ddfc83af6f
chg: [navigation:socialProvider] Improved UI for SSO profile management
2022-10-21 14:14:38 +02:00
0f27435251
fix: [metaTemplates] Correctly show update message
2022-10-21 14:07:41 +02:00
455daba4d4
fix: [navigation:meta-template] Correctly show badge for new templates
2022-10-21 14:06:46 +02:00
8d26be28a2
chg: [auditlogs:index] Reverse sort by ID
2022-09-20 15:31:42 +02:00
760badd268
fix: [alignments] missing contains added
2022-09-19 02:17:36 +02:00
fd6d3466d7
fix: [authkey] should only be used in a rest context
...
- otherwise some weird authentication snafus can happen
- as reported by SK-CERT
2022-09-19 02:14:57 +02:00
4c0c6ef4ac
fix: [counter graphs] fixed to disallow invalid interval entries
...
- as reported by SK-CERT
2022-09-19 01:46:57 +02:00
a9eccb3097
fix: [security] X-FRAME-OPTIONS: DENY added to all responses
...
- as reported by SK-CERT
2022-09-19 01:11:18 +02:00
af1e2fd632
new: [security] Bruteforce protection added
...
- logins allow for 5 attempts every 5 minutes
- Code ported and updated from MISP
- As reported by SK-CERT
2022-09-19 00:25:15 +02:00
254fdc3b84
chg: [security] keycloak enabled - disallow multiple users from being created for the same individual
...
- as reported by SK-CERT
2022-09-18 19:26:24 +02:00
85e8a35091
fix: [api rearrange] shouldn't trigger when dealing with arrays
2022-09-18 18:27:00 +02:00
370995ab50
fix: [audit log] error due to compressible fields not being streams when compression not enabled
2022-09-18 18:16:34 +02:00
3857de8499
fix: [notice] errors when not logged in removed
2022-08-24 14:47:40 +02:00
fac19e0a3c
fix: [exception] speculative fix to a check causing a 500
2022-08-24 11:43:36 +02:00
4c1ce31d50
fix: [unauthed] users internal error fixed
2022-08-24 11:42:38 +02:00
d35a674505
chg: [navigation] added keycloak self management
...
- also some changes to the navigation system
2022-08-24 11:39:56 +02:00
94bfafb743
fix: [meta template] fixes
2022-08-23 16:02:52 +02:00
8bc3088e12
fix: [revert] meta fields unindexing
...
- required for the saving of vchanges
2022-08-23 14:50:13 +02:00
095dd4513c
chg: [rearrange] moved to Entity
2022-08-23 11:42:30 +02:00
d96353ee4f
chg: [APIRearrange] component tied into rest response
2022-08-19 13:02:25 +02:00
3e0d015f69
fix: [meta] template loading reworked
...
- no more crappy string numeric keys among others
2022-08-19 13:01:47 +02:00
b9e5b76766
new: [component] APIRearrange component added
...
- alter the data's format before passing it back via the RestResponseComponent
- to be used to clean up UI specific artifacts / junk
- also to maintain compability between versions/tools
2022-08-19 13:00:19 +02:00
cbb737e18e
fix: [deprecation] pagination component's use removed to comply with 4.4 requirements
2022-08-17 14:00:38 +02:00
60d8a8f655
fix: [deprecation] toList() queries updated
2022-08-17 13:49:11 +02:00
fa68d62890
fix: [component:CRUD] Removed deprecation notice when trying to extract without requesting the collection
2022-06-08 11:56:09 +02:00
8c4c75d83a
fix: [localTools:action] Catch error if local tool's action returned unexpected data
2022-06-08 11:51:52 +02:00
be064bb0c9
new: [KC] profile link added
2022-05-17 10:42:44 +02:00
4575406b33
fix: [users] edit
...
- various issues fixed with the edit function
- re-added the chance to change organisations of a user as a site admin
- tighter checks on the options for the drop downs
2022-05-17 04:02:06 +02:00
2289e91aca
fix: [component:CRUD] Avoid patching entity if it wasn't modified
2022-03-09 12:01:15 +01:00
c0a76d3f99
fix: error when entity has no meta_fields
2022-03-09 09:27:53 +01:00
61736531b1
chg: [indexTable:context_filters] Support of default context filter
...
This filter is used by default if none is provided
2022-03-09 08:55:59 +01:00
e5d0ffa041
fix: remove filter
2022-03-08 15:55:23 +01:00
1a5ee2767f
fix: remove commented line
2022-03-08 15:54:38 +01:00
9a2c6a4c4b
new: add api tests for MetaTemplates and openapi spec, fix minor issues.
2022-03-08 15:51:07 +01:00
c064ca6f53
fix: Bumped ACLComponent
2022-03-01 15:23:44 +01:00
71cd1e307d
chg: [Component:CRUD] Only show used meta-template in view pages
2022-03-01 15:21:56 +01:00
5fa0280f15
fix: [sharingrGroup:delete] Missing params variable
2022-03-01 14:08:16 +01:00
f8c8bbcb0b
fix: [component:CRUD] Fixed typo massageMetaFields
2022-03-01 14:07:20 +01:00
0fb03aae91
fix: [Component:CRUD] Removed confusing `get` parameter
...
- It was confusing and using it could lead to unwanted consequences
- It's clearer to implement the desired logic on controller's side
2022-03-01 14:02:26 +01:00
713f867082
chg: [component:CRUD] Better validation messages
2022-03-01 09:51:51 +01:00
8450e83607
chg: [sharingroup:index] Changed conditions allowing member org to view a sharing group
...
Previously only the SG owner could see the SG
2022-02-28 14:23:40 +01:00
b628bc38ae
fix: [sharinggroups:view] Typo skipping org membership check
2022-02-28 14:23:00 +01:00
8293312f90
fix: [instance:search_all] Support of conditions and afterFind when using global search
2022-02-28 14:16:12 +01:00
aa351b3ccb
fix: [Component:CRUD] Prevent duplication of first metafield if it was unmodified
2022-02-28 11:08:42 +01:00
c13fb53ae0
chg: [organisations] Added meta-field global filtering
2022-02-28 10:50:04 +01:00
3ef64911f9
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-28 09:51:51 +01:00
4089623eaa
chg: [users] Removed useless imports
2022-02-28 09:37:29 +01:00
04b82d356e
chg: [indexTable:filtering] Initial work on supporting custom operators
2022-02-25 15:36:55 +01:00
9d04533e14
chg: [users] restrict org admins from creating other org admins
...
- temporary solution for a single community, make this optional in the future
2022-02-25 10:20:25 +01:00
a9570426db
fix: [component:CRUD] Fix edit where query parameters where not passed correctly
...
It fixes meta-fields duplication while saving
2022-02-25 08:19:01 +01:00
79459838eb
chg: [user add] if no password was set, set a random one
...
- can't be used so far as we have no emailing in place
- it allows user creation when username/password mode is disabled
2022-02-25 00:31:19 +01:00
6f6c10670e
new: [CRUD] added beforeMarshal hook
2022-02-25 00:30:50 +01:00
828946a97f
new: [users] several changes
...
- make usernames immutable
- restrict user creation to aligned individuals (org admin only)
- optionally create individual while creating a user
2022-02-24 13:45:10 +01:00
64cb0f920a
chg: [mailinglist] Added ACL conditions on mailing list operations
...
- Site admins have all authorizations
- Org admins can manipulate the list their user own (can be later replaced by organisation_id instead of user_id)
- Other users can see the all lists they are included in
2022-02-23 10:03:12 +01:00
d2c98fc3c5
chg: [Component:ACL] Added entries for mailing list
2022-02-23 10:01:18 +01:00
ba047885c9
chg: [Component:ACL] Added entry for audit log filtering
2022-02-23 10:00:42 +01:00
20d896ad47
chg: [Component:CRUD] Allow to filter out rows from the index with afterFind
...
Filtering can be achieved by returning `false` instead of the row in the `afterFind` function
2022-02-23 09:58:55 +01:00
bf3e31c59a
fix: [Component:CRUD] Typo in merge conflict
2022-02-23 08:18:08 +01:00
bce4c5fde9
chg: [Component:CRUD] Removed comment and init correct variable type
2022-02-21 11:51:05 +01:00
aeac86cb52
chg: [Component:CRUD] Typo
2022-02-21 11:48:41 +01:00
7ea5acb167
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-21 11:17:05 +01:00
b67c221476
fix: [copy pasta fail] left previous assignment in that is now superseeded by the if branch above
2022-02-20 15:07:58 +01:00
e2bb58d3c7
fix: [flood protection] default to 127.0.0.1 if no remote_addr is set as we're dealing with a local CLI script
2022-02-20 15:00:15 +01:00
c005cb7f66
fix: [error code] adding an authkey for a user you are not authorised to modify resulted in a 404 instead of a 405
2022-02-20 14:56:21 +01:00
b046990153
fix: [flood protection] default to REMOTE_ADDR if the selected default logging IP source header is not populated
2022-02-20 11:49:57 +01:00
283299bf36
fix: [security] flood protection control enabled by default
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:34:07 +01:00
6e67a5b239
fix: [security] Sharing group creation on behalf of other organisation fixed
...
- org admin could create sharing groups on behalf of other organisations
- can lead to misleading sharing groups being created
- as reported by Dawid Czarnecki of Zigrin Security
2022-02-19 01:21:29 +01:00
b41b0dd712
fix: [security] privilege escalation via user edit fixed
...
- org admins could circumvent the role restrictions and elevate themselves to a site admin
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:02:49 +01:00
a77e29fa38
new: [layout:sidebar] Notifications in the sidebar
2022-02-08 17:58:30 +01:00
62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-08 08:42:25 +01:00
c7b226f844
chg: [flood protection] added cleanup
2022-02-07 02:14:53 +01:00
d45a4dc499
new: [registration] added optional registration flood protection
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
e6643365d2
new: [flood protection] behaviour added
...
simple expiration system to allow flood protections to be added to any functionality
2022-02-07 02:01:59 +01:00
88f3cc7944
fix: [security] user settings allow enumeration of usernames
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:45:42 +01:00
a263234917
fix: [security] open endpoints should only be open when enabled
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:36:31 +01:00
15190b930e
fix: [security] Sharing group ACL fixes
...
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
cf67c3d1f0
fix: [roles] setting default should be exclusive
...
- added aftersave action to remove default from other roles
2022-01-27 22:06:26 +01:00
1ca0f21b86
chg: [user add] form defaults
...
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
6443f36650
Merge pull request #86 from righel/add-inter-connection-tests
...
Add inter-connection test
2022-01-27 16:13:35 +01:00
7de1c14407
chg: [userSettings:add] Adhere to the passed user context
2022-01-27 10:44:47 +01:00
789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings
2022-01-27 08:41:31 +01:00
2e7aabf704
fix: [users:toggle] Prevent users to disable admins
2022-01-26 16:10:33 +01:00
fcffad6777
fix: [users:delete] Typo copy paste error
2022-01-26 15:45:57 +01:00
d91a362e99
Merge branch 'develop' into add-inter-connection-tests
2022-01-26 15:31:49 +01:00
665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:29:53 +01:00
95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit
...
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
2022-01-26 15:28:10 +01:00
d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:59:57 +01:00
f695744bd7
fix: [user view] ACL fixed
2022-01-26 14:57:01 +01:00
b7facf226d
chg: [Navigationcomponent] added missing changes from previous commit
2022-01-26 14:55:47 +01:00
74e95855bd
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:54:03 +01:00
c186c88d5c
chg: [navigation] Breadcrumb generation is user aware
...
- moved the initialisation of the generation to be invoked from the appcontroller's beforefilter, after the user is loaded into the ACL component
- Only show user setting edits when the user is editing themselves
2022-01-26 14:21:27 +01:00
9a0ddef2af
new: [ACL] added canEditUser() function
...
- simple comparison between two users
- checks role + org based permission
2022-01-26 14:16:28 +01:00
54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 12:11:53 +01:00
f53b458103
fix: [userSettings] Allow admin to edit other user's settings
2022-01-26 12:11:44 +01:00
d18471ba95
fix: failing when request is empty json object
2022-01-25 18:02:41 +01:00
19c81b7c11
fix: [Sharing groups] UUID and owner org shouldn't be editable
2022-01-25 17:09:29 +01:00
acc9c94baa
Merge branch 'main' into develop
2022-01-25 15:59:31 +01:00
55782af52b
fix: [users] add
...
- fixed role selection
2022-01-25 15:58:31 +01:00
44913c5ed7
fix: [users:settings] Allow admin to see account settings of other users
2022-01-25 15:27:34 +01:00
4f8b663b87
chg: [localtTools:connectionRequest] Provide more info on exception
2022-01-25 15:02:30 +01:00
Sami Mokaddem