MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
22,915 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

185 Commits (a9e5b52b9d9a918d5759364c46c6fe81a7408820)

Author SHA1 Message Date
Antoine Colson-Ratelle 687c5bc9f1 fix: traverse paginated Aad Roles 
Only the first 100 Roles appear on the first page of Roles given by Microsoft. Roles beyond 100th were missed as seen in issue #8516
 2022-08-19 13:54:10 -04:00
Luciano Righetti 8b7b53975d
chg: improve logging, use HttpSocket instead of file_get_contents() for http requests, update docs 2022-07-06 11:01:55 +02:00
Alexandre Dulaunoy 0880b562cd
Merge branch '2.4' into develop 2022-05-20 10:03:38 +02:00
noodlemctwoodle 755a963dd3 Update README.md 2022-05-18 23:46:15 +01:00
noodlemctwoodle 1b8be004c8 2022.05 - Update AAD Install README.md 2022-05-18 23:41:24 +01:00
Jakub Onderka ece53cf11d new: [test] MISP.default_publish_alert 2022-05-07 12:39:29 +02:00
iglocska be9fb9e802
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-04-19 15:18:40 +02:00
iglocska 93821c0de6
fix: [security] Sanitise paths for several file interactions 
- remove :// anywhere we don't expect a protocol to be supplied
- remove phar:// in certauth plugin's fetcher

- as reported by Dawid Czarnecki of Zigrin Security
 2022-04-17 18:25:51 +02:00
Jakub Onderka 8636c1f903 chg: [syslog] Remove duplicate date and log type from log 2022-03-27 13:05:33 +02:00
iglocska 07b091778a
Merge branch '2.4' into develop 2022-03-17 15:51:06 +01:00
Alexandre Dulaunoy bb82bd710c
Merge pull request #8216 from 3c7/patch-1 
Update OidcAuth readme
 2022-03-17 15:49:19 +01:00
Alexandre Dulaunoy 78d6f8b93f
Merge pull request #8217 from DCSO/linotp_errormessages 
[chg] LinOTP error exceptions up to the ui
 2022-03-17 15:48:35 +01:00
Hendrik Baecker eb7a1301bb [chg] LinOTP now with enable/disable as config feature 2022-03-17 15:19:58 +01:00
Hendrik Baecker c42d34faac [chg] LinOTP error exceptions up to the ui 2022-03-17 14:23:24 +01:00
Nils Kuhnert 48752ba624
Update OidcAuth readme 
Replaced required dependency.
 2022-03-17 14:12:32 +01:00
Jakub Onderka ff39069bbc fix: [oidc] Undefined index 2022-03-17 09:29:02 +01:00
Jakub Onderka 0783bda85b fix: [oidc] Specify correct column for user fetch 2022-03-15 10:20:43 +01:00
Jakub Onderka 3c8d07ca75 fix: [oidc] Throw exception if user email is empty 2022-03-15 09:55:50 +01:00
Jakub Onderka 8409a1871e chg: [oidc] Move OIDC to different class 2022-02-19 16:07:11 +01:00
Jakub Onderka f5e32123c5 chg: [oidc] Check user org when checking if user is valid 2022-02-19 16:07:11 +01:00
Jakub Onderka 316b6a9b9a chg: [oidc] Remove support for Jumbojett\OpenIDConnectClient 2022-02-19 16:07:11 +01:00
Jakub Onderka 6cb30515e7 chg: [oidc] Check user role when checking if user is valid 2022-02-19 16:07:11 +01:00
Jakub Onderka e1774abe80 new: [oidc] Check user validity 2022-02-19 16:07:10 +01:00
Jakub Onderka fc8f399b89 new: [oidc] Support for setting code challenge method 2022-02-07 14:00:48 +01:00
Jakub Onderka f2bff258f5 chg: [oidc] Store user sid in session 2022-02-04 15:13:46 +01:00
Jakub Onderka 7ae6f4af32 new: [oidc] Add new option: OidcAuth.authentication_method 2022-01-28 15:11:44 +01:00
Jakub Onderka d067e69ad5 new: [oidc] Add support for jakub-onderka/openid-connect-php OIDC fork 2022-01-28 14:24:31 +01:00
Hendrik Baecker a49ee739be [chg] Improved LinOTP error handling 
Matches if ssl verify fails for example
 2022-01-13 13:16:03 +01:00
iglocska f905eef8f0
Merge branch '8042' into develop 2021-12-21 16:42:50 +01:00
Hendrik Baecker 12ba2981ef LinOTP: nitpicking and failsafe 
Also one CodeFactor fix
 2021-12-21 15:59:55 +01:00
Hendrik Baecker 8964a36b39 [chg] Ensure 'false' if LinOTP Request fails 2021-12-21 13:48:02 +01:00
Hendrik Baecker 83c08362b9 [chg] Establish 'mixedauth' 
mixedauth=false: Only query LinOTP for OTP (or OTP-Pin+OTP Value)
mixedauth=true: Use MISP Userbase for Passwordchecking AND LinOTP for second factor

mixedauth=true will throw exceptions if OTP doesn't match to not fall back
to FormAuthenticate from MISP - which would get the 2FA useless.
 2021-12-15 12:48:44 +01:00
Hendrik Baecker f5eb5828bf [chg] Extract otp from request 2021-12-15 12:45:41 +01:00
Hendrik Baecker e58e4f712a [chg] Fix typos 2021-12-15 12:45:04 +01:00
Hendrik Baecker fecba0beec [chg] Adjust handling LinOTP response 2021-12-15 12:44:37 +01:00
Hendrik Baecker edf6bd41b7 [chg] no more php-curl but cake socket 2021-12-14 17:42:43 +01:00
Jakub Onderka 741a74165e
Merge pull request #7974 from JakubOnderka/url-cache 
fix: [internal] Remove UrlCache
 2021-11-22 15:59:59 +01:00
Jakub Onderka 0a941bd7f3 fix: [internal] Remove UrlCache 2021-11-19 11:56:14 +01:00
Jakub Onderka e8c4378893 new: [internal] Faster caching 2021-11-18 18:48:34 +01:00
Jakub Onderka 6806cdf574 new: [user] Add sub field for user 2021-11-11 16:34:27 +01:00
Thijs Kinkhorst abb8cecb7e Fix docblock formatting and add newer settings to README documentation 2021-11-05 15:53:15 +01:00
Thijs Kinkhorst a0cf77bdc9 Clarify some aspects of the Shibboleth config 2021-10-29 09:24:52 +02:00
Jakub Onderka 3773fdff93 new: [CLI] Assign UserSetting to list output 2021-10-18 10:08:20 +02:00
Jakub Onderka 2ed41a0964 new: [oidc] User setting for oidc metadata 2021-10-18 10:08:18 +02:00
Jakub Onderka 904a747738 new: [oidc] Allow to automatically unblock user after successful login 2021-08-24 20:59:09 +02:00
Liviu Valsan 4b74a0d342
chg: [shibbauth] added option to block organisation changes at login 
- New ApacheShibbAuth.BlockOrgModifications setting added, defaults to false, boolean. If set to true, will block updates to the organisation of existing users on authentication. This preserves any modifications made by a site admin in MISP and is similar to ApacheShibbauth.BlockRoleModifications (same logic applied to role modifications).
 2021-07-27 15:27:48 +02:00
mzp e1fee78dd5 Block org modiufication option for shibb auth. 2021-07-16 11:40:16 +02:00
Jakub Onderka ad1b373766 new: [log] Audit log 2021-05-03 13:44:44 +02:00
Jakub Onderka c25dd7082a
Merge pull request #7230 from jozuatec/patch-2 
Update OidcAuthenticate.php
 2021-04-20 14:46:30 +02:00
iglocska e3799d7104
Merge branch '2.4' into develop 2021-03-24 21:49:16 +01:00