Commit graph

29 commits

Author SHA1 Message Date
snipe bdabbbd4e9 Logout user when their activated status is switched to off
Signed-off-by: snipe <snipe@snipe.net>
2022-03-29 13:44:53 +01:00
snipe 50f55b4308 Fixes broken API throttling
Signed-off-by: snipe <snipe@snipe.net>
2022-02-24 13:10:10 -08:00
Brady Wetherington 15abc84ab0 Migrate to Fruitcake/laravel-cors which has path-exclusion built-in 2022-02-23 11:06:19 -08:00
Brady Wetherington 64f83f9a5f Move HandleCors middleware to be universal 2022-02-22 17:43:40 -08:00
snipe 9b48732cd2 Force revalidation headers when user logs out
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 12:52:48 -07:00
Vincent Lainé d6ead5ae17
Added #8931: add health controller without session (#8978)
* Added health controller

* Trying to move session middleware to web and api group to have health controller without session

* Fix health route store the session

Co-authored-by: Vincent Lainé <v.laine@dental-monitoring.com>
2021-01-26 12:10:54 -08:00
snipe b2660002b9
Fixed #8781 - added asset count by status type (#8806) 2020-11-24 12:15:07 -08:00
snipe 36c8f7f4f1
Additional security headers 2020-06-22 22:31:01 -07:00
snipe 3dc2cc9f22
CORS for api (#7292)
* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer
2019-07-26 12:38:31 -07:00
snipe d2bbc09892 Increased throttle to 120 requests per minute 2019-05-31 11:57:57 -07:00
snipe 90cddb7aee
Fixed #6113 - use $asset->fill vs filled() to allow blanking values via API (#6693)
Need to confirm that re-enabling `\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,` won’t mangle anything. I know we ran into some issues when testing a long time ago, but not sure those issues apply anymore, and I can’t remember what they were.
2019-02-12 22:08:38 -08:00
snipe 4099c06b27 fix middleware priority: handle trusted proxies prior setup check
From @plexorama
2018-07-05 15:36:59 -07:00
snipe ff38cdd09b Comment out the nullable middleware until we have a chance to check all model validators 2017-10-02 16:36:43 -07:00
snipe 46d87849f4 Added content security middleware 2017-09-28 19:45:15 -07:00
snipe 26a7701cda Added referrer-policy header 2017-09-28 17:12:58 -07:00
snipe 0ab9bc1db8 Added normalization midddleware, removed 2017-09-27 15:18:05 -07:00
snipe 9e4a391b8b Updated auth:api in kernel 2017-01-11 14:54:11 -08:00
Daniel Meltzer cd8c585377 Discussion: Moving to policies for controller based authorization (#3080)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
snipe 4f2439ae1c Add Passport API token generator 2016-12-14 10:53:01 -08:00
snipe 8e5977ad84 Updated maintenance views 2016-12-14 07:56:01 -08:00
snipe f0dd4c5a97 Remove middleware for checking for maintenance
This is (mostly) a built-in feature in Laravel 5.3
2016-12-14 04:31:19 -08:00
snipe 2603488bd6 Removed settings middlware
(Already handled via AppServiceProvider)
2016-11-29 01:19:52 -08:00
snipe ba23952852 Add red banner if app is in production mode and debugging is turned on 2016-11-29 00:08:20 -08:00
snipe 4c08331c9d Get settings in middleware, makr available in views 2016-11-28 22:53:16 -08:00
snipe cea255995c Fixes #106 - adds Google Authenticator support (#2842)
* refactor to clean up LDAP login, and make the login method easier to handle.

* Login refactor cleanup

* Google 2FA package

* Adds Google Authenticator two-factor

* Removed unused blade

* Added optin setting in profile

* Removed dumb comments

* Made lock_passwords check more consistent

* Additional two factor strings

* Lock passwords check

* Display feature disabled text if in demo mode

* Two factor admin reset options

* Translation strings
2016-10-29 05:50:55 -07:00
snipe 4c787891e4 Use custom maintenance middleware 2016-08-11 19:22:26 -07:00
Nikolai Prokoschenko 8d03668d78 Fix reverse proxy support
Reintroducing trusted proxies via fideloper/proxy:

* Upgraded fideloper/proxy to 3.1
* Added fideloper/proxy to Http/Kernel.php
* Added fideloper/proxy to config/app.php
* Added environment variable APP_TRUSTED_PROXIES to env (with '*' being the default fallback)
2016-06-16 15:43:42 +02:00
snipe 415b60a293 Added check for setup in Setting model 2016-05-14 16:09:00 -07:00
snipe fe00b0e401 Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00