Commit graph

29 commits

Author SHA1 Message Date
Brady Wetherington 294606fb0b Move new CORS library to global middleware, the only place it works 2022-02-22 19:07:23 -08:00
snipe aa8f1378c9 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	README.md
#	app/Http/Controllers/Accessories/AccessoriesController.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/UsersController.php
#	app/Http/Controllers/AssetMaintenancesController.php
#	app/Http/Controllers/Assets/AssetFilesController.php
#	app/Http/Controllers/Assets/AssetsController.php
#	app/Http/Controllers/Assets/BulkAssetsController.php
#	app/Http/Controllers/Components/ComponentsController.php
#	app/Http/Controllers/Consumables/ConsumablesController.php
#	app/Http/Controllers/Licenses/LicenseFilesController.php
#	app/Http/Controllers/Licenses/LicensesController.php
#	app/Http/Controllers/Users/UserFilesController.php
#	app/Http/Transformers/AssetsTransformer.php
#	app/Http/Transformers/LicensesTransformer.php
#	app/Importer/UserImporter.php
#	app/Models/Asset.php
#	config/app.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/js/dist/bootstrap-table.js
#	public/mix-manifest.json
#	resources/lang/en/admin/users/message.php
#	resources/lang/is/button.php
#	resources/lang/ja/admin/kits/general.php
#	resources/lang/ro/admin/users/general.php
#	resources/lang/zh-HK/admin/depreciations/general.php
#	resources/lang/zh-HK/admin/models/general.php
#	resources/views/hardware/qr-view.blade.php
#	resources/views/hardware/view.blade.php
#	resources/views/partials/bootstrap-table.blade.php
#	resources/views/users/view.blade.php
#	routes/web.php
#	routes/web/hardware.php
#	routes/web/models.php
#	routes/web/users.php
2021-10-20 17:26:41 -07:00
snipe 9b48732cd2 Force revalidation headers when user logs out
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 12:52:48 -07:00
snipe c407b52bbf Updated Cors
Signed-off-by: snipe <snipe@snipe.net>
2021-06-12 00:23:30 -07:00
Laravel Shift 4ed3d6afb8 Shift HTTP kernel and middleware 2021-06-10 20:17:04 +00:00
Vincent Lainé d6ead5ae17
Added #8931: add health controller without session (#8978)
* Added health controller

* Trying to move session middleware to web and api group to have health controller without session

* Fix health route store the session

Co-authored-by: Vincent Lainé <v.laine@dental-monitoring.com>
2021-01-26 12:10:54 -08:00
snipe b2660002b9
Fixed #8781 - added asset count by status type (#8806) 2020-11-24 12:15:07 -08:00
snipe 36c8f7f4f1
Additional security headers 2020-06-22 22:31:01 -07:00
snipe 3dc2cc9f22
CORS for api (#7292)
* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer
2019-07-26 12:38:31 -07:00
snipe d2bbc09892 Increased throttle to 120 requests per minute 2019-05-31 11:57:57 -07:00
snipe 90cddb7aee
Fixed #6113 - use $asset->fill vs filled() to allow blanking values via API (#6693)
Need to confirm that re-enabling `\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,` won’t mangle anything. I know we ran into some issues when testing a long time ago, but not sure those issues apply anymore, and I can’t remember what they were.
2019-02-12 22:08:38 -08:00
snipe 4099c06b27 fix middleware priority: handle trusted proxies prior setup check
From @plexorama
2018-07-05 15:36:59 -07:00
snipe ff38cdd09b Comment out the nullable middleware until we have a chance to check all model validators 2017-10-02 16:36:43 -07:00
snipe 46d87849f4 Added content security middleware 2017-09-28 19:45:15 -07:00
snipe 26a7701cda Added referrer-policy header 2017-09-28 17:12:58 -07:00
snipe 0ab9bc1db8 Added normalization midddleware, removed 2017-09-27 15:18:05 -07:00
snipe 9e4a391b8b Updated auth:api in kernel 2017-01-11 14:54:11 -08:00
Daniel Meltzer cd8c585377 Discussion: Moving to policies for controller based authorization (#3080)
* Make delete routes work.  We put a little form in the modal that spoofs the delete field.

* Fix route on creating a user.

* Fix redundant id parameter.

* Port acceptance tests to new urls.

* Initial work on migrating to model based policies instead of global gates.  Will allow for much more detailed permissions bits in the future.

* This needs to stay for the dashboard checks.

* Add user states for permissions to build tests.

* Build up unit tests for gates/permissions.  Move accessories/consumables/assets to policies instead of in authserviceprovider

* Migrate various locations to new syntax.  Update test to be more specific

* Fix functional tests.

Add an artisan command for installing a settings setup on travis-ci

* Try a different id... Need to come up with a better way of passing the id for tests that need an existing one.

* Try to fix travis

* Update urls to use routes and not hardcode old paths.  Also fix some migration errors found along the way.:

* Add a environment for travis functional tests.

* Adjust config file to make travis use it.

* Use redirect()->route instead of redirect()-to

* Dump all failures in the output directory if travis fails.

* Cleanups and minor fixes.

* Adjust the supplier modelfactory to comply with new validation restrictions.

* Some test fixes.

* Locales can be longer than 5 characters according to faker... fex gez_ET.  Increase lenght in mysql and add a validation

* Update test database dump to latest migrations.
2016-12-19 11:04:28 -08:00
snipe 4f2439ae1c Add Passport API token generator 2016-12-14 10:53:01 -08:00
snipe 8e5977ad84 Updated maintenance views 2016-12-14 07:56:01 -08:00
snipe f0dd4c5a97 Remove middleware for checking for maintenance
This is (mostly) a built-in feature in Laravel 5.3
2016-12-14 04:31:19 -08:00
snipe 2603488bd6 Removed settings middlware
(Already handled via AppServiceProvider)
2016-11-29 01:19:52 -08:00
snipe ba23952852 Add red banner if app is in production mode and debugging is turned on 2016-11-29 00:08:20 -08:00
snipe 4c08331c9d Get settings in middleware, makr available in views 2016-11-28 22:53:16 -08:00
snipe cea255995c Fixes #106 - adds Google Authenticator support (#2842)
* refactor to clean up LDAP login, and make the login method easier to handle.

* Login refactor cleanup

* Google 2FA package

* Adds Google Authenticator two-factor

* Removed unused blade

* Added optin setting in profile

* Removed dumb comments

* Made lock_passwords check more consistent

* Additional two factor strings

* Lock passwords check

* Display feature disabled text if in demo mode

* Two factor admin reset options

* Translation strings
2016-10-29 05:50:55 -07:00
snipe 4c787891e4 Use custom maintenance middleware 2016-08-11 19:22:26 -07:00
Nikolai Prokoschenko 8d03668d78 Fix reverse proxy support
Reintroducing trusted proxies via fideloper/proxy:

* Upgraded fideloper/proxy to 3.1
* Added fideloper/proxy to Http/Kernel.php
* Added fideloper/proxy to config/app.php
* Added environment variable APP_TRUSTED_PROXIES to env (with '*' being the default fallback)
2016-06-16 15:43:42 +02:00
snipe 415b60a293 Added check for setup in Setting model 2016-05-14 16:09:00 -07:00
snipe fe00b0e401 Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00