MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,726 Commits
34 Branches
365 Tags
188 MiB
Commit Graph

517 Commits (a7905b40cededa7fb54e2c735b8196c9aae03f94)

Author SHA1 Message Date
Jakub Onderka b100377a73 chg: [internal] Do not modify session when not necessary 2021-11-25 11:58:32 +01:00
iglocska 606962b21b
fix: [user creation] Don't create an advanced authkey by default when creating a new user 
- nobody will see the initial key, users can always create API keys for themselves
 2021-11-18 23:04:32 +01:00
iglocska f06edfd03d
Merge branch '2.4' into develop 2021-11-10 11:25:45 +01:00
iglocska fb6408dd4f
fix: [email OTP] subject tag fixed 
- [MISP foo] to [foo MISP] to be aligned with other e-mails
 2021-11-10 11:21:07 +01:00
Jakub Onderka 3e6e906ca6 chg: [optimise] Reduce number of SQL queries for login page 2021-11-06 00:54:58 +01:00
iglocska 773713e949
fix: [users] adding/modifying users fails silently for org admins if domain restriction checks fail 2021-10-06 15:54:52 +02:00
Sami Mokaddem ec4074f925
chg: [users:routeafterlogin] Allow forcing the pre-login URL to be HTTPS 
This can be achieved by turning the setting MISP.forceHTTPSforPreLoginRequestedURL to true.
 2021-10-06 09:09:06 +02:00
Jakub Onderka 1c58bd21b4 chg: [UI] PGP error message 2021-09-16 16:24:10 +02:00
Jakub Onderka af8ecbf5a2 chg: [UI] Sort orgs by name in statistics 2021-09-01 11:01:39 +02:00
Jakub Onderka c1aa6d51e8 chg: [optim] Little optimise sighting statistics 2021-09-01 10:54:36 +02:00
Jakub Onderka bcc499db1e chg: [internal] Optimise loading attribute histogram 2021-08-02 10:40:18 +02:00
Jakub Onderka 71bb08bf6a
Merge pull request #7538 from JakubOnderka/js-helper 
chg: [internal] Remove JS helper from controllers
 2021-07-21 10:40:11 +02:00
mokaddem e7fd73e50e
chg: [user:updateToAdvancedAuthKeys] Functionality accessible via the CLI 2021-07-16 15:13:55 +02:00
Jakub Onderka 10cd1ed65d chg: [internal] Remove JS helper from controllers 2021-07-02 10:04:10 +02:00
iglocska c71f4c9f2a
fix: [security] disable email uniqueness validation for the self registration 2021-05-28 10:37:01 +02:00
iglocska 72ccba98eb
fix: [OTP] identifier tag fixed 
- was hard coded to [MISP]
 2021-05-26 08:36:05 +02:00
mokaddem 0952609718
Merge branch 'develop' of github.com:MISP/MISP into migration-users-views 2021-05-05 15:03:07 +02:00
mokaddem 748bc65daa
new: [users:index] Batch toggleable fields 2021-05-05 14:30:20 +02:00
Jeroen Pinoy 13b605622d
chg: [UsageData] fix active proposal count, exclude deleted entries 2021-05-04 20:08:35 +02:00
Jakub Onderka 88f6038b28 new: [log] Audit Log statistics 2021-05-03 13:44:44 +02:00
iglocska ad37454e89
Merge branch '2.4' into develop 2021-04-28 15:34:49 +02:00
iglocska ef9370514f
fix: [emailing] password resets and OTP didn't handle line breaks correctly 2021-04-28 15:33:50 +02:00
mokaddem bacf072c59
chg: [users:index] Migrated view to factory 2021-04-28 09:14:54 +02:00
Loïc Fortemps 5eb67f0fd9
fix: [UI] Correctly display last login time 
Until now, we were showing the "one before last" login time, this fixes the issue
 2021-04-27 15:42:01 +02:00
Jakub Onderka d99a6d0ca4 fix: [UI] Wrong org id for galaxy matrix stats 2021-04-23 10:17:15 +02:00
Jakub Onderka ab84aecc48 new: [authkeys] Copy key info when resetting key 2021-03-03 09:23:07 +01:00
iglocska b08befbf26
Merge branch '2.4' into develop 2021-03-03 00:07:02 +01:00
Andras Iklody ef21065e33
Merge pull request #7092 from lfortemps/patch-2 
fix: [email_otp] Trim value for increased UX
 2021-03-02 23:46:23 +01:00
Alexandre Dulaunoy eec55c3438
Merge branch '2.4' into develop 2021-02-27 10:26:38 +01:00
Loïc Fortemps 08f4211841
fix: [email_otp] Trim value for increased UX 2021-02-25 13:30:49 +01:00
Loïc Fortemps 7ce4a8a305
fix: [email_otp] skip OTP for disabled users 2021-02-25 13:17:26 +01:00
Jakub Onderka 0ba05044bf fix: [internal] Really disable password change 2021-02-22 20:45:42 +01:00
iglocska 0e280c443f
fix: [API] password reset was broken for admins 2021-02-22 14:16:43 +01:00
Jakub Onderka 294e4a620b fix: [login] Correctly convert old password hash to blowfish 2021-01-21 10:34:59 +01:00
Jakub Onderka 2bdd086dc4 fix: [login] Convert old password hash to blowfish 2021-01-20 21:15:03 +01:00
Jakub Onderka 9896f67358 new: [security] New setting Security.username_in_response_header 2020-12-17 13:50:25 +01:00
Jakub Onderka 49b85ed33c chg: [internal] Load just necessary info when loading homepage info 2020-12-17 13:49:32 +01:00
Jakub Onderka 7f0d06ae4d chg: [internal] Move user checks to one place 2020-12-17 13:49:32 +01:00
Jakub Onderka becbf95c37 new: [UI] Download GPG public key from GPG homedir 2020-12-17 13:19:55 +01:00
Jakub Onderka aba8317d89 new: [UI] Find org images also by uuid and support SVG images 2020-12-13 13:09:39 +01:00
Jakub Onderka b382c98be0
Merge pull request #6744 from JakubOnderka/user-filter 
new: [UI] Make possible to filter users by active/disabled
 2020-12-11 17:16:51 +01:00
Jakub Onderka 583314bc02 new: [UI] Make possible to filter users by active/disabled 2020-12-11 16:44:55 +01:00
Jakub Onderka 20053ea32c fix: [security] Do not leak org names when hide_organisation_index_from_users enabled 2020-12-10 23:01:08 +01:00
Jakub Onderka 2c7d6e4466 new: [auth] Allow to enforce auth plugin authentication 2020-11-30 14:46:36 +01:00
Jakub Onderka 4b44db22a9 new: [test] Security test suite 2020-11-24 19:03:17 +01:00
Jakub Onderka 3b8b0019af new: [user] Setting `disable_user_add` to disable user creation by org admins 2020-11-14 17:44:17 +01:00
Jakub Onderka d7fff01b4e new: [user] Disabling password and login changes apply also for org admins 2020-11-14 17:44:16 +01:00
Jakub Onderka c8fcfaf5e2 new: [user] Allow to disable user login change 2020-11-14 17:44:16 +01:00
Jakub Onderka 8e76af6370 new: [user] Allow to disable user password change 2020-11-14 17:44:16 +01:00
iglocska 0bfac46701
chg: [user] views aligned with new authkeys 
- adding users should display the newly created authkey
- other views should not show anything
- API responses fixed
 2020-11-13 12:49:56 +01:00
iglocska dbffebe503
Merge branch '2.4' into CRUD 2020-11-11 11:19:23 +01:00
iglocska 5b256405c0
new: [advanced authkey] system 2020-11-11 10:46:38 +01:00
Jakub Onderka 5a4ba9cbc1 fix: [internal] Properly set login times for custom auth 2020-10-29 17:53:11 +01:00
iglocska 0b6da917d4
new: [advanced authkey] API key copy to the new system added to diagnostics 2020-10-20 08:35:21 +02:00
iglocska 62bbc95472
Merge branch '2.4' into CRUD 2020-10-20 02:01:21 +02:00
iglocska 617db7a337
chg: [user] admin view now loads advanced authkeys when appropriate 2020-10-20 01:48:51 +02:00
Jakub Onderka 461318de19 fix: [UI] Show warning if notification when creating new user could not be send 2020-10-13 12:28:20 +02:00
Golbark 3fb47d1cce chg: [internal] Using blocklist instead of blacklist 2020-09-01 16:27:36 +02:00
Jakub Onderka 3005ef8f6e fix: [otp] Allow to send encrypted OTP by mail 2020-08-20 19:58:24 +02:00
mokaddem fdade41e5e
chg: [users:acceptRegistration] Displays an error message if saved 
failed
Fix #6134
 2020-07-30 09:00:46 +02:00
mokaddem 6321e02e34
chg: [users:resgister] Use the trimmed data instead 2020-06-29 10:18:20 +02:00
mokaddem 89adde7e0b
fix: [user:registration] Report field validations to the user. Fix #6072 
and #6073
 2020-06-29 10:12:22 +02:00
mokaddem 41506cc7e7
fix: [users:change_pw] Return error message when trying to use the same 
password. Fix #5961
 2020-06-03 15:05:09 +02:00
Jakub Onderka 77e34ba41c
fix: [UI] Do not show Good-Bye when using custom logout 
Becuse without this patch, Good-Bye is show when user successfully log in.
 2020-05-21 17:10:28 +02:00
iglocska cd7d01306d
fix: [registration] acceptRegistration now accepts non User wrapped input 2020-05-06 21:40:04 +02:00
iglocska 9c52ed095a
fix: [users] accepting registration requests can throw a badly mapped exception 
- changed to 400
 2020-05-06 13:46:04 +02:00
iglocska d996b4093d
fix: [registrations] multi-delete fixed 2020-05-06 11:13:56 +02:00
iglocska f9cbe42aa8
new: [statistics] added contributing org count 2020-04-30 16:05:15 +02:00
iglocska 6ec8391e46
Merge branch '5726' into 2.4 2020-04-29 15:50:01 +02:00
iglocska a922bfa6f5
chg: [otp] monor changes 
- i18n
- function naming convention
 2020-04-29 15:49:15 +02:00
Jakub Onderka 79517ab430
fix: Correct flash message when sending e-mail 2020-04-25 23:06:10 +02:00
mokaddem e5c49e636c
chg: [users:registrations] Catch if no org_id was provided 2020-04-24 12:02:43 +02:00
mokaddem 6bff239740
chg: [user:registration] Added audit log 2020-04-22 10:04:07 +02:00
mokaddem 46a940acb8
chg: [user:acceptRegistration] Added fail message 2020-04-22 09:44:13 +02:00
mokaddem 56f69fb2ea
chg: [user:acceptRegistration] Default to instance's default role if 
role_id not passed
 2020-04-22 09:41:13 +02:00
mokaddem 47be5e75fe
chg: [user:regitration] Accept/Discard registration accept UUID as 
parameter
 2020-04-22 09:19:27 +02:00
mokaddem 86238031cf
fix: [user:registration] Default undefined message to empty string 2020-04-22 08:51:15 +02:00
Golbark 93ba84fd02 Hook into native authentication flow instead of beforefilter 
which prevents any after-auth bypass and rely on framework
session management.
 2020-04-20 12:24:47 +02:00
Golbark 3436bc6ae5 Merge branch '2.4' into email-otp-implementation 
Conflicts:
	app/Model/Server.php
 2020-04-20 12:16:25 +02:00
iglocska 48cbfd7536
new: [registration] fall back to the e-mail domain if no org info is provided 
- also, make the org info optional
 2020-04-07 22:46:35 +02:00
iglocska 70e1772bb0
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-04-07 22:21:37 +02:00
iglocska 78c1357593
fix: [user registration] reverted bug introduced in previous commit restricting the org choice to the suggested org if there was a match 2020-04-07 22:20:56 +02:00
mokaddem b3c114a13a
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-04-07 14:58:15 +02:00
mokaddem f7b5eb9628
fix: [user:email] Replaced query parameters by cake's named parameters. 
Hopefully fix #5745
 2020-04-07 14:56:26 +02:00
iglocska 1b65bfb843
fix: [user registration] minor bug fixes 2020-04-07 14:47:25 +02:00
iglocska 3241e95730
fix: [user registration] automatically convert selected orgs to local as described in the tool 2020-04-07 14:27:21 +02:00
iglocska ad4074c1d6
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-04-07 13:23:25 +02:00
iglocska 4ebc0a7988
new: [inbox] system added 
- user self-registration is the first use-case
- if the feature is enabled, users can unauthenticated send a registration request to MISP
  - request includes information on desired org and some privileges (sync / org admin / publisher)
- requests land in the inbox, admins can inspect the registration requests
  - they can accept/discard them individually or en masse
  - users will be notified of their credentials automatically
  - quick user creation if the user asks for an org that doesn't exist yet
 2020-04-07 13:21:01 +02:00
iglocska 83328f4e4c
chg: [publish alert] default added to user creation via the API 2020-03-29 08:56:55 +02:00
Golbark 9062881469 Add consistent i18n support for all strings. 2020-03-26 07:18:22 -07:00
Golbark d254d04365 Rely on session_id instead of user_id and address minor comments 2020-03-26 02:55:14 -07:00
Golbark 309bbc6814 new: usr: Implementation of email-based OTP 2020-03-25 07:45:09 -07:00
iglocska d7e3674987
new: [audit] Added user monitoring 
- site admins can set the monitoring flag on a user if the feature is enabled on the instance
- monitored users will have all requests logged along with POST bodies

- keep in mind this functionality is quite heavy and intrusive - so use it with care. The idea is that this allows us to track potentially malicious users during an investigation
 2020-03-25 11:49:33 +01:00
iglocska e5d775e9c8
fix: [message] user creation shouldn't include the "User notified of new credentials" part of the notification mesage if emailing is disabled 2020-03-19 11:08:09 +01:00
mokaddem f6c06d8e6b
fix: [user:login] Added support of `RFC822` for older PHP version 2020-03-11 10:48:52 +01:00
mokaddem 2ccf3dab76
fix: [user:resetAuthkey] Allows the function to be called 2020-03-09 09:02:06 +01:00
mokaddem 6fad7028b3
fix: [user:edit] Prevent password change with the current password 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 16:19:12 +01:00
mokaddem 40560b8873
fix: [user:edit] Correctly re-insert form data wipping password 
information
 2020-03-06 16:17:28 +01:00
mokaddem fc0ed4c9a0
chg: [login] Display last time the user logged in 2020-03-06 16:12:40 +01:00
mokaddem de80d340cf
fix: [user:resetauthkey] Method can only be accessed via POST request 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 15:58:08 +01:00