Dan Brown [Sat, 21 Aug 2021 14:14:24 +0000 (15:14 +0100)]
Improved login redirect and setup experience
- Updated auth system for mfa to not update intended URL so that the
user is not redirected to mfa setup after eventual login.
- Added notification for users setting up MFA, after setup when
redirected back to login screen to advise that MFA setup was complete
but they need to login again.
- Updated some bits of wording to display better.
Dan Brown [Mon, 2 Aug 2021 21:02:25 +0000 (22:02 +0100)]
Worked on MFA setup required flow
- Restructured some of the route naming to be a little more consistent.
- Moved the routes about to be more logically in one place.
- Created a new middleware to handle the auth of people that should be
allowed access to mfa setup routes, since these could be used by
existing logged in users or by people needing to setup MFA on access.
- Added testing to cover MFA setup required flow.
- Added TTL and method tracking to session last-login tracking system.
Dan Brown [Sun, 18 Jul 2021 15:52:31 +0000 (16:52 +0100)]
Added login redirect system to confirm/mfa
Also continued a bit on the MFA verification system.
Moved some MFA routes to public space using updated login service to get
the current user that is either logged in or last attempted login (With
correct creds).
Dan Brown [Fri, 16 Jul 2021 22:23:36 +0000 (23:23 +0100)]
Started on some MFA access-time checks
Discovered some difficult edge cases:
- User image loading in header bar when using local_secure storage
- 404s showing user-specific visible content due to content listing on
404 page since user is in semi-logged in state. Maybe need to go
through and change up how logins are handled to centralise and
provide us better control at login time to prevent any auth level.
Dan Brown [Sat, 3 Jul 2021 12:34:48 +0000 (13:34 +0100)]
Added role based MFA control
- Added new DB column for control and role updated create/update actions.
- Created new middleware as a start to actual enforcement logic.
- Added indicator to role list of whether MFA is enforced.
Dan Brown [Sat, 26 Jun 2021 15:40:29 +0000 (16:40 +0100)]
Swapped PHPCS for StyleCI
Trying out StyleCI as an automated easy way to ensure code style is
consistent across the PHP codebase.
PHPCS+PHPCBF was good but I wouldn't run it enough then I'd get paranoid
about running it with pending PRs. Better to let the robots stay on top
of things.
Dan Brown [Wed, 23 Jun 2021 19:42:48 +0000 (20:42 +0100)]
Reviewed #2393, Removed image guessing and added testing
For review of meta tag additions as per PR #2393.
This commit removes any image guesswork and only uses images that have
been set by the author for the specific content.
This also adds tests to cover the expected OG tags.
Dan Brown [Tue, 22 Jun 2021 20:02:18 +0000 (21:02 +0100)]
Updated markdown export implementation
- Removed ZIP system for now, until the idea can be fleshed out.
- Added testing to cover.
- Upgraded used library.
- Added custom handling for BookStack callouts.
- Added HTML cleanup to better produce output for things like code
blocks.
Dan Brown [Sat, 5 Jun 2021 23:51:06 +0000 (00:51 +0100)]
Added back-end attachments-in-browser support
A query string will cause attachments to be provided inline
with an appropriate mime type.
Remaining actions:
- Tests
- Front-end functionality
- Config option?
Dan Brown [Wed, 2 Jun 2021 20:34:34 +0000 (21:34 +0100)]
Reviewed base64 image upload support
- Added test cases to cover.
- Altered parsing logic to be a little less reliant on regex.
- Added new iamge repo method for creating from data.
- Added extension validation and additional type support.
- Done some cleanup of common operations within PageContent.
- Added message to API docs/method to mention image usage.
Dan Brown [Sat, 29 May 2021 11:39:41 +0000 (12:39 +0100)]
Reviewed and refactored next/previous navigation button implementation
- Updated styling to include item name.
- Extracted used text to translations.
- Updated the design to better suit the surrounding blocks.
- Removed newly added model/repo methods.
- Moved core logic out of controller and instead into a "NextPreviousContentLocator"
helper with re-uses the output from the book-tree generation.
- Also added the system to chapters.
Dan Brown [Wed, 26 May 2021 16:09:56 +0000 (17:09 +0100)]
Added app logo to outgoing emails
Required changing the header bar of the email to be solid color to match
the configuration of the main app header since otherwise colors may not
work together.
Dan Brown [Wed, 26 May 2021 14:19:26 +0000 (15:19 +0100)]
Made users header interface more adaptable
Search input was stacking on create button on default desktop view
due when viewing in russian due to combined width exceeding container.
Made into normal flexbox instead.
Dan Brown [Mon, 24 May 2021 17:45:08 +0000 (18:45 +0100)]
Reviewed PR to add import user avatars va LDAP
- Reduced options to single new configuration paramter instead of two.
- Moved more logic into UserAvatars class.
- Updated LDAP avatar import to also run on login when no image is
currently set.
- Added thumbnail fetching to search requests.
- Added testing to cover.
Dan Brown [Mon, 24 May 2021 15:12:09 +0000 (16:12 +0100)]
Reviewed tag in seach work
- Refactored some tag code bits while reviewing.
- Updated tag design in search listing to be more subtle.
- Moved tags out of entity-list-item-basic template and instead moved
them into entity-list-item, below the existing content.
- Tweaked existing tag colors a little.
- Changed tag icon to be more tag-like.
- Added tag-on-search test case.
Dan Brown [Mon, 24 May 2021 11:55:45 +0000 (12:55 +0100)]
Added theme add social driver redirect configuration callback
Allows someone using the theme system to configure the social driver
before a redirect action occurs, by passing a callback as an additional
param to the theme 'addSocialDriver' method.
Dan Brown [Mon, 24 May 2021 11:09:28 +0000 (12:09 +0100)]
Updated image permission setting logic
To ensure thhat the visibility is still set on local storage options
since the previous recent changes could cause problems where in
scenarios where the server user could not read images uploaded by the
php process user.
Dan Brown [Sun, 23 May 2021 13:34:36 +0000 (14:34 +0100)]
Added testing to favourite system
- Also removed some old view service references.
- Updated TopFavourites query to be based on favourites table and join
in the views instead of the other way around, so that favourites still
show even if they have no views.
Dan Brown [Sat, 22 May 2021 13:05:28 +0000 (14:05 +0100)]
Revamped some complex queries, added favourites to home
- Removed old view system and started use of new query classes instead.
- Finished off RelationMultiModelQuery but found it was less efficient
than x-many queries due to the amount of tables being scanned.
Adding now for history but will delete as not used.
- Updated recently viewed to use same query system as popular items
rather than running and joining x-entities queries.
- Added "Most Viewed Faviourites" listing to homepages.
Dan Brown [Sun, 16 May 2021 09:49:37 +0000 (10:49 +0100)]
Started refactoring of view service
Phasing out the view service from being a generic 'service' class,
moving the core create/delete methods into the model.
The idea is that the existing query work will need to interlink
with the favourite system so maybe we have a (or many composable)
query building classes rather than mixing query building and
create/delete work as per the old service.
projects / bookstack / log