colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,021 Commits 1 Branch 0 Tags 48 MiB
Commit Graph

1082 Commits

Author SHA1 Message Date
Dan Brown 90341e0e00
LDAP: Review and testing of mulitple-display-name attr support 
Review of #5295
Added test to cover functionality.
Moved splitting from config to service.
 2024-12-01 18:42:54 +00:00
Dan Brown fdbbcf2b8a
Merge branch 'portazips' into development 2024-12-01 13:06:43 +00:00
Dan Brown e9f906ce56
Attachments: Fixed full range request handling 
We were not responsing with a range request, where the requested range
was for the full extent of content. This changes things to always
provide a range request, even for the full range.

Change made since our existing logic could cause problems in chromium
browsers.

Elseif statement removed as its was likley redundant based upon other
existing checks.
This also changes responses for requested ranges beyond content, but I
think that's technically correct looking at the spec (416 are for when
there are no overlapping request/response ranges at all).

Updated tests to cover.
For #5342
 2024-11-29 13:19:55 +00:00
Dan Brown bc1f1d92e5
OIDC: Added extra userinfo content-type normalisation and test 
During review of #5337
 2024-11-28 16:58:06 +00:00
Dan Brown bdca9fc1ce
ZIP Exports: Changed the instance id mechanism 
Adds an instance id via app settings.
 2024-11-27 16:30:19 +00:00
Dan Brown 0a182a45ba
ZIP Exports: Added detection/handling of images with external storage 
Added test to cover.
 2024-11-26 15:59:39 +00:00
Dan Brown 95d62e7f57
ZIP Imports/Exports: Fixed some lint and test issues 
- Updated test handling to create imports folder when required.
- Updated some tests to delete created import zip files.
 2024-11-25 16:30:56 +00:00
Dan Brown 9ecc91929a
ZIP Import & Exports: Addressed issues during testing 
- Handled links to within-zip page images found in chapter/book
  descriptions; Added test to cover.
- Fixed session showing unrelated success on failed import.

Tested import file-create undo on failure as part of this testing.
 2024-11-25 15:54:15 +00:00
Dan Brown 59cfc087e1
ZIP Imports: Added image type validation/handling 
Images were missing their extension after import since it was
(potentially) not part of the import data.
This adds validation via mime sniffing (to match normal image upload
checks) and also uses the same logic to sniff out a correct extension.

Added tests to cover.
Also fixed some existing tests around zip functionality.
 2024-11-18 17:42:49 +00:00
Dan Brown e2f6e50df4
ZIP Exports: Added ID checks and testing to validator 2024-11-18 15:53:21 +00:00
Dan Brown c2c64e207f
ZIP Imports: Covered import runner with further testing 2024-11-16 19:52:20 +00:00
Dan Brown 8645aeaa4a
ZIP Imports: Started testing core import logic 
Fixed image size handling, and lack of attachment reference replacements
during testing.
 2024-11-16 16:12:45 +00:00
Dan Brown 7681e32dca
ZIP Imports: Added high level import run tests 2024-11-16 13:57:41 +00:00
Dan Brown a6ba8dd68f
Testing: Improved reliability 
- Added extra column/value check for page revision test for accuracy.
- Changed search sort test to use more reliable values.
  - Change due to database seeding somtimes generating values that
    proceeded the test value, expected to be first, in sort results.
 2024-11-08 11:35:18 +00:00
Dan Brown 7017a1cae5
Update URL Command: Added revisions table support 
For #5292
Added test to cover.
 2024-11-08 11:22:30 +00:00
Dan Brown 92cfde495e
ZIP Imports: Added full contents view to import display 
Reduced import data will now be stored on the import itself, instead of
storing a set of totals.
 2024-11-05 13:17:31 +00:00
Dan Brown 8f6f81948e
ZIP Imports: Fleshed out continue page, Added testing 2024-11-03 17:28:18 +00:00
Dan Brown 259aa829d4
ZIP Imports: Added validation message display, added testing 
Testing covers main UI access, and main non-successfull import actions.
Started planning stored import model.
Extracted some text to language files.
 2024-11-02 14:51:04 +00:00
Matthieu Leboeuf 87242ce6cb Adapt tests with displayName array 2024-10-28 22:27:15 +01:00
Rashad f606711463 respective book and chapter structure added. 2024-10-27 22:50:20 +05:30
Dan Brown d1f69feb4a
ZIP Exports: Tested each type and model of export 2024-10-27 14:33:43 +00:00
Kevin Pfeifer 7aaf866064 fix tests namespace definition 2024-10-26 13:24:49 +02:00
Dan Brown 484342f26a
ZIP Exports: Added entity cross refs, Started export tests 2024-10-23 15:59:58 +01:00
Rashad 3e656efb00 Added include func for search api 2024-10-21 02:42:49 +05:30
Dan Brown 21ccfa97dd
ZIP Export: Expanded page & added base attachment handling 2024-10-19 15:41:07 +01:00
Dan Brown bf0262d7d1
Testing: Split export tests into multiple files 2024-10-19 13:59:42 +01:00
Dan Brown 42b9700673
ZIP Exports: Finished up format doc, move files, started builder 
Moved all existing export related app files into their new own dir.
 2024-10-15 16:14:11 +01:00
Dan Brown 6f1c54d018
Users: Changed name validation to min:1 instead of 2 
Would cause scenarios where users could be created with 1 char, but then
fail to update due to validation differences.
Added test to cover.
For #5263
 2024-10-15 11:07:41 +01:00
Dan Brown 4dc75bad05
Settings: Added test to cover setting category by view 2024-10-11 13:33:07 +01:00
Dan Brown 51287d545b
Searching: Fixed some form search issues 
- Form was not retaining certain filters
- Form request handling of entity type set wrong filter name
Added test to cover.
 2024-10-05 14:49:30 +01:00
Dan Brown b1a3ea1aa4
Languages: Enabled Welsh option 2024-10-04 11:02:17 +01:00
Dan Brown 966ff91386
Search: Prevented negated terms filling in UI inputs 
Added test to cover.
 2024-10-03 19:40:11 +01:00
Dan Brown cd84d08157
Search: Added exact/filter/tag term negation support 2024-10-03 19:27:03 +01:00
Dan Brown 93c677a6a9
Searching: Added negation support to UI and term handling 
Updated/added tests to cover.
Support for actual search queries still remains.
 2024-10-03 15:59:50 +01:00
Dan Brown 177cfd72bf
Search: Added structure for search term inputs 
Sets things up to allow more complex terms ready to handle negation.
 2024-10-02 17:31:45 +01:00
Dan Brown e65655594f
Merge branch 'feature/opensearch' into development 2024-09-30 17:21:51 +01:00
Dan Brown 514db60617
Tests: Categorised up meta tests 
Extracted robots.txt tests into its own file to fit into new folder.
Also tweaked open search tests a tad to specifically check long app
names.
 2024-09-30 17:07:53 +01:00
Maximilian Walter 2f74cfb42c
Add test for OpenSearch endpoint 2024-09-30 17:45:20 +02:00
Dan Brown d12e8ec923
Users: Improved user response for failed invite sending 
Added specific handling to show relevant error message when user
creation fails due to invite sending errors, while also returning user
to the form with previous input.
Includes test to cover.

For #5195
 2024-09-29 16:41:18 +01:00
Dan Brown 89f84c9a95
Pages: Updated editor field to always be set 
- Migration for setting on existing pages
- Added test to cover simple new page scenario

For #5117
 2024-09-29 14:36:41 +01:00
Dan Brown 6103a22feb
Exports: Made pdf command timeout configurable 
Added test to cover.
For #5119
 2024-09-27 16:33:58 +01:00
Dan Brown b35b62d59f
Merge branch 'lexical' into development 2024-09-27 12:04:01 +01:00
Dan Brown 8b32e6c15a
Page Editors: Added switching/options for new lexical editor 2024-09-22 20:06:55 +01:00
Dan Brown 9aa3442a17
API: Fixed lacking permission enforcement on book contents 2024-08-29 14:43:21 +01:00
Dan Brown c68d154f0f
LDAP: Updated tests for recursive group changes 2024-08-28 21:16:18 +01:00
Dan Brown 1b4ed69f41
LDAP: Updated recursive group search to query by DN 
Added test to cover, added pre-change.
Need to test post-changes and fix tests.
 2024-08-28 15:39:05 +01:00
Dan Brown 897bb338f9
CSP: Updated handling of drawio URL to consider port 
Previously if a custom port was used in the DRAWIO option it would not
be considered in the CSP handling, which would block loading.

Added test to cover.
For #5107
 2024-07-14 16:06:18 +01:00
Dan Brown 767699a066
OIDC: Fixed incorrect detection of group detail population 
An empty (but valid formed) groups list provided via the OIDC ID token
would be considered as a lacking detail, and therefore trigger a lookup
to the userinfo endpoint in an attempt to get that information.

This fixes this to properly distinguish between not-provided and empty
state, to avoid userinfo where provided as valid but empty.

Includes test to cover.
For #5101
 2024-07-14 14:21:16 +01:00
DanielGordonIT ca310966b2 Actually add the test this time 2024-07-05 03:59:49 +00:00
DanielGordonIT 25f92ce584
Add test to verify different case on extensions works 2024-07-04 19:48:12 -04:00
Dan Brown a8ce199e0d
Pages: Fixed unused changelog on first page publish 
Included test to cover.
For #5056
 2024-06-09 17:18:23 +01:00
Dan Brown 3406846c82
Images: Updated GIF handling to use native methods 
Changes GIF image thumbnail handling to direcly load via gd instead of
going through interventions own handling (which supports frames) since
we don't need animation for our thumbnails, and since performance issues
could arise with GIFs that have large frame counts.

For #5029
 2024-06-09 17:00:58 +01:00
Dan Brown bddc6ae66b
Roles: Added max validation for role external auth id field 
For #5037
 2024-06-08 20:33:34 +01:00
Dan Brown d133f904d3
Auth: Changed email confirmations to use login attempt user 
Negates the need for a public confirmation resend form
since we can instead just send direct to the last session login attempter.
 2024-05-20 17:23:15 +01:00
Dan Brown 69af9e0dbd
Routes: Added throttling to a range of auth-related endpoints 
Some already throttled in some means, but this adds a simple ip-based
non-request-specific layer to many endpoints.
Related to #4993
 2024-05-20 14:00:58 +01:00
Dan Brown 67df127c26
API: Added to, and updated, testing to cover audit log additions 2024-05-05 15:44:58 +01:00
Dan Brown dd251d9e62
Merge branch 'nesges/development' into development 2024-05-04 14:00:40 +01:00
Dan Brown 5c28bcf865
Registration: Reviewed added simple honeypot, added testing 
Also cleaned up old RegistrationController syntax.
Review of #4970
 2024-05-04 13:59:41 +01:00
Dan Brown b0720777be
Merge pull request #4985 from BookStackApp/ldap_ca_cert_control 
LDAP CA TLS Cert Option, PR Review and continuation
 2024-05-02 23:16:16 +01:00
Dan Brown 8087123f2e
LDAP: Review, testing and update of LDAP TLS CA cert control 
Review of #4913
Added testing to cover option.
Updated option so it can be used for a CA directory, or a CA file.
Updated option name to be somewhat abstracted from original underling
PHP option.

Tested against Jumpcloud.
Testing took hours due to instability which was due to these settings
sticking and being unstable on change until php process restart.
Also due to little documentation for these options.
X_TLS_CACERTDIR option needs cert files to be named via specific hashes
which can be achieved via c_rehash utility.

This also adds detail on STARTTLS failure, which took a long time to
discover due to little detail out there for deeper PHP LDAP debugging.
 2024-05-02 23:11:31 +01:00
Dan Brown 6b681961e5
LDAP: Updated default user filter placeholder format 
To not conflict with env variables, and to align with placeholders used
for PDF gen command.
Added test to cover, including old format supported for
back-compatibility.
For #4967
 2024-04-28 12:29:57 +01:00
Dan Brown f0dd33c1b4
PDF: Added tests for pdf command, fixed old tests for changes 2024-04-26 15:39:40 +01:00
Dan Brown 8b14a701a4
OIDC Userinfo: Fixed issues with validation logic from changes 
Also updated test to suit validation changes
 2024-04-19 16:43:51 +01:00
Dan Brown 0958909cd9
OIDC Userinfo: Added additional tests to cover jwks usage 2024-04-19 15:05:00 +01:00
Dan Brown fa543bbd4d
OIDC Userinfo: Started writing tests to cover userinfo calling 2024-04-17 23:26:56 +01:00
Dan Brown dc6013fd7e
Merge branch 'development' into lukeshu/oidc-development 2024-04-16 14:57:36 +01:00
Dan Brown f05ec4cc26
Tags: Stopped recycle bin tags being counted on index 
For #4892
Added test to cover.
 2024-04-15 18:44:59 +01:00
Dan Brown ee40adf11a
Merge pull request #4921 from BookStackApp/v24-02 
v23.02.3 changes
 2024-04-05 15:21:05 +01:00
Dan Brown 19f78dbe6c
WYSIWYG descriptions: Allowed anchor target attrs 
Allowed since this is a control in the editor UI, but would previously
be stripped by editor config & server-side filtering.
For #4925
 2024-04-03 16:46:53 +01:00
Dan Brown a33dbcb04a
References: Fixed references count/list recycle bin interaction 
Count and reference list would get references then attempt to load
entities, which could fail to load if in the recycle bin.
This updates the queries to effectively ignore references for items we
can't see (in recycle bin).
Added test to cover.

For #4918
 2024-04-01 17:08:53 +01:00
Dan Brown a2fd80954b
Licensing: Added links and tests for new licenses endpoint 
For #4907
 2024-03-23 22:04:18 +00:00
Dan Brown b4b84f81a0
Deps: Updated custom symfony/mailer package 
Done during #4903 work
 2024-03-17 16:32:59 +00:00
Dan Brown d6b7717985
Framework: Fixed issues breaking tests 
For #4903
 2024-03-16 15:26:34 +00:00
Dan Brown 794671ef32
Framework: Upgrade from Laravel 9 to 10 
Following Laravel guidance and GitHub diff.
Not yet in tested state with app-specific changes made.
 2024-03-16 15:12:14 +00:00
Dan Brown 07761524af
Dev: Fixed flaky OIDC test, updated dev version 2024-03-12 12:08:26 +00:00
Dan Brown c9d9ad10f2
Merge branch 'totp-patch' into development 2024-03-10 18:32:02 +00:00
Dan Brown d5a689366c
MFA: Copied autocomplete changes from totp to backup codes 
Also added tests to cover.
Related to #4849
 2024-03-10 18:31:01 +00:00
Dan Brown 77f125208e
Page nav: Fixed nbsp being represented as nothing 
Now represented in page nav using a normal space to avoid complete
removal of space.
Added test to cover.
For #4836
 2024-03-09 15:52:09 +00:00
Dan Brown b7d4bd5bce
Breadcrumbs: Set book/shelf lists to use name ordering 
Previously in database order (id) which is not predictable
nor parsable for users.
For #4876
 2024-03-09 15:24:44 +00:00
Dan Brown f5f96f84e7
404: Fixed entity list issue with entity with non-visible parent 
Adds our mixed entity list loader to popular queries for more efficient
loading.
 2024-02-28 13:08:06 +00:00
Dan Brown a75d5b8bc1
Sessions: Prevent image urls being part of session URL history 
To prevent them being considered for redirects.
Includes test to cover.
For #4863
 2024-02-22 11:23:59 +00:00
Dan Brown 055bbf17de
Theme System: Added AUTH_PRE_REGISTER logical event 
Included tests to cover.
Manually tested on standard and social (GitHub) auth.
For #4833
 2024-02-21 15:30:29 +00:00
Dan Brown 1ea2ac864a
Queries: Update API to align data with previous versions 
Ensures fields returned match API docs and previous versions of
BookStack where we were accidentally returning more fields than
expected.
Updates tests to cover many of these.
Also updated clockwork to ignore image requests for less noisy
debugging.
Also updated chapter page query to not be loading all page data, via new
query in PageQueries.
 2024-02-11 15:42:37 +00:00
Dan Brown 483410749b
Queries: Updated all app book static query uses 2024-02-07 16:37:36 +00:00
Dan Brown 779f09bff6
Merge branch 'chapter-templates' into development 2024-02-01 12:55:38 +00:00
Dan Brown 43a72fb9a5
Default chapter templates: Added tests, extracted repo logic 
- Updated existing book tests to be generic to all default templates,
  and updated with chapter testing.
- Extracted repeated logic in the Book/Chapter repos to be shared in the
  BaseRepo.

Review of #4750
 2024-02-01 12:51:47 +00:00
Dan Brown 4137cf9c8f
Default chapter templates: Updated api docs and tests 
Also applied minor tweaks to some wording and logic.

During review of #4750
 2024-02-01 12:22:16 +00:00
Dan Brown 47f082c085
Comments: Added HTML filter test, fixed placeholder in dark mode 2024-01-31 16:47:58 +00:00
Dan Brown fee9045dac
Comments: Removed remaining uses of redundant 'text' field 
Opened #4821 to remove the DB field in a few releases time.
 2024-01-31 16:35:58 +00:00
Dan Brown 06901b878f
Comments: Added HTML filter on load, tinymce elem filtering 
- Added filter on load to help prevent potentially dangerous comment
  HTML in DB at load time (if it gets passed input filtering, or is
  existing).
- Added TinyMCE valid_elements for input wysiwygs, to gracefully degrade
  content at point of user-view, rather than surprising the user by
  stripping content, which TinyMCE would show, post-save.
 2024-01-31 16:20:22 +00:00
Dan Brown e9a19d5878
Comments: Added wysiwyg link selector, updated tests, removed command 
- Updated existing tests with recent back-end changes, mainly to use
  HTML data.
- Removed old comment regen command that's no longer required.
 2024-01-31 14:22:04 +00:00
Dan Brown 1dc094ffaf
OIDC: Added testing of PKCE flow 
Also compared full flow to RFC spec during this process
 2024-01-27 16:41:15 +00:00
Dan Brown d5a91d0d35
Merge pull request #4758 from BookStackApp/range_request_support 
Range request support
 2024-01-17 11:10:38 +00:00
Dan Brown adf1806fea
Chapters API: Added missing book_slug field 
Was removed during previous changes, but reflected in response examples.
This adds into all standard single chapter responses.
For #4765
 2024-01-16 12:06:13 +00:00
Dan Brown 91d8d6eaaa
Range requests: Added test cases to cover functionality 
Fixed some found issues in the process.
 2024-01-14 15:50:00 +00:00
Dan Brown 7cd0629a75
Input WYSIWYG: Updated exports to handle HTML descriptions 2023-12-22 14:57:20 +00:00
Dan Brown 2a7a81e749
Input WYSIWYG: Updated API testing, fixed description set issue 
Fixed issue where an existing description_html field would not be
updated via 'description' input.
 2023-12-22 13:17:23 +00:00
Dan Brown ed5d67e609
Input WYSIWYG: Aligned newline handling with old descriptions 
To ensure consistenent behaviour before/after changes.
Added tests to cover.
 2023-12-20 17:40:58 +00:00
Dan Brown a21ca44633
Input WYSIWYG: Fixed existing tests, fixed empty description handling 2023-12-20 17:21:09 +00:00
Dan Brown 7fd6d5b2cc
Input WYSIWYG: Updated tests, Added simple html limiting 2023-12-19 15:10:29 +00:00