iglocska
73ad04906a
fix: [typo] capitalisation mistake blocking org edits
2022-11-02 12:11:56 +01:00
iglocska
11510ea28f
new: [individual] editing enabled for org admins
...
- requires that a user exist for the given individual
2022-10-31 14:42:58 +01:00
iglocska
8dbbb21dff
chg: [users] add metafields behaviour
2022-10-31 13:38:31 +01:00
iglocska
5ec0471cce
chg: [keycloak mapper] also pushes default mappings if they don't exist
2022-10-31 13:36:53 +01:00
iglocska
ce6575cfb6
chg: [User] Entity - added rearrangeForAPI() to rearrange meta fields
2022-10-31 13:26:44 +01:00
iglocska
2a31e39762
new: [keycloak] automatically set mappings
2022-10-31 13:26:12 +01:00
iglocska
3bf52c701f
chg: [keycloak] sync script updated
2022-10-31 11:32:15 +01:00
iglocska
2f4b6ed2ff
chg: [keycloak] integration rework
...
- switch to the use of attributes
- several minor fixes
2022-10-31 11:31:38 +01:00
Sami Mokaddem
03bd4aba30
new: [genericElement:group_table_action] Added support of `show # element` in the table
2022-10-28 09:13:15 +02:00
Sami Mokaddem
351b90d843
fix: [helper:boostrap] Make sure all properties are passed to the button component
2022-10-28 09:11:21 +02:00
Sami Mokaddem
0db625ce45
chg: [inbox:index] Added filtering on `created` time
2022-10-27 15:57:35 +02:00
Sami Mokaddem
aeda393bba
chg: [component:CRUD] Improved filtering to support form type based on database column type
2022-10-27 15:56:39 +02:00
Sami Mokaddem
e1499fb705
chg: [inbox:index] Added quick filter on scope
2022-10-27 11:22:55 +02:00
Sami Mokaddem
dde7bbe75f
chg: [behavior:notifyAdmin] Small refactor to better handle deletions
2022-10-27 11:07:21 +02:00
Sami Mokaddem
225913f9c6
new: [organisation] Added `notifyAdmin` behavior.
...
Might be removed later on if needed
2022-10-27 10:14:57 +02:00
Sami Mokaddem
d0119b2dba
new: [user] Added `notifyAdmin` behavior
2022-10-27 10:14:09 +02:00
Sami Mokaddem
ee5adaf971
chg: [behavior:adminNotification] Added support of watched fields and improved metafield integration
2022-10-27 10:12:06 +02:00
Sami Mokaddem
c8ff7bb4b2
new: [adminNotificationBehavior] Added first version of new behavior and associated inboxProcessor
...
This behavior allows to specify on which fields modification site-admins should be notified by receiving a message in their inbox
2022-10-26 17:10:04 +02:00
iglocska
9c41fd548f
fix: [auth] added keycloak logout
2022-10-25 15:08:41 +02:00
Sami Mokaddem
3d5508055a
chg: [inbox:index] Allow filtering index by user.id and user.name
2022-10-25 14:50:39 +02:00
Sami Mokaddem
eb6dec8b64
fix: [component:CRUD] Default custom contextual filters do not override search parameters anymore
2022-10-25 14:50:11 +02:00
Sami Mokaddem
00c1ae616f
new: [inboxes] Added `severity` level and `message` and removed `description` column
2022-10-25 14:38:16 +02:00
iglocska
9a8372be12
fix: [return type] validation removed
2022-10-25 11:01:23 +02:00
iglocska
84537c52f9
new: [user enrollment] send keycloak welcome email to users when enrolled
2022-10-25 10:57:18 +02:00
Sami Mokaddem
e98290fcba
chg: [helper:bootstrap] Added support of icon in confirm modal button
2022-10-25 10:30:11 +02:00
Sami Mokaddem
6d40968f24
chg: [appTable] Set string format of FrozenTime to ISO 8601-like by default
2022-10-25 10:27:58 +02:00
Sami Mokaddem
8d7e2b0df2
chg: [inboxes:UI] Renamed `request` into `message`
2022-10-25 10:26:03 +02:00
Sami Mokaddem
726dab255e
chg: [inbox:index] Changed quick filter to show `my notification` by default
2022-10-25 10:24:01 +02:00
Sami Mokaddem
745340adff
fix: [component:CRUD] Only show metafields filters wjen the model has the behavior
2022-10-25 10:23:11 +02:00
Sami Mokaddem
b555aed178
chg: [auditLog:entity] unset useless noise from user-settings
2022-10-21 16:06:09 +02:00
Sami Mokaddem
fc0920c7c3
chg: [component:APIRearrange] Rearrange for all iterators
2022-10-21 15:56:53 +02:00
Sami Mokaddem
d1d88391e1
fix: [auditlogs:index] Typo preventing showing the `changed` field
2022-10-21 15:55:31 +02:00
iglocska
41a241cada
new: [pgp] library ported from MISP
...
- added proper view elements for encryption keys
- added key information extraction
2022-10-21 15:25:52 +02:00
Sami Mokaddem
ddfc83af6f
chg: [navigation:socialProvider] Improved UI for SSO profile management
2022-10-21 14:14:38 +02:00
Sami Mokaddem
0f27435251
fix: [metaTemplates] Correctly show update message
2022-10-21 14:07:41 +02:00
Sami Mokaddem
455daba4d4
fix: [navigation:meta-template] Correctly show badge for new templates
2022-10-21 14:06:46 +02:00
Sami Mokaddem
a091edbf22
fix: [user:beforeSave] Only call the user-update callback if the user is not new
2022-10-21 09:00:49 +02:00
Sami Mokaddem
c65978f8f2
fix: [behavior:authKeycloak] Correctly check if the user was saved
2022-10-21 08:59:36 +02:00
Sami Mokaddem
96041cc71a
chg: [genericIndex:select_visible_columns] Show meta-template versions
2022-09-29 17:54:58 +02:00
Sami Mokaddem
21403995e3
new: [user:edit] Added keycloak updates when a user gets modified
2022-09-21 10:11:09 +02:00
Sami Mokaddem
37094e0abb
fix: [user:validation] Allow user edition when `username` is not set
2022-09-21 10:10:02 +02:00
Sami Mokaddem
80277e4bdf
chg: [command:keycloakSync] Make sure User model is loaded
2022-09-21 10:09:12 +02:00
Sami Mokaddem
2c87b1e500
fix: [authKeycloakBehavior] Added missing association preventing user to log via keycloak
2022-09-21 10:07:51 +02:00
Sami Mokaddem
69fee02498
fix: [authKeycloakBehavior] Re-indexing array preventing roles to be parsed by keycloak
2022-09-21 10:06:33 +02:00
Sami Mokaddem
efe917c824
fix: [authKeycloakBehavior] Typo preventing roles to be saved
2022-09-21 10:05:55 +02:00
Sami Mokaddem
8d26be28a2
chg: [auditlogs:index] Reverse sort by ID
2022-09-20 15:31:42 +02:00
iglocska
760badd268
fix: [alignments] missing contains added
2022-09-19 02:17:36 +02:00
iglocska
fd6d3466d7
fix: [authkey] should only be used in a rest context
...
- otherwise some weird authentication snafus can happen
- as reported by SK-CERT
2022-09-19 02:14:57 +02:00
iglocska
4c0c6ef4ac
fix: [counter graphs] fixed to disallow invalid interval entries
...
- as reported by SK-CERT
2022-09-19 01:46:57 +02:00
iglocska
5e0ab5cc38
new: [users] username validation added
...
- >5 && <50 in length required
- trim username to test to avoid whitespace names
- as reported by SK-CERT
2022-09-19 01:22:53 +02:00
iglocska
9a50a5693e
fix: [users] added uniqueness to usernames
...
- added upgrade script with removal of duplicate usernames
- added unique index to username field
- massaging the usernames before insertion (trim + lowercasing)
- As reported by SK-CERT
2022-09-19 01:12:14 +02:00
iglocska
a9eccb3097
fix: [security] X-FRAME-OPTIONS: DENY added to all responses
...
- as reported by SK-CERT
2022-09-19 01:11:18 +02:00
iglocska
af1e2fd632
new: [security] Bruteforce protection added
...
- logins allow for 5 attempts every 5 minutes
- Code ported and updated from MISP
- As reported by SK-CERT
2022-09-19 00:25:15 +02:00
iglocska
07a8d1dfcb
chg: [dead variable] removed
2022-09-19 00:24:29 +02:00
iglocska
254fdc3b84
chg: [security] keycloak enabled - disallow multiple users from being created for the same individual
...
- as reported by SK-CERT
2022-09-18 19:26:24 +02:00
iglocska
10ea126a93
fix: [security] KeyCloak login getUser fixes
...
- removed dead code
- tightened check on the user profile, if the KC user's email address and that of the Cerebrate user disagree, block the authentication
- as reported by SK-CERT
2022-09-18 18:51:05 +02:00
iglocska
85e8a35091
fix: [api rearrange] shouldn't trigger when dealing with arrays
2022-09-18 18:27:00 +02:00
iglocska
370995ab50
fix: [audit log] error due to compressible fields not being streams when compression not enabled
2022-09-18 18:16:34 +02:00
iglocska
3857de8499
fix: [notice] errors when not logged in removed
2022-08-24 14:47:40 +02:00
iglocska
fac19e0a3c
fix: [exception] speculative fix to a check causing a 500
2022-08-24 11:43:36 +02:00
iglocska
4c1ce31d50
fix: [unauthed] users internal error fixed
2022-08-24 11:42:38 +02:00
iglocska
d35a674505
chg: [navigation] added keycloak self management
...
- also some changes to the navigation system
2022-08-24 11:39:56 +02:00
iglocska
94bfafb743
fix: [meta template] fixes
2022-08-23 16:02:52 +02:00
iglocska
8bc3088e12
fix: [revert] meta fields unindexing
...
- required for the saving of vchanges
2022-08-23 14:50:13 +02:00
iglocska
095dd4513c
chg: [rearrange] moved to Entity
2022-08-23 11:42:30 +02:00
iglocska
1077251f8b
fix: [keycloak] fixed encoding issue with urlencoded usernames created in keycloak
2022-08-23 11:05:07 +02:00
iglocska
d96353ee4f
chg: [APIRearrange] component tied into rest response
2022-08-19 13:02:25 +02:00
iglocska
3e0d015f69
fix: [meta] template loading reworked
...
- no more crappy string numeric keys among others
2022-08-19 13:01:47 +02:00
iglocska
b9e5b76766
new: [component] APIRearrange component added
...
- alter the data's format before passing it back via the RestResponseComponent
- to be used to clean up UI specific artifacts / junk
- also to maintain compability between versions/tools
2022-08-19 13:00:19 +02:00
iglocska
cbb737e18e
fix: [deprecation] pagination component's use removed to comply with 4.4 requirements
2022-08-17 14:00:38 +02:00
iglocska
a5c9f68316
fix: [deprecation] futher toList() call updated
2022-08-17 13:49:52 +02:00
iglocska
60d8a8f655
fix: [deprecation] toList() queries updated
2022-08-17 13:49:11 +02:00
iglocska
a8c42969ab
chg: [VERSION] bump
2022-06-09 14:14:19 +02:00
Sami Mokaddem
fa68d62890
fix: [component:CRUD] Removed deprecation notice when trying to extract without requesting the collection
2022-06-08 11:56:09 +02:00
Sami Mokaddem
8c4c75d83a
fix: [localTools:action] Catch error if local tool's action returned unexpected data
2022-06-08 11:51:52 +02:00
Sami Mokaddem
d55c1fd5d1
fix: [helper:bootstrap] Allow HTML param to have value equal to 0
2022-06-08 11:05:55 +02:00
iglocska
f513f8ec99
chg: [kc] disabled user capturing
...
- Cerebrate is now authoritative
2022-05-17 11:00:30 +02:00
iglocska
be064bb0c9
new: [KC] profile link added
2022-05-17 10:42:44 +02:00
iglocska
398307e414
fix: [user enrollment] fixed via KC
2022-05-17 10:16:47 +02:00
iglocska
a88318c5df
fix: [auditlogs] more monkey fixing the logging errors via CLI
2022-05-17 09:26:23 +02:00
iglocska
11c9900580
chg: revert
2022-05-17 09:24:37 +02:00
iglocska
23c41008d4
chg: [audit logs] fix test
2022-05-17 09:23:08 +02:00
iglocska
8cf325d263
fix: [audit logs] monkey fix for the missing fields when coming from a CLI query
2022-05-17 09:06:16 +02:00
iglocska
4575406b33
fix: [users] edit
...
- various issues fixed with the edit function
- re-added the chance to change organisations of a user as a site admin
- tighter checks on the options for the drop downs
2022-05-17 04:02:06 +02:00
iglocska
32a559cc3b
new: [keycloak] command line tool
...
- automateable sync
- fixed various issues
- added logging of issues
2022-05-17 04:01:10 +02:00
iglocska
5a965c5ffd
new: [keycloak] sync added
...
- created/updates users
- creates/updates/removes roles
- creates/updates/removes orgs
2022-05-17 02:42:14 +02:00
Sami Mokaddem
2289e91aca
fix: [component:CRUD] Avoid patching entity if it wasn't modified
2022-03-09 12:01:15 +01:00
Sami Mokaddem
3e4d0a4544
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-03-09 11:44:26 +01:00
Sami Mokaddem
938354119b
fix: [metaFields] Added timestamp behavior
2022-03-09 11:15:41 +01:00
Luciano Righetti
c0a76d3f99
fix: error when entity has no meta_fields
2022-03-09 09:27:53 +01:00
Sami Mokaddem
61736531b1
chg: [indexTable:context_filters] Support of default context filter
...
This filter is used by default if none is provided
2022-03-09 08:55:59 +01:00
Sami Mokaddem
39d89efb53
chg: [meta-template:update] Default update strategy to be `create_new`
2022-03-09 08:21:27 +01:00
Sami Mokaddem
7a16c2c792
fix: [metaTemplate:view] Repair `Field` child
2022-03-08 17:49:18 +01:00
Sami Mokaddem
033792396c
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-03-08 17:13:19 +01:00
Sami Mokaddem
503b9e53b7
chg: [instance:getStatistics] Usage of cake's FrozenTime instead of DateTime
2022-03-08 16:51:10 +01:00
Sami Mokaddem
f6900b0843
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-03-08 16:04:14 +01:00
Luciano Righetti
e5d0ffa041
fix: remove filter
2022-03-08 15:55:23 +01:00
Luciano Righetti
1a5ee2767f
fix: remove commented line
2022-03-08 15:54:38 +01:00
Luciano Righetti
9a2c6a4c4b
new: add api tests for MetaTemplates and openapi spec, fix minor issues.
2022-03-08 15:51:07 +01:00
Sami Mokaddem
c064ca6f53
fix: Bumped ACLComponent
2022-03-01 15:23:44 +01:00
Sami Mokaddem
71cd1e307d
chg: [Component:CRUD] Only show used meta-template in view pages
2022-03-01 15:21:56 +01:00
Sami Mokaddem
5fa0280f15
fix: [sharingrGroup:delete] Missing params variable
2022-03-01 14:08:16 +01:00
Sami Mokaddem
f8c8bbcb0b
fix: [component:CRUD] Fixed typo massageMetaFields
2022-03-01 14:07:20 +01:00
Sami Mokaddem
0fb03aae91
fix: [Component:CRUD] Removed confusing `get` parameter
...
- It was confusing and using it could lead to unwanted consequences
- It's clearer to implement the desired logic on controller's side
2022-03-01 14:02:26 +01:00
Sami Mokaddem
b91f4b5d01
chg: [settingProvider:cerebrate] Typo in `password_auth.enabled`'s name
2022-03-01 13:56:54 +01:00
Sami Mokaddem
a78864912e
chg: [metaTemplates:computeConflicts] Usage of subqueries instead of array of IDs
2022-03-01 11:32:30 +01:00
Sami Mokaddem
134b7bfc3e
chg: [metafields] Passed argument can either be an object or array
2022-03-01 11:30:22 +01:00
Sami Mokaddem
bb94765243
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-03-01 09:52:57 +01:00
Sami Mokaddem
505e9a0973
chg: [metaFields] Added metafield type validation
2022-03-01 09:52:27 +01:00
Sami Mokaddem
713f867082
chg: [component:CRUD] Better validation messages
2022-03-01 09:51:51 +01:00
Sami Mokaddem
4b5b2bc7e2
chg: [behaviors:metafields] Moved type handlers to the meta-template-fields table
2022-03-01 09:49:33 +01:00
Sami Mokaddem
ad6362eed4
chg: [instance:searchAll] Sharinggroup filter on org membership in addition to owner
2022-02-28 14:35:06 +01:00
Sami Mokaddem
bc04fd0336
fix: [instance:searchAll] Get the correct count if after filter is applied
2022-02-28 14:34:14 +01:00
Sami Mokaddem
8450e83607
chg: [sharingroup:index] Changed conditions allowing member org to view a sharing group
...
Previously only the SG owner could see the SG
2022-02-28 14:23:40 +01:00
Sami Mokaddem
b628bc38ae
fix: [sharinggroups:view] Typo skipping org membership check
2022-02-28 14:23:00 +01:00
Sami Mokaddem
8293312f90
fix: [instance:search_all] Support of conditions and afterFind when using global search
2022-02-28 14:16:12 +01:00
Sami Mokaddem
aa351b3ccb
fix: [Component:CRUD] Prevent duplication of first metafield if it was unmodified
2022-02-28 11:08:42 +01:00
Sami Mokaddem
c13fb53ae0
chg: [organisations] Added meta-field global filtering
2022-02-28 10:50:04 +01:00
Sami Mokaddem
4b95b49854
fix: [behavior:metafields] Switch to text filtering if meta-template-field is not provided
2022-02-28 10:49:34 +01:00
iglocska
61cda0af33
fix: [minor fixes] with the keycloak integration
2022-02-28 10:27:17 +01:00
iglocska
8a6f0ed751
fix: [settings] invalid setting name fixed
2022-02-28 10:23:23 +01:00
Sami Mokaddem
3ef64911f9
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-28 09:51:51 +01:00
Sami Mokaddem
9fe7f06265
new: [metafields-types:ipv6] Support of ipv6
2022-02-28 09:45:43 +01:00
Sami Mokaddem
0363a91310
chg: [metafield-type:ipv4] Usage of Cdir tool
2022-02-28 09:42:49 +01:00
Sami Mokaddem
97501642b8
new: [tools:CidrTool] Ported CidrTool from MISP
2022-02-28 09:42:09 +01:00
Sami Mokaddem
7c153e6164
chg: [metafield-types:ipv4] Improved logics
2022-02-28 09:40:19 +01:00
Sami Mokaddem
4089623eaa
chg: [users] Removed useless imports
2022-02-28 09:37:29 +01:00
iglocska
5734d74a17
Merge branch 'develop' into main
2022-02-28 08:27:54 +01:00
iglocska
1e6b6a5abc
fix: [settings] added test for keycloak enabled
...
- always require one auth method to be enabled
2022-02-28 08:27:22 +01:00
iglocska
498efcf671
Merge branch 'develop' into main
2022-02-28 08:21:11 +01:00
Sami Mokaddem
04b82d356e
chg: [indexTable:filtering] Initial work on supporting custom operators
2022-02-25 15:36:55 +01:00
Sami Mokaddem
6cb9887f03
new: [metaFields] Support of meta-fields types
2022-02-25 15:22:57 +01:00
iglocska
9d04533e14
chg: [users] restrict org admins from creating other org admins
...
- temporary solution for a single community, make this optional in the future
2022-02-25 10:20:25 +01:00
Sami Mokaddem
a9570426db
fix: [component:CRUD] Fix edit where query parameters where not passed correctly
...
It fixes meta-fields duplication while saving
2022-02-25 08:19:01 +01:00
iglocska
4902a3f8a6
new: [password auth] added setting to disable password auth
...
- not needed in some cases for keycloak enabled instances
2022-02-25 00:33:00 +01:00
iglocska
79459838eb
chg: [user add] if no password was set, set a random one
...
- can't be used so far as we have no emailing in place
- it allows user creation when username/password mode is disabled
2022-02-25 00:31:19 +01:00
iglocska
6f6c10670e
new: [CRUD] added beforeMarshal hook
2022-02-25 00:30:50 +01:00
iglocska
3790244ce4
new: [individuals] new finder method to find by alignment
2022-02-24 13:47:08 +01:00
iglocska
8fdb8668c8
fix: [alignments] saving of the alignment was omitted before
2022-02-24 13:46:35 +01:00
iglocska
828946a97f
new: [users] several changes
...
- make usernames immutable
- restrict user creation to aligned individuals (org admin only)
- optionally create individual while creating a user
2022-02-24 13:45:10 +01:00
Sami Mokaddem
64cb0f920a
chg: [mailinglist] Added ACL conditions on mailing list operations
...
- Site admins have all authorizations
- Org admins can manipulate the list their user own (can be later replaced by organisation_id instead of user_id)
- Other users can see the all lists they are included in
2022-02-23 10:03:12 +01:00
Sami Mokaddem
d2c98fc3c5
chg: [Component:ACL] Added entries for mailing list
2022-02-23 10:01:18 +01:00
Sami Mokaddem
ba047885c9
chg: [Component:ACL] Added entry for audit log filtering
2022-02-23 10:00:42 +01:00
Sami Mokaddem
20d896ad47
chg: [Component:CRUD] Allow to filter out rows from the index with afterFind
...
Filtering can be achieved by returning `false` instead of the row in the `afterFind` function
2022-02-23 09:58:55 +01:00
Sami Mokaddem
bf3e31c59a
fix: [Component:CRUD] Typo in merge conflict
2022-02-23 08:18:08 +01:00
Sami Mokaddem
4e4cb34b22
chg: [metaTemplates] Removed comment
2022-02-21 15:42:23 +01:00
Sami Mokaddem
bce4c5fde9
chg: [Component:CRUD] Removed comment and init correct variable type
2022-02-21 11:51:05 +01:00
Sami Mokaddem
aeac86cb52
chg: [Component:CRUD] Typo
2022-02-21 11:48:41 +01:00
Sami Mokaddem
7ea5acb167
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-21 11:17:05 +01:00
iglocska
b67c221476
fix: [copy pasta fail] left previous assignment in that is now superseeded by the if branch above
2022-02-20 15:07:58 +01:00
iglocska
3af0b0afc5
fix: [misp connector] validations with notEmpty() deprecated, replaced with notEmptyString()
2022-02-20 15:02:07 +01:00
iglocska
e2bb58d3c7
fix: [flood protection] default to 127.0.0.1 if no remote_addr is set as we're dealing with a local CLI script
2022-02-20 15:00:15 +01:00
iglocska
c005cb7f66
fix: [error code] adding an authkey for a user you are not authorised to modify resulted in a 404 instead of a 405
2022-02-20 14:56:21 +01:00
iglocska
b046990153
fix: [flood protection] default to REMOTE_ADDR if the selected default logging IP source header is not populated
2022-02-20 11:49:57 +01:00
iglocska
3745739158
chg: [flood protection] Changed the description of the setting based on the used IP source
...
- added a warning about the IP source setting affecting the efficacy of the flood protection in regards to an attacker being potentially able to spoof their IP
- Warn the admin to make sure that the reverse proxy used (the main reason to use the alternate headers in the first place) needs to be configured to correctly overwrite the header
- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:42:24 +01:00
iglocska
283299bf36
fix: [security] flood protection control enabled by default
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:34:07 +01:00
iglocska
6e67a5b239
fix: [security] Sharing group creation on behalf of other organisation fixed
...
- org admin could create sharing groups on behalf of other organisations
- can lead to misleading sharing groups being created
- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:21:29 +01:00
iglocska
b41b0dd712
fix: [security] privilege escalation via user edit fixed
...
- org admins could circumvent the role restrictions and elevate themselves to a site admin
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:02:49 +01:00
iglocska
2da9d8f7d2
new: [keycloak] log enrollment outcome in the audit log
2022-02-18 11:47:33 +01:00
Sami Mokaddem
20907a45da
chg: [organisation] Removed useless class variable
2022-02-09 15:41:58 +01:00
Sami Mokaddem
d8807cce92
chg: [behavior:meta-fields] Renamed finder function
2022-02-09 15:18:24 +01:00
Sami Mokaddem
a77e29fa38
new: [layout:sidebar] Notifications in the sidebar
2022-02-08 17:58:30 +01:00
Sami Mokaddem
d1cf408163
new: [helpers:bootstrap] Added notification bubble
2022-02-08 17:57:20 +01:00
Sami Mokaddem
62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-08 08:42:25 +01:00
Sami Mokaddem
b01d75aaa6
fix: [helpers:bootstrap] Support of cell variant in table
2022-02-07 13:25:33 +01:00
Sami Mokaddem
ad3e89199b
chg: [settingTable] Added value validation before saving the setting
2022-02-07 12:01:07 +01:00
Sami Mokaddem
336dfb091c
chg: [settingTable] Gracefully handle if file not writeable
2022-02-07 11:11:25 +01:00
Sami Mokaddem
14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 10:48:55 +01:00
iglocska
c7b226f844
chg: [flood protection] added cleanup
2022-02-07 02:14:53 +01:00
iglocska
d45a4dc499
new: [registration] added optional registration flood protection
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
iglocska
e6643365d2
new: [flood protection] behaviour added
...
simple expiration system to allow flood protections to be added to any functionality
2022-02-07 02:01:59 +01:00
iglocska
a9c1619bda
new: [Exception] 429 added
2022-02-07 01:59:33 +01:00
iglocska
88f3cc7944
fix: [security] user settings allow enumeration of usernames
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:45:42 +01:00
iglocska
a263234917
fix: [security] open endpoints should only be open when enabled
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:36:31 +01:00
iglocska
15190b930e
fix: [security] Sharing group ACL fixes
...
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
iglocska
5fbd53883f
fix: [sync] created field rules added
...
- should stop issues of SG/Individual downloads from remote brood
2022-01-31 09:35:33 +01:00
iglocska
788feab011
chg: [Version] bump
2022-01-27 22:12:35 +01:00
iglocska
cf67c3d1f0
fix: [roles] setting default should be exclusive
...
- added aftersave action to remove default from other roles
2022-01-27 22:06:26 +01:00
iglocska
1ca0f21b86
chg: [user add] form defaults
...
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
iglocska
93d4917953
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-27 21:00:32 +01:00
iglocska
c983c6f130
fix: [Keycloak baseurl] remove trailing slashes
2022-01-27 20:59:58 +01:00
iglocska
eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation
...
- opens it up for modifications by the hooking functions
2022-01-27 20:59:20 +01:00
iglocska
7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting
...
- allows us to modify a value in the processing steps before the value is committed to disk
2022-01-27 20:57:35 +01:00
Andras Iklody
6443f36650
Merge pull request #86 from righel/add-inter-connection-tests
...
Add inter-connection test
2022-01-27 16:13:35 +01:00
Sami Mokaddem
7de1c14407
chg: [userSettings:add] Adhere to the passed user context
2022-01-27 10:44:47 +01:00
Sami Mokaddem
789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings
2022-01-27 08:41:31 +01:00
Sami Mokaddem
2e7aabf704
fix: [users:toggle] Prevent users to disable admins
2022-01-26 16:10:33 +01:00
Sami Mokaddem
fcffad6777
fix: [users:delete] Typo copy paste error
2022-01-26 15:45:57 +01:00
Luciano Righetti
d91a362e99
Merge branch 'develop' into add-inter-connection-tests
2022-01-26 15:31:49 +01:00
iglocska
665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:29:53 +01:00
iglocska
95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit
...
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
2022-01-26 15:28:10 +01:00
Sami Mokaddem
2602b60eb0
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:12:46 +01:00
iglocska
006b0aab99
chg: [MISP connector] user edit/delete temporarily commented out as they're not implemented yet
2022-01-26 15:05:38 +01:00
Sami Mokaddem
d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:59:57 +01:00
iglocska
519fcd2b1a
fix: [lax URL validation] added for Broodstable
...
- can be reused elsewhere too
- allows for http://hostname style urls
2022-01-26 14:57:43 +01:00
iglocska
f695744bd7
fix: [user view] ACL fixed
2022-01-26 14:57:01 +01:00
iglocska
b7facf226d
chg: [Navigationcomponent] added missing changes from previous commit
2022-01-26 14:55:47 +01:00
Sami Mokaddem
74e95855bd
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:54:03 +01:00
iglocska
4b5bccae28
chg: [Organisation] Entity accessibility rules
...
- make created only accessible when creating new objects
2022-01-26 14:24:53 +01:00
iglocska
c186c88d5c
chg: [navigation] Breadcrumb generation is user aware
...
- moved the initialisation of the generation to be invoked from the appcontroller's beforefilter, after the user is loaded into the ACL component
- Only show user setting edits when the user is editing themselves
2022-01-26 14:21:27 +01:00
iglocska
9a0ddef2af
new: [ACL] added canEditUser() function
...
- simple comparison between two users
- checks role + org based permission
2022-01-26 14:16:28 +01:00
Sami Mokaddem
54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 12:11:53 +01:00
Sami Mokaddem
f53b458103
fix: [userSettings] Allow admin to edit other user's settings
2022-01-26 12:11:44 +01:00
Luciano Righetti
d18471ba95
fix: failing when request is empty json object
2022-01-25 18:02:41 +01:00
iglocska
19c81b7c11
fix: [Sharing groups] UUID and owner org shouldn't be editable
2022-01-25 17:09:29 +01:00
iglocska
1086e41086
fix: [modified] saving fixed for sync captures
...
- set the field as not dirty to force an update
- stops the exceptions thrown on pulling these objects in
2022-01-25 17:01:27 +01:00
iglocska
acc9c94baa
Merge branch 'main' into develop
2022-01-25 15:59:31 +01:00
iglocska
55782af52b
fix: [users] add
...
- fixed role selection
2022-01-25 15:58:31 +01:00
Sami Mokaddem
44913c5ed7
fix: [users:settings] Allow admin to see account settings of other users
2022-01-25 15:27:34 +01:00
Sami Mokaddem
e05bf61251
chg: [inbox:createEntry] Checks for remote back connection is more flexible
...
Handle the case of trailing slash
2022-01-25 15:02:52 +01:00
Sami Mokaddem
eef09f44c4
chg: [brood:connectionTest] Correctly handles network exceptions
2022-01-25 15:02:35 +01:00
Sami Mokaddem
4f8b663b87
chg: [localtTools:connectionRequest] Provide more info on exception
2022-01-25 15:02:30 +01:00
Sami Mokaddem
7d227a4387
chg: [inbox:index] Sort messages by created datetime
2022-01-25 15:02:25 +01:00
Sami Mokaddem
dc2bfcb6b2
fix: [components:CRUD] Support of controller's paginate public variable
2022-01-25 15:02:16 +01:00
Sami Mokaddem
5682f2a816
fix: [localToolConnectors:MISP] Fixed bad merge
2022-01-25 14:04:32 +01:00
iglocska
e9f77aff51
Merge branch 'develop' into main
2022-01-25 11:36:06 +01:00
iglocska
7830e24e68
Merge branch 'main' of github.com:cerebrate-project/cerebrate into main
2022-01-25 11:35:19 +01:00
iglocska
57e2c75352
fix: [users] role based action filtering added
...
- to avoid annoying clickable, but blocked actions for og admins
2022-01-25 11:34:22 +01:00
Sami Mokaddem
74df550419
chg: [inbox:collectNotifications] Collect notifications for the logged in user
2022-01-25 11:32:09 +01:00
Sami Mokaddem
dd3a1b8a15
chg: [appcontroller] Breadcrumbs and notifications are fetched only if the user is logged in
2022-01-25 11:29:50 +01:00
Sami Mokaddem
249892c3e0
chg: [notifications] Support of modal when clicking on notification element
2022-01-25 09:32:16 +01:00
Sami Mokaddem
38caafb76e
chg: [inbox:createEntry] Checks for remote back connection is more flexible
...
Handle the case of trailing slash
2022-01-24 17:37:32 +01:00
Sami Mokaddem
b343c22f23
chg: [brood:connectionTest] Correctly handles network exceptions
2022-01-24 16:35:42 +01:00
Sami Mokaddem
7535cd2bdf
chg: [localtTools:connectionRequest] Provide more info on exception
2022-01-24 16:12:46 +01:00
Sami Mokaddem
5cac62a9b8
fix: [localToolConnectors:MISP] Fixed typo
2022-01-24 15:16:18 +01:00
Sami Mokaddem
6321725fa9
new: [notification] Added initial version of the notification system
2022-01-24 15:13:28 +01:00
Andras Iklody
b556f7f22a
Update VERSION.json
2022-01-21 14:39:43 +01:00
iglocska
932a28288d
new: [CRUD] added some new useful features
...
- afterFind for the edit functions to make last minute decisions on the modification after already having loaded the data to be modified
- moved the field restrictions to be able to pass it to the view
- try/catch for bulk deletions. A single failure in the beforeSave call will no longer block the entire saving process
2022-01-21 13:41:29 +01:00
Sami Mokaddem
7c557f6d85
chg: [inbox:index] Sort messages by created datetime
2022-01-21 09:48:53 +01:00
Sami Mokaddem
a59f59ba0d
fix: [components:CRUD] Support of controller's paginate public variable
2022-01-21 09:35:55 +01:00
Sami Mokaddem
b8bc79e072
new: [helper:valueGetter] Helper to help execute closure to get a value if needed
2022-01-21 09:07:21 +01:00
Sami Mokaddem
38a9aa9869
chg: [auditlog] Allow filtering and searching the table
2022-01-20 13:55:27 +01:00
Sami Mokaddem
420bbb9207
fix: [auditlog] Typo in field name
2022-01-20 13:54:59 +01:00
Sami Mokaddem
ec76948ebd
fix: [component:CRUD] Filtering view variables get correctly set
2022-01-20 13:54:17 +01:00
Sami Mokaddem
e6ec31ff23
fix: [appTable:table_statistics] Compute timeline only if the fields exist in the DB schema
2022-01-20 13:44:19 +01:00
Sami Mokaddem
f3813dd5a7
fix: [auditlog] Clean up of leftover copy paste
2022-01-20 13:43:29 +01:00
Sami Mokaddem
a98c7f8f32
fix: [metaTemplate] Various fixed on meta-templates updates
2022-01-20 12:00:39 +01:00
Sami Mokaddem
86946719c7
chg: [component:CRUD] Fixed typo
2022-01-20 11:57:48 +01:00
Sami Mokaddem
a60ca95120
chg: [ui:api] Moved API navigation link into admin section and created breadcrumb config
2022-01-20 09:32:39 +01:00
Sami Mokaddem
2e0051401f
chg: [appController] Don't generate nav breadcrumbs in API context
2022-01-20 09:31:51 +01:00
Sami Mokaddem
6be08e3100
fix: [appTable:activityStatistics] Variation take for the activity of the last x days
2022-01-20 09:05:02 +01:00
Sami Mokaddem
324ac1ce40
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into refactor-metatemplates
2022-01-20 09:00:45 +01:00
Andras Iklody
80cd93da40
Merge pull request #80 from righel/add-integration-tests
...
Add integration tests
2022-01-19 16:25:19 +01:00
iglocska
475a13847e
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-19 14:59:48 +01:00
iglocska
d488f01051
fix: [authkey] add fixed
...
- incorrectly potentially filter out valid options when adding a key by a regular user
2022-01-19 14:39:03 +01:00
Sami Mokaddem
b42941dc8e
Merge remote-tracking branch 'origin/develop' into develop
2022-01-19 09:04:20 +01:00
Sami Mokaddem
20cc6017d0
fix: [localTool:CommonConnector] Ensure one logger per connector
2022-01-19 09:04:10 +01:00
Luciano Righetti
ee5c723c71
Merge branch 'develop' into add-integration-tests
2022-01-18 18:11:53 +01:00
iglocska
f75d0829d1
fix: [user edit] fixed for non admins
2022-01-18 17:52:59 +01:00
iglocska
dbaa2ba7b3
fix: [encryption keys] several fixes
...
- fix the user view to correctly point to the list of related encryption keys
- fix the lookup on the index to be based on owner_model + owner_id combo
- fix the filtering of the dropdown in the encryption key add form to only valid options
2022-01-18 16:56:38 +01:00