18ab38a87b
Merge branch 'fix/markdown-export' into development
2024-12-02 11:50:15 +00:00
0f9957bc03
MD Exports: Added HTML description conversion
...
Also updated tests to cover checking description use/conversion.
Made during review of #5313
2024-12-02 11:46:56 +00:00
80f258c3c5
Merge branch 'fix-ldap-display-name' into development
2024-12-01 18:44:23 +00:00
90341e0e00
LDAP: Review and testing of mulitple-display-name attr support
...
Review of #5295
Added test to cover functionality.
Moved splitting from config to service.
2024-12-01 18:42:54 +00:00
fdbbcf2b8a
Merge branch 'portazips' into development
2024-12-01 13:06:43 +00:00
e9f906ce56
Attachments: Fixed full range request handling
...
We were not responsing with a range request, where the requested range
was for the full extent of content. This changes things to always
provide a range request, even for the full range.
Change made since our existing logic could cause problems in chromium
browsers.
Elseif statement removed as its was likley redundant based upon other
existing checks.
This also changes responses for requested ranges beyond content, but I
think that's technically correct looking at the spec (416 are for when
there are no overlapping request/response ranges at all).
Updated tests to cover.
For #5342
2024-11-29 13:19:55 +00:00
978acecdcf
Merge branch 'oidc-content-type-issue' into development
2024-11-28 16:58:55 +00:00
bc1f1d92e5
OIDC: Added extra userinfo content-type normalisation and test
...
During review of #5337
2024-11-28 16:58:06 +00:00
415cd6a360
Includes: Workaround for PHP 8.3.14 bug
...
Changed DOMText creation to be done via document so its document
reference is correct to avoid a bug in PHP 8.3.14.
Ref: https://github.com/php/php-src/issues/16967
Fixes #5341
2024-11-28 16:30:59 +00:00
bdca9fc1ce
ZIP Exports: Changed the instance id mechanism
...
Adds an instance id via app settings.
2024-11-27 16:30:19 +00:00
17f7afe12d
Updates the OIDC userinfo endpoint request to allow for a `Content-Type` response header with optional parameters, like `application/json; charset=utf-8`. This was causing an issue when integrating with [node-oidc-provider]( https://github.com/panva/node-oidc-provider ).
2024-11-26 11:21:20 -06:00
0a182a45ba
ZIP Exports: Added detection/handling of images with external storage
...
Added test to cover.
2024-11-26 15:59:39 +00:00
9ecc91929a
ZIP Import & Exports: Addressed issues during testing
...
- Handled links to within-zip page images found in chapter/book
descriptions; Added test to cover.
- Fixed session showing unrelated success on failed import.
Tested import file-create undo on failure as part of this testing.
2024-11-25 15:54:15 +00:00
c0dff6d4a6
ZIP Imports: Added book content ordering to import preview
2024-11-22 21:03:04 +00:00
59cfc087e1
ZIP Imports: Added image type validation/handling
...
Images were missing their extension after import since it was
(potentially) not part of the import data.
This adds validation via mime sniffing (to match normal image upload
checks) and also uses the same logic to sniff out a correct extension.
Added tests to cover.
Also fixed some existing tests around zip functionality.
2024-11-18 17:42:49 +00:00
e2f6e50df4
ZIP Exports: Added ID checks and testing to validator
2024-11-18 15:53:21 +00:00
8645aeaa4a
ZIP Imports: Started testing core import logic
...
Fixed image size handling, and lack of attachment reference replacements
during testing.
2024-11-16 16:12:45 +00:00
7681e32dca
ZIP Imports: Added high level import run tests
2024-11-16 13:57:41 +00:00
b7476a9e7f
ZIP Import: Finished base import process & error handling
...
Added file creation reverting and DB rollback on error.
Added error display on failed import.
Extracted likely shown import form/error text to translation files.
2024-11-14 15:59:15 +00:00
48c101aa7a
ZIP Imports: Finished off core import logic
2024-11-11 15:06:46 +00:00
378f0d595f
ZIP Imports: Built out reference parsing/updating logic
2024-11-10 16:03:50 +00:00
f12946d581
ExportFormatter: Add book description and check for empty book and chapter descriptions in markdown export
2024-11-10 09:39:33 +01:00
d13e4d2eef
ZIP imports: Started actual import logic
2024-11-09 14:01:24 +00:00
ac27e18933
Languages: Added Turkmen to locale manager
2024-11-08 13:46:57 +00:00
7017a1cae5
Update URL Command: Added revisions table support
...
For #5292
Added test to cover.
2024-11-08 11:22:30 +00:00
7b84558ca1
ZIP Imports: Added parent and permission check pre-import
2024-11-05 15:41:58 +00:00
92cfde495e
ZIP Imports: Added full contents view to import display
...
Reduced import data will now be stored on the import itself, instead of
storing a set of totals.
2024-11-05 13:17:31 +00:00
14578c2257
ZIP Imports: Added parent selector for page/chapter imports
2024-11-04 16:21:22 +00:00
8f6f81948e
ZIP Imports: Fleshed out continue page, Added testing
2024-11-03 17:28:18 +00:00
c6109c7087
ZIP Imports: Added listing, show view, delete, activity
2024-11-03 14:13:05 +00:00
8ea3855e02
ZIP Import: Added upload handling
...
Split attachment service storage work out so it can be shared.
2024-11-02 20:48:21 +00:00
74fce9640e
ZIP Import: Added model+migration, and reader class
2024-11-02 17:17:34 +00:00
259aa829d4
ZIP Imports: Added validation message display, added testing
...
Testing covers main UI access, and main non-successfull import actions.
Started planning stored import model.
Extracted some text to language files.
2024-11-02 14:51:04 +00:00
c4ec50d437
ZIP Exports: Got zip format validation functionally complete
2024-10-30 15:26:23 +00:00
b50b7b667d
ZIP Exports: Started import validation
2024-10-30 13:13:41 +00:00
a56a28fbb7
ZIP Exports: Built out initial import view
...
Added syles for non-custom, non-image file inputs.
Started planning out back-end handling.
2024-10-29 14:21:32 +00:00
4051d5b803
ZIP Exports: Added new import permission
...
Also updated new route/view to new non-book-specific flow.
Also fixed down migration of old export permissions migration.
2024-10-29 12:11:51 +00:00
72d9ffd8b4
Added support for concatenating multiple LDAP attributes in displayName
2024-10-28 22:14:30 +01:00
f606711463
respective book and chapter structure added.
2024-10-27 22:50:20 +05:30
d1f69feb4a
ZIP Exports: Tested each type and model of export
2024-10-27 14:33:43 +00:00
484342f26a
ZIP Exports: Added entity cross refs, Started export tests
2024-10-23 15:59:58 +01:00
42ada66fdd
ZIP Exports: Added core logic for books/chapters
2024-10-23 11:30:32 +01:00
f732ef05d5
ZIP Exports: Reorganised files, added page md parsing
2024-10-23 10:48:26 +01:00
4fb4fe0931
ZIP Exports: Added working image handling/inclusion
2024-10-21 13:59:15 +01:00
06ffd8ee72
Zip Exports: Added attachment/image link resolving & JSON null handling
2024-10-21 12:13:41 +01:00
90a8070518
Eager loading for titles
2024-10-21 03:01:33 +05:30
3e656efb00
Added include func for search api
2024-10-21 02:42:49 +05:30
7c39dd5cba
ZIP Export: Started building link/ref handling
2024-10-20 19:56:56 +01:00
21ccfa97dd
ZIP Export: Expanded page & added base attachment handling
2024-10-19 15:41:07 +01:00
42b9700673
ZIP Exports: Finished up format doc, move files, started builder
...
Moved all existing export related app files into their new own dir.
2024-10-15 16:14:11 +01:00
6f1c54d018
Users: Changed name validation to min:1 instead of 2
...
Would cause scenarios where users could be created with 1 char, but then
fail to update due to validation differences.
Added test to cover.
For #5263
2024-10-15 11:07:41 +01:00
4dc75bad05
Settings: Added test to cover setting category by view
2024-10-11 13:33:07 +01:00
a3d0f7478f
Move settings category layouts into their own view folder
2024-10-11 10:42:48 +11:00
b9b5003239
Refactor SettingController to validate categies by existing view files
2024-10-11 10:40:38 +11:00
8b9bcc1768
Search: Fixed last commented filter when using table prefixes
2024-10-05 15:20:04 +01:00
51287d545b
Searching: Fixed some form search issues
...
- Form was not retaining certain filters
- Form request handling of entity type set wrong filter name
Added test to cover.
2024-10-05 14:49:30 +01:00
966ff91386
Search: Prevented negated terms filling in UI inputs
...
Added test to cover.
2024-10-03 19:40:11 +01:00
cd84d08157
Search: Added exact/filter/tag term negation support
2024-10-03 19:27:03 +01:00
93c677a6a9
Searching: Added negation support to UI and term handling
...
Updated/added tests to cover.
Support for actual search queries still remains.
2024-10-03 15:59:50 +01:00
177cfd72bf
Search: Added structure for search term inputs
...
Sets things up to allow more complex terms ready to handle negation.
2024-10-02 17:31:45 +01:00
e65655594f
Merge branch 'feature/opensearch' into development
2024-09-30 17:21:51 +01:00
f583354748
Maintenance: Removed stray dd from last commit
2024-09-29 16:50:48 +01:00
d12e8ec923
Users: Improved user response for failed invite sending
...
Added specific handling to show relevant error message when user
creation fails due to invite sending errors, while also returning user
to the form with previous input.
Includes test to cover.
For #5195
2024-09-29 16:41:18 +01:00
89f84c9a95
Pages: Updated editor field to always be set
...
- Migration for setting on existing pages
- Added test to cover simple new page scenario
For #5117
2024-09-29 14:36:41 +01:00
6103a22feb
Exports: Made pdf command timeout configurable
...
Added test to cover.
For #5119
2024-09-27 16:33:58 +01:00
b35b62d59f
Merge branch 'lexical' into development
2024-09-27 12:04:01 +01:00
8b32e6c15a
Page Editors: Added switching/options for new lexical editor
2024-09-22 20:06:55 +01:00
476c2be5a6
Add XML for OpenSearch
2024-09-09 22:54:33 +02:00
9aa3442a17
API: Fixed lacking permission enforcement on book contents
2024-08-29 14:43:21 +01:00
c68d154f0f
LDAP: Updated tests for recursive group changes
2024-08-28 21:16:18 +01:00
1b4ed69f41
LDAP: Updated recursive group search to query by DN
...
Added test to cover, added pre-change.
Need to test post-changes and fix tests.
2024-08-28 15:39:05 +01:00
1f2506221a
API: Updated docs with consistent types, fixed users response example
...
For #5178 and #5183
2024-08-27 12:23:36 +01:00
897bb338f9
CSP: Updated handling of drawio URL to consider port
...
Previously if a custom port was used in the DRAWIO option it would not
be considered in the CSP handling, which would block loading.
Added test to cover.
For #5107
2024-07-14 16:06:18 +01:00
767699a066
OIDC: Fixed incorrect detection of group detail population
...
An empty (but valid formed) groups list provided via the OIDC ID token
would be considered as a lacking detail, and therefore trigger a lookup
to the userinfo endpoint in an attempt to get that information.
This fixes this to properly distinguish between not-provided and empty
state, to avoid userinfo where provided as valid but empty.
Includes test to cover.
For #5101
2024-07-14 14:21:16 +01:00
9b0ef85f77
Wraps file extension comparison components in strtolower()
...
This avoids the issue where replacing file.PNG with newfile.png fails due to "PNG" not being equal to "png"
2024-07-03 15:50:25 -04:00
11a7ccc37e
SAML: Set static type to pass static checks
...
Not totally clear if underlying code can actually return null, but
playing it safe to remain as-is for now for patch release.
2024-06-10 10:31:35 +01:00
a8ce199e0d
Pages: Fixed unused changelog on first page publish
...
Included test to cover.
For #5056
2024-06-09 17:18:23 +01:00
3406846c82
Images: Updated GIF handling to use native methods
...
Changes GIF image thumbnail handling to direcly load via gd instead of
going through interventions own handling (which supports frames) since
we don't need animation for our thumbnails, and since performance issues
could arise with GIFs that have large frame counts.
For #5029
2024-06-09 17:00:58 +01:00
bddc6ae66b
Roles: Added max validation for role external auth id field
...
For #5037
2024-06-08 20:33:34 +01:00
d133f904d3
Auth: Changed email confirmations to use login attempt user
...
Negates the need for a public confirmation resend form
since we can instead just send direct to the last session login attempter.
2024-05-20 17:23:15 +01:00
69af9e0dbd
Routes: Added throttling to a range of auth-related endpoints
...
Some already throttled in some means, but this adds a simple ip-based
non-request-specific layer to many endpoints.
Related to #4993
2024-05-20 14:00:58 +01:00
5651d2c43d
Config: Reverted change to cache directory
...
Change made during Laravel 10 updates to align (Laravel made this change
much earlier in 5.x series) but it caused issues due to folder not
pre-existing and due to potentiall permission issues.
(CLI could create this during update, with non-compatible permissions
for webserver).
For #4999
2024-05-18 20:40:26 +01:00
79f5be4170
Fixed notification preferences URL in email
2024-05-14 17:04:23 +08:00
67df127c26
API: Added to, and updated, testing to cover audit log additions
2024-05-05 15:44:58 +01:00
3946158e88
API: Added audit log list endpoint
...
Not yested covered with testing.
Changes database columns for more presentable names and for future use
to connect additional model types.
For #4316
2024-05-04 16:28:18 +01:00
dd251d9e62
Merge branch 'nesges/development' into development
2024-05-04 14:00:40 +01:00
5c28bcf865
Registration: Reviewed added simple honeypot, added testing
...
Also cleaned up old RegistrationController syntax.
Review of #4970
2024-05-04 13:59:41 +01:00
b0720777be
Merge pull request #4985 from BookStackApp/ldap_ca_cert_control
...
LDAP CA TLS Cert Option, PR Review and continuation
2024-05-02 23:16:16 +01:00
8087123f2e
LDAP: Review, testing and update of LDAP TLS CA cert control
...
Review of #4913
Added testing to cover option.
Updated option so it can be used for a CA directory, or a CA file.
Updated option name to be somewhat abstracted from original underling
PHP option.
Tested against Jumpcloud.
Testing took hours due to instability which was due to these settings
sticking and being unstable on change until php process restart.
Also due to little documentation for these options.
X_TLS_CACERTDIR option needs cert files to be named via specific hashes
which can be achieved via c_rehash utility.
This also adds detail on STARTTLS failure, which took a long time to
discover due to little detail out there for deeper PHP LDAP debugging.
2024-05-02 23:11:31 +01:00
6b681961e5
LDAP: Updated default user filter placeholder format
...
To not conflict with env variables, and to align with placeholders used
for PDF gen command.
Added test to cover, including old format supported for
back-compatibility.
For #4967
2024-04-28 12:29:57 +01:00
f0dd33c1b4
PDF: Added tests for pdf command, fixed old tests for changes
2024-04-26 15:39:40 +01:00
1c7128c2cb
PDF: Added implmentation of command PDF option
...
Tested quickly manually but not yet covered by PHPUnit tests.
2024-04-24 16:09:53 +01:00
40200856af
PDF: Removed barryvdh snappy to use snappy direct
...
Also simplifies config format, and updates snappy implmentation to use
the new config file.
Not yet tested.
2024-04-24 15:13:44 +01:00
bb6670d395
PDF: Started new command option, merged options, simplified dompdf
...
- Updated DOMPDF to direcly use library instead of depending on barry
wrapper.
- Merged existing export options file into single exports file.
- Defined option for new command option.
Related to #4732
2024-04-22 16:40:42 +01:00
8b14a701a4
OIDC Userinfo: Fixed issues with validation logic from changes
...
Also updated test to suit validation changes
2024-04-19 16:43:51 +01:00
0958909cd9
OIDC Userinfo: Added additional tests to cover jwks usage
2024-04-19 15:05:00 +01:00
b18cee3dc4
OIDC Userinfo: Added JWT signed response support
...
Not yet tested, nor checked all response validations.
2024-04-19 14:12:27 +01:00
31272e60b6
add ambrosia-container to registration form as honeypot for bots: new form field "username" must not be filled
2024-04-19 09:35:09 +02:00
fa543bbd4d
OIDC Userinfo: Started writing tests to cover userinfo calling
2024-04-17 23:26:56 +01:00
7d7cd32ca7
OIDC Userinfo: Added userinfo data validation, seperated from id token
...
Wrapped userinfo response in its own class for additional handling and
validation.
Updated userdetails to take abstract claim data, to be populated by
either userinfo data or id token data.
2024-04-17 18:23:58 +01:00
Dan Brown
Wes Biggs
czemu
Matthieu Leboeuf
Rashad
Lachlan Tripolone
Maximilian Walter
DanielGordonIT
Angelo Geant Gaviola
Dan Brown
nesges