596a469e15
Add user invitation facilities RSM-5
...
Adds user invitation to teams, and framework for assigning taems
Also adds user acc. deletion.
2020-10-08 19:19:10 +01:00
75f4404259
RSM-6 Team features
2020-10-03 21:36:35 +01:00
b68449d3bf
RSM-3 Add team functionality to users
2020-09-10 19:05:26 +01:00
937a0206a5
Added existing account check to logs
2020-09-08 01:38:56 +01:00
3598a32ecf
Added existing account check to logs
2020-09-08 01:37:33 +01:00
ac8b303e2c
Update to logauthfailure
2020-09-08 01:34:47 +01:00
e93abd2ab7
Added logging for successful authentication attempts
2020-09-08 01:31:09 +01:00
20ab381076
Added logging for failed authentication attempts
2020-09-08 01:26:27 +01:00
e566e40404
Update target user in logs
2020-09-08 00:07:50 +01:00
b0a935b8b3
Add acceptable "permanent" ban time
2020-09-08 00:06:27 +01:00
0dfb68dba2
Add acceptable "permanent" ban time
2020-09-08 00:05:37 +01:00
24303052ad
Ban validation update
2020-09-07 23:57:50 +01:00
178bc31a6e
Ban datetime format
2020-09-07 23:44:14 +01:00
98e557a840
Update ban dates
2020-09-07 23:42:09 +01:00
95bf7c239e
Update ban time logic
2020-09-07 23:38:25 +01:00
4d2595dd39
Update ban logic
2020-09-07 23:33:35 +01:00
4e81a41210
Updated installation process
2020-09-07 23:22:25 +01:00
1319ce6b86
Added more debug logging
2020-09-07 22:56:54 +01:00
bea83b650c
Added more debug logging
2020-09-07 22:54:20 +01:00
675cc3c329
Import missing facade
2020-09-07 22:35:42 +01:00
e8119b763c
Register Application observers
2020-09-07 21:43:48 +01:00
87f8e63b24
Force new users to verify email
2020-09-03 20:06:29 +01:00
8e85e08171
Vacancy tweaks
2020-09-03 02:52:21 +01:00
de3dba3627
Vacancy tweaks
2020-09-03 02:50:19 +01:00
7e58c3af6b
Add more missing translation strings
...
Also fixed broken vacancy editor
2020-09-03 02:20:15 +01:00
60874c046f
Conditionally pre-load Appointment relationship
2020-09-03 00:34:35 +01:00
e9dd1567b8
Appointment model tweaks
2020-09-03 00:23:09 +01:00
af96d193a4
Missing login button translation
2020-09-03 00:11:49 +01:00
9b5e35b241
Missing typehint
2020-09-02 20:52:56 +01:00
a0192cdb02
Added route localization and auto detection
2020-09-02 17:43:27 +01:00
17fb0e236f
Make notifications cancellable
...
This commit makes certain notifications cancellable. This enables notifications to be sent conditionally based on the user's choice.
2020-08-31 22:06:00 +01:00
27b1f3170b
Update settings log level
2020-08-31 20:02:30 +01:00
00cc36246f
Minor import change
2020-08-31 19:53:10 +01:00
41e3e817a2
Added error messages to settings.blade.php
2020-08-31 19:50:58 +01:00
2afea88846
Added logging to Settings
2020-08-31 19:47:27 +01:00
ea96cbc1f5
Options: return value instead of whole model
2020-08-31 18:54:33 +01:00
2996e66c8b
Add missing query builder statement for options
2020-08-31 18:51:35 +01:00
cd874c5f58
Settings auth checks
2020-08-31 18:36:38 +01:00
a3071dccf9
Update wrong view name
2020-08-31 17:58:07 +01:00
b0cbf65cfc
Added missing permissions to roles
2020-08-31 17:55:36 +01:00
6be5e241d4
Add permission and provider imports
2020-08-31 16:41:01 +01:00
ca82f5882d
Add settings page
2020-08-30 23:06:01 +01:00
535a2c3973
Fixed broken banning logic
2020-08-13 22:12:17 +01:00
ad5c3404cc
Update variable
2020-07-25 01:20:43 +01:00
62b063ee63
Missed variable name
2020-07-23 02:37:08 +01:00
94d08f1886
Trust Heroku proxies
...
This commit also forces the environment into HTTPS when in production.
2020-07-18 06:33:00 +01:00
91627decbe
Added Heroku Procfile
...
Also changed required password length for new users
2020-07-18 02:45:15 +01:00
2763f777ab
Add password strength requirment
...
This commit adds a password strength requirement for new users using
regular expressions.
Also adds a dismissable alert so users know how to create passwords
properly.
2020-07-17 23:13:46 +01:00
d392c0593f
Add two factor authentication
2020-07-17 22:44:10 +01:00
5f1f92a9ce
Code review
...
This commit fixes some superficial instances of Broken Access Control
(https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control ).
There may be some more instances of this, as authorization was only done
after most of the controllers were done (big mistake).
Some refactoring was also performed, where Route Model Binding with DI
(dependency injection) was used whenever possible, to increase
testability of the codebase.
Some reused code was also moved to Helper classes as to enforce DRY;
There may be some lines of code that are still copy-pasted from other
parts of the codebase for reuse.
Non-breaking refactoring changes were made, but the app as a whole still
needs full manual testing, and customised responses to HTTP 500
responses. Some errors are also not handled gracefully and this wasn't
checked in this commit.
2020-07-16 21:21:28 +01:00
