Commit Graph

123 Commits

Author SHA1 Message Date
42de40e320 Added CSRF protection to settings 2020-08-31 18:34:09 +01:00
faa3a65e2b Added unchecked checkbox workaround 2020-08-31 18:32:08 +01:00
ba3a139d1c Wrapped settings with form-check 2020-08-31 18:13:44 +01:00
25ddf81118 Added form control buttons
Also improved form styling
2020-08-31 18:11:00 +01:00
9431eb5036 Updated options rendering 2020-08-31 18:03:20 +01:00
a3071dccf9 Update wrong view name 2020-08-31 17:58:07 +01:00
b0cbf65cfc Added missing permissions to roles 2020-08-31 17:55:36 +01:00
6be5e241d4 Add permission and provider imports 2020-08-31 16:41:01 +01:00
d6c49a5cf0 Add missing migration 2020-08-30 23:27:06 +01:00
075617fd32 Merge remote-tracking branch 'origin/master' into master 2020-08-30 23:17:28 +01:00
da73c91b4a Update DB seeder 2020-08-30 23:17:06 +01:00
ca82f5882d Add settings page 2020-08-30 23:06:01 +01:00
88c36dd3f8
Updated Readme 2020-08-16 16:11:45 +01:00
535a2c3973 Fixed broken banning logic 2020-08-13 22:12:17 +01:00
ad5c3404cc
Update variable 2020-07-25 01:20:43 +01:00
64d418c590
Add heroku action 2020-07-25 00:28:44 +01:00
62b063ee63
Missed variable name 2020-07-23 02:37:08 +01:00
2c0c404d73
Change wrong param name 2020-07-19 06:01:46 +01:00
168f08bd96 Remove deprecated SubmenuFilter class 2020-07-18 19:58:49 +01:00
94d08f1886 Trust Heroku proxies
This commit also forces the environment into HTTPS when in production.
2020-07-18 06:33:00 +01:00
0cf6208577 Add embarassing missing comma 2020-07-18 03:57:56 +01:00
9255a6c88d Rewrote lock file 2020-07-18 03:55:31 +01:00
098205a969 Updated required extension name 2020-07-18 03:51:57 +01:00
bf426e3bdd Updated package lock and added postinstall 2020-07-18 03:45:31 +01:00
02059bbcb0 Updated dependency lock file
Also added Imagemagick as a required extension for 2FA
2020-07-18 03:21:49 +01:00
91627decbe Added Heroku Procfile
Also changed required password length for new users
2020-07-18 02:45:15 +01:00
2763f777ab Add password strength requirment
This commit adds a password strength requirement for new users using 
regular expressions.
Also adds a dismissable alert so users know how to create passwords 
properly.
2020-07-17 23:13:46 +01:00
d392c0593f Add two factor authentication 2020-07-17 22:44:10 +01:00
5f1f92a9ce Code review
This commit fixes some superficial instances of Broken Access Control 
(https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control).
There may be some more instances of this, as authorization was only done 
after most of the controllers were done (big mistake).

Some refactoring was also performed, where Route Model Binding with DI 
(dependency injection) was used whenever possible, to increase 
testability of the codebase.
Some reused code was also moved to Helper classes as to enforce DRY; 
There may be some lines of code that are still copy-pasted from other 
parts of the codebase for reuse.

Non-breaking refactoring changes were made, but the app as a whole still 
needs full manual testing, and customised responses to HTTP 500 
responses. Some errors are also not handled gracefully and this wasn't 
checked in this commit.
2020-07-16 21:21:28 +01:00
9e2d571298 Fix homepage bg issue 2020-07-16 07:32:52 +01:00
e16be5dc46 Override styles for auth pages 2020-07-16 07:11:33 +01:00
1a04880489 Replace basic authentication pages 2020-07-16 06:50:59 +01:00
3693ce3431 Add footer to all dashboard pages 2020-07-16 06:46:20 +01:00
4a766620ff Fix appointment policy not being called correctly
This commit fixes the appointment policy being called at the wrong time, with the wrong arguments.
It also fixes wrong references on the auth service provider, also fixing other issues with poliy usage.

Fixes #3 and SPACEJEWEL-HOSTING-59.
2020-07-16 05:24:00 +01:00
bca6020ab0 Add ability to edit forms and add new fields
This commit adds the ability to edit and modify existing forms.
On the technical side, it also adds a new reusable validation Facade which helps reduce duplicated code.
2020-07-15 06:48:49 +01:00
1f50faaea7 Add ability to preview application 2020-07-12 19:36:12 +01:00
e978a5417b Added ability to delete single application
Also moved User observer code to Application observer
2020-07-12 17:01:33 +01:00
4dc412e53c Added check for constrained models when deleting 2020-07-12 06:39:39 +01:00
bd0664ce0d Add ability to edit Vacancies 2020-07-11 20:34:26 +01:00
4b390ea536 Added full Vacancy description
Also added support for Markdown
2020-07-11 05:34:12 +01:00
035c9399a6 Add "All Applications" page 2020-07-11 02:43:59 +01:00
bbe3001157 Example env version update 2020-07-10 05:30:22 +01:00
d1f4be124c Update wrong key name 2020-07-10 05:26:40 +01:00
0f126886f5 Use package for .env editing
The solution provided by this package is similar to what was previously implemented (see #1), but it's nicely packaged and made available in a Facade.
2020-07-10 05:00:41 +01:00
4deb882d23 Add check for null env and attempt to recover 2020-07-09 09:07:49 +01:00
635f8593d3 Update outdated information 2020-07-09 08:53:56 +01:00
c3a6b16a13 Clear configuration cache before editing it 2020-07-09 08:50:54 +01:00
fb4d832489 Beautified the search and replace function 2020-07-09 08:46:45 +01:00
4456d19c1f Clear cache and refresh *before* running migration 2020-07-09 07:12:15 +01:00
c7fd8989f9 More command improvements 2020-07-09 07:07:28 +01:00