MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
1,183 Commits
41 Branches
370 Tags
181 MiB
Commit Graph

80 Commits (e577d587fd137633bf9b427bc8e5cc2994761f69)

Author SHA1 Message Date
iglocska 96170dae29 Fixed an issue with siteadmin contact e-mails resetting passwords of non existing users 
- a site admin could issue a password reset to a non-existing user
 2013-07-25 14:45:34 +02:00
Christophe Vandeplas bd61f73bd2 fixed a newly created bug in memberslist 2013-07-18 12:18:10 +02:00
iglocska 7486f478e0 Merge branch 'develop' of https://github.com/MISP/MISP into develop 2013-07-18 11:33:11 +02:00
iglocska 7fb1e6f70e Some bugs fixed 
- Resetting the auth key for a user that doesn't exist created an empty
user 

- change_pw showed an admin menu on the side

- rerouting after an incorrect auth request fixed (users/index doesn't
exist)

- temporarily disabled the redirect after login
 2013-07-18 11:32:26 +02:00
Christophe Vandeplas 4bca5b9e30 memberslist based on orgc, is more logic to reflect the contributions 2013-07-18 11:14:11 +02:00
iglocska 1f5aa5420f Security issue fixed with UsersController 
- users could view other user profiles

- users could view other user profiles through edit user
 2013-07-15 16:46:44 +02:00
Christophe Vandeplas ff2f08f60d fixes bug in previous commit. 2013-07-11 14:28:12 +02:00
Christophe Vandeplas 7949181fbc improved password generation algorithm in reset password 2013-07-11 14:26:28 +02:00
iglocska 17b570ec1f Typo in UsersController fixed 2013-06-11 10:37:56 +02:00
Christophe Vandeplas 213290961b force passwd change for admin user on creation 2013-06-04 13:22:05 +02:00
Christophe Vandeplas 38897d9af3 create default admin user automatically 2013-06-04 13:06:57 +02:00
Christophe Vandeplas 69251490ef Merge branch 'feature/gui' of https://github.com/MISP/MISP into 
feature/gui

Conflicts:
	app/View/Logs/admin_index.ctp
	app/View/Logs/admin_search.ctp
	app/View/Users/memberslist.ctp
 2013-05-31 17:50:00 +02:00
Iglocska 254936b28c Date issue when adding a user 
- the date for a new user was not set and defaulted to 0000-00-00 - this
caused an issue when the user was edited and the admin was either
prompted to change the date manually or the date was set to 2033. 

- date for newsread is now initially set to 2000-01-01
 2013-05-13 15:37:42 +02:00
Andras Iklody eeaa071024 Removal of the remains of the old authorization / adding new ones where 
needed
 2013-04-26 14:43:44 +02:00
Andras Iklody 4396cec8ea Integrated ownership, ACL and minor fixes 
- Orgs can propose new attributes or changes to existing attributes for
  events that they do not own

- publishing users of the owner organisation can see, accept or discard
  them

- Reworked the access control

- minor fixes
 2013-04-25 14:04:08 +02:00
Christophe Vandeplas d11422831e fix sanitization in Users #96 2013-04-24 13:06:35 +02:00
iglocska e7a7ea8824 Small error 2013-03-25 17:12:10 +01:00
iglocska 745581d38e Small bug 
- Messages left empty for all but the first user in a mass custom e-mail
- fixed.
 2013-03-25 17:07:56 +01:00
iglocska 4aa2bf748b Small message notifying the admin that the e-mail was sent 
- flash message after e-mail sent
 2013-03-25 16:52:59 +01:00
iglocska b28e884eb0 Debug exception left in 
- removed
 2013-03-25 16:50:26 +01:00
iglocska 0a06ceed3b E-mailing system for site-admins 
- site admins able to contact users by e-mail from within the system
- PGP encrypted where available
- Password reset with automatic temporary key generation
- all of the above options have a mass-email version where every user is
  contacted at once
- Potential new users can be contacted too (GPG key can be supplied)
 2013-03-25 16:38:56 +01:00
Andras Iklody afed0f2046 Changes to link validation and minor fixes 
- Links get validated now to filter malicios code

- removed a double edit button in the case of an admin editing himself

- fixed an error with adding new attributes
 2013-02-11 11:26:34 +01:00
Andras Iklody e88a3a9cf7 Updates to security 
- perm_auth new toggle, can disable auth key usage for a role

- prevents sync / rest with a perm_auth == false key

- some changes to sync to provide better feedback on why it failed

- rewording of distribution options
 2013-02-06 17:45:43 +01:00
Andras Iklody 6ef3ea7050 Missing file from the last commit 
Missed a file from the package
 2013-02-05 09:21:29 +01:00
Andras Iklody 66b9969d29 Security for UsersController 
org admins could edit users of other orgs by accessing the edit page
through the URL. Fixed.
 2013-01-29 10:51:18 +01:00
Andras Iklody 97f56a2275 Further changes to org admins 
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
 2013-01-29 08:56:38 +01:00
Noud de Brouwer 4c83ad3cfe coding standards 
Coding Standards.
 2013-01-28 08:42:20 +00:00
Noud de Brouwer a6371f5ad8 coding standards 
Coding Standards.
 2013-01-28 08:32:01 +00:00
Andras Iklody 9739cd1e35 Fix for the org admin privileges 
Editing / creating users and the organisation permissions for org admins
 2013-01-25 12:22:55 +01:00
Noud de Brouwer d6adb11f52 RBAC 
only create users within own organisation.
 2013-01-25 07:52:32 +00:00
deresz b1b47bc56f Better fix to Sanitize::clean() problem 
'escape' option was removed.
 2013-01-24 10:38:51 +01:00
Noud de Brouwer f8b9d85c62 Sanitize 
Sanitize can not be used in PGP key.
 2013-01-24 08:19:47 +00:00
Noud de Brouwer 48ad60eb61 GPG 
start of check/correct.
 2013-01-23 15:22:21 +00:00
Noud de Brouwer 8bf8ef17ca RBAC 
so role is editable.
(i will not commit/push during after hours ;) )
 2013-01-22 18:37:30 +00:00
Noud de Brouwer 7e5c34770e RBAC 
role editable on user page (by admin).
 2013-01-22 15:25:08 +00:00
Noud de Brouwer d89ab91dee coding standards 
Coding Standards.
 2012-12-18 16:44:07 +00:00
Noud de Brouwer 8864ee78f7 generateAllFor<FieldName> 
so we can use an URL like:
http://localhost/<TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
 2012-12-18 03:50:52 +00:00
Andras Iklody 1ceadab700 Added features from branch analysis_levels 
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
 2012-12-17 15:51:30 +01:00
noud 26c8ad57ee Role 
renamed everything group to role (i.s.o. renaming just the visable).
 2012-12-12 16:15:01 +01:00
noud 52a7625a9d Source Code Review 
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
 2012-12-12 14:01:00 +01:00
noud 1bd14256e0 coding standards 
correction conform conding standards.
 2012-12-04 09:07:33 +01:00
Andras Iklody 1bf1e6f2a8 Slight change to the histogram 
Data for types that had "|" or "-" in the name (such as ip-src)
were omitted - should be fixed now
 2012-11-29 16:13:31 +01:00
noud 80571386ad audit log & terms 
do not handle a timed out user log.
and
better check on login and termsaccepted.
 2012-11-26 10:50:23 +01:00
noud b3a6a656d4 users 
show the correct Org during edit.
 2012-11-22 11:57:26 +01:00
noud 6495787023 Audit log 
Following events are now being logged: 
1. Adding a new user.
2. Deleting a user.
 2012-10-31 15:34:43 +01:00
noud 1c3ca8909b Users 
invited by filled.
 2012-10-31 10:00:01 +01:00
noud 2b24b36639 (internationalization) 
setFlash using __(), so transletable lateron.
 2012-10-30 09:13:35 +01:00
noud 503d5bcb0e Audit log. 
Edit user (now?) needs an extra check on the second password.
 2012-09-26 17:13:19 +02:00
noud 8f3d624c1a Merge branch 'master' into develop 
Conflicts:
	app/Controller/AppController.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Controller/UsersController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Attributes/edit.ctp
	app/View/Attributes/index.ctp
	app/View/Elements/actions_menu.ctp
	app/View/Events/add.ctp
	app/View/Events/index.ctp
	app/View/Events/view.ctp
	app/View/Events/xml/view.ctp
	app/View/Servers/index.ctp
	app/View/Users/admin_index.ctp
 2012-09-24 16:02:01 +02:00
noud 1d04652476 CakePHP Coding Standards 
changed to camel caps format where needed.
 2012-09-19 11:05:10 +02:00