iglocska
b121af4c13
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-07-10 15:34:16 +02:00
iglocska
8ff6dc2ea1
new: [forgotten password] optional feature added
2023-07-10 15:30:28 +02:00
iglocska
26ad0ef607
fix: [customauth] Don't renew the session with each query
...
- Leave the session handling to the normal life-cycle management
- should solve the issues where CSRF keeps kicking users off
2023-06-29 12:38:29 +02:00
iglocska
404c71ade6
new: [dashboard widget] added functionalities to download widget raw data
...
- download the JSON passed to the front-end of a widget on-demand
2023-06-26 18:16:31 +02:00
iglocska
7853cf70c2
fix: [UI] index searches will handle spaces correctly
2023-06-14 18:39:06 +02:00
Raphaël Vinot
6a1963930b
chg: [PyMISP] Bump
2023-06-08 15:14:58 +02:00
iglocska
3097dc106e
fix: [totp field check] causes exception if update is not executed yet and the field isn't added
...
- without the login the update doesn't execute - chicken & egg issue
2023-05-31 15:11:51 +02:00
Christophe Vandeplas
cb74ad507f
chg: [security] OTP support for HOTP
2023-05-25 23:28:14 +02:00
Christophe Vandeplas
6311f7d3e6
Merge branch 'develop' into feature/totp
2023-05-25 20:53:06 +02:00
Christophe Vandeplas
a5f5a4e113
chg: [user] log last_api_access hourly if MISP.store_api_access_time is not set
2023-05-21 20:12:44 +02:00
Christophe Vandeplas
c5483cf4b5
fix: [cleanup] removes some TODO messages #103
2023-05-21 10:09:05 +02:00
Christophe Vandeplas
81db5958d9
chg: [security] Allow enforcement of TOTP
2023-05-20 08:56:40 +02:00
Christophe Vandeplas
6caccac94d
new: [security] TOTP authentication
2023-05-19 06:57:16 +02:00
iglocska
9f5e49995a
Merge branch 'new_widgets' into develop
2023-05-16 14:12:59 +02:00
iglocska
a60202d9d1
fix: [junk removed] removed accidentally inserted characters
...
- fell asleep on the keyboard?
2023-05-16 13:41:44 +02:00
iglocska
9e763ba0e5
new: [auth] log api key usage in redis
...
- lightweight per day slice of api key use
- built as a ranked set in redis for the dashboards
2023-05-16 13:39:31 +02:00
Raphaël Vinot
1d53868c99
chg: [PyMISP] Bump version
2023-05-12 00:10:36 +02:00
Sami Mokaddem
a2719e3c82
chg: [appController] Bumped queryVersion
2023-05-04 09:13:01 +02:00
Luciano Righetti
1f4e2af37a
fix: admin logs pagination
2023-04-18 16:58:35 +02:00
Sami Mokaddem
06d5fa5c5d
fix: [event:discussion] Fixed potential CSRF issue while adding a comment
...
Fix #8916
2023-04-13 15:45:47 +02:00
Raphaël Vinot
bc82b38db0
chg: [PyMISP] Bump
2023-04-12 15:59:34 +02:00
Sami Mokaddem
362156daca
fix: [event:viewAttribute] Reset pagination state when using a filter on the attribute table
...
- This will certainly make @rommelfs happy :)
2023-04-06 15:24:15 +02:00
iglocska
13d99cfaca
chg: [pymisp] bump
2023-03-27 11:01:42 +02:00
iglocska
e498158208
chg: [pymisp] version string bump
2023-03-27 10:51:41 +02:00
Raphaël Vinot
68c130a099
chg: Bump PyMISP
2023-03-10 15:14:22 +02:00
Anders Einar Hilden
ec495da477
[new]: [ApacheSecureAuth] Add endpoint /users/logout401 for logging out from HTTP Basic Auth
...
This can be used by i.e. ApacheSecureAuth to make a browser forget cached HTTP Basic Auth credentials, which would otherwise result in a logut->login loop.
2023-03-10 10:34:05 +01:00
iglocska
a7905b40ce
Merge branch 'develop' into 2.4
2023-02-01 14:37:06 +01:00
Christophe Vandeplas
827bf50f3c
chg: [auth] group authentication code
2023-01-27 02:42:40 +01:00
Raphaël Vinot
5edcd9083f
chg: [PyMISP] Bump
2023-01-23 10:09:01 +01:00
Andras Iklody
faa1fc5300
fix: [querystring] bumped
2023-01-03 12:20:35 +01:00
Raphaël Vinot
68571e8534
chg: [PyMISP] Bump version
2022-12-22 11:37:28 +01:00
Christophe Vandeplas
f18f0514f7
fix: [auth][log] log correct org/userid with failed login fixes #8807
2022-12-07 00:55:20 +01:00
Jakub Onderka
1fc62ef41e
fix: [log] Condition for old access log
2022-12-02 09:50:18 +01:00
Jakub Onderka
b7d8b39903
fix: [log] Undefined index
2022-12-02 09:50:18 +01:00
Jakub Onderka
00fa78e6ea
chg: [internal] Move rest response SQL output
2022-12-02 09:38:14 +01:00
iglocska
b6a2c854a4
new: [session killswitch] added endpoint to kill existing sessions for a user
...
- required for integration in MeliCERTes II
2022-12-01 14:07:48 +01:00
Christophe Vandeplas
192ed311b9
fix: [remote_ip] respect MISP.log_client_ip_header everywhere fixes #8781
2022-11-28 14:08:11 +01:00
iglocska
dbc18f2ca7
fix: [logs] reverted the removal of api logs from the /logs/ logging system unless confirmed
...
- breaks logging with existing configurations
2022-11-28 13:27:40 +01:00
Raphaël Vinot
500fe31615
chg: [PyMISP] Bump version
2022-11-28 10:28:22 +01:00
Jakub Onderka
4aabc2d097
new: [logging] Access log
2022-11-12 13:45:21 +01:00
Raphaël Vinot
c20678f212
chg: [PyMISP] Bump
2022-11-09 13:49:12 +01:00
Jakub Onderka
eb2396c5cc
fix: [view] Remove unused variable
2022-11-02 13:24:34 +01:00
Jakub Onderka
ed2bfa236d
new: [acl] User AlcHelper more often
2022-11-02 13:24:34 +01:00
Jakub Onderka
645b11e1b1
new: [redis] Store some data in Redis compressed to save memory
2022-10-30 16:19:58 +01:00
Jakub Onderka
9f0c7456bb
fix: [internal] AppController cleanup
2022-10-30 15:13:23 +01:00
Jakub Onderka
be60ad19e9
chg: [internal] Put most used controller component to defined variables
2022-10-24 09:32:23 +02:00
Jakub Onderka
b1371b4906
new: [acl] Move checks from controller to ACL component
2022-10-24 09:32:23 +02:00
Jakub Onderka
74a2982e1a
fix: [internal] Cleanup controller code
2022-10-22 17:17:55 +02:00
Jakub Onderka
b4bcbfe103
chg: [internal] Use JsonTool more often
2022-10-19 10:11:37 +02:00
Jakub Onderka
aacd19a318
fix: [UI] Submit form on CTRL+ENTER on select
2022-10-14 13:00:38 +02:00
Jakub Onderka
6853a03cfb
fix: [internal] Check if user is logged after checking if it is ajax request
2022-10-08 18:29:58 +02:00
Jakub Onderka
f53063f8af
chg: [internal] More clear method name
2022-10-08 13:43:18 +02:00
Jakub Onderka
3e970ad6a6
chg: [internal] Use short isset
2022-10-08 13:41:33 +02:00
Jakub Onderka
0cb3e58881
chg: [internal] Cleanup for RateLimitComponent
2022-10-08 13:26:02 +02:00
Jakub Onderka
cb41c4ad92
chg: [internal] Move AUTOMATION_ARRAY definition to IndexFilterComponent
2022-09-22 14:48:50 +02:00
Sami Mokaddem
43db6f02ff
chg: [periodic_notification] Small UI improvements
2022-09-12 14:19:50 +02:00
Raphaël Vinot
25e9684297
chgL [PyMISP] Bump
2022-09-09 14:01:20 +02:00
Sami Mokaddem
0d4aa566fc
chg: [appController] Bumped queryversion
2022-08-24 09:55:13 +02:00
iglocska
c764bb0e8f
Merge branch 'log_last_api' into develop
2022-08-11 09:36:30 +02:00
Raphaël Vinot
412dcd7b10
chg: [PyMISP] Bump version
2022-08-04 18:06:16 +02:00
Tom King
de351faaac
new: [internal] Add option to log last API request
2022-08-01 15:02:49 +01:00
Luciano Righetti
e53b10d18b
chg: refactor so can be re-used
2022-07-20 16:11:49 +02:00
Sami Mokaddem
6f9d9a20d4
new: [event-report] Added support of mermaid
2022-07-13 11:41:31 +02:00
Sami Mokaddem
3fe30cdb48
chg: [appController] Bump query version
2022-07-12 14:20:26 +02:00
Jakub Onderka
27ff97a3a3
chg: [internal] restSearch cleanup
2022-06-30 13:35:29 +02:00
Jakub Onderka
83190f31c2
Merge pull request #8452 from JakubOnderka/restSearchExport-description
...
chg: [UI] Event export description
2022-06-30 10:10:06 +02:00
Jakub Onderka
640a732c29
Merge pull request #8358 from JakubOnderka/memory-leak-fix
...
fix: [internal] PHP memory leak
2022-06-29 13:32:26 +02:00
Jakub Onderka
2964335f04
chg: [UI] Event export description
2022-06-16 09:19:53 +02:00
Raphaël Vinot
b1a5979fcb
chg: [PyMISP] Bump
2022-05-30 11:05:41 +02:00
Jakub Onderka
6c84e7deb9
chg: [internal] Use `BetterCakeEventManager` for AppController
2022-05-22 18:20:15 +02:00
Jakub Onderka
e75b706de9
chg: [internal] Show event tags closes sessions soon
2022-05-22 15:40:13 +02:00
Luciano Righetti
217be89e00
new: add MysqlExtended DboSource to support index query hints
2022-05-19 11:08:31 +02:00
Jakub Onderka
2f7c671adb
new: [internal] Simplify checking if connection is MySQL/MariaDB
2022-05-14 10:17:06 +02:00
Jakub Onderka
e86a02e7c6
chg: [UI] Fetch job progress in one query
2022-05-13 19:17:27 +02:00
Sami Mokaddem
2dfee9f445
fix: [event-graph] Event timeline shortcut do not override the ones from the eventgraph anymore
2022-05-10 15:36:46 +02:00
Jakub Onderka
2294232442
fix: [internal] Strict types
2022-05-07 10:40:41 +02:00
Sami Mokaddem
c4f7a6e4f0
new: [clusters:attachMultipleClusters] Allow mirroring attribute clusters to events
...
Added a new checkbox while picking tags to also tag the event with the tags to be attached to the attribute.
2022-04-26 12:27:17 +02:00
iglocska
be9fb9e802
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-04-19 15:18:40 +02:00
iglocska
bb3b7a7e91
fix: [security] stored XSS fixed in event graph
...
- unsanitised javascript insertion of tag name in the filters
- as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army
2022-04-18 00:49:21 +02:00
Jakub Onderka
ff55803a17
fix: [internal] User model can be null
2022-04-10 15:08:52 +02:00
Jakub Onderka
2b61648184
new: [internal] Proper method for json decoding in controller
2022-04-10 09:50:12 +02:00
Sami Mokaddem
57b62dc511
chg: [events:index] Usage of UUIDfor restSearchExport feature
2022-03-31 15:27:06 +02:00
Sami Mokaddem
8afcc6552b
chg: [events:index] Usage of UUIDfor restSearchExport feature
2022-03-31 15:25:07 +02:00
Raphaël Vinot
7650f2d003
chg: [PyMISP] Bump version
2022-03-24 15:32:06 +01:00
iglocska
bd047201a6
fix: [publish] button missing for users, fixes #8233
2022-03-21 17:08:03 +01:00
iglocska
ff9cd40221
chg: [queryversion] bumped
2022-03-17 16:12:13 +01:00
Raphaël Vinot
cbc7361f40
chg: [PyMISP] BUmp version
2022-03-03 15:13:22 +01:00
Jakub Onderka
e1774abe80
new: [oidc] Check user validity
2022-02-19 16:07:10 +01:00
iglocska
c282ea8063
fix: [language] fix (exception text)
2022-02-04 16:25:20 +01:00
Sami Mokaddem
a6dd8572ac
chg: [js:markdown-it] Update markdown-it library from version 11.0.0 to version 12.3.2
2022-01-18 15:04:53 +01:00
Sami Mokaddem
2d5d16431a
fix: [appController:loginByAuthkey] Skip authentication with basic authorization
...
Fix #7576 .
Basic Auth might happen for some setup where the authentication is performed by another component such as LDAP.
For these cases, the Authorization header is present and contains the Basic Auth data used by the authentication plugin. Before this patch, MISP failed to resolve the API key to a user and threw a 403. This was because MISP detected the presence of the Authorization header which triggered an authentication by Authkey that would always fail as the content is not a valid API key.
2022-01-18 14:28:09 +01:00
Jakub Onderka
50d284b643
Merge pull request #7986 from JakubOnderka/better-security
...
chg: [internal] Do not modify session when not necessary
2021-12-30 14:40:01 +01:00
Raphaël Vinot
df84346bb2
chg: [PyMISP] Bump version
2021-12-22 11:14:21 +01:00
Sami Mokaddem
5cdc0cc7a7
chg: [app] Bumped query version
2021-12-17 11:38:34 +01:00
Sami Mokaddem
8cf2914142
new: [event-timeline] Support of image attachments
2021-12-08 12:14:13 +01:00
Luciano Righetti
ed85319d7b
fix: typos, bump js version
2021-12-06 16:20:51 +01:00
iglocska
72548fd9a4
fix: [UI] Ajax forms lose persistence
...
- generic Form builder now has the persistence baked in
- capture all form fields' data before submiting as expected
2021-12-02 14:03:20 +01:00
Jakub Onderka
cb41232777
chg: [internal] Remove useless session closing
2021-11-25 12:01:48 +01:00
Jakub Onderka
b100377a73
chg: [internal] Do not modify session when not necessary
2021-11-25 11:58:32 +01:00
Jakub Onderka
d20795b08c
fix: [internal] Old style view class
2021-11-22 09:58:24 +01:00