Sami Mokaddem
af622dd19b
new: [users:view] Added keycloak status showing the potential differences between Cerebrate and Keycloak
2022-12-09 11:54:34 +01:00
Sami Mokaddem
d1aa20c5fb
security: [users:edit] Prevent edit of all users with lower privileges by any org_admins
2022-12-08 12:12:10 +01:00
Sami Mokaddem
6945e602b8
chg: [users:edit] Added role associated data for the user to be edited
2022-12-08 11:35:22 +01:00
Sami Mokaddem
1b47b669ff
fix: [users:view] Fallback value if Keycloak was never configured
2022-12-08 11:32:26 +01:00
Sami Mokaddem
561f6d1c77
fix: [user:add/edit] Correctly index orgs by their IDs
2022-12-08 10:54:55 +01:00
iglocska
f6f94983e4
fix: [users] several fixes
...
- User enrollment in KC moved to the aftersave (we consider cerebrate to be authoritative)
- adhere to restriction parameters in deletion
2022-11-11 15:08:56 +01:00
iglocska
f4b33d1852
fix: [keycloak sync] not needed on user index
...
- was a test that was left in
2022-11-11 10:07:35 +01:00
iglocska
b1f09dc97e
new: [permission limitations] subsystem added
...
- add limitations for users with given meta fields
- x number / org and y number / globally
- add comments to the limitations
- enforced on user creation/modification
2022-11-09 14:09:27 +01:00
iglocska
2a31e39762
new: [keycloak] automatically set mappings
2022-10-31 13:26:12 +01:00
iglocska
2f4b6ed2ff
chg: [keycloak] integration rework
...
- switch to the use of attributes
- several minor fixes
2022-10-31 11:31:38 +01:00
iglocska
9c41fd548f
fix: [auth] added keycloak logout
2022-10-25 15:08:41 +02:00
iglocska
af1e2fd632
new: [security] Bruteforce protection added
...
- logins allow for 5 attempts every 5 minutes
- Code ported and updated from MISP
- As reported by SK-CERT
2022-09-19 00:25:15 +02:00
iglocska
254fdc3b84
chg: [security] keycloak enabled - disallow multiple users from being created for the same individual
...
- as reported by SK-CERT
2022-09-18 19:26:24 +02:00
iglocska
be064bb0c9
new: [KC] profile link added
2022-05-17 10:42:44 +02:00
iglocska
4575406b33
fix: [users] edit
...
- various issues fixed with the edit function
- re-added the chance to change organisations of a user as a site admin
- tighter checks on the options for the drop downs
2022-05-17 04:02:06 +02:00
Sami Mokaddem
0fb03aae91
fix: [Component:CRUD] Removed confusing `get` parameter
...
- It was confusing and using it could lead to unwanted consequences
- It's clearer to implement the desired logic on controller's side
2022-03-01 14:02:26 +01:00
Sami Mokaddem
3ef64911f9
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop-unstable
2022-02-28 09:51:51 +01:00
Sami Mokaddem
4089623eaa
chg: [users] Removed useless imports
2022-02-28 09:37:29 +01:00
iglocska
9d04533e14
chg: [users] restrict org admins from creating other org admins
...
- temporary solution for a single community, make this optional in the future
2022-02-25 10:20:25 +01:00
iglocska
79459838eb
chg: [user add] if no password was set, set a random one
...
- can't be used so far as we have no emailing in place
- it allows user creation when username/password mode is disabled
2022-02-25 00:31:19 +01:00
iglocska
828946a97f
new: [users] several changes
...
- make usernames immutable
- restrict user creation to aligned individuals (org admin only)
- optionally create individual while creating a user
2022-02-24 13:45:10 +01:00
iglocska
283299bf36
fix: [security] flood protection control enabled by default
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:34:07 +01:00
iglocska
b41b0dd712
fix: [security] privilege escalation via user edit fixed
...
- org admins could circumvent the role restrictions and elevate themselves to a site admin
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-19 01:02:49 +01:00
iglocska
d45a4dc499
new: [registration] added optional registration flood protection
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 02:03:41 +01:00
iglocska
1ca0f21b86
chg: [user add] form defaults
...
- org will default to own org for site admins
- role will default to the default role (if set)
2022-01-27 21:54:59 +01:00
Sami Mokaddem
2e7aabf704
fix: [users:toggle] Prevent users to disable admins
2022-01-26 16:10:33 +01:00
Sami Mokaddem
fcffad6777
fix: [users:delete] Typo copy paste error
2022-01-26 15:45:57 +01:00
Sami Mokaddem
d05868106d
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 14:59:57 +01:00
iglocska
f695744bd7
fix: [user view] ACL fixed
2022-01-26 14:57:01 +01:00
Sami Mokaddem
54ee91ba1a
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop
2022-01-26 12:11:53 +01:00
Sami Mokaddem
f53b458103
fix: [userSettings] Allow admin to edit other user's settings
2022-01-26 12:11:44 +01:00
iglocska
55782af52b
fix: [users] add
...
- fixed role selection
2022-01-25 15:58:31 +01:00
Sami Mokaddem
44913c5ed7
fix: [users:settings] Allow admin to see account settings of other users
2022-01-25 15:27:34 +01:00
iglocska
57e2c75352
fix: [users] role based action filtering added
...
- to avoid annoying clickable, but blocked actions for og admins
2022-01-25 11:34:22 +01:00
iglocska
f75d0829d1
fix: [user edit] fixed for non admins
2022-01-18 17:52:59 +01:00
iglocska
ec994b05ed
chg: [user] edit restricted to password only for self
2022-01-18 00:20:53 +01:00
iglocska
caf48c9060
fix: [ACL] proper error messages on user edit
...
- don't just silently redirect to the own user editing if the user isn't authorised to modify another user
2022-01-17 09:19:53 +01:00
iglocska
87723c2100
fix: [ACL] added correct file for previous fix (user edit admin permission check)
2022-01-12 10:32:47 +01:00
iglocska
cc5c750de8
chg: [audit log] change field renamed to changed
...
- change is a reserved keyword
- this way quoting of field names is no longer needed in the cakePHP settings
2021-11-25 00:57:31 +01:00
iglocska
22e4a90af0
chg: [ACL] tightened ACL for several controllers
...
- org admins now have access to new functionalities, added ACL for them
- Affected controllers:
- Authkeys, encryptionkeys, users, sharinggroups
- sets defaults/restricts access accordingly
2021-11-24 01:32:05 +01:00
iglocska
7b52d29320
new: [login] log success/failure
2021-11-17 15:49:28 +01:00
iglocska
b6c3aee91f
fix: [settings] invalid path to setting fixed
2021-10-21 13:44:49 +02:00
Sami Mokaddem
370ae3438e
new: [user:registration] Added user self-registration feature
2021-10-20 22:29:23 +02:00
Sami Mokaddem
78180fa90f
new: [userSettings] Added complete support of user settings
...
Including support of bookmarks, sidebar behavior and theming
2021-10-18 13:28:26 +02:00
Sami Mokaddem
0d6e6aa7a4
chg: [userSettings] Initial version of template - WiP
2021-10-12 10:16:36 +02:00
Sami Mokaddem
39fdb8ec0d
new: [user-settings] Added user settings feature
2021-10-08 10:27:40 +02:00
iglocska
99a89977c8
Merge branch 'keycloak' into develop-unstable
2021-10-01 13:53:14 +02:00
iglocska
f60e411af1
new [keycloak]: WiP user enrollment added
...
- also moved the keycloak specific functionalities to a behaviour
- added new role permission (org admin)
2021-10-01 13:19:26 +02:00
mokaddem
b3c25f0cae
new: [instance:search_all] Early work on search all feature
2021-09-10 11:55:54 +02:00
mokaddem
4e74da6163
fix: [controllers] Return data based on the CRUD component response
2021-06-29 16:15:05 +02:00