cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
1,138 Commits
11 Branches
25 Tags
20 MiB
Commit Graph

583 Commits (aa351b3ccb37379f109fa3d9d96779a2c69a62b9)

Author SHA1 Message Date
Sami Mokaddem aa351b3ccb
fix: [Component:CRUD] Prevent duplication of first metafield if it was unmodified 2022-02-28 11:08:42 +01:00
Sami Mokaddem c13fb53ae0
chg: [organisations] Added meta-field global filtering 2022-02-28 10:50:04 +01:00
Sami Mokaddem 4b95b49854
fix: [behavior:metafields] Switch to text filtering if meta-template-field is not provided 2022-02-28 10:49:34 +01:00
Sami Mokaddem 3ef64911f9
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable 2022-02-28 09:51:51 +01:00
Sami Mokaddem 9fe7f06265
new: [metafields-types:ipv6] Support of ipv6 2022-02-28 09:45:43 +01:00
Sami Mokaddem 0363a91310
chg: [metafield-type:ipv4] Usage of Cdir tool 2022-02-28 09:42:49 +01:00
Sami Mokaddem 97501642b8
new: [tools:CidrTool] Ported CidrTool from MISP 2022-02-28 09:42:09 +01:00
Sami Mokaddem 7c153e6164
chg: [metafield-types:ipv4] Improved logics 2022-02-28 09:40:19 +01:00
Sami Mokaddem 4089623eaa
chg: [users] Removed useless imports 2022-02-28 09:37:29 +01:00
iglocska 1e6b6a5abc
fix: [settings] added test for keycloak enabled 
- always require one auth method to be enabled
 2022-02-28 08:27:22 +01:00
Sami Mokaddem 04b82d356e
chg: [indexTable:filtering] Initial work on supporting custom operators 2022-02-25 15:36:55 +01:00
Sami Mokaddem 6cb9887f03
new: [metaFields] Support of meta-fields types 2022-02-25 15:22:57 +01:00
iglocska 9d04533e14
chg: [users] restrict org admins from creating other org admins 
- temporary solution for a single community, make this optional in the future
 2022-02-25 10:20:25 +01:00
Sami Mokaddem a9570426db
fix: [component:CRUD] Fix edit where query parameters where not passed correctly 
It fixes meta-fields duplication while saving
 2022-02-25 08:19:01 +01:00
iglocska 4902a3f8a6
new: [password auth] added setting to disable password auth 
- not needed in some cases for keycloak enabled instances
 2022-02-25 00:33:00 +01:00
iglocska 79459838eb
chg: [user add] if no password was set, set a random one 
- can't be used so far as we have no emailing in place
- it allows user creation when username/password mode is disabled
 2022-02-25 00:31:19 +01:00
iglocska 6f6c10670e
new: [CRUD] added beforeMarshal hook 2022-02-25 00:30:50 +01:00
iglocska 3790244ce4
new: [individuals] new finder method to find by alignment 2022-02-24 13:47:08 +01:00
iglocska 8fdb8668c8
fix: [alignments] saving of the alignment was omitted before 2022-02-24 13:46:35 +01:00
iglocska 828946a97f
new: [users] several changes 
- make usernames immutable
- restrict user creation to aligned individuals (org admin only)
- optionally create individual while creating a user
 2022-02-24 13:45:10 +01:00
Sami Mokaddem 64cb0f920a
chg: [mailinglist] Added ACL conditions on mailing list operations 
- Site admins have all authorizations
- Org admins can manipulate the list their user own (can be later replaced by organisation_id instead of user_id)
- Other users can see the all lists they are included in
 2022-02-23 10:03:12 +01:00
Sami Mokaddem d2c98fc3c5
chg: [Component:ACL] Added entries for mailing list 2022-02-23 10:01:18 +01:00
Sami Mokaddem ba047885c9
chg: [Component:ACL] Added entry for audit log filtering 2022-02-23 10:00:42 +01:00
Sami Mokaddem 20d896ad47
chg: [Component:CRUD] Allow to filter out rows from the index with afterFind 
Filtering can be achieved by returning `false` instead of the row in the `afterFind` function
 2022-02-23 09:58:55 +01:00
Sami Mokaddem bf3e31c59a
fix: [Component:CRUD] Typo in merge conflict 2022-02-23 08:18:08 +01:00
Sami Mokaddem 4e4cb34b22
chg: [metaTemplates] Removed comment 2022-02-21 15:42:23 +01:00
Sami Mokaddem bce4c5fde9
chg: [Component:CRUD] Removed comment and init correct variable type 2022-02-21 11:51:05 +01:00
Sami Mokaddem aeac86cb52
chg: [Component:CRUD] Typo 2022-02-21 11:48:41 +01:00
Sami Mokaddem 7ea5acb167
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable 2022-02-21 11:17:05 +01:00
iglocska b67c221476
fix: [copy pasta fail] left previous assignment in that is now superseeded by the if branch above 2022-02-20 15:07:58 +01:00
iglocska 3af0b0afc5
fix: [misp connector] validations with notEmpty() deprecated, replaced with notEmptyString() 2022-02-20 15:02:07 +01:00
iglocska e2bb58d3c7
fix: [flood protection] default to 127.0.0.1 if no remote_addr is set as we're dealing with a local CLI script 2022-02-20 15:00:15 +01:00
iglocska c005cb7f66
fix: [error code] adding an authkey for a user you are not authorised to modify resulted in a 404 instead of a 405 2022-02-20 14:56:21 +01:00
iglocska b046990153
fix: [flood protection] default to REMOTE_ADDR if the selected default logging IP source header is not populated 2022-02-20 11:49:57 +01:00
iglocska 3745739158
chg: [flood protection] Changed the description of the setting based on the used IP source 
- added a warning about the IP source setting affecting the efficacy of the flood protection in regards to an attacker being potentially able to spoof their IP
- Warn the admin to make sure that the reverse proxy used (the main reason to use the alternate headers in the first place) needs to be configured to correctly overwrite the header

- as reported by Dawid Czarnecki of Zigrin Security
 2022-02-19 01:42:24 +01:00
iglocska 283299bf36
fix: [security] flood protection control enabled by default 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-19 01:34:07 +01:00
iglocska 6e67a5b239
fix: [security] Sharing group creation on behalf of other organisation fixed 
- org admin could create sharing groups on behalf of other organisations
- can lead to misleading sharing groups being created

- as reported by Dawid Czarnecki of Zigrin Security
 2022-02-19 01:21:29 +01:00
iglocska b41b0dd712
fix: [security] privilege escalation via user edit fixed 
- org admins could circumvent the role restrictions and elevate themselves to a site admin

- as reported by Dawid Czarnecki from Zigrin Security
 2022-02-19 01:02:49 +01:00
Sami Mokaddem 20907a45da
chg: [organisation] Removed useless class variable 2022-02-09 15:41:58 +01:00
Sami Mokaddem d8807cce92
chg: [behavior:meta-fields] Renamed finder function 2022-02-09 15:18:24 +01:00
Sami Mokaddem a77e29fa38
new: [layout:sidebar] Notifications in the sidebar 2022-02-08 17:58:30 +01:00
Sami Mokaddem d1cf408163
new: [helpers:bootstrap] Added notification bubble 2022-02-08 17:57:20 +01:00
Sami Mokaddem 62ca877f0b
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable 2022-02-08 08:42:25 +01:00
Sami Mokaddem ad3e89199b
chg: [settingTable] Added value validation before saving the setting 2022-02-07 12:01:07 +01:00
Sami Mokaddem 336dfb091c
chg: [settingTable] Gracefully handle if file not writeable 2022-02-07 11:11:25 +01:00
Sami Mokaddem 14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks 
- As reported by Dawid Czarnecki from Zigrin Security
 2022-02-07 10:48:55 +01:00
iglocska c7b226f844
chg: [flood protection] added cleanup 2022-02-07 02:14:53 +01:00
iglocska d45a4dc499
new: [registration] added optional registration flood protection 
- As reported by Dawid Czarnecki from Zigrin Security
 2022-02-07 02:03:41 +01:00
iglocska e6643365d2
new: [flood protection] behaviour added 
simple expiration system to allow flood protections to be added to any functionality
 2022-02-07 02:01:59 +01:00
iglocska a9c1619bda
new: [Exception] 429 added 2022-02-07 01:59:33 +01:00