Yassine Guedidi
23301b7eac
Move Annotation repository to Core
2024-01-25 20:34:39 +01:00
Yassine Guedidi
0178c7356d
Fix PHPStan errors
2024-01-22 19:15:54 +01:00
Yassine Guedidi
0a117958c9
Apply PHP-CS-Fixer fixes
2024-01-22 19:15:54 +01:00
Yassine Guedidi
16c239aa78
Merge branch '2.6' into merge-2.6-in-master
2024-01-03 11:08:10 +01:00
Yassine Guedidi
7ebc96f3b9
Remove session-based redirection
2023-12-28 21:42:26 +01:00
Yassine Guedidi
ffec47bd88
Use Redirect helper in ConfigController::changeViewModeAction
2023-12-28 21:26:30 +01:00
Yassine Guedidi
a351b0aada
Fix canonicalize depreciation
2023-12-24 20:29:11 +01:00
Kevin Decherf
4a5f769428
Merge remote-tracking branch 'origin/2.6' into port/2.6.7
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-10-25 22:09:21 +02:00
Jeremy Benoist
fa107116cc
Prepare 2.6.7 release
2023-10-02 14:14:34 +02:00
Kevin Decherf
aa06e8328e
ConfigController: remove 2fa cancel step
...
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation
Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-09-30 00:49:58 +02:00
Kevin Decherf
5240684be9
ConfigController: move OTP endpoints to POST method only
...
Fixes GHSA-56fm-hfp3-x3w3
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-09-30 00:49:58 +02:00
Nicolas Lœuillet
b1752b619d
Add display article configurator (font family, font size, line height and max width)
2023-08-22 13:02:50 +02:00
Nicolas Lœuillet
cbcfa69c05
Remove (useless) demo mode
...
Fix #6671
2023-08-21 13:16:56 +02:00
Nicolas Lœuillet
78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9
...
Replace GET way to POST way to reset data user
2023-08-21 11:08:24 +02:00
Nicolas Lœuillet
a9893d754f
Replace GET way to POST way to reset data user
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-08-09 21:39:03 +02:00
Michael Ciociola
ced2ea4015
Merge branch 'master' into feat_referer_to_session_redirect
2023-08-06 20:14:44 +00:00
Nicolas Lœuillet
c75d3e6961
Remove twofactor_auth parameter
...
Fix #6649
2023-07-15 16:18:01 +02:00
Jeremy Benoist
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
Jeremy Benoist
f1b3d5cdd7
Fix CSRF on user deletion
2023-02-07 21:41:52 +01:00
Jeremy Benoist
6aca334d53
Move to controller as a service
...
Mostly using autowiring to inject deps.
The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case.
Usually:
- if a controller has a constructor, it means injected services are at least re-used once in actions
- otherwise, service are injected per action
2022-12-19 10:38:08 +01:00
Michael Ciociola
13bd448e01
feat: use session instead of referer for redirects
2022-12-04 16:20:11 -06:00
Jeremy Benoist
b7dba18cb2
Cleanup
2022-11-23 15:51:33 +01:00
Jeremy Benoist
1d3935fbd3
Remove LiipThemeBundle
...
As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore.
So:
- move all `*.twig` files from the material theme folder to the root
- remove useless translations
2022-11-23 14:52:06 +01:00
Jeremy Benoist
48803b68d6
Cleanup baggy
2022-11-03 10:35:33 +01:00
Yassine Guedidi
d1d56fbe25
Import used classes
2022-09-01 19:21:45 +02:00
Yassine Guedidi
eb43c78720
Use FQCN instead of service alias
2022-09-01 09:07:19 +02:00
Yassine Guedidi
156158673f
Alias Config entity to ConfigEntity to not conflict with Craue Config
2022-09-01 09:07:18 +02:00
Yassine Guedidi
8b7b4975d6
Migrate getRepository with entities
2022-08-26 17:47:46 +02:00
Yassine Guedidi
9549a90e76
Migrate first level template references to new notation
2022-08-25 21:09:26 +02:00
Yassine Guedidi
0f9c359476
Use FQCN as service name for repositories
2022-08-24 23:24:25 +02:00
Yassine Guedidi
ff9f719ec5
Use FQCN as service name for UserRepository
2022-08-24 23:17:17 +02:00
Jeremy Benoist
d86f296870
Deprecated Baggy
...
- a big message will be displayed to user using the Baggy theme
- switching from Material to Baggy is no more allowed in config (it'll be forced to material)
- the theme label in the config for Baggy is now _Baggy (DEPRECATED)_
2022-04-20 22:50:08 +02:00
Jeremy Benoist
381f9681b5
Fix CS
2021-01-18 10:38:56 +01:00
Kevin Decherf
41271bc153
otp: show secret as plaintext if a user can't scan qrcode
...
Fixes #4818
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-12-30 20:16:31 +01:00
Kevin Decherf
24230a5130
Add new Ignore Origin rules tab, update ConfigController
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Nicolas Lœuillet
4ff1efa418
Added a button to disable 2FA when enabled
2020-04-13 17:00:53 +02:00
Jeremy Benoist
8d4ed0df06
Update deps
...
Also CS (because cs-fixer got an update)
Package operations: 0 installs, 26 updates, 0 removals
- Updating twig/twig (v2.12.1 => v2.12.2)
- Updating symfony/symfony (v3.4.33 => v3.4.34)
- Updating doctrine/event-manager (v1.0.0 => 1.1.0)
- Updating doctrine/collections (v1.6.2 => 1.6.3)
- Updating doctrine/cache (v1.8.1 => 1.9.0)
- Updating doctrine/persistence (1.1.1 => 1.2.0)
- Updating doctrine/inflector (v1.3.0 => 1.3.1)
- Updating symfony/mime (v4.3.5 => v4.3.7)
- Updating swiftmailer/swiftmailer (v6.2.1 => v6.2.3)
- Updating symfony/swiftmailer-bundle (v3.3.0 => v3.3.1)
- Updating doctrine/dbal (v2.9.2 => v2.9.3)
- Updating doctrine/instantiator (1.2.0 => 1.3.0)
- Updating j0k3r/graby-site-config (1.0.93 => 1.0.94)
- Updating phpoption/phpoption (1.5.0 => 1.5.2)
- Updating symfony/http-client-contracts (v1.1.7 => v1.1.8)
- Updating symfony/http-client (v4.3.5 => v4.3.7)
- Updating sensiolabs/security-checker (v6.0.2 => v6.0.3)
- Updating paragonie/constant_time_encoding (v2.2.3 => v2.3.0)
- Updating scheb/two-factor-bundle (v4.7.1 => v4.8.0)
- Updating symfony/phpunit-bridge (v4.3.6 => v4.3.7)
- Updating composer/xdebug-handler (1.3.3 => 1.4.0)
- Updating friendsofphp/php-cs-fixer (v2.15.3 => v2.16.0)
- Updating doctrine/data-fixtures (v1.3.2 => 1.3.3)
- Updating nette/schema (v1.0.0 => v1.0.1)
- Updating nikic/php-parser (v4.2.4 => v4.3.0)
- Updating sentry/sentry (2.2.2 => 2.2.4)
2019-11-12 14:18:58 +01:00
Jeremy Benoist
34be2d5de4
Add ability to import/export tagging rules
...
- Add missing translations
- Add some tests
- Add `/api/taggingrule/export` API endpoint
- Add baggy theme
- Add error message when importing tagging rules failed
- Also fix all translations (I think we are good now)
2019-07-08 09:38:32 +02:00
Jeremy Benoist
c4bf12aade
Add ability to revoke feed token
2019-06-05 17:55:13 +02:00
Thomas Citharel
531c8d0a5c
Changed RSS to Atom feed and improve paging
2019-04-25 13:46:31 +02:00
Jeremy Benoist
4654a83b64
Hash backup codes in the database using password_hash
2019-01-23 14:43:39 +01:00
Jeremy Benoist
c416ed485f
CS
2019-01-23 13:28:24 +01:00
Jeremy Benoist
a0c5eb003f
Change the way to enable 2FA
...
And add a step to validate a generated code from the OTP app
2019-01-23 13:28:24 +01:00
Jeremy Benoist
dfd0a7bc5f
Add backup codes
2019-01-23 13:28:03 +01:00
Jeremy Benoist
2dfbe9e5fa
Fix tests
2019-01-23 13:28:02 +01:00
Jeremy Benoist
a6b242a1fd
Enable OTP 2FA
...
- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
2019-01-23 13:28:02 +01:00
Jeremy Benoist
4d4147b228
Ensure language is valid
...
- Do not override locale if user has choosen a locale from the login screen.
- Add some tests about locale url
2018-10-13 09:39:00 +02:00
Nicolas Lœuillet
be417ef236
Added possibility to change locale from login/register pages
2018-10-13 09:39:00 +02:00
Jeremy Benoist
115de64e5b
Jump to Symfony 3.4
...
Thanks to the BC compatibility, almost nothing have to be changed.
All changes are related to new bundle version of:
- SensioFrameworkExtraBundle
- DoctrineFixturesBundle
2018-10-04 14:11:57 +02:00
Kevin Decherf
2a1ceb67b4
php-cs-fixer
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2018-09-05 14:25:32 +02:00