iglocska
96170dae29
Fixed an issue with siteadmin contact e-mails resetting passwords of non existing users
...
- a site admin could issue a password reset to a non-existing user
2013-07-25 14:45:34 +02:00
Christophe Vandeplas
bd61f73bd2
fixed a newly created bug in memberslist
2013-07-18 12:18:10 +02:00
iglocska
7486f478e0
Merge branch 'develop' of https://github.com/MISP/MISP into develop
2013-07-18 11:33:11 +02:00
iglocska
7fb1e6f70e
Some bugs fixed
...
- Resetting the auth key for a user that doesn't exist created an empty
user
- change_pw showed an admin menu on the side
- rerouting after an incorrect auth request fixed (users/index doesn't
exist)
- temporarily disabled the redirect after login
2013-07-18 11:32:26 +02:00
Christophe Vandeplas
4bca5b9e30
memberslist based on orgc, is more logic to reflect the contributions
2013-07-18 11:14:11 +02:00
iglocska
1f5aa5420f
Security issue fixed with UsersController
...
- users could view other user profiles
- users could view other user profiles through edit user
2013-07-15 16:46:44 +02:00
Christophe Vandeplas
ff2f08f60d
fixes bug in previous commit.
2013-07-11 14:28:12 +02:00
Christophe Vandeplas
7949181fbc
improved password generation algorithm in reset password
2013-07-11 14:26:28 +02:00
iglocska
17b570ec1f
Typo in UsersController fixed
2013-06-11 10:37:56 +02:00
Christophe Vandeplas
213290961b
force passwd change for admin user on creation
2013-06-04 13:22:05 +02:00
Christophe Vandeplas
38897d9af3
create default admin user automatically
2013-06-04 13:06:57 +02:00
Christophe Vandeplas
69251490ef
Merge branch 'feature/gui' of https://github.com/MISP/MISP into
...
feature/gui
Conflicts:
app/View/Logs/admin_index.ctp
app/View/Logs/admin_search.ctp
app/View/Users/memberslist.ctp
2013-05-31 17:50:00 +02:00
Iglocska
254936b28c
Date issue when adding a user
...
- the date for a new user was not set and defaulted to 0000-00-00 - this
caused an issue when the user was edited and the admin was either
prompted to change the date manually or the date was set to 2033.
- date for newsread is now initially set to 2000-01-01
2013-05-13 15:37:42 +02:00
Andras Iklody
eeaa071024
Removal of the remains of the old authorization / adding new ones where
...
needed
2013-04-26 14:43:44 +02:00
Andras Iklody
4396cec8ea
Integrated ownership, ACL and minor fixes
...
- Orgs can propose new attributes or changes to existing attributes for
events that they do not own
- publishing users of the owner organisation can see, accept or discard
them
- Reworked the access control
- minor fixes
2013-04-25 14:04:08 +02:00
Christophe Vandeplas
d11422831e
fix sanitization in Users #96
2013-04-24 13:06:35 +02:00
iglocska
e7a7ea8824
Small error
2013-03-25 17:12:10 +01:00
iglocska
745581d38e
Small bug
...
- Messages left empty for all but the first user in a mass custom e-mail
- fixed.
2013-03-25 17:07:56 +01:00
iglocska
4aa2bf748b
Small message notifying the admin that the e-mail was sent
...
- flash message after e-mail sent
2013-03-25 16:52:59 +01:00
iglocska
b28e884eb0
Debug exception left in
...
- removed
2013-03-25 16:50:26 +01:00
iglocska
0a06ceed3b
E-mailing system for site-admins
...
- site admins able to contact users by e-mail from within the system
- PGP encrypted where available
- Password reset with automatic temporary key generation
- all of the above options have a mass-email version where every user is
contacted at once
- Potential new users can be contacted too (GPG key can be supplied)
2013-03-25 16:38:56 +01:00
Andras Iklody
afed0f2046
Changes to link validation and minor fixes
...
- Links get validated now to filter malicios code
- removed a double edit button in the case of an admin editing himself
- fixed an error with adding new attributes
2013-02-11 11:26:34 +01:00
Andras Iklody
e88a3a9cf7
Updates to security
...
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
2013-02-06 17:45:43 +01:00
Andras Iklody
6ef3ea7050
Missing file from the last commit
...
Missed a file from the package
2013-02-05 09:21:29 +01:00
Andras Iklody
66b9969d29
Security for UsersController
...
org admins could edit users of other orgs by accessing the edit page
through the URL. Fixed.
2013-01-29 10:51:18 +01:00
Andras Iklody
97f56a2275
Further changes to org admins
...
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
2013-01-29 08:56:38 +01:00
Noud de Brouwer
4c83ad3cfe
coding standards
...
Coding Standards.
2013-01-28 08:42:20 +00:00
Noud de Brouwer
a6371f5ad8
coding standards
...
Coding Standards.
2013-01-28 08:32:01 +00:00
Andras Iklody
9739cd1e35
Fix for the org admin privileges
...
Editing / creating users and the organisation permissions for org admins
2013-01-25 12:22:55 +01:00
Noud de Brouwer
d6adb11f52
RBAC
...
only create users within own organisation.
2013-01-25 07:52:32 +00:00
deresz
b1b47bc56f
Better fix to Sanitize::clean() problem
...
'escape' option was removed.
2013-01-24 10:38:51 +01:00
Noud de Brouwer
f8b9d85c62
Sanitize
...
Sanitize can not be used in PGP key.
2013-01-24 08:19:47 +00:00
Noud de Brouwer
48ad60eb61
GPG
...
start of check/correct.
2013-01-23 15:22:21 +00:00
Noud de Brouwer
8bf8ef17ca
RBAC
...
so role is editable.
(i will not commit/push during after hours ;) )
2013-01-22 18:37:30 +00:00
Noud de Brouwer
7e5c34770e
RBAC
...
role editable on user page (by admin).
2013-01-22 15:25:08 +00:00
Noud de Brouwer
d89ab91dee
coding standards
...
Coding Standards.
2012-12-18 16:44:07 +00:00
Noud de Brouwer
8864ee78f7
generateAllFor<FieldName>
...
so we can use an URL like:
http://localhost/ <TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
2012-12-18 03:50:52 +00:00
Andras Iklody
1ceadab700
Added features from branch analysis_levels
...
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
2012-12-17 15:51:30 +01:00
noud
26c8ad57ee
Role
...
renamed everything group to role (i.s.o. renaming just the visable).
2012-12-12 16:15:01 +01:00
noud
52a7625a9d
Source Code Review
...
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
2012-12-12 14:01:00 +01:00
noud
1bd14256e0
coding standards
...
correction conform conding standards.
2012-12-04 09:07:33 +01:00
Andras Iklody
1bf1e6f2a8
Slight change to the histogram
...
Data for types that had "|" or "-" in the name (such as ip-src)
were omitted - should be fixed now
2012-11-29 16:13:31 +01:00
noud
80571386ad
audit log & terms
...
do not handle a timed out user log.
and
better check on login and termsaccepted.
2012-11-26 10:50:23 +01:00
noud
b3a6a656d4
users
...
show the correct Org during edit.
2012-11-22 11:57:26 +01:00
noud
6495787023
Audit log
...
Following events are now being logged:
1. Adding a new user.
2. Deleting a user.
2012-10-31 15:34:43 +01:00
noud
1c3ca8909b
Users
...
invited by filled.
2012-10-31 10:00:01 +01:00
noud
2b24b36639
(internationalization)
...
setFlash using __(), so transletable lateron.
2012-10-30 09:13:35 +01:00
noud
503d5bcb0e
Audit log.
...
Edit user (now?) needs an extra check on the second password.
2012-09-26 17:13:19 +02:00
noud
8f3d624c1a
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AppController.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Controller/UsersController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
app/Model/User.php
app/View/Attributes/edit.ctp
app/View/Attributes/index.ctp
app/View/Elements/actions_menu.ctp
app/View/Events/add.ctp
app/View/Events/index.ctp
app/View/Events/view.ctp
app/View/Events/xml/view.ctp
app/View/Servers/index.ctp
app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
noud
1d04652476
CakePHP Coding Standards
...
changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00