From: Dan Brown Date: Sat, 18 Dec 2021 11:40:08 +0000 (+0000) Subject: Merge branch 'webhooks' X-Git-Tag: v21.12~1^2~6 X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/a3ead5062acc169ae3486d90ac2befe3db86bfe6?hp=-c Merge branch 'webhooks' --- a3ead5062acc169ae3486d90ac2befe3db86bfe6 diff --combined app/Auth/UserRepo.php index 84002b7f7,ce982d471..ff2e91ee2 --- a/app/Auth/UserRepo.php +++ b/app/Auth/UserRepo.php @@@ -2,7 -2,6 +2,6 @@@ namespace BookStack\Auth; - use Activity; use BookStack\Entities\EntityProvider; use BookStack\Entities\Models\Book; use BookStack\Entities\Models\Bookshelf; @@@ -63,16 -62,13 +62,16 @@@ class UserRep /** * Get all the users with their permissions in a paginated format. + * Note: Due to the use of email search this should only be used when + * user is assumed to be trusted. (Admin users). + * Email search can be abused to extract email addresses. */ public function getAllUsersPaginatedAndSorted(int $count, array $sortData): LengthAwarePaginator { $sort = $sortData['sort']; $query = User::query()->select(['*']) - ->withLastActivityAt() + ->scopes(['withLastActivityAt']) ->with(['roles', 'avatar']) ->withCount('mfaValues') ->orderBy($sort, $sortData['order']); @@@ -218,14 -214,6 +217,6 @@@ } } - /** - * Get the latest activity for a user. - */ - public function getActivity(User $user, int $count = 20, int $page = 0): array - { - return Activity::userActivity($user, $count, $page); - } - /** * Get the recently created content for this given user. */ diff --combined resources/views/settings/audit.blade.php index d7c31b0dd,9261ed61b..48e46a59d --- a/resources/views/settings/audit.blade.php +++ b/resources/views/settings/audit.blade.php @@@ -10,7 -10,7 +10,7 @@@

@@@ -41,19 -41,12 +41,19 @@@

@endforeach -

{{ trans('settings.audit_table_user') }} @include('form.user-select', ['user' => $listDetails['user'] ? \BookStack\Auth\User::query()->find($listDetails['user']) : null, 'name' => 'user', 'compact' => true])

+ + +

+ {{ trans('settings.audit_table_ip') }} + @include('form.text', ['name' => 'ip', 'model' => (object) $listDetails]) + +

diff --combined tests/Actions/AuditLogTest.php index b37de811a,3bdfc3d1a..ebfbf5abf --- a/tests/Actions/AuditLogTest.php +++ b/tests/Actions/AuditLogTest.php @@@ -1,9 -1,9 +1,9 @@@ activityService = app(ActivityService::class); + $this->activityService = app(ActivityLogger::class); } public function test_only_accessible_with_right_permissions() @@@ -46,7 -49,7 +49,7 @@@ $admin = $this->getAdmin(); $this->actingAs($admin); $page = Page::query()->first(); - $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE); + $this->activityService->add(ActivityType::PAGE_CREATE, $page); $activity = Activity::query()->orderBy('id', 'desc')->first(); $resp = $this->get('settings/audit'); @@@ -61,7 -64,7 +64,7 @@@ $this->actingAs($this->getAdmin()); $page = Page::query()->first(); $pageName = $page->name; - $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE); + $this->activityService->add(ActivityType::PAGE_CREATE, $page); app(PageRepo::class)->destroy($page); app(TrashCan::class)->empty(); @@@ -76,7 -79,7 +79,7 @@@ $viewer = $this->getViewer(); $this->actingAs($viewer); $page = Page::query()->first(); - $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE); + $this->activityService->add(ActivityType::PAGE_CREATE, $page); $this->actingAs($this->getAdmin()); app(UserRepo::class)->destroy($viewer); @@@ -89,7 -92,7 +92,7 @@@ { $this->actingAs($this->getAdmin()); $page = Page::query()->first(); - $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE); + $this->activityService->add(ActivityType::PAGE_CREATE, $page); $resp = $this->get('settings/audit'); $resp->assertSeeText($page->name); @@@ -102,7 -105,7 +105,7 @@@ { $this->actingAs($this->getAdmin()); $page = Page::query()->first(); - $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE); + $this->activityService->add(ActivityType::PAGE_CREATE, $page); $yesterday = (Carbon::now()->subDay()->format('Y-m-d')); $tomorrow = (Carbon::now()->addDay()->format('Y-m-d')); @@@ -126,11 -129,11 +129,11 @@@ $editor = $this->getEditor(); $this->actingAs($admin); $page = Page::query()->first(); - $this->activityService->addForEntity($page, ActivityType::PAGE_CREATE); + $this->activityService->add(ActivityType::PAGE_CREATE, $page); $this->actingAs($editor); $chapter = Chapter::query()->first(); - $this->activityService->addForEntity($chapter, ActivityType::CHAPTER_UPDATE); + $this->activityService->add(ActivityType::CHAPTER_UPDATE, $chapter); $resp = $this->actingAs($admin)->get('settings/audit?user=' . $admin->id); $resp->assertSeeText($page->name); @@@ -166,32 -169,6 +169,32 @@@ $resp->assertSee('192.123.45.1'); } + public function test_ip_address_is_searchable() + { + config()->set('app.proxies', '*'); + $editor = $this->getEditor(); + /** @var Page $page */ + $page = Page::query()->first(); + + $this->actingAs($editor)->put($page->getUrl(), [ + 'name' => 'Updated page', + 'html' => '

Updated content

', + ], [ + 'X-Forwarded-For' => '192.123.45.1', + ])->assertRedirect($page->refresh()->getUrl()); + + $this->actingAs($editor)->put($page->getUrl(), [ + 'name' => 'Updated page', + 'html' => '

Updated content

', + ], [ + 'X-Forwarded-For' => '192.122.45.1', + ])->assertRedirect($page->refresh()->getUrl()); + + $resp = $this->asAdmin()->get('/settings/audit?&ip=192.123'); + $resp->assertSee('192.123.45.1'); + $resp->assertDontSee('192.122.45.1'); + } + public function test_ip_address_not_logged_in_demo_mode() { config()->set('app.proxies', '*');

{{ trans('settings.audit') }}

{{ trans('settings.audit') }}