Commit graph

94 commits

Author SHA1 Message Date
snipe 6db915b7f0 Removed serialize duplicate 2019-08-14 22:22:50 -07:00
snipe 441ae69f5c
Integrations/develop into master (#7352)
* Fixes #6204 - added email alerts and web/API access to assets due for audits (#6992)

* Added upcoming audit report

TODO: Fid diff/threshold math

* Added route to list overdue / upcoming assets via API

* Controller/API methods for due/overdue audits

We could probably skip this and just handle it via view in the routes…

* Added query scopes for due and overdue audits

* Added audit due console command to kernel

* Added ability to pass audit specs to main API asset search method

* Added audit presenter

* Added bootstrap-tables presenter formatter to display an audit button

* Added gated sidenav items to left nav

* Added audit due/overdue blades

* Cleanup on audit due/overdue console command

* Added language strings for audit views

* Fixed :threshold placeholder

* Removed unused setting variable

* Fixed next audit date math

* Added scope for both overdue and upcoming

* Derp. Wrong version

* Bumped version

(I will release this version officially tomorrow)

* Leave the activated state for users alone in normal LDAP synchronisation. (#6988)

* Fixed #7003 - crash when warranty months or purchase date is null

* Fixed #6956 - viewKeys policy inconsistent  (#7009)

* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well

* Added API middleware to API routes to enable throttling

TODO: Figure out how to make this costumizable without touching the code

* Import locations from CSV via command line (#7021)

* Added import locations command

* Small fixes to location importer

* Added country, LDAP OU

* Cleaned up comments, added more clarification to what the script does

* Added ability to update groups via API

Fixes [ch9139]

* Bumped version

* Fixed #6883 - remove escaping of fields on LDAP import

* Fixed #6880 - correctly encrypt encrypted fields via the API

* Fixes #5054: LDAP users deactivated for none-ad (#7032)

When using none-AD ldap, users are automatically deactivated every LDAP
sync.  This commit changes the behaviour so that if the active flag isn't set,
the users are enabled.

Fixed #5054, at least for 4.X

* Updated packages

  - Updating erusev/parsedown (v1.7.2 => 1.7.3): Downloading (100%)
  - Updating squizlabs/php_codesniffer (3.4.1 => 3.4.2): Downloading (100%)
  - Updating symfony/polyfill-mbstring (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/var-dumper (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating league/flysystem (1.0.50 => 1.0.51): Downloading (100%)
  - Updating symfony/translation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating nesbot/carbon (1.36.2 => 1.37.1): Downloading (100%)
  - Updating symfony/debug (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/console (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/finder (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-ctype (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php70 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/http-foundation (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/event-dispatcher (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/http-kernel (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/process (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/routing (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/polyfill-util (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/polyfill-php56 (v1.10.0 => v1.11.0): Downloading (100%)
  - Updating symfony/psr-http-message-bridge (v1.1.1 => v1.1.2): Downloading (failed)
Downloading (100%)
  - Updating rollbar/rollbar (v1.7.5 => v1.8.1): Downloading (100%)
  - Updating symfony/yaml (v3.4.23 => v3.4.27): Downloading (100%)
  - Updating symfony/browser-kit (v3.4.23 => v3.4.27): Downloading (100%)

* Fixed #7044 - API update deleted custom fields if they are not re-presented

* Fixed XSS vulnerability when creating a new categories, etc via modal on create

Same fix as before, because of the weird select2 post-parsing ajax behavior

* Updated email strings

* Fixed #7046 - added user website url back into UI

* Updated language strings

* Bumped version

* Updated packages

* New backups config for spatie

* Removed debugbar service provider (autodiscovery)

* Use laravel v5.5 withCount manual aliases

* Added spatie language files

* Removed old laravel backups config

This config file was renamed in a newer version of spatie laravel-backup

* Set the serialization

* Added the command loader to console kernel

* Renamed fire() to handle()

* Updated withCount to use manual naming

* Updated backup path in backup admin

* Updated travis with new php versions

* Bumped laravel version in readme

* Fixed custom field edit screen

* Fixed baseUrl is undefined error

I literally cannot figure out how this ever worked before.

* Fix for included files in backup

* Bumped version

* Switch has() to filled()

* Change ->has() to ->filled()

* Removed cosole log

* Bumped packages

* Use getReader instead of fetchAssoc for CSV parser

https://csv.thephpleague.com/9.0/upgrading/

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Handle JSON validation errors like 5.4

* Trying to fix ajax asset validation

This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.

* Fixed missing asset validation

* Check that a model exists before trying to fiddle with fieldsets

* Tidied up license check

* Removed extra escaping on checkin

* Updated importer to work with newer CSV Reader::getRecords() method

* Fixed field mapping

* Small fix for reordering fields

Fixes Illuminate\Database\QueryException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'order' cannot be null (SQL: insert into `custom_field_custom_fieldset` (`custom_field_id`, `custom_fieldset_id`, `order`, `required`) values (12, 7, , 0)) [ch1151]

This needs revisiting for a more solid fix, especially for data that was already entered bad.

* Fixed bug where sorting by company name in Users API did not work

Fixes [ch9200]

* Removed custom fields from AssignedSearch to prevent confusing data in selectlist

Fixes [ch9193]

* Removed alert-danger from tests

* Fixed missed consumables_count withCount() statement

* Fixed Undefined variable user in $backto if checked out to a non-user

Fixes [ch9194]

* Check for valid model before attempting to access fieldsets

Fixes [ch1249]

* Only build the log upload destination path if there is a matching record

Fixes [ch1232]

* Fixed free_seats_count variable name

(I forgot that Laravel switched camel case to snake case for their old 5.4 withCount variables)

* Only gtry to delete the file if a record is found in the log

* Only try to get fieldset if model is valid

* Fixed more camel-casing -> snake-casing

* Only display the file if the log record can be found

* Fixed casing in sync command

* Updated README

* Derp - typo

* Added link to Atlassian plugin

* More Atlassian clarifications

* Show accessory image on view page

* Increased image size to 800px, added lightboxes

* Fixed #7083 - Removed user_exists constraint on department save

If the user has been deleted, this prevented the department from being successfully saved on edit

* Updated branch in version file

* Dockerfile update to bring us up to php v7.1 for Laravel 5.5 (#7084)

* bump up to php7.1

& change deprecated MAINTAINER to a LABEL so it is visible with `docker inspect`

* AND modapache ><

* 2 updates required to get software-properties+ppa

* Bumped version

* Bumped release again :(

* Missed one

* Fixed #7098 - updated backup config for deleteFile() method

* Fixed #7092 -  handle weird port forwarding/port numbers for baseUrl

* Bumped version

* Fixed #7099 - set email to null by default for backup notifications

* Removed old comments

* Fixed #7100 - Check if $user isset on checkin

* Increased throttle to 120 requests per minute

* Added Filipino, corrected order for Spanish variations

* Update language strings

* Bumped hash

* Changed has to filled to fix bulk asset editing

* Bumped point version

* Small fixes for phpleague CSB reader v9

* Improved error checking in locations importer

* Fixed #7145 - rename groups table to permissions_group for mysql 8 reserved word compatibility

* Reduce minimum group name length to 2 (from 3)

eg: IT

* Back in time fix FOR #7145 for new installs on MySQL 8+

* Fixed permission insert

//TODO

Handle this via model

* Possible fix for reporting/admin migration back in time

* Fixed #7164 - change table name to permission_groups

* Fixed LDAP password blanking on save

* fixing previous commit's actual wiping of password (#7183)

replaced Input::fille('ldap_pword') with _filled_.   Should be good to go.  

https://github.com/snipe/snipe-it/issues/7179

https://github.com/snipe/snipe-it/issues/7169

* Bumped version

* Downgrading rollbar for Laravel 5.5

* Spelling Correction (#7206)

Fixed Spelling for the word reqrite, to be rewrite.

* Fix #6910: Add logic to manipulate the eloquent query. (#7006)

* Added company_id to consumables_users table

* Added logic to manage when a pivot table doesn't have the column company_id trough a join with users

* Remove a migration that tries to fix this problem, but is not longer necessary

* Addresses #7238 - add PWA code to layout

Needs additional UX testing

* Better log message for bad LDAP connection

* Fixed #7186 - has vs filled in User’s API blanking out groups if no group_ids are passed

* Comment clarification on #7186

* Check for valid seat on hardware view

* Added space between footer and custom message

* Cap warranty months to three characters

Filles rollbar 209

* Cap warranty months to 3 on the frontend blade

* Fixed countable() strings on user destroy

* Check that the user has assets and that the aset model is valid

* Bumped hash

* Caps asset warranty to 20 years

* Command to fix custom field unicode conversion differences between PHP versions (#7263)

* Fixes #7252 form request changes (#7272)

* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code

* Apply fix from PR #7273 to master

* Bumped hash

* Fixed #7250 - permission issue for API fieldsets and fields endpoints

This applies the change from #7294 to master

* Add @mskrip as a contributor

* Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name

* CORS for api (#7292)

* Added CORS support to API

* Changed order so CORS will still work if throttle hit

* Added APP_CORS_ALLOWED_ORIGINS env option

* Fixed typo

* Clarified header comments

* More clarification

* DIsable CORS allowed origins by default to replicate existing behavior

* Change variable name to be clearer

* Bumped version

* Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317)

* Added comments to the ByFilter query scope for clarity

* Added accessories checkout/checkin API endpoint

* Fixed CVE-2019-10742

https://nvd.nist.gov/vuln/detail/CVE-2019-10742

* Update README.md (#7334)

Add reference to CSV importer.

* Group related variables in .env

* History importer fixes

* Fixes to history importer
2019-08-14 21:48:14 -07:00
snipe bfb910f375 Set the serialization 2019-05-22 00:51:43 -07:00
Martin Meredith e3e0d57f56 Minor code cleanup bits and bobs (#6805)
* Add IDE Helper files

* Cleanup imports

- Alphabetises imports
- Removes unused imports

* Add Platform requirements

* Move filling asset into block where asset exists

* Remove duplicate array keys
2019-03-13 20:12:03 -07:00
Wes Hulette 88b1da4260 Added: Caching of settings (#6378)
* Fixed missing oauth tables during setup.

* Cache settings

Cache the setting to reduce unnecessary database calls
2018-11-01 19:59:50 -07:00
snipe 771265113e Added cookie serialization for Laravel v5.6.30 2018-08-21 22:40:14 -07:00
Daniel Meltzer f7dbda4ed3 Disable broken tests (#5073)
* Work towards a functional travis.  Step 1: Disable broken unit tests.

* Fix functional tests

This updates the login information and model factories to work with
changes to source.

* Importer name/full name fixes.

Fix a bug where "name" was used ambigously and mapping "item name" to
"name" would confuse the importer into thinking it should also be a user
name.  Now we default to "full name" for the users name, and "item name"
for the item name.  These are still both configurable through the custom
mapping.

Also update sample csvs and remove an outdated sample.

* Max length of supplier notes is 191, not 255, as per default laravel string length.  Might make sense to change this to a text field in the future to match other places.

* Use sqlite/different db setup for unit tests.

* Fix assets api test.

* Fix Components API test.

* increase travis memory limit for functional tests.

* Use travis config for api tests as well.

* Fix memory limit file.

* Disable ApiComponentsAssetsCest until it's fixed.
2018-02-22 21:46:58 -08:00
snipe e08911ab8f Removed nonce for now
There is a dependency in a package where we can’t edit the script tags to add the nonce
2017-11-02 10:57:05 -07:00
snipe aab635154a Default to turning CSP off until we can fix vue/CSP issues 2017-10-02 13:29:14 -07:00
snipe efd71f8bfe For #3998 - Disable CSP if debug=true
To avoid all the nonce hell from debugbar
2017-09-29 04:53:09 -07:00
snipe 46d87849f4 Added content security middleware 2017-09-28 19:45:15 -07:00
snipe b60febeea2 Removed space in XSS header because safari was getting angry 2017-09-28 18:45:54 -07:00
snipe 9b84a0d516 *eyeroll* 2017-09-28 17:34:47 -07:00
snipe 1775995f26 Is this space necessary? Getting weird results from netsparker 2017-09-28 17:25:04 -07:00
snipe 26a7701cda Added referrer-policy header 2017-09-28 17:12:58 -07:00
snipe a34085f1d9 Added mode=block to XSSProtect header 2017-09-28 16:28:27 -07:00
snipe 51ceaedfaf Small phpcbf cleanup 2016-12-29 14:02:18 -08:00
snipe aab0933856 Use url() helper over URL::to 2016-12-15 16:41:36 -08:00
snipe 863e200430 Hopefully fixes tons of PEBKAC where users have the wrong app.url 2016-12-14 08:20:05 -08:00
snipe 5bca1ed2b6 Allow supression of debug warning for demo 2016-12-01 00:48:43 -08:00
snipe dbb2b62223 Fixed cranky Codacy result 2016-11-29 01:44:24 -08:00
snipe 2603488bd6 Removed settings middlware
(Already handled via AppServiceProvider)
2016-11-29 01:19:52 -08:00
snipe 0d6b160b61 Fix mail test script 2016-11-29 01:19:05 -08:00
snipe 16a24b7fb8 Use getSettings() to check for locale to take advantage of cached value 2016-11-29 00:21:58 -08:00
snipe ba23952852 Add red banner if app is in production mode and debugging is turned on 2016-11-29 00:08:20 -08:00
snipe 4c08331c9d Get settings in middleware, makr available in views 2016-11-28 22:53:16 -08:00
Daniel Meltzer f4fc783026 Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 18:08:13 +01:00
snipe 38b188f6ff Fixes #2448 - redirect to intended page 2016-10-29 07:32:48 -07:00
snipe 408aab112b Removed unneeded else 2016-10-29 06:06:32 -07:00
snipe cea255995c Fixes #106 - adds Google Authenticator support (#2842)
* refactor to clean up LDAP login, and make the login method easier to handle.

* Login refactor cleanup

* Google 2FA package

* Adds Google Authenticator two-factor

* Removed unused blade

* Added optin setting in profile

* Removed dumb comments

* Made lock_passwords check more consistent

* Additional two factor strings

* Lock passwords check

* Display feature disabled text if in demo mode

* Two factor admin reset options

* Translation strings
2016-10-29 05:50:55 -07:00
Daniel Meltzer a418dece80 Better checking for empty values when updating. (#2811)
* Better checking for empty values when updating.  There's a lot of conditionals in here that we may want to look at cleaning up over time

* Fix typo.  No manfacturers here.

* Fix model update/import.  Also hardcode the status id of unset assets to the first existing one instead of an id that may not exist... Still not ideal, but better.

* Let requests to .env through the middleware.  We check to see if this is readable during setup as a warning, and as it stands it triggers an infinite loop trying to hit the file.
2016-10-25 19:51:13 -07:00
snipe 64cd4fb1c9 Allow X-Frame-Options to be disabled via env if necessary 2016-08-29 22:57:29 -07:00
snipe 4ed8ff5576 Formatting fixes for coding standards 2016-06-22 12:27:41 -07:00
snipe 973513a078 Remove unecessary log use statement 2016-06-15 21:18:40 -07:00
snipe 416cd96c94 Removed debugging loggin in middleware 2016-06-15 21:08:19 -07:00
snipe 27427dd26b Additional comments to clarify permissions middleware 2016-06-15 20:57:16 -07:00
snipe 6a277a5391 Added inheritance back into users/groups 2016-06-15 20:45:45 -07:00
snipe 049e13e365 Switch to gate for permission check 2016-06-02 02:48:52 -07:00
snipe 415b60a293 Added check for setup in Setting model 2016-05-14 16:09:00 -07:00
snipe 9a8e4a55e7 Check for DB table 2016-05-14 15:05:28 -07:00
snipe 1a14abed05 Check that the table exists
Should probably find a way to handle this that doesn't require a DB call
2016-05-14 15:05:20 -07:00
snipe 90d4a8b2e3 Cleanup namespaces a bit 2016-03-25 19:26:22 -07:00
snipe 753a7333f1 If the settings table is empty, set a default 2016-03-25 05:39:08 -07:00
snipe fe00b0e401 Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00