MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
25,098 Commits
34 Branches
364 Tags
186 MiB
Commit Graph

558 Commits (4be80d39a80d4375dc80a45e43d8e67db0125793)

Author SHA1 Message Date
Jakub Onderka ad8666369c new: [CLI] cake User init command 
Deprecate cake UserInit
 2024-01-14 17:35:25 +01:00
Jakub Onderka edd6d3f157
Merge pull request #9473 from JakubOnderka/logging 
chg: [internal] Do not log in audit log last_api_access
 2024-01-04 16:38:02 +01:00
Jakub Onderka b5fe0722eb fix: [internal] Session destroy 2024-01-04 16:16:52 +01:00
Jakub Onderka 6b0fb4a638 chg: [internal] Refactor UserController::_postlogin 2024-01-04 12:20:38 +01:00
Jakub Onderka 9d81da4df2 fix: [internal] Fix view user login history 2024-01-04 11:24:36 +01:00
Jakub Onderka 54fa92be71 fix: [internal] Code style 2024-01-04 10:11:14 +01:00
Jakub Onderka 786becad1a chg: [internal] Code cleanup for user login profile 2023-12-22 22:52:02 +01:00
iglocska 5bed463416
chg: [logging] fail silently if logging entry can't be saved 
- can happen when the log change is too large for example
- no need to roll back / break sync for example if a log entry is too large, just fail silently.
 2023-12-07 15:17:58 +01:00
iglocska c124df0e47
fix: [password reset] required current password for token based reset 2023-12-07 10:31:50 +01:00
iglocska 4215285443
fix: [Alert on suspicious logins] disabled by default 
- requires logs table to be better indexed currently to not be a bottleneck (user_id and action fields)
- Will be made default in an upcoming version once the performance issues are resolved
 2023-12-01 22:10:50 +01:00
Christophe Vandeplas 7f9d7c9e44 fix: [login] fixes bad fix and catches first login after update 2023-11-30 11:16:42 +01:00
iglocska ac8f507d55
fix: [user login profile] skip checks for ancient php versions 2023-11-29 12:16:14 +01:00
Christophe Vandeplas 7e2cb89f97
Feature/user login profiles2 (#9379) 
* new: [userloginprofiles] start over with previous code

* fix: [user_login_profiles] fixes catching up the backlog

* chg: [userloginprofile] email to org_admin for suspicious login

* chg: [userloginprofile] only inform new device

* chg: [userloginprofiles] view_login_history instead of view_auth_history

* chg: [userloginprofile] make login history visually better

* chg: [userloginprofile] inform admins of malicious report

* fix: [userloginprofile] cleanup

* fix: [userloginprofile] fixes Attribute include in Console

* fix: [userloginprofile] db schema and changes

* chg: [CI] log emails

* chg: [PyMISP] branch change

* chg: [test] test

* fix: [userloginprofile] unique rows

* fix: [userloginprofile] unique rows

* chg: [cleanup]

* Revert "chg: [PyMISP] branch change"

This reverts commit 3f6fb46fee.

* fix: [userloginprofile] fix worksers with monolog=1.25 browcap=5.1

* fix: [db] dump schema version

* fix: [CI] newer php versions

* fix: [composer] php version

* fix: [php] revert to normal php7.4 tests

---------

Co-authored-by: iglocska <andras.iklody@gmail.com>
 2023-11-24 13:47:59 +01:00
iglocska f2ff8441e3
fix: [user search] in index, removed old style authkey as a valid search field 2023-10-24 19:56:31 +02:00
Jeroen Pinoy 2f790c2f17
[users:totp] set correct rest response action for totp_delete (#9303) 2023-09-28 10:57:01 +02:00
Jeroen Pinoy 7ce06cad9f
new: [Users] add last password change timestamp for users 2023-08-29 13:47:24 +02:00
Sami Mokaddem 664504f7f6
new: [user:periodicReporting] Allow setting the number of days to look back (UI only) 2023-08-09 15:19:58 +02:00
iglocska 4ad70965b5
fix: [totp] generate a new totp secret each time a the totp_new endpoint is queried via a GET request, fixes #9220 2023-07-28 13:10:19 +02:00
iglocska 65bb3ef6eb
fix: [security] otp reset otp_secret on logout 
- changing users within the same session can otherwise lead to the creation of the same otp seed for multiple users
 2023-07-17 01:15:34 +02:00
iglocska be28fdf53c
fix: [pw reset] fix (pass the token for deletion) 2023-07-10 16:08:07 +02:00
iglocska 71fdd9ac20
fix: [forgotten password] fixed 2023-07-10 16:02:34 +02:00
iglocska 68cb56037f
fix: [password reset] various issues 2023-07-10 15:58:28 +02:00
iglocska b121af4c13
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-07-10 15:34:16 +02:00
iglocska 8ff6dc2ea1
new: [forgotten password] optional feature added 2023-07-10 15:30:28 +02:00
iglocska 3bf85ea29f
chg: [TOTP] set name 2023-06-21 14:52:53 +02:00
Christophe Vandeplas 132afb7321 fix: [Users] fixes column not found Role.perm_site_admin 2023-06-04 08:18:52 +02:00
Christophe Vandeplas b2bb4f817b fix: [security] Org admins cannot delete site admin accounts see #9121 2023-06-04 07:01:29 +02:00
iglocska 3097dc106e
fix: [totp field check] causes exception if update is not executed yet and the field isn't added 
- without the login the update doesn't execute - chicken & egg issue
 2023-05-31 15:11:51 +02:00
Christophe Vandeplas cb74ad507f chg: [security] OTP support for HOTP 2023-05-25 23:28:14 +02:00
Christophe Vandeplas afbb9fab95 chg: [security] TOTP anti-bruteforce support 2023-05-25 21:12:07 +02:00
Christophe Vandeplas 6311f7d3e6 Merge branch 'develop' into feature/totp 2023-05-25 20:53:06 +02:00
Christophe Vandeplas acb258cc52 chg: [security] User index inactive user filter 2023-05-21 19:29:56 +02:00
Christophe Vandeplas e90083020f chg: [security] Require TOTP and QR code lib for TOTP secret creation 2023-05-20 10:26:45 +02:00
Christophe Vandeplas 8e370fa6f0 chg: [security] TOTP event logging 2023-05-20 10:13:56 +02:00
Christophe Vandeplas dac7aaf7d6 chg: [security] Disallow creation of TOTP token if LinOTP is enabled 2023-05-20 09:20:36 +02:00
Christophe Vandeplas 81db5958d9 chg: [security] Allow enforcement of TOTP 2023-05-20 08:56:40 +02:00
Christophe Vandeplas 856a9e4b4c chg: [security] admins can delete user TOTP 2023-05-20 08:05:48 +02:00
Christophe Vandeplas 61573392ea chg: [security] allow creation of TOTP token 2023-05-19 20:56:52 +02:00
Christophe Vandeplas 6caccac94d new: [security] TOTP authentication 2023-05-19 06:57:16 +02:00
Anders Einar Hilden da5278d349 [new]: [doc] [ApacheSecureAuth] Add minimal docs for ApacheSecureAuth, and a bigger section about using the /users/logout401 endpoint. 2023-03-10 10:34:05 +01:00
Anders Einar Hilden ec495da477 [new]: [ApacheSecureAuth] Add endpoint /users/logout401 for logging out from HTTP Basic Auth 
This can be used by i.e. ApacheSecureAuth to make a browser forget cached HTTP Basic Auth credentials, which would otherwise result in a logut->login loop.
 2023-03-10 10:34:05 +01:00
Christophe Vandeplas 9115a30423 minor code cosmetic fix 2023-01-06 09:19:36 +01:00
Jakub Onderka 35e15a5220 chg: [mail] Allow to unsubscribe from notification emails 2022-12-15 10:05:13 -05:00
iglocska b6a2c854a4
new: [session killswitch] added endpoint to kill existing sessions for a user 
- required for integration in MeliCERTes II
 2022-12-01 14:07:48 +01:00
Christophe Vandeplas 192ed311b9 fix: [remote_ip] respect MISP.log_client_ip_header everywhere fixes #8781 2022-11-28 14:08:11 +01:00
Jakub Onderka 7d0af6918a fix: [UI] Statistics EventTag call 2022-11-02 10:49:24 +01:00
Andras Iklody 2497369374
fix: [statistics] do not divide correlation count by 2 - no longer needed 
We're only storing 1 row / correlation since the engine rework

- As reported by @github-germ
 2022-11-01 09:29:58 +01:00
Jakub Onderka 0b775c77a2 fix: [internal] Cleanup code for UserController 2022-10-23 10:08:56 +02:00
Jakub Onderka 547e17624e chg: [internal] Normalize user fetching for admins 2022-10-22 17:18:52 +02:00
Jakub Onderka b4bcbfe103 chg: [internal] Use JsonTool more often 2022-10-19 10:11:37 +02:00