From 89ec9a5081caa95d5c3bbddd3f09015cc74329b7 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Thu, 4 Aug 2022 17:24:04 +0100 Subject: [PATCH 1/9] Sprinkled in some user language validation For #3615 --- .../Controllers/Api/UserApiController.php | 4 ++-- app/Http/Controllers/UserController.php | 4 ++-- tests/User/UserManagementTest.php | 24 +++++++++++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php index 4f0d30034..03d2a0f06 100644 --- a/app/Http/Controllers/Api/UserApiController.php +++ b/app/Http/Controllers/Api/UserApiController.php @@ -41,7 +41,7 @@ class UserApiController extends ApiController 'required', 'min:2', 'email', new Unique('users', 'email'), ], 'external_auth_id' => ['string'], - 'language' => ['string'], + 'language' => ['string', 'max:15', 'alpha_dash'], 'password' => [Password::default()], 'roles' => ['array'], 'roles.*' => ['integer'], @@ -55,7 +55,7 @@ class UserApiController extends ApiController (new Unique('users', 'email'))->ignore($userId ?? null), ], 'external_auth_id' => ['string'], - 'language' => ['string'], + 'language' => ['string', 'max:15', 'alpha_dash'], 'password' => [Password::default()], 'roles' => ['array'], 'roles.*' => ['integer'], diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 3110f1a98..88d44565c 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -83,7 +83,7 @@ class UserController extends Controller $validationRules = [ 'name' => ['required'], 'email' => ['required', 'email', 'unique:users,email'], - 'language' => ['string'], + 'language' => ['string', 'max:15', 'alpha_dash'], 'roles' => ['array'], 'roles.*' => ['integer'], 'password' => $passwordRequired ? ['required', Password::default()] : null, @@ -143,7 +143,7 @@ class UserController extends Controller 'email' => ['min:2', 'email', 'unique:users,email,' . $id], 'password' => ['required_with:password_confirm', Password::default()], 'password-confirm' => ['same:password', 'required_with:password'], - 'language' => ['string'], + 'language' => ['string', 'max:15', 'alpha_dash'], 'roles' => ['array'], 'roles.*' => ['integer'], 'external_auth_id' => ['string'], diff --git a/tests/User/UserManagementTest.php b/tests/User/UserManagementTest.php index c09ce8cb3..f0bc7c2f0 100644 --- a/tests/User/UserManagementTest.php +++ b/tests/User/UserManagementTest.php @@ -234,4 +234,28 @@ class UserManagementTest extends TestCase $this->assertDatabaseMissing('activities', ['type' => 'USER_CREATE']); } + + public function test_user_create_update_fails_if_locale_is_invalid() + { + $user = $this->getEditor(); + + // Too long + $resp = $this->asAdmin()->put($user->getEditUrl(), ['language' => 'this_is_too_long']); + $resp->assertSessionHasErrors(['language' => 'The language may not be greater than 15 characters.']); + session()->flush(); + + // Invalid characters + $resp = $this->put($user->getEditUrl(), ['language' => 'enassertSessionHasErrors(['language' => 'The language may only contain letters, numbers, dashes and underscores.']); + session()->flush(); + + // Both on create + $resp = $this->post('/settings/users/create', [ + 'language' => 'en 'My name', + 'email' => 'jimmy@example.com', + ]); + $resp->assertSessionHasErrors(['language' => 'The language may not be greater than 15 characters.']); + $resp->assertSessionHasErrors(['language' => 'The language may only contain letters, numbers, dashes and underscores.']); + } } From 4209f27f1acabfccff0c2dea08f8e151ed82144f Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 12:40:59 +0100 Subject: [PATCH 2/9] Set a fairly sensible limit on user name validation Also updated controller properties with types within modified files. Related to #3614 --- app/Http/Controllers/Api/UserApiController.php | 4 ++-- app/Http/Controllers/Auth/RegisterController.php | 8 ++++---- app/Http/Controllers/UserController.php | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php index 03d2a0f06..64e9d732d 100644 --- a/app/Http/Controllers/Api/UserApiController.php +++ b/app/Http/Controllers/Api/UserApiController.php @@ -36,7 +36,7 @@ class UserApiController extends ApiController { return [ 'create' => [ - 'name' => ['required', 'min:2'], + 'name' => ['required', 'min:2', 'max:100'], 'email' => [ 'required', 'min:2', 'email', new Unique('users', 'email'), ], @@ -48,7 +48,7 @@ class UserApiController extends ApiController 'send_invite' => ['boolean'], ], 'update' => [ - 'name' => ['min:2'], + 'name' => ['min:2', 'max:100'], 'email' => [ 'min:2', 'email', diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 9399e8b7f..b0aec1177 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -30,9 +30,9 @@ class RegisterController extends Controller use RegistersUsers; - protected $socialAuthService; - protected $registrationService; - protected $loginService; + protected SocialAuthService $socialAuthService; + protected RegistrationService $registrationService; + protected LoginService $loginService; /** * Where to redirect users after login / registration. @@ -69,7 +69,7 @@ class RegisterController extends Controller protected function validator(array $data) { return Validator::make($data, [ - 'name' => ['required', 'min:2', 'max:255'], + 'name' => ['required', 'min:2', 'max:100'], 'email' => ['required', 'email', 'max:255', 'unique:users'], 'password' => ['required', Password::default()], ]); diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 88d44565c..895481d02 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -18,8 +18,8 @@ use Illuminate\Validation\ValidationException; class UserController extends Controller { - protected $userRepo; - protected $imageRepo; + protected UserRepo $userRepo; + protected ImageRepo $imageRepo; /** * UserController constructor. @@ -81,7 +81,7 @@ class UserController extends Controller $passwordRequired = ($authMethod === 'standard' && !$sendInvite); $validationRules = [ - 'name' => ['required'], + 'name' => ['required', 'max:100'], 'email' => ['required', 'email', 'unique:users,email'], 'language' => ['string', 'max:15', 'alpha_dash'], 'roles' => ['array'], @@ -139,7 +139,7 @@ class UserController extends Controller $this->checkPermissionOrCurrentUser('users-manage', $id); $validated = $this->validate($request, [ - 'name' => ['min:2'], + 'name' => ['min:2', 'max:100'], 'email' => ['min:2', 'email', 'unique:users,email,' . $id], 'password' => ['required_with:password_confirm', Password::default()], 'password-confirm' => ['same:password', 'required_with:password'], From a90446796a113c0e9da916f0e2ea4fb61e7b6a46 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 12:58:10 +0100 Subject: [PATCH 3/9] Fixed issue preventing selection of activity type in audit log For #3623 --- resources/views/settings/audit.blade.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/resources/views/settings/audit.blade.php b/resources/views/settings/audit.blade.php index b856d1150..2daeb8a82 100644 --- a/resources/views/settings/audit.blade.php +++ b/resources/views/settings/audit.blade.php @@ -13,7 +13,12 @@
- +
  • {{ trans('settings.audit_event_filter_no_filter') }}
    • @foreach($activityTypes as $type) From 7fa934e7f29458276bac2488f2257785a25f0776 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 13:00:39 +0100 Subject: [PATCH 4/9] New Crowdin updates (#3625) --- resources/lang/nl/entities.php | 2 +- resources/lang/pt_BR/activities.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/resources/lang/nl/entities.php b/resources/lang/nl/entities.php index 702328264..ad1c71618 100644 --- a/resources/lang/nl/entities.php +++ b/resources/lang/nl/entities.php @@ -171,7 +171,7 @@ return [ 'chapters_permissions_active' => 'Hoofdstuk Machtigingen Actief', 'chapters_permissions_success' => 'Hoofdstuk Machtigingen Bijgewerkt', 'chapters_search_this' => 'Doorzoek dit hoofdstuk', - 'chapter_sort_book' => 'Sort Book', + 'chapter_sort_book' => 'Sorteer Boek', // Pages 'page' => 'Pagina', diff --git a/resources/lang/pt_BR/activities.php b/resources/lang/pt_BR/activities.php index 4f068844e..0006a9e91 100644 --- a/resources/lang/pt_BR/activities.php +++ b/resources/lang/pt_BR/activities.php @@ -28,8 +28,8 @@ return [ // Books 'book_create' => 'criou o livro', 'book_create_notification' => 'Livro criado com sucesso', - 'book_create_from_chapter' => 'converted chapter to book', - 'book_create_from_chapter_notification' => 'Chapter successfully converted to a book', + 'book_create_from_chapter' => 'capítulo convertido em livro', + 'book_create_from_chapter_notification' => 'Capítulo convertido com sucesso em um livro', 'book_update' => 'atualizou o livro', 'book_update_notification' => 'Livro atualizado com sucesso', 'book_delete' => 'excluiu o livro', @@ -40,8 +40,8 @@ return [ // Bookshelves 'bookshelf_create' => 'prateleira criada', 'bookshelf_create_notification' => 'Prateleira criada com sucesso', - 'bookshelf_create_from_book' => 'converted book to bookshelf', - 'bookshelf_create_from_book_notification' => 'Book successfully converted to a shelf', + 'bookshelf_create_from_book' => 'livro convertido em estante', + 'bookshelf_create_from_book_notification' => 'Capítulo convertido com sucesso em um livro', 'bookshelf_update' => 'atualizou a prateleira', 'bookshelf_update_notification' => 'Prateleira atualizada com sucesso', 'bookshelf_delete' => 'excluiu a prateleira', From 6e0a7344fa120e09856e20c488e2d53b77211eb1 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 13:25:18 +0100 Subject: [PATCH 5/9] Added revision activity types to system and audit log Closes #3628 --- app/Actions/ActivityType.php | 3 +++ app/Entities/Models/PageRevision.php | 8 +++++++- app/Entities/Repos/PageRepo.php | 1 + app/Facades/Activity.php | 2 +- app/Http/Controllers/PageRevisionController.php | 3 +++ tests/Entity/PageRevisionTest.php | 7 +++++++ 6 files changed, 22 insertions(+), 2 deletions(-) diff --git a/app/Actions/ActivityType.php b/app/Actions/ActivityType.php index 0ad25a5ab..2a9615093 100644 --- a/app/Actions/ActivityType.php +++ b/app/Actions/ActivityType.php @@ -29,6 +29,9 @@ class ActivityType const COMMENTED_ON = 'commented_on'; const PERMISSIONS_UPDATE = 'permissions_update'; + const REVISION_RESTORE = 'revision_restore'; + const REVISION_DELETE = 'revision_delete'; + const SETTINGS_UPDATE = 'settings_update'; const MAINTENANCE_ACTION_RUN = 'maintenance_action_run'; diff --git a/app/Entities/Models/PageRevision.php b/app/Entities/Models/PageRevision.php index be2ac33a0..6517b0080 100644 --- a/app/Entities/Models/PageRevision.php +++ b/app/Entities/Models/PageRevision.php @@ -3,6 +3,7 @@ namespace BookStack\Entities\Models; use BookStack\Auth\User; +use BookStack\Interfaces\Loggable; use BookStack\Model; use Carbon\Carbon; use Illuminate\Database\Eloquent\Relations\BelongsTo; @@ -27,7 +28,7 @@ use Illuminate\Database\Eloquent\Relations\BelongsTo; * @property Page $page * @property-read ?User $createdBy */ -class PageRevision extends Model +class PageRevision extends Model implements Loggable { protected $fillable = ['name', 'text', 'summary']; protected $hidden = ['html', 'markdown', 'restricted', 'text']; @@ -83,4 +84,9 @@ class PageRevision extends Model { return $type === 'revision'; } + + public function logDescriptor(): string + { + return "Revision #{$this->revision_number} (ID: {$this->id}) for page ID {$this->page_id}"; + } } diff --git a/app/Entities/Repos/PageRepo.php b/app/Entities/Repos/PageRepo.php index e3c6bd17a..60f1d1b01 100644 --- a/app/Entities/Repos/PageRepo.php +++ b/app/Entities/Repos/PageRepo.php @@ -337,6 +337,7 @@ class PageRepo $this->savePageRevision($page, $summary); Activity::add(ActivityType::PAGE_RESTORE, $page); + Activity::add(ActivityType::REVISION_RESTORE, $revision); return $page; } diff --git a/app/Facades/Activity.php b/app/Facades/Activity.php index 6c279a057..ec3d28cc0 100644 --- a/app/Facades/Activity.php +++ b/app/Facades/Activity.php @@ -5,7 +5,7 @@ namespace BookStack\Facades; use Illuminate\Support\Facades\Facade; /** - * @see \BookStack\Actions\ActivityLogger + * @mixin \BookStack\Actions\ActivityLogger */ class Activity extends Facade { diff --git a/app/Http/Controllers/PageRevisionController.php b/app/Http/Controllers/PageRevisionController.php index c6a4926d2..086518960 100644 --- a/app/Http/Controllers/PageRevisionController.php +++ b/app/Http/Controllers/PageRevisionController.php @@ -2,9 +2,11 @@ namespace BookStack\Http\Controllers; +use BookStack\Actions\ActivityType; use BookStack\Entities\Repos\PageRepo; use BookStack\Entities\Tools\PageContent; use BookStack\Exceptions\NotFoundException; +use BookStack\Facades\Activity; use Ssddanbrown\HtmlDiff\Diff; class PageRevisionController extends Controller @@ -132,6 +134,7 @@ class PageRevisionController extends Controller } $revision->delete(); + Activity::add(ActivityType::REVISION_DELETE, $revision); $this->showSuccessNotification(trans('entities.revision_delete_success')); return redirect($page->getUrl('/revisions')); diff --git a/tests/Entity/PageRevisionTest.php b/tests/Entity/PageRevisionTest.php index cc4900249..78bf2dec2 100644 --- a/tests/Entity/PageRevisionTest.php +++ b/tests/Entity/PageRevisionTest.php @@ -2,6 +2,7 @@ namespace Tests\Entity; +use BookStack\Actions\ActivityType; use BookStack\Entities\Models\Page; use BookStack\Entities\Repos\PageRepo; use Tests\TestCase; @@ -117,6 +118,9 @@ class PageRevisionTest extends TestCase 'type' => 'version', 'summary' => "Restored from #{$revToRestore->id}; My first update", ]); + + $detail = "Revision #{$revToRestore->revision_number} (ID: {$revToRestore->id}) for page ID {$revToRestore->page_id}"; + $this->assertActivityExists(ActivityType::REVISION_RESTORE, null, $detail); } public function test_page_revision_count_increments_on_update() @@ -164,6 +168,9 @@ class PageRevisionTest extends TestCase $this->assertTrue($beforeRevisionCount === ($afterRevisionCount + 1)); + $detail = "Revision #{$revision->revision_number} (ID: {$revision->id}) for page ID {$revision->page_id}"; + $this->assertActivityExists(ActivityType::REVISION_DELETE, null, $detail); + // Try to delete the latest revision $beforeRevisionCount = $page->revisions->count(); $resp = $this->asEditor()->delete($page->currentRevision->getUrl('/delete/')); From 45dc28ba2aaa0165dfce4dd7f01b1b38575fdabe Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 13:26:45 +0100 Subject: [PATCH 6/9] Applied latest styleci changes --- tests/User/UserManagementTest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/User/UserManagementTest.php b/tests/User/UserManagementTest.php index f0bc7c2f0..71d50e8d6 100644 --- a/tests/User/UserManagementTest.php +++ b/tests/User/UserManagementTest.php @@ -252,8 +252,8 @@ class UserManagementTest extends TestCase // Both on create $resp = $this->post('/settings/users/create', [ 'language' => 'en 'My name', - 'email' => 'jimmy@example.com', + 'name' => 'My name', + 'email' => 'jimmy@example.com', ]); $resp->assertSessionHasErrors(['language' => 'The language may not be greater than 15 characters.']); $resp->assertSessionHasErrors(['language' => 'The language may only contain letters, numbers, dashes and underscores.']); From 06b5a83d8f5105fceb5f44458df16a1643d7c890 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 13:46:52 +0100 Subject: [PATCH 7/9] Added convenience theme system partials for export layouts To allow easier additions to start/end of body tag in export formats. --- resources/views/layouts/export.blade.php | 2 ++ resources/views/layouts/parts/export-body-end.blade.php | 2 ++ resources/views/layouts/parts/export-body-start.blade.php | 2 ++ 3 files changed, 6 insertions(+) create mode 100644 resources/views/layouts/parts/export-body-end.blade.php create mode 100644 resources/views/layouts/parts/export-body-start.blade.php diff --git a/resources/views/layouts/export.blade.php b/resources/views/layouts/export.blade.php index d631ad3c9..e041d8dea 100644 --- a/resources/views/layouts/export.blade.php +++ b/resources/views/layouts/export.blade.php @@ -12,8 +12,10 @@ @include('exports.parts.custom-head') +@include('layouts.parts.export-body-start')
    @yield('content')
    +@include('layouts.parts.export-body-end') \ No newline at end of file diff --git a/resources/views/layouts/parts/export-body-end.blade.php b/resources/views/layouts/parts/export-body-end.blade.php new file mode 100644 index 000000000..471198979 --- /dev/null +++ b/resources/views/layouts/parts/export-body-end.blade.php @@ -0,0 +1,2 @@ +{{-- This is a placeholder template file provided as a --}} +{{-- convenience to users of the visual theme system. --}} \ No newline at end of file diff --git a/resources/views/layouts/parts/export-body-start.blade.php b/resources/views/layouts/parts/export-body-start.blade.php new file mode 100644 index 000000000..471198979 --- /dev/null +++ b/resources/views/layouts/parts/export-body-start.blade.php @@ -0,0 +1,2 @@ +{{-- This is a placeholder template file provided as a --}} +{{-- convenience to users of the visual theme system. --}} \ No newline at end of file From 97ec56028271a78a2be829521ed7eebda2babcfa Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 13:49:42 +0100 Subject: [PATCH 8/9] Added test to cover export body start/end partial usage --- tests/ThemeTest.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/tests/ThemeTest.php b/tests/ThemeTest.php index 12a25a6d4..c90625e2b 100644 --- a/tests/ThemeTest.php +++ b/tests/ThemeTest.php @@ -272,7 +272,7 @@ class ThemeTest extends TestCase $this->assertStringContainsString('Command ran!', $output); } - public function test_body_start_and_end_template_files_can_be_used() + public function test_base_body_start_and_end_template_files_can_be_used() { $bodyStartStr = 'barry-fought-against-the-panther'; $bodyEndStr = 'barry-lost-his-fight-with-grace'; @@ -289,6 +289,25 @@ class ThemeTest extends TestCase }); } + public function test_export_body_start_and_end_template_files_can_be_used() + { + $bodyStartStr = 'barry-fought-against-the-panther'; + $bodyEndStr = 'barry-lost-his-fight-with-grace'; + /** @var Page $page */ + $page = Page::query()->first(); + + $this->usingThemeFolder(function (string $folder) use ($bodyStartStr, $bodyEndStr, $page) { + $viewDir = theme_path('layouts/parts'); + mkdir($viewDir, 0777, true); + file_put_contents($viewDir . '/export-body-start.blade.php', $bodyStartStr); + file_put_contents($viewDir . '/export-body-end.blade.php', $bodyEndStr); + + $resp = $this->asEditor()->get($page->getUrl('/export/html')); + $resp->assertSee($bodyStartStr); + $resp->assertSee($bodyEndStr); + }); + } + protected function usingThemeFolder(callable $callback) { // Create a folder and configure a theme From 219da9da9ba94a2f024eca3be401fd14ef03bd25 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 13:55:26 +0100 Subject: [PATCH 9/9] Updated translator attribution before release v22.07.2 --- .github/translators.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/translators.txt b/.github/translators.txt index 10bb7d325..8bdefe9b5 100644 --- a/.github/translators.txt +++ b/.github/translators.txt @@ -267,3 +267,4 @@ Filip Antala (AntalaFilip) :: Slovak mcgong (GongMingCai) :: Chinese Simplified; Chinese Traditional Nanang Setia Budi (sefidananang) :: Indonesian Андрей Павлов (andrei.pavlov) :: Russian +Alex Navarro (alex.n.navarro) :: Portuguese, Brazilian