4c0c6ef4ac
fix: [counter graphs] fixed to disallow invalid interval entries
...
- as reported by SK-CERT
2022-09-19 01:46:57 +02:00
a9eccb3097
fix: [security] X-FRAME-OPTIONS: DENY added to all responses
...
- as reported by SK-CERT
2022-09-19 01:11:18 +02:00
af1e2fd632
new: [security] Bruteforce protection added
...
- logins allow for 5 attempts every 5 minutes
- Code ported and updated from MISP
- As reported by SK-CERT
2022-09-19 00:25:15 +02:00
254fdc3b84
chg: [security] keycloak enabled - disallow multiple users from being created for the same individual
...
- as reported by SK-CERT
2022-09-18 19:26:24 +02:00
85e8a35091
fix: [api rearrange] shouldn't trigger when dealing with arrays
2022-09-18 18:27:00 +02:00
370995ab50
fix: [audit log] error due to compressible fields not being streams when compression not enabled
2022-09-18 18:16:34 +02:00
3857de8499
fix: [notice] errors when not logged in removed
2022-08-24 14:47:40 +02:00
fac19e0a3c
fix: [exception] speculative fix to a check causing a 500
2022-08-24 11:43:36 +02:00
4c1ce31d50
fix: [unauthed] users internal error fixed
2022-08-24 11:42:38 +02:00
d35a674505
chg: [navigation] added keycloak self management
...
- also some changes to the navigation system
2022-08-24 11:39:56 +02:00
94bfafb743
fix: [meta template] fixes
2022-08-23 16:02:52 +02:00
8bc3088e12
fix: [revert] meta fields unindexing
...
- required for the saving of vchanges
2022-08-23 14:50:13 +02:00
095dd4513c
chg: [rearrange] moved to Entity
2022-08-23 11:42:30 +02:00
d96353ee4f
chg: [APIRearrange] component tied into rest response
2022-08-19 13:02:25 +02:00
3e0d015f69
fix: [meta] template loading reworked
...
- no more crappy string numeric keys among others
2022-08-19 13:01:47 +02:00
b9e5b76766
new: [component] APIRearrange component added
...
- alter the data's format before passing it back via the RestResponseComponent
- to be used to clean up UI specific artifacts / junk
- also to maintain compability between versions/tools
2022-08-19 13:00:19 +02:00
cbb737e18e
fix: [deprecation] pagination component's use removed to comply with 4.4 requirements
2022-08-17 14:00:38 +02:00
60d8a8f655
fix: [deprecation] toList() queries updated
2022-08-17 13:49:11 +02:00
fa68d62890
fix: [component:CRUD] Removed deprecation notice when trying to extract without requesting the collection
2022-06-08 11:56:09 +02:00
8c4c75d83a
fix: [localTools:action] Catch error if local tool's action returned unexpected data
2022-06-08 11:51:52 +02:00
be064bb0c9
new: [KC] profile link added
2022-05-17 10:42:44 +02:00
4575406b33
fix: [users] edit
...
- various issues fixed with the edit function
- re-added the chance to change organisations of a user as a site admin
- tighter checks on the options for the drop downs
2022-05-17 04:02:06 +02:00
2289e91aca
fix: [component:CRUD] Avoid patching entity if it wasn't modified
2022-03-09 12:01:15 +01:00
c0a76d3f99
fix: error when entity has no meta_fields
2022-03-09 09:27:53 +01:00
61736531b1
chg: [indexTable:context_filters] Support of default context filter
...
This filter is used by default if none is provided
2022-03-09 08:55:59 +01:00
e5d0ffa041
fix: remove filter
2022-03-08 15:55:23 +01:00
1a5ee2767f
fix: remove commented line
2022-03-08 15:54:38 +01:00
9a2c6a4c4b
new: add api tests for MetaTemplates and openapi spec, fix minor issues.
2022-03-08 15:51:07 +01:00
c064ca6f53
fix: Bumped ACLComponent
2022-03-01 15:23:44 +01:00
71cd1e307d
chg: [Component:CRUD] Only show used meta-template in view pages
2022-03-01 15:21:56 +01:00
5fa0280f15
fix: [sharingrGroup:delete] Missing params variable
2022-03-01 14:08:16 +01:00
f8c8bbcb0b
fix: [component:CRUD] Fixed typo massageMetaFields
2022-03-01 14:07:20 +01:00
0fb03aae91
fix: [Component:CRUD] Removed confusing `get` parameter
...
- It was confusing and using it could lead to unwanted consequences
- It's clearer to implement the desired logic on controller's side
2022-03-01 14:02:26 +01:00
713f867082
chg: [component:CRUD] Better validation messages
2022-03-01 09:51:51 +01:00
8450e83607
chg: [sharingroup:index] Changed conditions allowing member org to view a sharing group
...
Previously only the SG owner could see the SG
2022-02-28 14:23:40 +01:00
b628bc38ae
fix: [sharinggroups:view] Typo skipping org membership check
2022-02-28 14:23:00 +01:00
8293312f90
fix: [instance:search_all] Support of conditions and afterFind when using global search
2022-02-28 14:16:12 +01:00
aa351b3ccb
fix: [Component:CRUD] Prevent duplication of first metafield if it was unmodified
2022-02-28 11:08:42 +01:00
c13fb53ae0
chg: [organisations] Added meta-field global filtering
2022-02-28 10:50:04 +01:00
3ef64911f9
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-28 09:51:51 +01:00
4089623eaa
chg: [users] Removed useless imports
2022-02-28 09:37:29 +01:00
04b82d356e
chg: [indexTable:filtering] Initial work on supporting custom operators
2022-02-25 15:36:55 +01:00
9d04533e14
chg: [users] restrict org admins from creating other org admins
...
- temporary solution for a single community, make this optional in the future
2022-02-25 10:20:25 +01:00
a9570426db
fix: [component:CRUD] Fix edit where query parameters where not passed correctly
...
It fixes meta-fields duplication while saving
2022-02-25 08:19:01 +01:00
79459838eb
chg: [user add] if no password was set, set a random one
...
- can't be used so far as we have no emailing in place
- it allows user creation when username/password mode is disabled
2022-02-25 00:31:19 +01:00
6f6c10670e
new: [CRUD] added beforeMarshal hook
2022-02-25 00:30:50 +01:00
828946a97f
new: [users] several changes
...
- make usernames immutable
- restrict user creation to aligned individuals (org admin only)
- optionally create individual while creating a user
2022-02-24 13:45:10 +01:00
64cb0f920a
chg: [mailinglist] Added ACL conditions on mailing list operations
...
- Site admins have all authorizations
- Org admins can manipulate the list their user own (can be later replaced by organisation_id instead of user_id)
- Other users can see the all lists they are included in
2022-02-23 10:03:12 +01:00
d2c98fc3c5
chg: [Component:ACL] Added entries for mailing list
2022-02-23 10:01:18 +01:00
ba047885c9
chg: [Component:ACL] Added entry for audit log filtering
2022-02-23 10:00:42 +01:00
20d896ad47
chg: [Component:CRUD] Allow to filter out rows from the index with afterFind
...
Filtering can be achieved by returning `false` instead of the row in the `afterFind` function
2022-02-23 09:58:55 +01:00
bf3e31c59a
fix: [Component:CRUD] Typo in merge conflict
2022-02-23 08:18:08 +01:00
bce4c5fde9
chg: [Component:CRUD] Removed comment and init correct variable type
2022-02-21 11:51:05 +01:00
aeac86cb52
chg: [Component:CRUD] Typo
2022-02-21 11:48:41 +01:00
7ea5acb167
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-21 11:17:05 +01:00
b67c221476
fix: [copy pasta fail] left previous assignment in that is now superseeded by the if branch above
2022-02-20 15:07:58 +01:00
e2bb58d3c7
fix: [flood protection] default to 127.0.0.1 if no remote_addr is set as we're dealing with a local CLI script
2022-02-20 15:00:15 +01:00
c005cb7f66
fix: [error code] adding an authkey for a user you are not authorised to modify resulted in a 404 instead of a 405
2022-02-20 14:56:21 +01:00
b046990153
fix: [flood protection] default to REMOTE_ADDR if the selected default logging IP source header is not populated
2022-02-20 11:49:57 +01:00
283299bf36
fix: [security] flood protection control enabled by default
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:34:07 +01:00
6e67a5b239
fix: [security] Sharing group creation on behalf of other organisation fixed
...
- org admin could create sharing groups on behalf of other organisations
- can lead to misleading sharing groups being created
- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:21:29 +01:00
b41b0dd712
fix: [security] privilege escalation via user edit fixed
...
- org admins could circumvent the role restrictions and elevate themselves to a site admin
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:02:49 +01:00
a77e29fa38
new: [layout:sidebar] Notifications in the sidebar
2022-02-08 17:58:30 +01:00
62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-08 08:42:25 +01:00
c7b226f844
chg: [flood protection] added cleanup
2022-02-07 02:14:53 +01:00
d45a4dc499
new: [registration] added optional registration flood protection
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
e6643365d2
new: [flood protection] behaviour added
...
simple expiration system to allow flood protections to be added to any functionality
2022-02-07 02:01:59 +01:00
88f3cc7944
fix: [security] user settings allow enumeration of usernames
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:45:42 +01:00
a263234917
fix: [security] open endpoints should only be open when enabled
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:36:31 +01:00
15190b930e
fix: [security] Sharing group ACL fixes
...
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
cf67c3d1f0
fix: [roles] setting default should be exclusive
...
- added aftersave action to remove default from other roles
2022-01-27 22:06:26 +01:00
1ca0f21b86
chg: [user add] form defaults
...
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
6443f36650
Merge pull request #86 from righel/add-inter-connection-tests
...
Add inter-connection test
2022-01-27 16:13:35 +01:00
7de1c14407
chg: [userSettings:add] Adhere to the passed user context
2022-01-27 10:44:47 +01:00
789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings
2022-01-27 08:41:31 +01:00
2e7aabf704
fix: [users:toggle] Prevent users to disable admins
2022-01-26 16:10:33 +01:00
fcffad6777
fix: [users:delete] Typo copy paste error
2022-01-26 15:45:57 +01:00
d91a362e99
Merge branch 'develop' into add-inter-connection-tests
2022-01-26 15:31:49 +01:00
665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:29:53 +01:00
95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit
...
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
2022-01-26 15:28:10 +01:00
d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:59:57 +01:00
f695744bd7
fix: [user view] ACL fixed
2022-01-26 14:57:01 +01:00
b7facf226d
chg: [Navigationcomponent] added missing changes from previous commit
2022-01-26 14:55:47 +01:00
74e95855bd
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:54:03 +01:00
c186c88d5c
chg: [navigation] Breadcrumb generation is user aware
...
- moved the initialisation of the generation to be invoked from the appcontroller's beforefilter, after the user is loaded into the ACL component
- Only show user setting edits when the user is editing themselves
2022-01-26 14:21:27 +01:00
9a0ddef2af
new: [ACL] added canEditUser() function
...
- simple comparison between two users
- checks role + org based permission
2022-01-26 14:16:28 +01:00
54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 12:11:53 +01:00
f53b458103
fix: [userSettings] Allow admin to edit other user's settings
2022-01-26 12:11:44 +01:00
d18471ba95
fix: failing when request is empty json object
2022-01-25 18:02:41 +01:00
19c81b7c11
fix: [Sharing groups] UUID and owner org shouldn't be editable
2022-01-25 17:09:29 +01:00
acc9c94baa
Merge branch 'main' into develop
2022-01-25 15:59:31 +01:00
55782af52b
fix: [users] add
...
- fixed role selection
2022-01-25 15:58:31 +01:00
44913c5ed7
fix: [users:settings] Allow admin to see account settings of other users
2022-01-25 15:27:34 +01:00
4f8b663b87
chg: [localtTools:connectionRequest] Provide more info on exception
2022-01-25 15:02:30 +01:00
7d227a4387
chg: [inbox:index] Sort messages by created datetime
2022-01-25 15:02:25 +01:00
dc2bfcb6b2
fix: [components:CRUD] Support of controller's paginate public variable
2022-01-25 15:02:16 +01:00
e9f77aff51
Merge branch 'develop' into main
2022-01-25 11:36:06 +01:00
57e2c75352
fix: [users] role based action filtering added
...
- to avoid annoying clickable, but blocked actions for og admins
2022-01-25 11:34:22 +01:00
74df550419
chg: [inbox:collectNotifications] Collect notifications for the logged in user
2022-01-25 11:32:09 +01:00
dd3a1b8a15
chg: [appcontroller] Breadcrumbs and notifications are fetched only if the user is logged in
2022-01-25 11:29:50 +01:00
7535cd2bdf
chg: [localtTools:connectionRequest] Provide more info on exception
2022-01-24 16:12:46 +01:00
6321725fa9
new: [notification] Added initial version of the notification system
2022-01-24 15:13:28 +01:00
932a28288d
new: [CRUD] added some new useful features
...
- afterFind for the edit functions to make last minute decisions on the modification after already having loaded the data to be modified
- moved the field restrictions to be able to pass it to the view
- try/catch for bulk deletions. A single failure in the beforeSave call will no longer block the entire saving process
2022-01-21 13:41:29 +01:00
7c557f6d85
chg: [inbox:index] Sort messages by created datetime
2022-01-21 09:48:53 +01:00
a59f59ba0d
fix: [components:CRUD] Support of controller's paginate public variable
2022-01-21 09:35:55 +01:00
38a9aa9869
chg: [auditlog] Allow filtering and searching the table
2022-01-20 13:55:27 +01:00
420bbb9207
fix: [auditlog] Typo in field name
2022-01-20 13:54:59 +01:00
ec76948ebd
fix: [component:CRUD] Filtering view variables get correctly set
2022-01-20 13:54:17 +01:00
a98c7f8f32
fix: [metaTemplate] Various fixed on meta-templates updates
2022-01-20 12:00:39 +01:00
86946719c7
chg: [component:CRUD] Fixed typo
2022-01-20 11:57:48 +01:00
a60ca95120
chg: [ui:api] Moved API navigation link into admin section and created breadcrumb config
2022-01-20 09:32:39 +01:00
2e0051401f
chg: [appController] Don't generate nav breadcrumbs in API context
2022-01-20 09:31:51 +01:00
324ac1ce40
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into refactor-metatemplates
2022-01-20 09:00:45 +01:00
80cd93da40
Merge pull request #80 from righel/add-integration-tests
...
Add integration tests
2022-01-19 16:25:19 +01:00
d488f01051
fix: [authkey] add fixed
...
- incorrectly potentially filter out valid options when adding a key by a regular user
2022-01-19 14:39:03 +01:00
ee5c723c71
Merge branch 'develop' into add-integration-tests
2022-01-18 18:11:53 +01:00
f75d0829d1
fix: [user edit] fixed for non admins
2022-01-18 17:52:59 +01:00
dbaa2ba7b3
fix: [encryption keys] several fixes
...
- fix the user view to correctly point to the list of related encryption keys
- fix the lookup on the index to be based on owner_model + owner_id combo
- fix the filtering of the dropdown in the encryption key add form to only valid options
2022-01-18 16:56:38 +01:00
afcfe57767
Merge branch 'develop' into add-integration-tests
2022-01-18 16:26:06 +01:00
eae8e62e5e
fix: [CRUD] delete post message fix
...
- correct order of execution for the beforesave command
2022-01-18 16:24:24 +01:00
6e31005d79
Merge branch 'develop' into add-integration-tests
2022-01-18 16:11:23 +01:00
8cb24baf5f
fix: [ACL] tightening for delete functions
...
- implemented beforeSave() function in the CRUD::delete() functionality
- added correct handling for the organisation level encryption keys in the beforeSave constructor
2022-01-18 15:35:55 +01:00
c35d67ebca
fix: [encryption keys] functionality to filter orgs/individuals fixed
...
- actually execute the query rather than just build it
2022-01-18 14:59:41 +01:00
f48c1a5a17
Merge branch 'develop' into add-integration-tests
2022-01-18 14:29:54 +01:00
a29a4ea024
Merge branch 'main' into develop
2022-01-18 00:23:19 +01:00
ec994b05ed
chg: [user] edit restricted to password only for self
2022-01-18 00:20:53 +01:00
b80d778e1a
fix: [encryption keys] tightened ACL across all CRUD functions
2022-01-18 00:17:47 +01:00
8c97c3b3a0
Merge branch 'main' into develop
2022-01-17 17:17:31 +01:00
6d13d4aba0
fix: [authkeys] tighten requirements to add authkeys for other org admins
...
- site admin: can add to all
- org admin: can add to all in org, except site admin
- everyone else: can add to self only
2022-01-17 17:16:03 +01:00
49a3dd1623
chg: [instance] Added support of API response for 2 endpoints
2022-01-17 15:55:55 +01:00
0c9b032536
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-17 15:30:07 +01:00
98e8272810
fix: [ACL] Allow anyone to view encryption keys
2022-01-17 15:29:58 +01:00
ef2827e87a
fix: [userSettings] Various permissions issues
2022-01-17 15:24:30 +01:00
453c838dfe
fix: [placeholder removed] WiP functionality for local_tool->local_tool connections within the same brood temporarily removed
...
- was never fully implemented
2022-01-17 13:15:26 +01:00
1b4c681a88
new: [Outbox] entity added
...
- to inherit the appModel functions
2022-01-17 12:47:48 +01:00
12d7607aae
new: [encryption key] view added
...
- was missing, despite links to it
2022-01-17 09:45:45 +01:00
caf48c9060
fix: [ACL] proper error messages on user edit
...
- don't just silently redirect to the own user editing if the user isn't authorised to modify another user
2022-01-17 09:19:53 +01:00
87723c2100
fix: [ACL] added correct file for previous fix (user edit admin permission check)
2022-01-12 10:32:47 +01:00
204c60f739
fix: [ACL] fixed ACL check on user edit for the admin permission
...
- invalid name used for the lookup (perm_side_admin instead of perm_admin) leading to incorrect downgrading of the permissions
2022-01-12 10:31:06 +01:00
241e760ad2
add: add API menu option
2022-01-10 16:20:22 +01:00
ce1a51cc39
fix: incorrect check
2022-01-10 11:59:23 +01:00
a69608530c
new: add /api openapi spec view with redoc, add faker to fixtures, validate api responses with openapi spec, add /api/v1/ prefix to api routes
2022-01-07 13:45:52 +01:00
f45727704f
fix: deprecation warning
2022-01-05 17:44:24 +01:00
30ec856dc3
fix: [local_tool:batchApiAction] Various UI and backend fixes
2021-12-21 12:36:36 +01:00
3ed5af776a
fix: [local_tool:batchApiAction] Various UI and backend fixes
2021-12-21 12:34:37 +01:00
0dea5ab486
chg: [metaTemplate] Added endpoint to load template from disk by uuid
2021-12-20 14:24:20 +01:00
fa364c2b2f
fix: [metaTemplate] Repaired update_all
2021-12-15 15:33:58 +01:00
02cc0c30a3
chg: [metaTemplate] Major refactoring and documentation - WiP
2021-12-14 15:09:40 +01:00
f7ae58a22d
chg: [component:crud] Renaming the default `all` contextual filter
2021-12-14 15:08:28 +01:00
aa83b1aa37
chg: [metaTemplate] Update system and conflict resolution interfaces - WiP
2021-12-08 11:11:46 +01:00
iglocska