Sami Mokaddem
ad3e89199b
chg: [settingTable] Added value validation before saving the setting
2022-02-07 12:01:07 +01:00
Sami Mokaddem
336dfb091c
chg: [settingTable] Gracefully handle if file not writeable
2022-02-07 11:11:25 +01:00
Sami Mokaddem
14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 10:48:55 +01:00
iglocska
c7b226f844
chg: [flood protection] added cleanup
2022-02-07 02:14:53 +01:00
iglocska
d45a4dc499
new: [registration] added optional registration flood protection
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
iglocska
e6643365d2
new: [flood protection] behaviour added
...
simple expiration system to allow flood protections to be added to any functionality
2022-02-07 02:01:59 +01:00
iglocska
a9c1619bda
new: [Exception] 429 added
2022-02-07 01:59:33 +01:00
iglocska
88f3cc7944
fix: [security] user settings allow enumeration of usernames
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:45:42 +01:00
iglocska
a263234917
fix: [security] open endpoints should only be open when enabled
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:36:31 +01:00
iglocska
15190b930e
fix: [security] Sharing group ACL fixes
...
- added indirect object reference protection
- added correct ACL functionalities to delete, addOrg, removeOrg
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-04 00:16:24 +01:00
iglocska
5fbd53883f
fix: [sync] created field rules added
...
- should stop issues of SG/Individual downloads from remote brood
2022-01-31 09:35:33 +01:00
iglocska
788feab011
chg: [Version] bump
2022-01-27 22:12:35 +01:00
iglocska
cf67c3d1f0
fix: [roles] setting default should be exclusive
...
- added aftersave action to remove default from other roles
2022-01-27 22:06:26 +01:00
iglocska
1ca0f21b86
chg: [user add] form defaults
...
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
iglocska
93d4917953
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-27 21:00:32 +01:00
iglocska
c983c6f130
fix: [Keycloak baseurl] remove trailing slashes
2022-01-27 20:59:58 +01:00
iglocska
eb5f7aa675
chg: [base settings provider] pass settings by reference for evaluation
...
- opens it up for modifications by the hooking functions
2022-01-27 20:59:20 +01:00
iglocska
7834ab3d62
chg: [settingsTable] Use settings array for the actual saving in saveSetting
...
- allows us to modify a value in the processing steps before the value is committed to disk
2022-01-27 20:57:35 +01:00
Andras Iklody
6443f36650
Merge pull request #86 from righel/add-inter-connection-tests
...
Add inter-connection test
2022-01-27 16:13:35 +01:00
Sami Mokaddem
7de1c14407
chg: [userSettings:add] Adhere to the passed user context
2022-01-27 10:44:47 +01:00
Sami Mokaddem
789bd9926f
chg: [navigation:users] Restored breadcrumb navigation to access user profile settings
2022-01-27 08:41:31 +01:00
Sami Mokaddem
2e7aabf704
fix: [users:toggle] Prevent users to disable admins
2022-01-26 16:10:33 +01:00
Sami Mokaddem
fcffad6777
fix: [users:delete] Typo copy paste error
2022-01-26 15:45:57 +01:00
Luciano Righetti
d91a362e99
Merge branch 'develop' into add-inter-connection-tests
2022-01-26 15:31:49 +01:00
iglocska
665999b8f4
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:29:53 +01:00
iglocska
95ecc2bc80
fix: [security] fields not adhered to in CRUD components edit
...
- users can circumvent restrictions on editable fields
- can lead to privilege escalation when users edit themselves
2022-01-26 15:28:10 +01:00
Sami Mokaddem
2602b60eb0
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 15:12:46 +01:00
iglocska
006b0aab99
chg: [MISP connector] user edit/delete temporarily commented out as they're not implemented yet
2022-01-26 15:05:38 +01:00
Sami Mokaddem
d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:59:57 +01:00
iglocska
519fcd2b1a
fix: [lax URL validation] added for Broodstable
...
- can be reused elsewhere too
- allows for http://hostname style urls
2022-01-26 14:57:43 +01:00
iglocska
f695744bd7
fix: [user view] ACL fixed
2022-01-26 14:57:01 +01:00
iglocska
b7facf226d
chg: [Navigationcomponent] added missing changes from previous commit
2022-01-26 14:55:47 +01:00
Sami Mokaddem
74e95855bd
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:54:03 +01:00
iglocska
4b5bccae28
chg: [Organisation] Entity accessibility rules
...
- make created only accessible when creating new objects
2022-01-26 14:24:53 +01:00
iglocska
c186c88d5c
chg: [navigation] Breadcrumb generation is user aware
...
- moved the initialisation of the generation to be invoked from the appcontroller's beforefilter, after the user is loaded into the ACL component
- Only show user setting edits when the user is editing themselves
2022-01-26 14:21:27 +01:00
iglocska
9a0ddef2af
new: [ACL] added canEditUser() function
...
- simple comparison between two users
- checks role + org based permission
2022-01-26 14:16:28 +01:00
Sami Mokaddem
54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 12:11:53 +01:00
Sami Mokaddem
f53b458103
fix: [userSettings] Allow admin to edit other user's settings
2022-01-26 12:11:44 +01:00
Luciano Righetti
d18471ba95
fix: failing when request is empty json object
2022-01-25 18:02:41 +01:00
iglocska
19c81b7c11
fix: [Sharing groups] UUID and owner org shouldn't be editable
2022-01-25 17:09:29 +01:00
iglocska
1086e41086
fix: [modified] saving fixed for sync captures
...
- set the field as not dirty to force an update
- stops the exceptions thrown on pulling these objects in
2022-01-25 17:01:27 +01:00
iglocska
acc9c94baa
Merge branch 'main' into develop
2022-01-25 15:59:31 +01:00
iglocska
55782af52b
fix: [users] add
...
- fixed role selection
2022-01-25 15:58:31 +01:00
Sami Mokaddem
44913c5ed7
fix: [users:settings] Allow admin to see account settings of other users
2022-01-25 15:27:34 +01:00
Sami Mokaddem
e05bf61251
chg: [inbox:createEntry] Checks for remote back connection is more flexible
...
Handle the case of trailing slash
2022-01-25 15:02:52 +01:00
Sami Mokaddem
eef09f44c4
chg: [brood:connectionTest] Correctly handles network exceptions
2022-01-25 15:02:35 +01:00
Sami Mokaddem
4f8b663b87
chg: [localtTools:connectionRequest] Provide more info on exception
2022-01-25 15:02:30 +01:00
Sami Mokaddem
7d227a4387
chg: [inbox:index] Sort messages by created datetime
2022-01-25 15:02:25 +01:00
Sami Mokaddem
dc2bfcb6b2
fix: [components:CRUD] Support of controller's paginate public variable
2022-01-25 15:02:16 +01:00
iglocska
e9f77aff51
Merge branch 'develop' into main
2022-01-25 11:36:06 +01:00