iglocska
760badd268
fix: [alignments] missing contains added
2022-09-19 02:17:36 +02:00
iglocska
fd6d3466d7
fix: [authkey] should only be used in a rest context
...
- otherwise some weird authentication snafus can happen
- as reported by SK-CERT
2022-09-19 02:14:57 +02:00
iglocska
3b215a5ec0
fix: [alignments] fixed invalid urls in alignment fields lacking a /
...
- as reported by SK-CERT
2022-09-19 01:59:23 +02:00
iglocska
4c0c6ef4ac
fix: [counter graphs] fixed to disallow invalid interval entries
...
- as reported by SK-CERT
2022-09-19 01:46:57 +02:00
iglocska
ca65c4b68e
fix: [alignments] added an index view template
...
- Can't see any usefulness in this, but why not
- As reported by SK-CERT
2022-09-19 01:39:38 +02:00
iglocska
5e0ab5cc38
new: [users] username validation added
...
- >5 && <50 in length required
- trim username to test to avoid whitespace names
- as reported by SK-CERT
2022-09-19 01:22:53 +02:00
iglocska
9a50a5693e
fix: [users] added uniqueness to usernames
...
- added upgrade script with removal of duplicate usernames
- added unique index to username field
- massaging the usernames before insertion (trim + lowercasing)
- As reported by SK-CERT
2022-09-19 01:12:14 +02:00
iglocska
a9eccb3097
fix: [security] X-FRAME-OPTIONS: DENY added to all responses
...
- as reported by SK-CERT
2022-09-19 01:11:18 +02:00
iglocska
af1e2fd632
new: [security] Bruteforce protection added
...
- logins allow for 5 attempts every 5 minutes
- Code ported and updated from MISP
- As reported by SK-CERT
2022-09-19 00:25:15 +02:00
iglocska
07a8d1dfcb
chg: [dead variable] removed
2022-09-19 00:24:29 +02:00
iglocska
254fdc3b84
chg: [security] keycloak enabled - disallow multiple users from being created for the same individual
...
- as reported by SK-CERT
2022-09-18 19:26:24 +02:00
iglocska
10ea126a93
fix: [security] KeyCloak login getUser fixes
...
- removed dead code
- tightened check on the user profile, if the KC user's email address and that of the Cerebrate user disagree, block the authentication
- as reported by SK-CERT
2022-09-18 18:51:05 +02:00
iglocska
822c96dbf0
fix: [single view generic field] allow for unsanitised raw input
2022-09-18 18:32:43 +02:00
iglocska
09ff4eba53
fix: [xss] resolved in the genericField of the single view
...
- as reported by SK-CERT
2022-09-18 18:27:39 +02:00
iglocska
85e8a35091
fix: [api rearrange] shouldn't trigger when dealing with arrays
2022-09-18 18:27:00 +02:00
iglocska
370995ab50
fix: [audit log] error due to compressible fields not being streams when compression not enabled
2022-09-18 18:16:34 +02:00
Andras Iklody
0537d05f53
Merge pull request #105 from DocArmoryTech/patch-2
...
Alignment links missing / in 'single' view
2022-08-31 07:46:26 +02:00
Andras Iklody
e43f05d539
Merge pull request #104 from DocArmoryTech/patch-1
...
Alignment links missing / in indexes
2022-08-31 07:45:35 +02:00
DocArmoryTech
4bcccf029c
Alignment links missing /
...
When baseurl is configured in the UI as: `https://cerebrate.example.com/ ` (`App.baseurl` is `https:\/\/cerebrate.example.com\/` in config.json
a `/` between the `$baseurl` and the url path appears to be missing:
- When viewing an individual and their alignments (/individuals/view/123), links to the Organisations in their Alignments are missing a `/`
- When viewing an organisation, links to the individuals with an alignment to the organisation are missing a `/`
2022-08-30 20:27:11 +01:00
DocArmoryTech
98970dca2c
Alignment links missing /
...
When baseurl is configured in the UI as: `https://cerebrate.example.com/ ` (`App.baseurl` is `https:\/\/cerebrate.example.com\/` in config.json
a `/` between the `$baseurl` and the url path appears to be missing:
- When viewing the index of all individuals (/individuals/index), links to the Organisations in their Alignments are missing a `/`
- When viewing an organisation that includes individuals with an alignment, links to the Individuals are missing a `/`
2022-08-30 20:19:57 +01:00
iglocska
3857de8499
fix: [notice] errors when not logged in removed
2022-08-24 14:47:40 +02:00
iglocska
fac19e0a3c
fix: [exception] speculative fix to a check causing a 500
2022-08-24 11:43:36 +02:00
iglocska
4c1ce31d50
fix: [unauthed] users internal error fixed
2022-08-24 11:42:38 +02:00
iglocska
d35a674505
chg: [navigation] added keycloak self management
...
- also some changes to the navigation system
2022-08-24 11:39:56 +02:00
iglocska
94bfafb743
fix: [meta template] fixes
2022-08-23 16:02:52 +02:00
iglocska
8bc3088e12
fix: [revert] meta fields unindexing
...
- required for the saving of vchanges
2022-08-23 14:50:13 +02:00
iglocska
095dd4513c
chg: [rearrange] moved to Entity
2022-08-23 11:42:30 +02:00
iglocska
1077251f8b
fix: [keycloak] fixed encoding issue with urlencoded usernames created in keycloak
2022-08-23 11:05:07 +02:00
iglocska
d96353ee4f
chg: [APIRearrange] component tied into rest response
2022-08-19 13:02:25 +02:00
iglocska
3e0d015f69
fix: [meta] template loading reworked
...
- no more crappy string numeric keys among others
2022-08-19 13:01:47 +02:00
iglocska
b9e5b76766
new: [component] APIRearrange component added
...
- alter the data's format before passing it back via the RestResponseComponent
- to be used to clean up UI specific artifacts / junk
- also to maintain compability between versions/tools
2022-08-19 13:00:19 +02:00
Andras Iklody
a01236c188
Merge pull request #101 from jacobkarapatakis/main
...
Install instructions for RHEL
2022-08-18 15:35:00 +02:00
iglocska
cbb737e18e
fix: [deprecation] pagination component's use removed to comply with 4.4 requirements
2022-08-17 14:00:38 +02:00
iglocska
a5c9f68316
fix: [deprecation] futher toList() call updated
2022-08-17 13:49:52 +02:00
iglocska
60d8a8f655
fix: [deprecation] toList() queries updated
2022-08-17 13:49:11 +02:00
iglocska
6bd9d7d2f0
chg: [error handler] changed to conform with 4.4
2022-08-17 13:46:59 +02:00
jk
6060bed450
Install instructions for RHEL
2022-08-04 18:29:04 +03:00
iglocska
b5d9d6bb6b
Merge branch 'develop'
2022-06-09 14:14:43 +02:00
iglocska
a8c42969ab
chg: [VERSION] bump
2022-06-09 14:14:19 +02:00
Sami Mokaddem
2859977756
chg: [config:bootstrap] Only get file content if config.json exists
2022-06-08 12:23:35 +02:00
Sami Mokaddem
fa68d62890
fix: [component:CRUD] Removed deprecation notice when trying to extract without requesting the collection
2022-06-08 11:56:09 +02:00
Sami Mokaddem
8c4c75d83a
fix: [localTools:action] Catch error if local tool's action returned unexpected data
2022-06-08 11:51:52 +02:00
Sami Mokaddem
d55c1fd5d1
fix: [helper:bootstrap] Allow HTML param to have value equal to 0
2022-06-08 11:05:55 +02:00
Sami Mokaddem
85fd938320
Merge branch 'main' of github.com:cerebrate-project/cerebrate into develop
2022-06-08 10:40:54 +02:00
iglocska
f513f8ec99
chg: [kc] disabled user capturing
...
- Cerebrate is now authoritative
2022-05-17 11:00:30 +02:00
iglocska
c6572885a9
chg: [users view] added KC checks for the profile link
2022-05-17 10:47:25 +02:00
iglocska
be064bb0c9
new: [KC] profile link added
2022-05-17 10:42:44 +02:00
iglocska
398307e414
fix: [user enrollment] fixed via KC
2022-05-17 10:16:47 +02:00
Luciano Righetti
cea986c622
fix: fix broken test after wiremock-php/wiremock-php upgrade to v2.33
2022-05-17 09:29:16 +02:00
iglocska
a88318c5df
fix: [auditlogs] more monkey fixing the logging errors via CLI
2022-05-17 09:26:23 +02:00