Commit graph

63 commits

Author SHA1 Message Date
snipe bb42109c0c
Added a clarifying comment
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 18:10:45 -07:00
snipe b9e821c0e6
Small fix for Group Functional Tests
Signed-off-by: snipe <snipe@snipe.net>
2020-05-11 18:07:14 -07:00
snipe cfec142c3b
Better handle models without a fieldset in the asset request [RB 9935] 2020-04-09 11:18:54 -07:00
snipe e71e57f16a
Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639)
* Added enshrined/svg-sanitize

* Added modular image resizing/SVG cleaning method

(This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.)

* Use improved handleImages method to upload/resize/clean images

* Removed $old_image

This is handled in the ImageUpload request now
2019-12-05 22:23:05 -08:00
snipe 55ee90b25d
Fixes #7252 form request changes (#7272)
* Fixes for #7252 - custom fields not validating / no validaton messages in API w/form requests

* Removed debug info

* More fixes for #7252

This is mostly working as intended, if not yet the way Laravel wants us to do it.

Right now, the API returns correctly, and the form UI will return highlighted errors, with the input filled in ~sometimes~. I’m not sure why it’s only sometimes yet, but this is potentially progress.

* Removed experimental method

* Check for digits_between:0,240 for warranty

* Removed debug code
2019-07-18 14:32:23 -07:00
snipe aa0b627fe7 Fixed missing asset validation 2019-05-24 04:47:35 -07:00
snipe 5be5e3271d Trying to fix ajax asset validation
This I think gets us closer, but still not handling the validation on the asset properly.

When I do a print_r of the validation in the other items, its looking for an error bag that looks something like this:

```
Illuminate\Support\MessageBag Object
(
    [messages:protected] => Array
        (
            [name] => Array
                (
                    [0] => The name field is required.
                )

            [seats] => Array
                (
                    [0] => The seats field is required.
                )

            [category_id] => Array
                (
                    [0] => The category id field is required.
                )

        )

    [format:protected] => :message
)
```

Currently the Assets ajax returns:

```
[2019-05-24 06:52:06] develop.ERROR: array (
  'messages' =>
  array (
    'model_id' =>
    array (
      0 => 'The model id field is required.',
    ),
    'status_id' =>
    array (
      0 => 'The status id field is required.',
    ),
    'asset_tag' =>
    array (
      0 => 'The asset tag field is required.',
    ),
  ),
)
```

So not sure why it’s not working.
2019-05-24 03:55:31 -07:00
snipe dd5d5cc07c Handle JSON validation errors like 5.4 2019-05-24 01:12:38 -07:00
snipe 84c3709161 Handle JSON validation errors like 5.4 2019-05-24 01:12:21 -07:00
snipe 0fd940ffa4 Check for empty headers in import 2019-03-14 15:38:07 -07:00
snipe 35ebe33e4e
Fixed #6703 - fixes password confirmation (#6711)
* Fixed #6703 - fixes password confirmation

* Removed debugging

* Fixed tests

* I guess we use 10 as the settings for password min in tests

* One more try to fix tests - confirmation won’t validate until password validates
2019-02-13 23:01:19 -08:00
snipe c8bff3ef38
Features/add manager and dept to importer (#6277)
* Ignore the simlink for public storage

* Added manager and department to user import

* More UI importer tweaks

* Fisxed typos
2018-10-02 15:43:54 -07:00
snipe a4799a495a
Fixes #5859 - add file name/size to file upload UI (#5861)
* Fixes #5859 - add file name/size to file upload UI

* Reverting assetcontroller

Not sure exactly what happened here…

* Production assets
2018-07-16 20:09:53 -07:00
Antti 9dc226e3d6 Feature: PostgreSQL support (#5642)
* Made migrations work with pgsql and changing empty integers to null

* Fixed the last functional test
2018-07-12 18:24:43 -07:00
snipe 0be69f57ac Improved files display 2018-05-02 14:13:06 -07:00
snipe 103c75e78c Removed max cap in image validation 2018-04-24 03:12:17 -07:00
Stephen c23955d0b5 Allow setting of "ldap_import" through the API (#5218)
* Allow setting of "ldap_import" through the API, this will allow cusom scripts to be made to import data from Active directory using the API, this would allow any field to be filled such as the manager (based on the ID), department etc.

* Password fix for LDAP through API
2018-04-20 14:02:52 -07:00
Brandon Daniel Bailey f786e07179 Allow auto increment through the API (#4690)
* Allow auto incrementing asset_id from the API when the setting is enabled

* Cleaned up the if else statement

* Added prefix to the orWhereRaw which causes a database error if the configuration uses a prefix

* Auto incrementing through the API
2018-01-03 17:24:32 -08:00
Daniel Meltzer f16ce09a7a Importer again (#4702)
* If a user id is provided in the name column of an import, we should assume that it is a user id and check out to it.

* Fix build of vue files.  The location is public/js/build, not public/build

* Ensure a status type is set before allowing submission of an import.

Also expand the status text label to change color based on success/failure.

Fixes #4658

* Use right key to lookup emails when importing users.  Fixes 4619.

* Import serial for components, and make unique matches based on the serial as well as the name.  Fixes #4569

* Set the location_id when importing an item properly.

This moves as well to using the Asset::checkout() method, which should consolidate the logic into a useful spot.
Fixes #4563 (I think)

* Production assets.

* Case insensitive field map guessing and repopulate when changingin import type.
2017-12-28 20:08:45 -08:00
snipe 4898dd8e23 Use ImageUploadRequest $request on user profile update 2017-12-06 14:42:14 -08:00
snipe ea2f7617df Validate checkout_to_type on asset checkout 2017-11-27 21:20:12 -08:00
snipe 579334b5fc Fixed - name should always be required in custom fields 2017-11-06 20:05:40 -08:00
snipe dc32e4bdb0 Fixed form request ffor custom fields 2017-11-06 16:42:37 -08:00
snipe 04ab522ee3
Fixes #4236 - validate the regex custom validation (#4380)
* More helpful text on how the custom validator works

* Clarified language of custom format, fixed regex example

* Fixed regex example in placeholder

* Added comments to custom fields

* Added regex validation string

* Added valid_regex validator in format requirements

* Removed useles comments

* Fixes #4236 - validate the regex custom validation
2017-11-04 17:06:14 -07:00
snipe e0fe383815 Removed debug message in SaveUserRequest 2017-10-24 19:18:53 -07:00
snipe 8a9960f830 Fixed missing break that would override password requirement 2017-10-24 16:56:46 -07:00
snipe 1f247ff541 Don’t let the user checkout an asset to itself
(We should consolidate that AssetCheckoutRequest for the API)
2017-10-19 15:51:55 -07:00
snipe 8d2c229bc3 Move LDAP validation into form request 2017-08-31 10:44:00 -07:00
snipe 48e6208214 Fixes #3907 - do not require username on user if LDAP import 2017-08-31 10:43:36 -07:00
snipe a0cbca85bf Fixes for API calls for password complexity stuff 2017-08-22 21:15:35 -07:00
snipe 9bda62d295 ADDED: Password rules for complexity, min length, rejecting common passwords 2017-08-22 20:32:39 -07:00
Daniel Meltzer 61c6160b98 Importer mapping - v1 (#3677)
* Move importer to an inline-template, allows for translations and easier passing of data from laravel to vue.

* Pull the modal out into a dedicated partial, move importer to views/importer.

* Add document of CSV->importer mappings.  Reorganize some code.

Progress.

* Add header_row and first_row to imports table, and process upon uploading a file

* Use an expandable table row instead of a modal for import processing.  This should allow for field mapping interaction easier.

* Fix import processing after moving method.

* Frontend importer mapping improvements.

Invert display so we show found columns and allow users to select an
importer field to map to.  Also implement sample data based on first row
of csv.

* Update select2.  Maintain selected items properly.

* Backend support for importing.  Only works on the web importer currently.  Definitely needs testing and polish.

* We no longer use vue-modal plugin.

* Add a column to track field mappings to the imports table.

* Cleanup/rename methods+refactor

* Save field mappings and import type when attempting an import, and repopulate these values when returning to the page.

* Update debugbar to fix a bug in the debugbar code.

* Fix asset tag detection.

Also rename findMatch to be a bit clearer as to what it does.
  Remove logging to file of imports for http imports because
it eats an incredible amouint of memory.

This commit also moves imports out of the hardware namespace and into
their own webcontroller and route prefix, remove dead code from
AssetController as a result.

* Dynamically limit options for select2 based on import type selected, and group them by item type.

* Add user importer.

Still need to implement emailing of passwords to new users, and probably
test a bit more.

This also bumps the memory limit for web imports up as well, I need to
profile memory usage here before too long.

* Query the db to find user matches rather than search the array.  Performance is much much better.

* Speed/memory improvements in importers.

Move to querying the db rather than maintaining an array for all
importers.  Also only store the id of items when we import, rather than
the full model.  It saves a decent amount of memory.

* Remove grouping of items in select2

With the values being set dynamically, the grouping is redundant.  It
also caused a regression with automatically guessing/matching field
names.  This is starting to get close.

* Remove debug line on every create.

* Switch migration to be text field instead of json field for compatibility with older mysql/mariadb

* Fix asset import regression matching email address.

* Rearrange travis order in attempt to fix null settings.

* Use auth::id instead of fetching it off the user.  Fixes a null object reference during seeding.
2017-06-21 16:37:37 -07:00
Daniel Meltzer 5ba2ec881c Vue importer (#3235)
* Begin work on vueifying the importer

* Beginning work on migrating the importer to use a vue/components for future interactivity

Update JS

More importer work.  Move to a vue based modal, begin handling of processing.  Still need to port error messages.

More importer work.  Move to a vue based modal, begin handling of processing.  Still need to port error messages.

Update importer.  Add error display.  Fix modal, update vue-strap to vue2

More progress.  Add select2 vue bits.

* Move to querying the db to find importer matches.  It scales better on large datasets.

Fix select2 related issues.  We were trying to initialize it twice, which led to the custom data being overwritten.

* Better error handling on uploads and deletion of files.  Restore progressbar on upload.

* Add support for generic exception reporting if app.debug is enabled.

* Handle Http 500 errors better.  Display errors if debug is enabled.  Assorted cleanups.

* Fix codacy issues, remove unused methods.

* Only bind vue to the importer for now.

* Load vue for passport as well.
2017-01-25 21:29:23 -08:00
snipe 93542f3478 Make sure the model_id and status_id actually exist 2017-01-12 02:41:02 -08:00
snipe fddcc0fefd Added better form request handling
This will break a ton of things
2017-01-12 02:20:20 -08:00
snipe 704ee59541 WTF why is name required?? 2017-01-12 02:19:36 -08:00
Daniel Meltzer 44683c784f Importer: Add License Importer and refactor (#3143)
* Major code simplification of the importers.

Move towards using Model::fill and Model::update rather than reinventing
the wheel.  This makes the updating/creating logic a lot clearer, and
allows for the deletion of a lot of code.  Also allows for supporting of
more fields in the future really easily.

* Cleanup constructors and use setters instead.

* Set the LC_MONETARY locale, and use it to strip currency symbols in Helper::parseFloat()

* Move licenseseat creation/deletion logic into an event handler on the model rather than the controller.

* Move the logging of parsed values to array_smart_fetch rather than writing it out everywhere

* Move to storing dates as carbon rather than strings.  Allows for the parsing of more arbitrary strings from the importer

* Add a license importer with support for checking out to users or assets.

* Make a directory for sample/mock import csvs and populate it

* Adjust how we store/retrieve dates to fix some issues the tests found.
2017-01-10 16:19:18 -08:00
Daniel Meltzer 6ce20c32b1 Component Importer and various Importer Fixes (#3132)
* Importer fix: we were trimming the wrong part of the classname when creating a category.  This led to categories not being recognized.

* Add a component importer.  Uses same fields as consumable importer.  Only trick: If an asset_tag is present, we checkout a component to that asset on import

Enable component importer.  Also calculate the importer classname in a cleaner fashion.

* Fix comparisons.  find can return an index of 0, which is falsy.
2017-01-05 15:45:12 -08:00
Daniel Meltzer 8a782bf34a Present assetlogs (#3112)
* Set user if asset is checked out to user.  fixes email problems.

* Use sometimes validation to ignore this when no values are present.

* Move Actionlog details to a presenter and port the activity table to use it.  Still need to port other parts of the application, but this consolidates a lot of logic.

* Attempt test fix

* Port users,licenses, and assets view to use the presenter to generate table values.
2016-12-29 22:23:36 -08:00
snipe 221cf1f9c8 Merge branch 'checkout-to-things-v1' of https://github.com/dmeltzer/snipe-it into dmeltzer-checkout-to-things-v1
# Conflicts:
#	app/Http/Controllers/AssetsController.php
#	app/Http/Controllers/ReportsController.php
#	app/Http/Controllers/UsersController.php
#	app/Presenters/AssetPresenter.php
2016-12-29 16:20:17 -08:00
Daniel Meltzer 13b51bc934 Allow checkout of item to things on create page. Need to test validation better and maybe extract code to one place for checkout.blade and edit.blade 2016-12-29 11:10:52 -05:00
snipe fd805bde50 Fixes #1247 - allow SVG logo upload 2016-12-27 17:31:53 -08:00
Daniel Meltzer d262aec4c3 Save Progress. 2016-12-27 19:24:41 -05:00
Daniel Meltzer 57374955a8 Importer rework (#3100)
* Step 1 of refactoring importer to use separate classes.

* Port web importer.  Fix an issue with validation where index 0 would be treated as false and cause weird results.

* Farewall, AssetImport.  You've served us well.
2016-12-26 15:16:42 -08:00
snipe 8ad509d7f1 Update validation in AssetRequest form request 2016-12-15 15:24:55 -08:00
snipe cd28b012b3 Remove last name requirement in save user request 2016-08-30 06:47:38 -07:00
Daniel Meltzer 7ef4f23d0f Validate that purchase_cost is a numeric value. (#2452) 2016-08-16 18:18:50 -07:00
snipe c07ad03e74 Removed unique from form request 2016-07-28 09:16:30 -07:00
snipe 9385c3e9cf Remove last name requirement from Form Request 2016-07-21 19:46:46 -07:00
snipe 7ff77981f6 Fixed indenting 2016-07-09 18:19:51 -07:00