Dan Brown [Sat, 5 Sep 2020 18:26:47 +0000 (19:26 +0100)]
Updated saml2 slo config so url is used if no repsonse url
Updated config to change empty string to null since the empty string was
hitting an isset check which caused an empty string to be used instead
of the slo url as a backup option.
Dan Brown [Sat, 5 Sep 2020 16:26:48 +0000 (17:26 +0100)]
Updated flow to ensure /register/confirm route is used where needed
Was accidentally skipped during previous updates. Will now be used on
saml, ldap & standard registration where required.
Uses session to know if the email was just sent and, if so, show the
confirmation route.
Dan Brown [Tue, 4 Aug 2020 16:54:50 +0000 (17:54 +0100)]
Prevented email confirmation exception throw on registration
Was preventing any other registration actions from taking place such as
LDAP/SAML group sync. Email confirmation should be actioned by
middleware on post-registration redirect.
Added testing to cover.
Tested for LDAP, SAML and normal registration with email confirmation
required to ensure flows work as expected.
Dan Brown [Tue, 4 Aug 2020 13:55:01 +0000 (14:55 +0100)]
Removed role 'name' field from database
The 'name' field was really redundant and caused confusion in the
codebase, since the 'Display' name is often used and we have a
'system_name' for the admin and public role.
This fixes #2032, Where external auth group matching has confusing
behaviour as matching was done against the display_name, if no
external_auth field is set, but only roles with a match 'name' field
would be considered.
This also fixes and error where the role users migration, on role
delete, would not actually fire due to mis-matching http body keys.
Looks like this has been an issue from the start. Added some testing to
cover. Fixes #2211.
Also converted phpdoc to typehints in many areas of the reviewed code
during the above.
Dan Brown [Tue, 4 Aug 2020 12:02:31 +0000 (13:02 +0100)]
Removed joint_permissions auto_increment id
Removed auto_incrementing id and set a primary key of the [role_id,
entity_type, entity_id, action] instead since this table could recieve a
lot of activity, especially when permission regeneration was automated,
leading to very high auto_increment counts which could max out the
integer limit.
Also updated some RolesTest comment endpoints to align with
recent route changes.
Dan Brown [Tue, 28 Jul 2020 17:19:18 +0000 (18:19 +0100)]
Updated some comment elements and standardised more JS
- Updated comment routes to be simpler.
- Updated comments JS to align better with updated component system.
- Documented available global JS functions/services.
- Removed redundant controller method.
- Added window.$events helpers for validation messages and
success/error.
- Updated JS events system to not be class based for simplicity.
- Added window.trans_plural method to handle pluralisation/replacements
where you already have the translation string itself.
Dan Brown [Tue, 28 Jul 2020 15:27:16 +0000 (16:27 +0100)]
Updated public-login redirect to check url
Direct links to the login pages for public instances could lead to a
redirect back to an external page upon login.
This adds a check to ensure the URL is a URL expected from the current
bookstack instance, or at least under the same domain.
Dan Brown [Tue, 28 Jul 2020 11:59:43 +0000 (12:59 +0100)]
Updated functionality for logging failed access
- Added testing to cover.
- Linked logging into Laravel's monolog logging system and made log
channel configurable.
- Updated env var names to be specific to login access.
- Added extra locations as to where failed logins would be captured.
Dan Brown [Sun, 26 Jul 2020 15:36:15 +0000 (16:36 +0100)]
Removed default anchor CSS filtering in dark mode
Due to causing content images to be rendered in unexpected ways.
- Also removed CSS filters from other image usage.
- Tweaked header CSS filtering to not be so aggressive.
- Forced WYSIWYG editor to be on its own layer since that would allow
massive larger performance increases in Safari, especially when using
dark mode.
Dan Brown [Tue, 30 Jun 2020 21:12:45 +0000 (22:12 +0100)]
Started migration of attachment manager from vue
- Created new dropzone component.
- Added standard component event system using custom DOM events.
- Added tabs component.
- Added ajax-delete-row component.
Dan Brown [Sat, 27 Jun 2020 22:56:01 +0000 (23:56 +0100)]
Moved overlay component, migrated code-editor & added features
- Moved Code-editor from vue to component.
- Updated popup code so it background click only hides if the click
originated on the same background. Clicks within the popup will no
longer cause it to hide.
- Added session-level history tracking to code editor.
Dan Brown [Sat, 27 Jun 2020 15:52:26 +0000 (16:52 +0100)]
Moved sass build out of webpack, updated npm deps
Moving sass out of webpack cleans the setup quite considerably and
brings a good speed improvement.
Made use of npm-run-all so the previous commands still run like before.
Dan Brown [Wed, 24 Jun 2020 19:38:08 +0000 (20:38 +0100)]
Started attempt at formalising component system used in BookStack
Added a document to try to define things.
Updated the loading so components are registed dynamically.
Added some standardised ways to reference other elems & define options
Dan Brown [Sat, 23 May 2020 11:56:31 +0000 (12:56 +0100)]
Removed failing URL test
- Was found that the test was not testing the actual situation anyway.
- A work-around in the request creation, within testing, just happened
to result in the desired outcome.
For reference: https://github.com/laravel/framework/pull/32345
Dan Brown [Mon, 27 Apr 2020 14:54:39 +0000 (15:54 +0100)]
Added auto-focus behaviour to page editor
- Will focus on title if the value of the field matches the default text
for the current user's language.
- Otherwise will focus on the editor body.
- Added and tested on both editors.
Dan Brown [Sun, 26 Apr 2020 11:13:00 +0000 (12:13 +0100)]
Fixed not shown existing-email warning on new ldap user
- Reduced the amount of different exceptions from LDAP attempt so they
can be handled more consistently.
- Added test to cover.
- Also cleaned up LDAP tests to reduce boilterplate mocks.
Dan Brown [Sun, 26 Apr 2020 08:26:41 +0000 (09:26 +0100)]
Updated WYSIWYG callout shortcut to handle child elems
- Will now search for a callout on/above the selected node rather than
only using the selected node.
- Issues previously where callout shortcut would not cycle if called
when child formatting was currently selected inside the callout.
Dan Brown [Sat, 25 Apr 2020 21:15:59 +0000 (22:15 +0100)]
Tweaked ListingResponseBuilder to help avoid future issues
- Updated so none of the method mutate the query throughout the function
so that the query can be handled in a sane way, Since we were already
encountering issues due to internal method call order.
Dan Brown [Sat, 11 Apr 2020 19:02:07 +0000 (20:02 +0100)]
Removed throttling from web-end requests
Generally seems to cause issues when secure images are in use.
Was added during laravel upgrade but laravel does not use this directly
for its web middleware anyway.
Dan Brown [Sat, 11 Apr 2020 14:48:08 +0000 (15:48 +0100)]
Rolled dark mode out to the editors
- Updated editor, and other area, styles to look okay in dark mode.
- Used tinyMCE theme generator to create dark mode theme.
- Updated tinymce to latest 4x version.
Dan Brown [Fri, 10 Apr 2020 21:38:29 +0000 (22:38 +0100)]
Started work on supporting a dark-mode
- Most elements done, but still need to do editors, tables and final
pass.
- Toggled only by quick js check at the moment, checking via css media
query. Need to make into user-preference toggle.
Dan Brown [Fri, 10 Apr 2020 14:19:18 +0000 (15:19 +0100)]
Reviewed and added testing for BookShelf API implementation
- Tweaked how books are passed on update to prevent unassignment if
parameter is not provided.
- Added books to validation so they show in docs.
- Added request/response examples.
- Added tests to cover.
- Added child book info to shelf info.
projects / bookstack / log