1
0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-14 12:02:31 +03:00
Commit Graph

47 Commits

Author SHA1 Message Date
5508c171db PHP: Addressed 8.4 deprecations within app itself 2025-02-17 12:45:37 +00:00
6f1c54d018 Users: Changed name validation to min:1 instead of 2
Would cause scenarios where users could be created with 1 char, but then
fail to update due to validation differences.
Added test to cover.
For #5263
2024-10-15 11:07:41 +01:00
f583354748 Maintenance: Removed stray dd from last commit 2024-09-29 16:50:48 +01:00
d12e8ec923 Users: Improved user response for failed invite sending
Added specific handling to show relevant error message when user
creation fails due to invite sending errors, while also returning user
to the form with previous input.
Includes test to cover.

For #5195
2024-09-29 16:41:18 +01:00
1f2506221a API: Updated docs with consistent types, fixed users response example
For #5178 and #5183
2024-08-27 12:23:36 +01:00
bddc6ae66b Roles: Added max validation for role external auth id field
For #5037
2024-06-08 20:33:34 +01:00
483410749b Queries: Updated all app book static query uses 2024-02-07 16:37:36 +00:00
56d07f1909 Users API: Fixed sending invite when using form requests
- Cast send_invite value in cases where it might not have been a boolean,
  which occurs on non-JSON requests.
- Added test to cover.
- Updated API docs to mention and shown boolean usage.
2023-12-13 15:13:54 +00:00
45ce7a7126 URL Handling: Removed referrer-based redirect handling
Swapped back handling to instead be pre-determined instead of being
based upon session/referrer which would cause inconsistent results when
referrer data was not available (redirect to app-loaded images/files).

To support, this adds a mechansism to provide a URL through request
data.

Also cleaned up some imports in code while making changes.
Closes #4656.
2023-12-10 12:37:21 +00:00
bba7dcce49 Auth: Refactored OIDC RP-logout PR code, Extracted logout
Extracted logout to the login service so the logic can be shared instead
of re-implemented at each stage. For this, the SocialAuthService was
split so the driver management is in its own class, so it can be used
elsewhere without use (or circular dependencies) of the
SocialAuthService.

During review of #4467
2023-12-06 13:49:53 +00:00
15d7161428 Images: Prevented base64 extraction without permission
Also added content sniffing as an extra check.
Added tests to cover.
2023-11-20 13:32:31 +00:00
49b286cd34 Demo mode: Updated my account access to be more selective 2023-10-30 12:07:18 +00:00
ce53f641ad My Account: Covered profile and auth pages with tests 2023-10-19 16:06:59 +01:00
f55e7ca3c9 User Account: Ensured page titles for pages and api tokens 2023-10-19 15:24:48 +01:00
f9422dff18 My Account: Added self-delete flow 2023-10-19 10:48:27 +01:00
cf72e48d2a User form: Always show external auth field, update access control
Updated old user management routes to only be accessible with permission
to manage users, so also removed old content controls checking for that
permission.
2023-10-19 10:20:04 +01:00
03c44b3992 My Account: Extracted/tweaked profile text, removed old index 2023-10-18 17:53:58 +01:00
c1b01639c1 My Account: Built out profile page & endpoints
Text currently hard-coded, needs finalising and extracting.
2023-10-18 12:39:57 +01:00
a868012048 Users: Built out auth page for my-account section 2023-10-17 17:38:07 +01:00
a9d0f36766 User: Started cleanup of user self-management
- Moved preference views to more general "my-account" area.
- Started new layout for my-account with sidebar.
- Added MFA to prefeences view (to be moved).
2023-10-17 13:11:10 +01:00
5c318a45b8 Images: Reverted some thumbnails to be on-demand generated
Added since we can't always be sure of future image usage, and in many
cases we don't generate ahead-of-time.
Also:
- Simplified image handling on certain models.
- Updated various string handling operations to use newer functions.
2023-09-30 12:09:29 +01:00
8994c1b9d9 Locales: More use of locale objects, Addressed failing tests 2023-09-17 16:20:21 +01:00
ac9a65945f Locales: Performed cleanup and alignment of locale handling
- Reduced app settings down to what's required.
- Used new view-shared $locale object instead of using globals via
  config.
- Aligned language used to default on "locale" instead of mixing
  locale/language.

For #4501
2023-09-17 13:31:38 +01:00
b292cf7090 Extracted icon helper, aligned container resolution
Also updated breadcrumb view composer to current standards.
Closes #4553
2023-09-16 18:26:28 +01:00
b90033a730 Guest control: Cleaned methods involved in fetching/handling
- Moves guest user caching from User class to app container for
  simplicity.
- Updates test to use simpler $this->users->guest() method for
  consistency.
- Streamlined helpers to avoid function overlap for simplicity.
- Extracted user profile dropdown while doing changes.
2023-09-16 13:18:35 +01:00
417705651c Dark Mode: Fixed not toggle action when dark by default
Added test to cover.
For #4543.
2023-09-14 13:53:24 +01:00
a452092e40 Reviewed #4533, formatting and tweaks
- Updating formatting.
- Tweaked truncation to roughly match elipsis char to width used.
- Updated testing to use existing helpers, and ran check as admin user
  to avoid name conflicts.
2023-09-13 10:09:33 +01:00
f4deb13301 Truncate with three dots 2023-09-12 21:10:25 +02:00
f997d3e0bb Trimmed name last resort 2023-09-11 21:27:15 +02:00
8e3f8de627 Notifications: Reorgranised classes into domain specific folders
Closes #4500
2023-09-11 19:27:36 +01:00
817581aa0c Watching: Prevent issues when watchable or user is deleted
- Adds filtering to the watched items list in notification preferences
  so that deleted (recycle bin) items are removed via query.
- Adds relations and logic to properly remove watches upon user and
  entity delete events, to old watches in database do not linger.
- Adds testing to cover the above.

Did not add migration for existing data, since patch will be close to
introduction, and lingering DB entries don't open a security concern,
just some potential confusion in specific potential scenarios.
Probably not work extra migration risk, although could add in future if
concerns/issues are found.

Related to #4499
2023-09-03 14:19:43 +01:00
3847a76134 Notifications: Aligned how user language is used
- This ensures content notifications are not translated to receiver
  language.
- This adds actual plaintext support for content notifications (Was
  previously just HTML as text view).
- Shares same base class across all mail notifications.
- Also cleaned up existing notification classes.

Future cleanup requested via #4501
2023-09-02 15:11:42 +01:00
9100a82b47 Guests: Prevented access to profile routes
Prevention of action on certain routes for guest user when public access
is enabled. Could not see a way this could be a security issue, beyond a
mild nuisance that'd only be visible if public users can edit, which
would present larger potential nuisance anyway.
2023-08-26 14:07:48 +01:00
ee9e342b58 Notifications: Fixed issues causing failing tests
- Ensured watch options passed in all meta template usage to fix failing
  scenarios where watch options did not exist.
- Fixed testing issue caused by guest user permission caching.
2023-08-17 14:59:28 +01:00
79470ea4b7 Notifications: Made improvements from manual testing
- Added titles for preference pages.
- Added extra check for non-guest for notifications on preferences page.
2023-08-16 20:15:49 +01:00
565908ef52 Notifications: Add phpunit test for notification sending
Covers core case scenarios, and check of notification content.
2023-08-16 16:02:00 +01:00
371779205a Notifications: Added new preferences view and access control
- Added general user preferences view and updated link in profile menu
  to suit.
- Made notification permission required for notification preferences
  view, added test to cover.
2023-08-14 17:29:12 +01:00
d9fdecd902 Notifications: User watch list and differnt page watch options
- Adds option filtering and alternative text for page watch options.
- Adds "Watched & Ignored Items" list to user notification preferences
  page to show existing watched items.
2023-08-14 13:11:18 +01:00
8cdf3203ef Notifications: Started back-end for watch system
Added DB and started controller method.
2023-07-31 16:08:29 +01:00
6100b99828 Notifications: Extracted watch options, updated UI further 2023-07-31 15:23:28 +01:00
ff2674c464 Notifications: Added role receive-notifications permission 2023-07-25 17:59:04 +01:00
100b28707c Notifications: added user preference UI & logic
Includes testing to cover.
Also added file missing from previous commit.
2023-07-25 17:08:40 +01:00
18ee80a743 Roles: fixed error upon created_at sorting
Added test to cover core role sorting functionality.
For #4350
2023-07-04 21:52:46 +01:00
00b5dd7852 Users API: Fixed incorrect created_at date on index endpoint
For #4325
2023-06-17 18:18:17 +01:00
f39938c4e3 Added activity text for each activity type
Ensures some sensible text is always in webhook text data.
Also aligned some notification reporting to use centralised activity
system instead of custom success events.

For #4216
2023-06-12 16:47:36 +01:00
141eecb858 Cleaned up namespacing in routes
Also moved home controller and moved controllers up a level in http.
2023-05-18 20:57:05 +01:00
295cd01605 Played around with a new app structure 2023-05-17 17:56:55 +01:00