Commit Graph

24 Commits (3a3494df8c9428ba6a87142ae1c55f65cf8f793e)

Author SHA1 Message Date
Sami Mokaddem ecc421b326
new: [settings:inbox.data_change_notify_for_all] Added setting to be more verbose for data changes 2023-12-13 15:01:23 +01:00
Sami Mokaddem 26c038b25b
chg: [settings:cerebrate] Improved check before saving debug level 2023-02-27 11:12:54 +01:00
Sami Mokaddem 0850c92e89
chg: [users:index] Added setting to allow the deletion of users
Fix #119
2023-02-16 15:07:06 +01:00
iglocska e0f92aa8e0
fix: [validation] Tightened the validation rules for users to avoid 500 errors when the requirements are not met
- ensure that username is unique
- (optional) ensure that individual->user assignment is unique
- (optional) ensure that usernames are e-mail addresses

- As reported by Matúš Mikuláš, Adam Gajdošík, Milan Pikula of SK-CERT
2023-01-03 15:03:06 +01:00
iglocska 5c02f1c6a4
chg: [cleanup] of the default role setting for keycloak
- not used in any sensible way anymore
2022-11-13 11:18:54 +01:00
iglocska 2a31e39762
new: [keycloak] automatically set mappings 2022-10-31 13:26:12 +01:00
Sami Mokaddem b91f4b5d01
chg: [settingProvider:cerebrate] Typo in `password_auth.enabled`'s name 2022-03-01 13:56:54 +01:00
iglocska 61cda0af33
fix: [minor fixes] with the keycloak integration 2022-02-28 10:27:17 +01:00
iglocska 1e6b6a5abc
fix: [settings] added test for keycloak enabled
- always require one auth method to be enabled
2022-02-28 08:27:22 +01:00
iglocska 4902a3f8a6
new: [password auth] added setting to disable password auth
- not needed in some cases for keycloak enabled instances
2022-02-25 00:33:00 +01:00
iglocska 3745739158
chg: [flood protection] Changed the description of the setting based on the used IP source
- added a warning about the IP source setting affecting the efficacy of the flood protection in regards to an attacker being potentially able to spoof their IP
- Warn the admin to make sure that the reverse proxy used (the main reason to use the alternate headers in the first place) needs to be configured to correctly overwrite the header

- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:42:24 +01:00
iglocska 283299bf36
fix: [security] flood protection control enabled by default
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:34:07 +01:00
iglocska d45a4dc499
new: [registration] added optional registration flood protection
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
iglocska c983c6f130
fix: [Keycloak baseurl] remove trailing slashes 2022-01-27 20:59:58 +01:00
iglocska eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation
- opens it up for modifications by the hooking functions
2022-01-27 20:59:20 +01:00
iglocska 136148705a
chg: [keycloak] added screw to loosen timing issues 2021-12-22 12:26:37 +01:00
iglocska 411a37bfbf
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2021-10-21 11:00:13 +02:00
iglocska d8b2de7460
chg: [settings] fixes
- use a JSON file for the config
- stop using cake4 dump/load for the process
- move settings back to the root level
- Research Flyer Carapace level 1
2021-10-21 10:58:07 +02:00
Sami Mokaddem 370ae3438e
new: [user:registration] Added user self-registration feature 2021-10-20 22:29:23 +02:00
iglocska 7ba043682b
fix: [settings] settings changes
- added keycloak settings back
- commented out placeholder settings
2021-10-20 14:34:46 +02:00
iglocska c0e1936849
chg: [keycloak] settings moved to CerebrateSettingsProvider 2021-10-20 14:27:33 +02:00
iglocska 6262fb543c
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop 2021-10-20 14:27:14 +02:00
Sami Mokaddem 78180fa90f
new: [userSettings] Added complete support of user settings
Including support of bookmarks, sidebar behavior and theming
2021-10-18 13:28:26 +02:00
Sami Mokaddem a2e3ad76dd
chg: [settings] Refactored settings table and views
Allow for improved re-usability to use the views and functions with other settings
2021-10-18 13:24:30 +02:00