DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-15 10:04:13 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity
15612 commits 96 branches 267 tags 295 MiB
Commit graph

160 commits

Author SHA1 Message Date
snipe 4253acad4c Prevent passing an array as login 
Signed-off-by: snipe <snipe@snipe.net>
 2024-08-18 04:51:36 +01:00
Brady Wetherington 4b96721393 Attempt to de-escalate SAML login and logout errors 2024-08-13 14:55:13 +01:00
spencerrlongg 437ddc01b4 removed extraneous $request->validate() arguments 2024-07-30 16:26:24 -05:00
snipe ae9085b11f Modernize use statements, switch to auth() 
Signed-off-by: snipe <snipe@snipe.net>
 2024-07-04 20:49:22 +01:00
snipe 9a0db72eb4 More strings 
Signed-off-by: snipe <snipe@snipe.net>
 2024-06-20 15:40:38 +01:00
snipe e11a42cf68 Re-use login string 
Signed-off-by: snipe <snipe@snipe.net>
 2024-06-20 15:32:00 +01:00
snipe 9594596b8a Fixed another hard-coded string 
Signed-off-by: snipe <snipe@snipe.net>
 2024-06-20 15:22:27 +01:00
snipe df1cef59d5 Fixes path for redirect response 
Signed-off-by: snipe <snipe@snipe.net>
 2024-05-29 18:01:40 +01:00
snipe fb233c0aa4 Cleaned up facade names and references 
Signed-off-by: snipe <snipe@snipe.net>
 2024-05-29 12:38:15 +01:00
Brady Wetherington 81b8243e1d Enforce SAML assertion ID uniqueness and notValidOnOrAfter attribute 2024-01-25 19:53:24 +00:00
snipe 45d9119733 Removed debugging/comments 
Signed-off-by: snipe <snipe@snipe.net>
 2023-11-22 22:32:34 +00:00
snipe 8481768c3d Save quietly for login methods 
Signed-off-by: snipe <snipe@snipe.net>
 2023-11-22 21:42:21 +00:00
snipe b54e7dc3ee Fixed #13336 - Save unhashed password if no password provided 
Signed-off-by: snipe <snipe@snipe.net>
 2023-07-19 17:44:40 +01:00
snipe 29c2ff56ec
Merge pull request #12188 from snipe/fixes/decrease_logging_for_saml_when_not_enabled 
Removed extra logging case that was very noisy
 2022-12-15 11:26:49 -08:00
snipe c3a6874b16 Add throttle for password reset form 
Signed-off-by: snipe <snipe@snipe.net>
 2022-12-06 20:42:40 -08:00
snipe 1fe0bfe17e Removed extra logging case that was very noisy 
Signed-off-by: snipe <snipe@snipe.net>
 2022-11-28 19:27:42 -08:00
Ivan Nieto Vivanco 3aff97ace1 Remove the previous user hashed password 2022-09-06 18:43:35 -05:00
snipe af7ccf3beb Handle logout route names 
Signed-off-by: snipe <snipe@snipe.net>
 2022-08-01 16:17:40 -07:00
snipe ee4f355e49 Changed logging to debug 
Signed-off-by: snipe <snipe@snipe.net>
 2022-07-05 17:58:45 -07:00
snipe a5b857c753 Return error if token is incorrect 
Signed-off-by: snipe <snipe@snipe.net>
 2022-06-21 19:30:51 -07:00
snipe a31bca1798 Check that the user is activated before letting them reset their password 
Signed-off-by: snipe <snipe@snipe.net>
 2022-06-21 18:48:02 -07:00
snipe 7f8fc7add9 Make SAML debugging less noisy 
Signed-off-by: snipe <snipe@snipe.net>
 2022-06-21 17:57:17 -07:00
snipe f4f400ed87 Handle workflow better for invalid users 
Signed-off-by: snipe <snipe@snipe.net>
 2022-06-21 16:13:43 -07:00
snipe a49ccf0863 Removed unused rules 
Signed-off-by: snipe <snipe@snipe.net>
 2022-06-21 16:13:26 -07:00
snipe 300879847f Added a few comments to make it clearer what’s happening 
Signed-off-by: snipe <snipe@snipe.net>
 2022-06-21 14:33:10 -07:00
snipe 21875100b6 Fixed missing password.token string and checked for user existing before trying to reset 
Signed-off-by: snipe <snipe@snipe.net>
 2022-06-21 14:15:38 -07:00
Brady Wetherington b4a0d33ba8 Reduce logging further; we know the main error condition now 2022-05-17 19:57:42 -07:00
Brady Wetherington 6c86a28d18 Pass the password along directly instead of retrieving it from the Input or Request 2022-05-16 10:58:27 -07:00
Johnson Yi 4401dab8d6 fix saml slo for logout 2022-05-14 11:59:34 +00:00
Brady Wetherington 0ddb0f2c81 Switch the barcode backend to SVG, and fix the two-factor middleware 2022-05-13 14:22:27 -07:00
snipe 780222d372 Merge remote-tracking branch 'origin/master' into develop 
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	resources/views/users/print.blade.php
 2022-05-10 17:26:26 -07:00
snipe 4fccf4ddc4 Few more log lines 
Signed-off-by: snipe <snipe@snipe.net>
 2022-05-10 12:27:42 -07:00
snipe f4e737eaf3 More SAML debugging 
Signed-off-by: snipe <snipe@snipe.net>
 2022-05-10 12:14:22 -07:00
snipe f572eaa421 Added debugging for SAML login 
Signed-off-by: snipe <snipe@snipe.net>
 2022-05-10 12:07:07 -07:00
snipe 784bf4d784 Merge remote-tracking branch 'origin/master' into develop 
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.github/ISSUE_TEMPLATE/feature_request.yml
#	app/Http/Controllers/CustomFieldsetsController.php
#	app/Http/Controllers/ReportsController.php
#	config/version.php
#	package-lock.json
#	package.json
#	public/css/dist/all.css
#	public/css/dist/bootstrap-table.css
#	public/js/dist/bootstrap-table.js
#	public/mix-manifest.json
#	resources/views/users/print.blade.php
#	webpack.mix.js
 2022-05-06 01:52:43 -07:00
snipe b20921cb62 Removed duplicate session regenerate 
Signed-off-by: snipe <snipe@snipe.net>
 2022-05-05 21:35:05 -07:00
Johnson Yi 92fe1287ea Do not saml login automatically after normal logout 2022-04-29 15:35:08 +00:00
snipe b876d0abb0 Merge remote-tracking branch 'origin/master' into develop 
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.env.example
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Kernel.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	app/Importer/AssetImporter.php
#	app/Models/Accessory.php
#	app/Models/Consumable.php
#	app/Presenters/AccessoryPresenter.php
#	app/Presenters/ComponentPresenter.php
#	app/Presenters/ConsumablePresenter.php
#	app/Providers/AuthServiceProvider.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/cors.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/build/app.js.LICENSE.txt
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/views/accessories/view.blade.php
#	resources/views/consumables/view.blade.php
#	resources/views/settings/saml.blade.php
#	routes/api.php
 2022-03-03 21:59:38 -08:00
snipe 42fcd29200 Fixed #10436 on master, applies #10449 
Signed-off-by: snipe <snipe@snipe.net>
 2022-02-22 21:06:54 -08:00
snipe dd5f812d88 Merge remote-tracking branch 'origin/master' into develop 
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.all-contributorsrc
#	README.md
#	app/Console/Commands/FixDoubleEscape.php
#	app/Console/Commands/LdapSync.php
#	app/Exceptions/Handler.php
#	app/Http/Controllers/Api/AssetMaintenancesController.php
#	app/Http/Controllers/Api/AssetModelsController.php
#	app/Http/Controllers/Api/AssetsController.php
#	app/Http/Controllers/Api/CategoriesController.php
#	app/Http/Controllers/Api/CompaniesController.php
#	app/Http/Controllers/Api/DepartmentsController.php
#	app/Http/Controllers/Api/LicensesController.php
#	app/Http/Controllers/Api/LocationsController.php
#	app/Http/Controllers/Api/ManufacturersController.php
#	app/Http/Controllers/Api/SettingsController.php
#	app/Http/Controllers/Api/SuppliersController.php
#	app/Http/Controllers/AssetModelsController.php
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Controllers/CustomFieldsController.php
#	app/Http/Controllers/SettingsController.php
#	app/Models/Loggable.php
#	app/Providers/AuthServiceProvider.php
#	config/version.php
#	database/migrations/2014_11_04_231416_update_group_field_for_reporting.php
#	database/migrations/2015_11_08_222305_add_ldap_fields_to_settings.php
#	package-lock.json
#	package.json
#	public/js/build/app.js
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/forms/asset-models/fieldset-default-values.vue
#	resources/views/hardware/view.blade.php
 2022-02-20 13:29:12 -08:00
snipe 4f89dfee49
Merge pull request #10679 from snipe/fixes/timing_attack_mitigation_for_forgot_password 
Added usleep random to forgotten password method to mitigate timing attacks
 2022-02-16 11:17:00 -07:00
snipe f878e0ad66 Fixes 2FA cookie -> user issue 
Signed-off-by: snipe <snipe@snipe.net>
 2022-02-15 18:29:23 -08:00
snipe 178e440951 Added usleep :( 
Signed-off-by: snipe <snipe@snipe.net>
 2022-02-15 18:09:58 -08:00
Alex Janes edef640d35
Merge branch 'develop' into features/lock_logins_to_saml 2022-01-11 09:05:14 -05:00
Alex Janes a68ec8bb57
Update LoginController.php 
Updated if statements to match convention exactly.
 2021-12-17 18:52:42 -05:00
Alex Janes d99db5c63b bug fix and formatting fix 2021-12-16 19:04:37 -05:00
Alex Janes 6898119891 Replaced env() with config() to check environment variables 
Made the app.php description for 'REQUIRE_SAML' a bit more... descriptive.
 2021-12-16 16:56:39 -05:00
Alex Janes a6116a1b15 If SAML required, don't accept login form post. 2021-12-16 14:33:25 -05:00
Alex Janes 3c8d70c5fb Add option to environment to require SAML for a more secure installation. 2021-12-16 11:44:07 -05:00
Brady Wetherington 864cc4f8d5 Fix FIXME's by downgrading them to TODO's :) 2021-11-10 11:37:10 -08:00