1
0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-11 13:48:13 +03:00
Commit Graph

4600 Commits

Author SHA1 Message Date
529f7bd1bc Merge pull request #4729 from BookStackApp/description_wysiwyg
Simple WYSIWYG for description fields and comments
2023-12-22 15:28:13 +00:00
3668949705 Input WYSIWYG: Fixed up some dark mode elements 2023-12-22 15:16:06 +00:00
7cd0629a75 Input WYSIWYG: Updated exports to handle HTML descriptions 2023-12-22 14:57:20 +00:00
fb3cfaf7c7 Input WYSIWYG: Updated API examples to align with changes 2023-12-22 14:37:48 +00:00
2a7a81e749 Input WYSIWYG: Updated API testing, fixed description set issue
Fixed issue where an existing description_html field would not be
updated via 'description' input.
2023-12-22 13:17:23 +00:00
00ae04e0bd Input WYSIWYG: Updated API to show/accept html descriptions
Also aligned books, shelves and chapters to return description content
and some relations (where not breaking API) in create/update responses
also so that information can be seen direct from that input in a
request.

API docs and tests not yet updated to match.
2023-12-21 13:23:52 +00:00
ed5d67e609 Input WYSIWYG: Aligned newline handling with old descriptions
To ensure consistenent behaviour before/after changes.
Added tests to cover.
2023-12-20 17:40:58 +00:00
a21ca44633 Input WYSIWYG: Fixed existing tests, fixed empty description handling 2023-12-20 17:21:09 +00:00
7fd6d5b2cc Input WYSIWYG: Updated tests, Added simple html limiting 2023-12-19 15:10:29 +00:00
077b9709d4 Input WYSIWYG: Added testing for description references 2023-12-19 12:55:51 +00:00
2fbed3919b Input WYSIWYG: Added dynamic options for entity selector popups
So that multiple elements on the page can share the same popup, with
different search options.
2023-12-19 12:09:57 +00:00
c07aa056c2 Input WYSIWYG: Updated UpdateUrlCommand, Added chapter HTML display 2023-12-18 18:31:16 +00:00
bc354e8b12 Input WYSIWYG: Updated reference link updating for descriptions 2023-12-18 18:12:36 +00:00
307fae39c4 Input WYSIWYG: Added reference store & fetch handling
For book, shelves and chapters.
Made much of the existing handling generic to entity types.
Added new MixedEntityListLoader to help load lists somewhat efficiently.
Only manually tested so far.
2023-12-18 16:23:40 +00:00
c622b785a9 Input WYSIWYG: Added description_html field, added store logic
Rolled out HTML editor field and store logic across all target entity
types. Cleaned up WYSIWYG input logic and design.
Cleaned up some injected classes while there.
2023-12-17 15:02:15 +00:00
569542f0bb Input WYSIWYG: Added compontent and rough logic to book form
Just as a draft for prototyping and playing around to get things
started.
2023-12-16 14:48:35 +00:00
fc2e8ed315 Merge pull request #4728 from BookStackApp/friendlier_buttons
Design: Updated buttons to be a bit friendlier
2023-12-16 14:04:57 +00:00
0c4dd7874c Design: Updated buttons to be a bit friendlier
Old all-caps button design made them a bit angry, and kinda odd and
outdated. This updates them to use their original source text casing
(which may help for translation variations) while being a bit rounder
with a better defined shadow for outline buttons.
2023-12-16 14:03:12 +00:00
7250671889 Merge pull request #4727 from BookStackApp/editor_video_alignment
WYSWIYG: Allowed video/embed alignment controls
2023-12-16 12:32:52 +00:00
5395ca2f00 WYSWIYG: Allowed video/embed alignment controls
Required a lot of working around TinyMCE since it added a
preview/wrapper element in the editor which complicates things.
Added view new "fixes.js" file so large hacks to default TinyMCe
functionality are kept in one place.
2023-12-16 12:22:40 +00:00
c76d12d1de Oidc: Properly query the UserInfo Endpoint
BooksStack's OIDC Client requests the 'profile' and 'email' scope values
in order to have access to the 'name', 'email', and other claims.  It
looks for these claims in the ID Token that is returned along with the
Access Token.

However, the OIDC-core specification section 5.4 [1] only requires that
the Provider include those claims in the ID Token *if* an Access Token is
not also issued.  If an Access Token is issued, the Provider can leave out
those claims from the ID Token, and the Client is supposed to obtain them
by submitting the Access Token to the UserInfo Endpoint.

So I suppose it's just good luck that the OIDC Providers that BookStack
has been tested with just so happen to also stick those claims in the ID
Token even though they don't have to.  But others (in particular:
https://login.infomaniak.com) don't do so, and require fetching the
UserInfo Endpoint.)

A workaround is currently possible by having the user write a theme with a
ThemeEvents::OIDC_ID_TOKEN_PRE_VALIDATE hook that fetches the UserInfo
Endpoint.  This workaround isn't great, for a few reasons:
 1. Asking the user to implement core parts of the OIDC protocol is silly.
 2. The user either needs to re-fetch the .well-known/openid-configuration
    file to discover the endpoint (adding yet another round-trip to each
    login) or hard-code the endpoint, which is fragile.
 3. The hook doesn't receive the HTTP client configuration.

So, have BookStack's OidcService fetch the UserInfo Endpoint and inject
those claims into the ID Token, if a UserInfo Endpoint is defined.
Two points about this:
 - Injecting them into the ID Token's claims is the most obvious approach
   given the current code structure; though I'm not sure it is the best
   approach, perhaps it should instead fetch the user info in
   processAuthorizationResponse() and pass that as an argument to
   processAccessTokenCallback() which would then need a bit of
   restructuring.  But this made sense because it's also how the
   ThemeEvents::OIDC_ID_TOKEN_PRE_VALIDATE hook works.
 - OIDC *requires* that a UserInfo Endpoint exists, so why bother with
   that "if a UserInfo Endpoint is defined" bit?  Simply out of an
   abundance of caution that there's an existing BookStack user that is
   relying on it not fetching the UserInfo Endpoint in order to work with
   a non-compliant OIDC Provider.

[1]: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
2023-12-15 14:11:48 -07:00
56d07f1909 Users API: Fixed sending invite when using form requests
- Cast send_invite value in cases where it might not have been a boolean,
  which occurs on non-JSON requests.
- Added test to cover.
- Updated API docs to mention and shown boolean usage.
2023-12-13 15:13:54 +00:00
4896c4047f Merge pull request #4721 from BookStackApp/default-templates
Continued: Default book templates
2023-12-12 16:06:35 +00:00
3af07addf6 Default templates: Fixed syntax for php8.0, added test
Null accessor is akward in php8.0 and throws warnings, so removed.
Added test to check template assingment handling on page delete.
2023-12-12 15:59:12 +00:00
2f3806244c Default templates: Added permission checks to selector test 2023-12-12 15:41:56 +00:00
2081a783f3 Default templates: Cleaned up ux, added case for added endpoint
Cleaned up and updated page picker a bit, allowing longer names to show,
clicking through to item without triggering popup, and updated to use
hidden attributes instead of styles.

Added phpunit tests to cover supporting entity-selector-templates
endpoint.
2023-12-12 15:38:09 +00:00
d75eb06777 Default templates: Added tests to cover functionality
Included new helper in Test PermissionProvider to set app to public,
since that's a common test scenario.
2023-12-12 15:04:40 +00:00
4017048555 Page Templates: Changed template field name, added API support 2023-12-12 12:14:00 +00:00
7ebe7d4e58 Default templates: Added page picker and working forms
- Adapted existing page picker to be usable elsewhere.
- Added endpoint for getting templates for entity picker.
- Added search template filter to support above.
- Updated book save handling to check/validate submitted template.
  - Allows non-visible pages to flow through the save process, if not
    being changed.
- Updated page deletes to handle removal of default usage on books.
- Tweaked wording and form styles to suit.
- Updated migration to explicity reflect default value.
2023-12-11 15:58:27 +00:00
d61f42a377 Default Templates: Started review and updates from PR code 2023-12-11 12:33:20 +00:00
968bc8cdf3 Merge branch 'development' into default-templates 2023-12-11 11:41:43 +00:00
c13fd2a9e6 PHPStan: Fixed larastan loading and address some level2 issues 2023-12-10 14:58:05 +00:00
45ce7a7126 URL Handling: Removed referrer-based redirect handling
Swapped back handling to instead be pre-determined instead of being
based upon session/referrer which would cause inconsistent results when
referrer data was not available (redirect to app-loaded images/files).

To support, this adds a mechansism to provide a URL through request
data.

Also cleaned up some imports in code while making changes.
Closes #4656.
2023-12-10 12:37:21 +00:00
11955e270c Depenencies: Updated NPM packages
Avoided updating markdown-it package to 14 for now since it would cause
bundle size to inflate. Don't think ESBuild is properly tree shaking
"entities" sub package which inflates size.
2023-12-09 10:49:28 +00:00
33374524bf Dependencies: Updated composer PHP deps 2023-12-09 10:05:23 +00:00
8cbaa3e27c SAML2: Fixed non-spec point of logout, Improved redirect location
This changes the point-of-logout to be within the initial part of the
SAML logout flow, as per 5.3.2 of the SAML spec, processing step 2.
This also improves the logout redirect handling to use the global
redirect suggestion so that auto-login handling is properly taken into
account.

Added tests to cover.
Manual testing performed against keycloak.
For #4713
2023-12-08 18:42:13 +00:00
4c0b7f3123 Merge pull request #4714 from BookStackApp/oidc_logout
OIDC RP-Initiated logout
2023-12-07 18:00:32 +00:00
7312300d53 OIDC: Update example env option to reflect correct default 2023-12-07 17:59:48 +00:00
81d256aebd OIDC RP Logout: Fixed issues during testing
- Disabled by default due to strict rejection by auth systems.
- Fixed issue when autoloading logout URL, but not provided in
  autodiscovery response.
- Added proper handling for if the logout URL contains a query string
  already.
- Added extra tests to cover.
- Forced config endpoint to be used, if set as a string, instead of
  autodiscovery endpoint.
2023-12-07 17:45:17 +00:00
a72e0fee70 Tests: Fixed debug test to work with social class changes 2023-12-06 16:57:15 +00:00
f32cfb4292 OIDC RP Logout: Added autodiscovery support and test cases 2023-12-06 16:41:50 +00:00
bba7dcce49 Auth: Refactored OIDC RP-logout PR code, Extracted logout
Extracted logout to the login service so the logic can be shared instead
of re-implemented at each stage. For this, the SocialAuthService was
split so the driver management is in its own class, so it can be used
elsewhere without use (or circular dependencies) of the
SocialAuthService.

During review of #4467
2023-12-06 13:49:53 +00:00
cc10d1ddfc Merge branch 'fix/oidc-logout' into development 2023-12-06 12:14:43 +00:00
0254527bd9 RTL: Made a range of fixes & improvments for RTL text
- Updated HTML exports to have auto direction to properly react to RTL
  text when in the content.
- Fixed RTL spacing issues in new editor design changes.
- Fixed pointer arrow being angled wrong on RTL languages.

Related to #4645
2023-12-05 18:53:48 +00:00
11853361b0 SAML2: Included parsed groups in dump data
Updated code style of class while there.
Removed redundant check and string translation used.

For #4706
2023-12-03 19:36:03 +00:00
596f7314cd Merge branch 'v23-10' into development 2023-12-03 18:57:07 +00:00
1011d61713 Merge pull request #4688 from BookStackApp/include-parser
New include tag parser
2023-11-27 21:54:18 +00:00
652d5417bf Includes: Added back support for parse theme event
Managed to do this in an API-compatible way although resuling output may
differ due to new dom handling in general, although user content is used
inline to remain as comptable as possible.
2023-11-27 21:39:43 +00:00
b569827114 Includes: Added ID de-duplicating and more thorough clean-up 2023-11-27 20:16:27 +00:00
71c93c8878 Includes: Switched page to new system
- Added mulit-level depth parsing.
- Updating usage of HTML doc in page content to be efficient.
- Removed now redundant PageContentTest cases.
- Made some include system fixes based upon testing.
2023-11-27 19:54:47 +00:00