Part-DB.Part-DB-server

mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-23 18:28:49 +02:00

Author	SHA1	Message	Date
Jan Böhmer	472e1ce0a3	Added documentation on how to setup SAML.	2023-02-28 00:28:31 +01:00
Jan Böhmer	5e85c52a57	Allow to automatically assign SAML users to a group based on SAML attributes	2023-02-27 23:47:42 +01:00
Jan Böhmer	6a06a24296	Improved translations	2023-02-27 22:29:19 +01:00
Jan Böhmer	99f04d71af	Revert "Moved all user info updating logic into SAMLUserFactory" This reverts commit `960ee342e4`.	2023-02-27 22:28:23 +01:00
Jan Böhmer	d1b8a36b93	Update SECURITY.md	2023-02-26 19:23:58 +01:00
Jan Böhmer	f20da0f049	Bumped version to 1.0.2	2023-02-26 18:58:34 +01:00
Jan Böhmer	5d3ab01176	Updated dependencies.	2023-02-26 18:57:35 +01:00
Jan Böhmer	83cd91f1d1	Fixed potential XSS injection vectors in datatables columns	2023-02-26 01:23:36 +01:00
Jan Böhmer	5f39d8e594	Properly escape user provided data in trans with data to prevent possible XSS attack vectors.	2023-02-26 00:52:00 +01:00
Jan Böhmer	6ff60e556e	Properly escape user provided data in trans with data to prevent possible XSS attack vectors.	2023-02-26 00:41:08 +01:00
Jan Böhmer	5b7f44f4ea	Merge pull request #225 from sascha988/patch-2 vulnerability XSS fix	2023-02-25 23:47:48 +01:00
Sascha Lenk	dc906bfb0f	vulnerability XSS fix The "trans with" command is not automatically escaping the string, so this is a XSS (Cross-Site Scripting) vulnerability. Tested string: https://URL-TO-PART-DB-SERVER/de/parts/search?keyword=%22'%3E%3Cqss%20a%3D X147208852Y1_1Z%3E QUALYS Enterprise WAS Scan Report classifies this as level 5 security risk	2023-02-25 22:42:03 +01:00
Jan Böhmer	b70c9d4f00	Merge pull request #223 from sascha988/patch-1 Translated parts_list.search.searching_for	2023-02-25 21:06:44 +01:00
Sascha	03e0584279	Translated parts_list.search.searching_for Translated english text string parts_list.search.searching_for into german.	2023-02-25 21:05:00 +01:00
Jan Böhmer	960ee342e4	Moved all user info updating logic into SAMLUserFactory	2023-02-24 00:12:44 +01:00
Jan Böhmer	f5a5114999	Fixed PHPunit tests	2023-02-23 23:43:01 +01:00
Jan Böhmer	e6d9237bda	Allow to specify a user by username or email with set-password commannd	2023-02-23 23:39:29 +01:00
Jan Böhmer	c831d57614	Added an console command to convert local to SAML users and vice versa	2023-02-23 23:36:40 +01:00
Jan Böhmer	c5904303e3	Allow to configure SAML via env variables	2023-02-22 00:50:51 +01:00
Jan Böhmer	586a57c2c9	Allow X500 attributes for user info and added some tests	2023-02-21 23:41:02 +01:00
Jan Böhmer	91fb861fd3	Use login form page to show error messages on Part-DB side	2023-02-21 23:11:16 +01:00
Jan Böhmer	b13655e951	Prevent login of local users via SSO with the same username	2023-02-21 22:36:43 +01:00
Jan Böhmer	e064ee4263	Prevent change of password of SAML users via CLI	2023-02-21 21:58:27 +01:00
Jan Böhmer	60f926924b	Add a specific role to SAML user	2023-02-21 00:42:03 +01:00
Jan Böhmer	97c3b9002a	Mark SAML users as so in database and disable local password changing then.	2023-02-21 00:29:50 +01:00
Jan Böhmer	78ec0f1ea3	Create a new DB user when somebody logs in using SAML	2023-02-20 23:04:20 +01:00
Jan Böhmer	c0b74d83a5	Started to work on interfacing with keycloak	2023-02-20 22:10:24 +01:00
Jan Böhmer	9dd172df98	Bumped version to 1.0.1 release	2023-02-20 12:26:23 +01:00
Jan Böhmer	d3659858eb	Updated dependencies	2023-02-20 00:57:00 +01:00
Jan Böhmer	b637f5c3dd	Exempt label dialog PDF preview from darkmode blending It should show real colors, instead of the darkmode	2023-02-20 00:26:56 +01:00
Jan Böhmer	05ab3c3b7b	Fixed image display style for odd shaped (very small) images.	2023-02-20 00:24:12 +01:00
Jan Böhmer	f9d5a9a3b5	Fixed problem with failing foreign key constraints on preview pic (2/2)	2023-02-20 00:09:23 +01:00
Jan Böhmer	82aec6f1ee	Fixed problem with failing foreign key constraints on preview pic (1/2)	2023-02-20 00:06:00 +01:00
Jan Böhmer	c39a9a4da7	Added checkbox in parts table header to quickly select/unselect all parts	2023-02-19 23:04:51 +01:00
Jan Böhmer	9d1cd0477a	Fixed problems with non-unique prototype names when using nested collection type, which prevented to create nested entries with mulitple new sub entries. We now use a unique prototype name for every collection field. This fixes issue #219	2023-02-19 22:39:26 +01:00
Jan Böhmer	1e998fccbb	Put delete option on multiaction select in its own optgroups so it does not look like it belongs to the project optgroup	2023-02-19 21:58:55 +01:00
Jan Böhmer	2fcd48d4f2	Fixed error when cloning an label profile An attachment type with the same ID was retrieved from the DB, which was not cloneable for the form...	2023-02-19 21:56:10 +01:00
Jan Böhmer	4e79bb120a	Bumped version to 1.0.1-dev	2023-02-19 21:46:27 +01:00
Jan Böhmer	2d85734703	Use having clause for part amountSum filter constraint This fixes issue #218	2023-02-19 21:45:38 +01:00
Jan Böhmer	ccb0ac63e1	Updated list of missing features in upgrade docs.	2023-02-16 01:22:40 +01:00
Jan Böhmer	e47b5090c7	Removed the double composer install command from assets artifact build action	2023-02-13 00:55:35 +01:00
Jan Böhmer	4f51b70540	Renamed assets artifact build action	2023-02-13 00:52:30 +01:00
Jan Böhmer	19af268efe	Bumped version to 1.0.0	2023-02-13 00:51:38 +01:00
Jan Böhmer	a32d5625f2	Merge remote-tracking branch 'origin/l10n_master'	2023-02-13 00:50:12 +01:00
Jan Böhmer	da97a10033	Added action to build artifacts	2023-02-13 00:49:58 +01:00
Jan Böhmer	43137043cf	New translations messages.en.xlf (English)	2023-02-13 00:39:07 +01:00
Jan Böhmer	67aa6dd7e4	Do not run actions on localization branches This often fails and causes a lot of email traffic...	2023-02-13 00:34:13 +01:00
Jan Böhmer	c4757fcba7	Added link to demo and docker image to README header	2023-02-12 23:55:23 +01:00
Jan Böhmer	54292dacbd	Added screenshots to README.md	2023-02-12 23:52:38 +01:00
Jan Böhmer	5ba37d88f4	Croped one of the screenshot	2023-02-12 23:51:53 +01:00

... 22 23 24 25 26 ...

3384 commits