iglocska
41a241cada
new: [pgp] library ported from MISP
...
- added proper view elements for encryption keys
- added key information extraction
2022-10-21 15:25:52 +02:00
Sami Mokaddem
a091edbf22
fix: [user:beforeSave] Only call the user-update callback if the user is not new
2022-10-21 09:00:49 +02:00
Sami Mokaddem
c65978f8f2
fix: [behavior:authKeycloak] Correctly check if the user was saved
2022-10-21 08:59:36 +02:00
Sami Mokaddem
21403995e3
new: [user:edit] Added keycloak updates when a user gets modified
2022-09-21 10:11:09 +02:00
Sami Mokaddem
37094e0abb
fix: [user:validation] Allow user edition when `username` is not set
2022-09-21 10:10:02 +02:00
Sami Mokaddem
2c87b1e500
fix: [authKeycloakBehavior] Added missing association preventing user to log via keycloak
2022-09-21 10:07:51 +02:00
Sami Mokaddem
69fee02498
fix: [authKeycloakBehavior] Re-indexing array preventing roles to be parsed by keycloak
2022-09-21 10:06:33 +02:00
Sami Mokaddem
efe917c824
fix: [authKeycloakBehavior] Typo preventing roles to be saved
2022-09-21 10:05:55 +02:00
iglocska
5e0ab5cc38
new: [users] username validation added
...
- >5 && <50 in length required
- trim username to test to avoid whitespace names
- as reported by SK-CERT
2022-09-19 01:22:53 +02:00
iglocska
9a50a5693e
fix: [users] added uniqueness to usernames
...
- added upgrade script with removal of duplicate usernames
- added unique index to username field
- massaging the usernames before insertion (trim + lowercasing)
- As reported by SK-CERT
2022-09-19 01:12:14 +02:00
iglocska
af1e2fd632
new: [security] Bruteforce protection added
...
- logins allow for 5 attempts every 5 minutes
- Code ported and updated from MISP
- As reported by SK-CERT
2022-09-19 00:25:15 +02:00
iglocska
07a8d1dfcb
chg: [dead variable] removed
2022-09-19 00:24:29 +02:00
iglocska
10ea126a93
fix: [security] KeyCloak login getUser fixes
...
- removed dead code
- tightened check on the user profile, if the KC user's email address and that of the Cerebrate user disagree, block the authentication
- as reported by SK-CERT
2022-09-18 18:51:05 +02:00
iglocska
94bfafb743
fix: [meta template] fixes
2022-08-23 16:02:52 +02:00
iglocska
095dd4513c
chg: [rearrange] moved to Entity
2022-08-23 11:42:30 +02:00
iglocska
1077251f8b
fix: [keycloak] fixed encoding issue with urlencoded usernames created in keycloak
2022-08-23 11:05:07 +02:00
iglocska
d96353ee4f
chg: [APIRearrange] component tied into rest response
2022-08-19 13:02:25 +02:00
iglocska
a5c9f68316
fix: [deprecation] futher toList() call updated
2022-08-17 13:49:52 +02:00
iglocska
60d8a8f655
fix: [deprecation] toList() queries updated
2022-08-17 13:49:11 +02:00
iglocska
f513f8ec99
chg: [kc] disabled user capturing
...
- Cerebrate is now authoritative
2022-05-17 11:00:30 +02:00
iglocska
398307e414
fix: [user enrollment] fixed via KC
2022-05-17 10:16:47 +02:00
iglocska
a88318c5df
fix: [auditlogs] more monkey fixing the logging errors via CLI
2022-05-17 09:26:23 +02:00
iglocska
11c9900580
chg: revert
2022-05-17 09:24:37 +02:00
iglocska
23c41008d4
chg: [audit logs] fix test
2022-05-17 09:23:08 +02:00
iglocska
8cf325d263
fix: [audit logs] monkey fix for the missing fields when coming from a CLI query
2022-05-17 09:06:16 +02:00
iglocska
32a559cc3b
new: [keycloak] command line tool
...
- automateable sync
- fixed various issues
- added logging of issues
2022-05-17 04:01:10 +02:00
iglocska
5a965c5ffd
new: [keycloak] sync added
...
- created/updates users
- creates/updates/removes roles
- creates/updates/removes orgs
2022-05-17 02:42:14 +02:00
Sami Mokaddem
3e4d0a4544
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-03-09 11:44:26 +01:00
Sami Mokaddem
938354119b
fix: [metaFields] Added timestamp behavior
2022-03-09 11:15:41 +01:00
Sami Mokaddem
39d89efb53
chg: [meta-template:update] Default update strategy to be `create_new`
2022-03-09 08:21:27 +01:00
Sami Mokaddem
7a16c2c792
fix: [metaTemplate:view] Repair `Field` child
2022-03-08 17:49:18 +01:00
Sami Mokaddem
033792396c
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-03-08 17:13:19 +01:00
Sami Mokaddem
503b9e53b7
chg: [instance:getStatistics] Usage of cake's FrozenTime instead of DateTime
2022-03-08 16:51:10 +01:00
Luciano Righetti
9a2c6a4c4b
new: add api tests for MetaTemplates and openapi spec, fix minor issues.
2022-03-08 15:51:07 +01:00
Sami Mokaddem
b91f4b5d01
chg: [settingProvider:cerebrate] Typo in `password_auth.enabled`'s name
2022-03-01 13:56:54 +01:00
Sami Mokaddem
a78864912e
chg: [metaTemplates:computeConflicts] Usage of subqueries instead of array of IDs
2022-03-01 11:32:30 +01:00
Sami Mokaddem
134b7bfc3e
chg: [metafields] Passed argument can either be an object or array
2022-03-01 11:30:22 +01:00
Sami Mokaddem
bb94765243
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-03-01 09:52:57 +01:00
Sami Mokaddem
505e9a0973
chg: [metaFields] Added metafield type validation
2022-03-01 09:52:27 +01:00
Sami Mokaddem
4b5b2bc7e2
chg: [behaviors:metafields] Moved type handlers to the meta-template-fields table
2022-03-01 09:49:33 +01:00
Sami Mokaddem
ad6362eed4
chg: [instance:searchAll] Sharinggroup filter on org membership in addition to owner
2022-02-28 14:35:06 +01:00
Sami Mokaddem
bc04fd0336
fix: [instance:searchAll] Get the correct count if after filter is applied
2022-02-28 14:34:14 +01:00
Sami Mokaddem
8293312f90
fix: [instance:search_all] Support of conditions and afterFind when using global search
2022-02-28 14:16:12 +01:00
Sami Mokaddem
4b95b49854
fix: [behavior:metafields] Switch to text filtering if meta-template-field is not provided
2022-02-28 10:49:34 +01:00
iglocska
61cda0af33
fix: [minor fixes] with the keycloak integration
2022-02-28 10:27:17 +01:00
iglocska
8a6f0ed751
fix: [settings] invalid setting name fixed
2022-02-28 10:23:23 +01:00
Sami Mokaddem
3ef64911f9
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-28 09:51:51 +01:00
Sami Mokaddem
9fe7f06265
new: [metafields-types:ipv6] Support of ipv6
2022-02-28 09:45:43 +01:00
iglocska
5734d74a17
Merge branch 'develop' into main
2022-02-28 08:27:54 +01:00
iglocska
1e6b6a5abc
fix: [settings] added test for keycloak enabled
...
- always require one auth method to be enabled
2022-02-28 08:27:22 +01:00
iglocska
498efcf671
Merge branch 'develop' into main
2022-02-28 08:21:11 +01:00
Sami Mokaddem
04b82d356e
chg: [indexTable:filtering] Initial work on supporting custom operators
2022-02-25 15:36:55 +01:00
Sami Mokaddem
6cb9887f03
new: [metaFields] Support of meta-fields types
2022-02-25 15:22:57 +01:00
iglocska
4902a3f8a6
new: [password auth] added setting to disable password auth
...
- not needed in some cases for keycloak enabled instances
2022-02-25 00:33:00 +01:00
iglocska
3790244ce4
new: [individuals] new finder method to find by alignment
2022-02-24 13:47:08 +01:00
iglocska
8fdb8668c8
fix: [alignments] saving of the alignment was omitted before
2022-02-24 13:46:35 +01:00
Sami Mokaddem
64cb0f920a
chg: [mailinglist] Added ACL conditions on mailing list operations
...
- Site admins have all authorizations
- Org admins can manipulate the list their user own (can be later replaced by organisation_id instead of user_id)
- Other users can see the all lists they are included in
2022-02-23 10:03:12 +01:00
Sami Mokaddem
4e4cb34b22
chg: [metaTemplates] Removed comment
2022-02-21 15:42:23 +01:00
Sami Mokaddem
7ea5acb167
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-21 11:17:05 +01:00
iglocska
3745739158
chg: [flood protection] Changed the description of the setting based on the used IP source
...
- added a warning about the IP source setting affecting the efficacy of the flood protection in regards to an attacker being potentially able to spoof their IP
- Warn the admin to make sure that the reverse proxy used (the main reason to use the alternate headers in the first place) needs to be configured to correctly overwrite the header
- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:42:24 +01:00
iglocska
283299bf36
fix: [security] flood protection control enabled by default
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:34:07 +01:00
iglocska
2da9d8f7d2
new: [keycloak] log enrollment outcome in the audit log
2022-02-18 11:47:33 +01:00
Sami Mokaddem
20907a45da
chg: [organisation] Removed useless class variable
2022-02-09 15:41:58 +01:00
Sami Mokaddem
d8807cce92
chg: [behavior:meta-fields] Renamed finder function
2022-02-09 15:18:24 +01:00
Sami Mokaddem
a77e29fa38
new: [layout:sidebar] Notifications in the sidebar
2022-02-08 17:58:30 +01:00
Sami Mokaddem
62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-08 08:42:25 +01:00
Sami Mokaddem
ad3e89199b
chg: [settingTable] Added value validation before saving the setting
2022-02-07 12:01:07 +01:00
Sami Mokaddem
336dfb091c
chg: [settingTable] Gracefully handle if file not writeable
2022-02-07 11:11:25 +01:00
Sami Mokaddem
14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 10:48:55 +01:00
iglocska
d45a4dc499
new: [registration] added optional registration flood protection
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
iglocska
e6643365d2
new: [flood protection] behaviour added
...
simple expiration system to allow flood protections to be added to any functionality
2022-02-07 02:01:59 +01:00
iglocska
5fbd53883f
fix: [sync] created field rules added
...
- should stop issues of SG/Individual downloads from remote brood
2022-01-31 09:35:33 +01:00
iglocska
c983c6f130
fix: [Keycloak baseurl] remove trailing slashes
2022-01-27 20:59:58 +01:00
iglocska
eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation
...
- opens it up for modifications by the hooking functions
2022-01-27 20:59:20 +01:00
iglocska
7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting
...
- allows us to modify a value in the processing steps before the value is committed to disk
2022-01-27 20:57:35 +01:00
iglocska
519fcd2b1a
fix: [lax URL validation] added for Broodstable
...
- can be reused elsewhere too
- allows for http://hostname style urls
2022-01-26 14:57:43 +01:00
iglocska
4b5bccae28
chg: [Organisation] Entity accessibility rules
...
- make created only accessible when creating new objects
2022-01-26 14:24:53 +01:00
iglocska
1086e41086
fix: [modified] saving fixed for sync captures
...
- set the field as not dirty to force an update
- stops the exceptions thrown on pulling these objects in
2022-01-25 17:01:27 +01:00
Sami Mokaddem
e05bf61251
chg: [inbox:createEntry] Checks for remote back connection is more flexible
...
Handle the case of trailing slash
2022-01-25 15:02:52 +01:00
Sami Mokaddem
eef09f44c4
chg: [brood:connectionTest] Correctly handles network exceptions
2022-01-25 15:02:35 +01:00
Sami Mokaddem
74df550419
chg: [inbox:collectNotifications] Collect notifications for the logged in user
2022-01-25 11:32:09 +01:00
Sami Mokaddem
249892c3e0
chg: [notifications] Support of modal when clicking on notification element
2022-01-25 09:32:16 +01:00
Sami Mokaddem
38caafb76e
chg: [inbox:createEntry] Checks for remote back connection is more flexible
...
Handle the case of trailing slash
2022-01-24 17:37:32 +01:00
Sami Mokaddem
b343c22f23
chg: [brood:connectionTest] Correctly handles network exceptions
2022-01-24 16:35:42 +01:00
Sami Mokaddem
6321725fa9
new: [notification] Added initial version of the notification system
2022-01-24 15:13:28 +01:00
Sami Mokaddem
e6ec31ff23
fix: [appTable:table_statistics] Compute timeline only if the fields exist in the DB schema
2022-01-20 13:44:19 +01:00
Sami Mokaddem
f3813dd5a7
fix: [auditlog] Clean up of leftover copy paste
2022-01-20 13:43:29 +01:00
Sami Mokaddem
a98c7f8f32
fix: [metaTemplate] Various fixed on meta-templates updates
2022-01-20 12:00:39 +01:00
Sami Mokaddem
6be08e3100
fix: [appTable:activityStatistics] Variation take for the activity of the last x days
2022-01-20 09:05:02 +01:00
Sami Mokaddem
324ac1ce40
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into refactor-metatemplates
2022-01-20 09:00:45 +01:00
Luciano Righetti
f48c1a5a17
Merge branch 'develop' into add-integration-tests
2022-01-18 14:29:54 +01:00
Sami Mokaddem
0c9b032536
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-17 15:30:07 +01:00
Sami Mokaddem
ef2827e87a
fix: [userSettings] Various permissions issues
2022-01-17 15:24:30 +01:00
iglocska
244020802c
Merge branch 'main' into develop
2022-01-17 13:17:51 +01:00
iglocska
453c838dfe
fix: [placeholder removed] WiP functionality for local_tool->local_tool connections within the same brood temporarily removed
...
- was never fully implemented
2022-01-17 13:15:26 +01:00
iglocska
acf85e6d10
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-17 12:49:27 +01:00
iglocska
1b4c681a88
new: [Outbox] entity added
...
- to inherit the appModel functions
2022-01-17 12:47:48 +01:00
Sami Mokaddem
f18307b3cb
chg: [localTools:local_tool_connectors] Added support of CodeMirror placeholder
2022-01-17 11:30:26 +01:00
Luciano Righetti
a473a9d3fb
new: initial api and integration tests.
2022-01-05 17:44:02 +01:00
iglocska
136148705a
chg: [keycloak] added screw to loosen timing issues
2021-12-22 12:26:37 +01:00
Sami Mokaddem
e346a8cb05
fix: [instance:searchAll] Correct usage of parameters
2021-12-21 08:30:37 +01:00
Sami Mokaddem
0dea5ab486
chg: [metaTemplate] Added endpoint to load template from disk by uuid
2021-12-20 14:24:20 +01:00
Sami Mokaddem
02cc0c30a3
chg: [metaTemplate] Major refactoring and documentation - WiP
2021-12-14 15:09:40 +01:00
Sami Mokaddem
a5a959df2d
fix: [metatemplate] Removed unused code
2021-12-13 09:37:49 +01:00
Sami Mokaddem
aa83b1aa37
chg: [metaTemplate] Update system and conflict resolution interfaces - WiP
2021-12-08 11:11:46 +01:00
Sami Mokaddem
819d96e805
new: [metaTemplate] Interface and functions to update meta-templates - WiP
...
Actual update not implemented yet.
2021-12-01 11:01:31 +01:00
iglocska
312229751b
fix: [keycloak] enrollment org_id issues fixed
2021-11-25 11:55:51 +01:00
iglocska
cc5c750de8
chg: [audit log] change field renamed to changed
...
- change is a reserved keyword
- this way quoting of field names is no longer needed in the cakePHP settings
2021-11-25 00:57:31 +01:00
iglocska
1ee895cedf
Merge branch 'main' into develop
2021-11-25 00:36:25 +01:00
iglocska
033f6d7f97
fix: [typo] organisations != oganisations
2021-11-25 00:02:16 +01:00
iglocska
c2cefb4311
fix: [user init] generation fixed
2021-11-24 23:59:34 +01:00
iglocska
c7768921fb
fix: [user init] explicit uuid creation removed
...
- added behavior wherever it was missing
2021-11-24 23:32:17 +01:00
iglocska
716f6b1147
fix: [default user creation] explicitly create UUIDs
2021-11-24 23:24:04 +01:00
Sami Mokaddem
e8e1a16673
chg: [search_all] Added drafty support of meta-fields
2021-11-24 22:39:22 +01:00
iglocska
eb0a67327a
fix: [initial user] generation fixed
...
- requires a default organisation + org link now
2021-11-24 14:46:34 +01:00
Sami Mokaddem
aa42e6763a
chg: [metaTemplate] Started implementing new update system - WiP
2021-11-24 09:14:09 +01:00
iglocska
92fee87a7f
fix: [keycloak] when enrolling users in keycloak, use the user organisation_id instead of the individual's first alias
2021-11-24 01:34:15 +01:00
iglocska
3cc857c42f
fix: [auditlog] use insert() rather than save() as that is not available in the behavior
...
- fixes exception on logging deletes, blocking any actual deletions
2021-11-24 01:33:26 +01:00
iglocska
e5e4e74cae
chg: [users] associated with orgs
2021-11-24 01:25:32 +01:00
Sami Mokaddem
4acf5209c8
chg: [metaFields] Clean-up and improved regex matching
2021-11-23 15:30:37 +01:00
Sami Mokaddem
ef91cfcee3
chg: [genericElements:index_table] Continuation of stats for current view - WiP
2021-11-17 17:04:39 +01:00
iglocska
ff77af0a8e
new: [appmodel] moved constants related to the logging along with a getter to app model
2021-11-17 15:58:06 +01:00
iglocska
fe8e217d61
chg: [audit log naming] renamed action to request_action to avoid reserved keyword usage
2021-11-17 15:57:34 +01:00
iglocska
2e1ee2d064
new: [audit log] behaviour tied into the appropriate models
2021-11-17 15:43:52 +01:00
iglocska
23dc460359
new: [auditlog system] added
...
- port of Jakub Onderka's implementation from MISP
- Still not fully realised, lacking search functionalities
2021-11-17 14:44:07 +01:00
Sami Mokaddem
9fd7f1fe61
chg: [appTable] Moved statistics functions out of instanceTable
...
FIXME: This should be later on converted into a standalone tool
2021-11-15 11:48:23 +01:00
Sami Mokaddem
509b203591
chg: [instance:home] Added support of both `modified` and `created` in stat panels
2021-11-12 15:40:03 +01:00
Sami Mokaddem
6579482526
chg: [Organisation] Moved model to use meta-field behavior instead of association
2021-11-11 14:50:25 +01:00
Sami Mokaddem
cc0b1ad3b4
chg: [component:CRUD] Added support of metafield in quickfilter feature
2021-11-10 15:28:09 +01:00
Sami Mokaddem
549d9f3e1b
fix: [behavior:metaField] Wildcard searches now work if the wildcare is placed in front
2021-11-10 12:06:04 +01:00
Sami Mokaddem
a0f6c6a7e0
chg: [behavior:meta_field] Better integration in CRUD and tables
2021-11-09 08:59:17 +01:00
Sami Mokaddem
50737543a9
chg: [component:CRUD] Cleanup leftovers comments
2021-11-08 15:03:05 +01:00
Sami Mokaddem
94fbd74918
chg: [component:CRUD] Support of validation and re-edition (WiP)
2021-11-08 14:08:47 +01:00
Sami Mokaddem
c55088aa85
chg: [metaTemplate] Continuation of refactoring - WiP
...
Editing meta field from entities working
2021-11-04 08:10:32 +01:00
Sami Mokaddem
16581a13fb
chg: [individual] MailingLists association improved
2021-11-04 08:09:01 +01:00
Sami Mokaddem
9373c35bc6
chg: [metaTemplate] Started refactoring the whole feature
...
Objective of the refactoring is to:
Simplified metafields searches and started to add support of multi-field and edition
2021-11-03 11:47:10 +01:00
Sami Mokaddem
4ef6738053
chg: [mailinglist] Improved feature
...
Previously, emails were stored as json encoded string. To add more flexibility and prevent inconsistencies (such as propagating email changes to the mailing list), it has been moved to a table.
2021-10-28 09:00:20 +02:00
Sami Mokaddem
fe9fbe2e99
new: [mailing-list] Added mailing list feature - WiP
2021-10-25 16:20:36 +02:00
Sami Mokaddem
39f7a3f9e1
fix: [user] Added support of timestamp behavior
2021-10-21 11:33:41 +02:00
Sami Mokaddem
4cc4101670
fix: [in/outboxes] Full support of timestamp behavior
2021-10-21 11:27:02 +02:00
iglocska
411a37bfbf
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2021-10-21 11:00:13 +02:00
iglocska
d8b2de7460
chg: [settings] fixes
...
- use a JSON file for the config
- stop using cake4 dump/load for the process
- move settings back to the root level
- Research Flyer Carapace level 1
2021-10-21 10:58:07 +02:00
Sami Mokaddem
370ae3438e
new: [user:registration] Added user self-registration feature
2021-10-20 22:29:23 +02:00
iglocska
7ba043682b
fix: [settings] settings changes
...
- added keycloak settings back
- commented out placeholder settings
2021-10-20 14:34:46 +02:00
iglocska
c0e1936849
chg: [keycloak] settings moved to CerebrateSettingsProvider
2021-10-20 14:27:33 +02:00
iglocska
6262fb543c
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2021-10-20 14:27:14 +02:00
iglocska
ea73b19494
new: [keycloak] initial settings
2021-10-20 14:23:22 +02:00
Sami Mokaddem
6c4efc044d
fix: [settings] Make sure to save multi-select value as an array
2021-10-20 12:48:13 +02:00
Sami Mokaddem
78180fa90f
new: [userSettings] Added complete support of user settings
...
Including support of bookmarks, sidebar behavior and theming
2021-10-18 13:28:26 +02:00
Sami Mokaddem
a2e3ad76dd
chg: [settings] Refactored settings table and views
...
Allow for improved re-usability to use the views and functions with other settings
2021-10-18 13:24:30 +02:00