08-29 13:47:24 +02:00
Sami Mokaddem
664504f7f6
new: [user:periodicReporting] Allow setting the number of days to look back (UI only)
2023-08-09 15:19:58 +02:00
iglocska
4ad70965b5
fix: [totp] generate a new totp secret each time a the totp_new endpoint is queried via a GET request, fixes #9220
2023-07-28 13:10:19 +02:00
iglocska
65bb3ef6eb
fix: [security] otp reset otp_secret on logout
...
- changing users within the same session can otherwise lead to the creation of the same otp seed for multiple users
2023-07-17 01:15:34 +02:00
iglocska
be28fdf53c
fix: [pw reset] fix (pass the token for deletion)
2023-07-10 16:08:07 +02:00
iglocska
71fdd9ac20
fix: [forgotten password] fixed
2023-07-10 16:02:34 +02:00
iglocska
68cb56037f
fix: [password reset] various issues
2023-07-10 15:58:28 +02:00
iglocska
b121af4c13
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-07-10 15:34:16 +02:00
iglocska
8ff6dc2ea1
new: [forgotten password] optional feature added
2023-07-10 15:30:28 +02:00
iglocska
3bf85ea29f
chg: [TOTP] set name
2023-06-21 14:52:53 +02:00
Christophe Vandeplas
132afb7321
fix: [Users] fixes column not found Role.perm_site_admin
2023-06-04 08:18:52 +02:00
Christophe Vandeplas
b2bb4f817b
fix: [security] Org admins cannot delete site admin accounts see #9121
2023-06-04 07:01:29 +02:00
iglocska
3097dc106e
fix: [totp field check] causes exception if update is not executed yet and the field isn't added
...
- without the login the update doesn't execute - chicken & egg issue
2023-05-31 15:11:51 +02:00
Christophe Vandeplas
cb74ad507f
chg: [security] OTP support for HOTP
2023-05-25 23:28:14 +02:00
Christophe Vandeplas
afbb9fab95
chg: [security] TOTP anti-bruteforce support
2023-05-25 21:12:07 +02:00
Christophe Vandeplas
6311f7d3e6
Merge branch 'develop' into feature/totp
2023-05-25 20:53:06 +02:00
Christophe Vandeplas
acb258cc52
chg: [security] User index inactive user filter
2023-05-21 19:29:56 +02:00
Christophe Vandeplas
e90083020f
chg: [security] Require TOTP and QR code lib for TOTP secret creation
2023-05-20 10:26:45 +02:00
Christophe Vandeplas
8e370fa6f0
chg: [security] TOTP event logging
2023-05-20 10:13:56 +02:00
Christophe Vandeplas
dac7aaf7d6
chg: [security] Disallow creation of TOTP token if LinOTP is enabled
2023-05-20 09:20:36 +02:00
Christophe Vandeplas
81db5958d9
chg: [security] Allow enforcement of TOTP
2023-05-20 08:56:40 +02:00
Christophe Vandeplas
856a9e4b4c
chg: [security] admins can delete user TOTP
2023-05-20 08:05:48 +02:00
Christophe Vandeplas
61573392ea
chg: [security] allow creation of TOTP token
2023-05-19 20:56:52 +02:00
Christophe Vandeplas
6caccac94d
new: [security] TOTP authentication
2023-05-19 06:57:16 +02:00
Anders Einar Hilden
da5278d349
[new]: [doc] [ApacheSecureAuth] Add minimal docs for ApacheSecureAuth, and a bigger section about using the /users/logout401 endpoint.
2023-03-10 10:34:05 +01:00
Anders Einar Hilden
ec495da477
[new]: [ApacheSecureAuth] Add endpoint /users/logout401 for logging out from HTTP Basic Auth
...
This can be used by i.e. ApacheSecureAuth to make a browser forget cached HTTP Basic Auth credentials, which would otherwise result in a logut->login loop.
2023-03-10 10:34:05 +01:00
Christophe Vandeplas
9115a30423
minor code cosmetic fix
2023-01-06 09:19:36 +01:00
Jakub Onderka
35e15a5220
chg: [mail] Allow to unsubscribe from notification emails
2022-12-15 10:05:13 -05:00
iglocska
b6a2c854a4
new: [session killswitch] added endpoint to kill existing sessions for a user
...
- required for integration in MeliCERTes II
2022-12-01 14:07:48 +01:00
Christophe Vandeplas
192ed311b9
fix: [remote_ip] respect MISP.log_client_ip_header everywhere fixes #8781
2022-11-28 14:08:11 +01:00
Jakub Onderka
7d0af6918a
fix: [UI] Statistics EventTag call
2022-11-02 10:49:24 +01:00
Andras Iklody
2497369374
fix: [statistics] do not divide correlation count by 2 - no longer needed
...
We're only storing 1 row / correlation since the engine rework
- As reported by @github-germ
2022-11-01 09:29:58 +01:00
Jakub Onderka
0b775c77a2
fix: [internal] Cleanup code for UserController
2022-10-23 10:08:56 +02:00
Jakub Onderka
547e17624e
chg: [internal] Normalize user fetching for admins
2022-10-22 17:18:52 +02:00
Jakub Onderka
b4bcbfe103
chg: [internal] Use JsonTool more often
2022-10-19 10:11:37 +02:00