Christophe Vandeplas
9115a30423
minor code cosmetic fix
2023-01-06 09:19:36 +01:00
Jakub Onderka
35e15a5220
chg: [mail] Allow to unsubscribe from notification emails
2022-12-15 10:05:13 -05:00
iglocska
b6a2c854a4
new: [session killswitch] added endpoint to kill existing sessions for a user
...
- required for integration in MeliCERTes II
2022-12-01 14:07:48 +01:00
Christophe Vandeplas
192ed311b9
fix: [remote_ip] respect MISP.log_client_ip_header everywhere fixes #8781
2022-11-28 14:08:11 +01:00
Jakub Onderka
7d0af6918a
fix: [UI] Statistics EventTag call
2022-11-02 10:49:24 +01:00
Andras Iklody
2497369374
fix: [statistics] do not divide correlation count by 2 - no longer needed
...
We're only storing 1 row / correlation since the engine rework
- As reported by @github-germ
2022-11-01 09:29:58 +01:00
Jakub Onderka
0b775c77a2
fix: [internal] Cleanup code for UserController
2022-10-23 10:08:56 +02:00
Jakub Onderka
547e17624e
chg: [internal] Normalize user fetching for admins
2022-10-22 17:18:52 +02:00
Jakub Onderka
b4bcbfe103
chg: [internal] Use JsonTool more often
2022-10-19 10:11:37 +02:00
Jakub Onderka
7cd1ed76ce
chg: [internal] Use specific controller version of jsonDecode
2022-10-10 22:07:25 +02:00
Jakub Onderka
82698a5fa0
Merge pull request #8518 from JakubOnderka/disable-key-fetching
...
new: [UI] Allow to disable PGP key fetching
2022-10-06 17:23:41 +02:00
Luciano Righetti
37a794fc57
Merge pull request #8640 from righel/no-change-pwd-custom-auth
...
chg: do not ask users for pass change if custom_auth is required via …
2022-10-06 10:03:15 +02:00
Luciano Righetti
c8fa2fc7a4
fix: cs
2022-10-06 10:00:40 +02:00
Luciano Righetti
6f01920179
fix: check for both rest and non rest requests
2022-10-06 09:59:47 +02:00
Sami Mokaddem
934b9cd4fc
security: [user] Fixing disclosure of roles name to non-site admin users and ensure user edit applies the restricted_to_site_admin option
...
This vulnerability with a default MISP installation without additional roles is disclosing list of role name which were restricted to the site admin. This commit fixes this disclosure vulnerability.
In addition for MISP installation with custom roles, an org admin user could create a user assigned to new custom roles which were restricted to site admin. This could lead to the access of complementary permissions (except site admin, org admin and sync actions).
Credits: CIRCL
2022-10-06 09:48:08 +02:00
Luciano Righetti
09ab8d67a4
chg: do not ask users for pass change if custom_auth is required via external auth header
2022-10-05 11:15:24 +02:00
Jakub Onderka
f661204ed1
Merge pull request #8593 from JakubOnderka/fix-periodic-extract
...
fix: [internal] Extracting periodic setting for user
2022-09-20 18:48:22 +02:00
Jakub Onderka
d4300f6b74
fix: [UI] Periodic summary
2022-09-20 16:33:50 +02:00
Jakub Onderka
760240eade
fix: [UI] Notification settings
2022-09-20 15:43:02 +02:00
Jakub Onderka
cb6f10fd69
chg: [internal] Change method name User::{extractPeriodicSettingForUser->fetchPeriodicSettingForUser}
2022-09-20 13:43:35 +02:00
Jakub Onderka
5204be7a7d
fix: [internal] Refresh session after notification change
2022-09-20 13:42:14 +02:00
Jakub Onderka
5874633a77
fix: [internal] Extracting periodic setting for user
2022-09-20 13:02:01 +02:00
Jakub Onderka
c0313b9c37
fix: [internal] Respect `Security.hide_organisation_index_from_users` setting
2022-09-20 10:29:07 +02:00
Sami Mokaddem
c7e80e399d
chg: [users:edit] Added support of notification_*
2022-09-09 14:21:06 +02:00
Sami Mokaddem
e89698f301
fix: [periodic_notification] Correctly pass period filter to event fetcher
2022-09-09 10:49:06 +02:00
Sami Mokaddem
bf39655c26
chg: [periodic_notification] Improved report and parametrized tags for trending
2022-09-08 14:54:04 +02:00
Sami Mokaddem
90cab66b86
chg: [user:saveNotificationSettings] Make sure tags filter is a valid json
2022-09-07 09:38:31 +02:00
Sami Mokaddem
f2ff91ee35
chg: [users] Removed useless constant
2022-08-31 15:44:36 +02:00
Sami Mokaddem
7cd3b35d61
chg: [user:periodic_notification] General improvements and added CLI support
2022-08-31 11:51:36 +02:00
Sami Mokaddem
894724a805
chg: [users:edit] Allow admins to edit periodic notification subscriptions
2022-08-30 14:53:06 +02:00
Sami Mokaddem
3338e1abef
chg: [user:periodic_notification] Added templates, basic statistics and UI integration
2022-08-30 14:10:01 +02:00
Sami Mokaddem
279f33bc4a
chg: [user:periodicNotification] Dev cont.
2022-08-29 12:06:42 +02:00
Sami Mokaddem
8db8cbd398
new: [user:periodicNotification] Started development of system allowing users to receive period notifications by email
2022-08-29 09:03:42 +02:00
iglocska
c764bb0e8f
Merge branch 'log_last_api' into develop
2022-08-11 09:36:30 +02:00
Tom King
de351faaac
new: [internal] Add option to log last API request
2022-08-01 15:02:49 +01:00
Jakub Onderka
62926da1a3
new: [UI] Allow to disable PGP key fetching
2022-07-29 18:06:45 +02:00
Jakub Onderka
21f5f52988
chg: [internal] Unsubscribe code
2022-06-07 15:07:28 +02:00
Jakub Onderka
c46fd203a9
new: [email] Unsubscribe
2022-06-06 18:09:46 +02:00
Jakub Onderka
ccef2e4de2
chg: [internal] Cleanup code for statistics
2022-05-22 20:20:07 +02:00
Jakub Onderka
073bc4f74c
fix: [UI] Warning when fetching PGP key
2022-05-22 19:59:11 +02:00
Jakub Onderka
8a4f402bf8
fix: [internal] Sending admin emails
2022-05-13 13:27:26 +02:00
Jakub Onderka
5e37283f6c
chg: [internal] Cleanup code for adding and editing users
2022-05-11 16:25:46 +02:00
Jakub Onderka
dba9d60ed9
Merge pull request #8180 from JakubOnderka/event_alert_default_enabled
...
new: [test] MISP.default_publish_alert
2022-05-07 12:48:54 +02:00
Jakub Onderka
ece53cf11d
new: [test] MISP.default_publish_alert
2022-05-07 12:39:29 +02:00
Jakub Onderka
5371623ad7
fix: [UI] Terms and Conditions
2022-05-07 11:46:13 +02:00
Jakub Onderka
9827449a37
chg: [UI] Asset loader for statistics
2022-05-02 10:05:05 +02:00
Jakub Onderka
a007089486
chg: [internal] Do not use ajax layout
2022-04-28 14:51:21 +02:00
iglocska
01120163a6
fix: [security] Password confirmation bypass in user edit
...
- optional password confirmation can be potentially circumvented
- fooling the user edit via a request that sets accept:application/json whilst posting form content
- as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army
2022-04-18 02:00:13 +02:00
Sami Mokaddem
69b0937ea2
fix: [user:getClientIp] Typo in variable name
2022-02-08 14:32:05 +01:00
Jakub Onderka
8835dc4a50
fix: [internal] Closing session for statistics
2021-11-25 14:14:41 +01:00