From 97fa9663b1df1768ef8383e2e7acfcbb395ba029 Mon Sep 17 00:00:00 2001 From: Eli Young Date: Mon, 15 Mar 2021 16:42:11 -0700 Subject: [PATCH 1/5] Fixed #9299: Use correct SVG MIME type for uploads (#9300) The correct MIME type of SVG is image/svg+xml. Out of an abundance of caution, I am leaving in image/svg to avoid potentially causing issues on very old browsers, but this can likely be removed without issue. --- resources/views/partials/forms/edit/image-upload.blade.php | 2 +- resources/views/partials/forms/edit/uploadLogo.blade.php | 2 +- resources/views/settings/branding.blade.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/resources/views/partials/forms/edit/image-upload.blade.php b/resources/views/partials/forms/edit/image-upload.blade.php index 78fe48ff8f..82078ff819 100644 --- a/resources/views/partials/forms/edit/image-upload.blade.php +++ b/resources/views/partials/forms/edit/image-upload.blade.php @@ -6,7 +6,7 @@ diff --git a/resources/views/partials/forms/edit/uploadLogo.blade.php b/resources/views/partials/forms/edit/uploadLogo.blade.php index 101e392809..b1d26a6742 100644 --- a/resources/views/partials/forms/edit/uploadLogo.blade.php +++ b/resources/views/partials/forms/edit/uploadLogo.blade.php @@ -35,7 +35,7 @@ {{ trans('button.select_file') }} + accept="{{ $allowedTypes ?? 'image/gif,image/jpeg,image/png,image/svg,image/svg+xml'}}" style="display:none; max-width: 90%"> diff --git a/resources/views/settings/branding.blade.php b/resources/views/settings/branding.blade.php index 9d0676c5ab..5081d25fc3 100644 --- a/resources/views/settings/branding.blade.php +++ b/resources/views/settings/branding.blade.php @@ -105,7 +105,7 @@ "logoLabel" => trans('admin/settings/general.favicon'), "logoClearVariable" => "clear_favicon", "helpBlock" => trans('admin/settings/general.favicon_size') .' '. trans('admin/settings/general.favicon_format'), - "allowedTypes" => "image/x-icon,image/gif,image/jpeg,image/png,image/svg,image/vnd.microsoft.icon", + "allowedTypes" => "image/x-icon,image/gif,image/jpeg,image/png,image/svg,image/svg+xml,image/vnd.microsoft.icon", "maxSize" => 20000 ]) From ca882e2b3d899b311e3a2a1e7953d471f1283b0a Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 15 Mar 2021 16:42:52 -0700 Subject: [PATCH 2/5] Add @elyscape as a contributor --- .all-contributorsrc | 9 +++++++++ README.md | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.all-contributorsrc b/.all-contributorsrc index 30a37f639b..5c12d6de18 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -2137,6 +2137,15 @@ "contributions": [ "code" ] + }, + { + "login": "elyscape", + "name": "Eli Young", + "avatar_url": "https://avatars.githubusercontent.com/u/792695?v=4", + "profile": "https://elyscape.com", + "contributions": [ + "code" + ] } ] } diff --git a/README.md b/README.md index 2e0e95307d..3a54880c99 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ ![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/snipe/snipe-it?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade) -[![All Contributors](https://img.shields.io/badge/all_contributors-234-orange.svg?style=flat-square)](#contributors) +[![All Contributors](https://img.shields.io/badge/all_contributors-235-orange.svg?style=flat-square)](#contributors) ## Snipe-IT - Open Source Asset Management System @@ -122,7 +122,7 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken | [
Peter Upfold](https://peter.upfold.org.uk/)
[💻](https://github.com/snipe/snipe-it/commits?author=PeterUpfold "Code") | [
Jared Biel](https://github.com/jbiel)
[💻](https://github.com/snipe/snipe-it/commits?author=jbiel "Code") | [
Dampfklon](https://github.com/dampfklon)
[💻](https://github.com/snipe/snipe-it/commits?author=dampfklon "Code") | [
Charles Hamilton](https://communityclosing.com)
[💻](https://github.com/snipe/snipe-it/commits?author=chamilton-ccn "Code") | [
Giuseppe Iannello](https://github.com/giannello)
[💻](https://github.com/snipe/snipe-it/commits?author=giannello "Code") | [
Peter Dave Hello](https://www.peterdavehello.org/)
[💻](https://github.com/snipe/snipe-it/commits?author=PeterDaveHello "Code") | [
sigmoidal](https://github.com/sigmoidal)
[💻](https://github.com/snipe/snipe-it/commits?author=sigmoidal "Code") | | [
Vincent Lainé](https://github.com/phenixdotnet)
[💻](https://github.com/snipe/snipe-it/commits?author=phenixdotnet "Code") | [
Lucas Pleß](http://www.lucas-pless.com)
[💻](https://github.com/snipe/snipe-it/commits?author=derlucas "Code") | [
Ian Littman](http://twitter.com/iansltx)
[💻](https://github.com/snipe/snipe-it/commits?author=iansltx "Code") | [
João Paulo](https://github.com/PauloLuna)
[💻](https://github.com/snipe/snipe-it/commits?author=PauloLuna "Code") | [
ThoBur](https://github.com/ThoBur)
[💻](https://github.com/snipe/snipe-it/commits?author=ThoBur "Code") | [
Alexander Chibrikin](http://phpprofi.ru/)
[💻](https://github.com/snipe/snipe-it/commits?author=alek13 "Code") | [
Anthony Winstanley](https://github.com/winstan)
[💻](https://github.com/snipe/snipe-it/commits?author=winstan "Code") | | [
Folke](https://github.com/fashberg)
[💻](https://github.com/snipe/snipe-it/commits?author=fashberg "Code") | [
Bennett Blodinger](https://github.com/benwa)
[💻](https://github.com/snipe/snipe-it/commits?author=benwa "Code") | [
NMC](https://nmc.dev)
[💻](https://github.com/snipe/snipe-it/commits?author=ncareau "Code") | [
andres-baller](https://github.com/andres-baller)
[💻](https://github.com/snipe/snipe-it/commits?author=andres-baller "Code") | [
sean-borg](https://github.com/sean-borg)
[💻](https://github.com/snipe/snipe-it/commits?author=sean-borg "Code") | [
EDVLeer](https://github.com/EDVLeer)
[💻](https://github.com/snipe/snipe-it/commits?author=EDVLeer "Code") | [
Kurokat](https://github.com/Kurokat)
[💻](https://github.com/snipe/snipe-it/commits?author=Kurokat "Code") | -| [
Kevin Köllmann](https://www.kevinkoellmann.de)
[💻](https://github.com/snipe/snipe-it/commits?author=koelle25 "Code") | [
sw-mreyes](https://github.com/sw-mreyes)
[💻](https://github.com/snipe/snipe-it/commits?author=sw-mreyes "Code") | [
Joel Pittet](https://pittet.ca)
[💻](https://github.com/snipe/snipe-it/commits?author=joelpittet "Code") | +| [
Kevin Köllmann](https://www.kevinkoellmann.de)
[💻](https://github.com/snipe/snipe-it/commits?author=koelle25 "Code") | [
sw-mreyes](https://github.com/sw-mreyes)
[💻](https://github.com/snipe/snipe-it/commits?author=sw-mreyes "Code") | [
Joel Pittet](https://pittet.ca)
[💻](https://github.com/snipe/snipe-it/commits?author=joelpittet "Code") | [
Eli Young](https://elyscape.com)
[💻](https://github.com/snipe/snipe-it/commits?author=elyscape "Code") | This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome! From 1b890ffcc549657d8558b51521593670cbeded7b Mon Sep 17 00:00:00 2001 From: snipe Date: Wed, 17 Mar 2021 15:45:00 -0700 Subject: [PATCH 3/5] Added collision --- composer.json | 1 + composer.lock | 255 +++++++++++++++++++++++++++++++++++++++++++++++++- phpunit.xml | 1 + 3 files changed, 256 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 99a346ad34..3c5635bafa 100644 --- a/composer.json +++ b/composer.json @@ -65,6 +65,7 @@ "codeception/module-rest": "^1.2", "codeception/module-webdriver": "^1.0", "fzaninotto/faker": "^1.9", + "nunomaduro/collision": "v3.2.0", "overtrue/phplint": "^2.2", "phpunit/php-token-stream": "^3.1", "phpunit/phpunit": "^8.5", diff --git a/composer.lock b/composer.lock index 1c9c65c28c..bd4730066e 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ef894afa35a5773730ca8d285c0ab430", + "content-hash": "4764ebcc3a536c9bbda8c65bb6ece1a9", "packages": [ { "name": "adldap2/adldap2", @@ -9701,6 +9701,77 @@ }, "time": "2020-07-03T15:54:43+00:00" }, + { + "name": "filp/whoops", + "version": "2.10.0", + "source": { + "type": "git", + "url": "https://github.com/filp/whoops.git", + "reference": "6ecda5217bf048088b891f7403b262906be5a957" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/filp/whoops/zipball/6ecda5217bf048088b891f7403b262906be5a957", + "reference": "6ecda5217bf048088b891f7403b262906be5a957", + "shasum": "" + }, + "require": { + "php": "^5.5.9 || ^7.0 || ^8.0", + "psr/log": "^1.0.1" + }, + "require-dev": { + "mockery/mockery": "^0.9 || ^1.0", + "phpunit/phpunit": "^4.8.36 || ^5.7.27 || ^6.5.14 || ^7.5.20 || ^8.5.8 || ^9.3.3", + "symfony/var-dumper": "^2.6 || ^3.0 || ^4.0 || ^5.0" + }, + "suggest": { + "symfony/var-dumper": "Pretty print complex values better with var-dumper available", + "whoops/soap": "Formats errors as SOAP responses" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.7-dev" + } + }, + "autoload": { + "psr-4": { + "Whoops\\": "src/Whoops/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Filipe Dobreira", + "homepage": "https://github.com/filp", + "role": "Developer" + } + ], + "description": "php error handling for cool kids", + "homepage": "https://filp.github.io/whoops/", + "keywords": [ + "error", + "exception", + "handling", + "library", + "throwable", + "whoops" + ], + "support": { + "issues": "https://github.com/filp/whoops/issues", + "source": "https://github.com/filp/whoops/tree/2.10.0" + }, + "funding": [ + { + "url": "https://github.com/denis-sokolov", + "type": "github" + } + ], + "time": "2021-03-16T12:00:00+00:00" + }, { "name": "fzaninotto/faker", "version": "v1.9.2", @@ -9924,6 +9995,86 @@ }, "time": "2013-11-23T13:11:26+00:00" }, + { + "name": "nunomaduro/collision", + "version": "v3.2.0", + "source": { + "type": "git", + "url": "https://github.com/nunomaduro/collision.git", + "reference": "f7c45764dfe4ba5f2618d265a6f1f9c72732e01d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/nunomaduro/collision/zipball/f7c45764dfe4ba5f2618d265a6f1f9c72732e01d", + "reference": "f7c45764dfe4ba5f2618d265a6f1f9c72732e01d", + "shasum": "" + }, + "require": { + "filp/whoops": "^2.1.4", + "php": "^7.2.5 || ^8.0", + "php-parallel-lint/php-console-highlighter": "0.5.*", + "symfony/console": "~2.8|~3.3|~4.0" + }, + "require-dev": { + "laravel/framework": "^6.0", + "phpunit/phpunit": "^8.0 || ^9.0" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "NunoMaduro\\Collision\\Adapters\\Laravel\\CollisionServiceProvider" + ] + } + }, + "autoload": { + "psr-4": { + "NunoMaduro\\Collision\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nuno Maduro", + "email": "enunomaduro@gmail.com" + } + ], + "description": "Cli error handling for console/command-line PHP applications.", + "keywords": [ + "artisan", + "cli", + "command-line", + "console", + "error", + "handling", + "laravel", + "laravel-zero", + "php", + "symfony" + ], + "support": { + "issues": "https://github.com/nunomaduro/collision/issues", + "source": "https://github.com/nunomaduro/collision" + }, + "funding": [ + { + "url": "https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=66BYDWAT92N6L", + "type": "custom" + }, + { + "url": "https://github.com/nunomaduro", + "type": "github" + }, + { + "url": "https://www.patreon.com/nunomaduro", + "type": "patreon" + } + ], + "time": "2021-02-11T09:01:42+00:00" + }, { "name": "overtrue/phplint", "version": "2.3.5", @@ -10105,6 +10256,108 @@ }, "time": "2021-02-23T14:00:09+00:00" }, + { + "name": "php-parallel-lint/php-console-color", + "version": "v0.3", + "source": { + "type": "git", + "url": "https://github.com/php-parallel-lint/PHP-Console-Color.git", + "reference": "b6af326b2088f1ad3b264696c9fd590ec395b49e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-parallel-lint/PHP-Console-Color/zipball/b6af326b2088f1ad3b264696c9fd590ec395b49e", + "reference": "b6af326b2088f1ad3b264696c9fd590ec395b49e", + "shasum": "" + }, + "require": { + "php": ">=5.4.0" + }, + "replace": { + "jakub-onderka/php-console-color": "*" + }, + "require-dev": { + "php-parallel-lint/php-code-style": "1.0", + "php-parallel-lint/php-parallel-lint": "1.0", + "php-parallel-lint/php-var-dump-check": "0.*", + "phpunit/phpunit": "~4.3", + "squizlabs/php_codesniffer": "1.*" + }, + "type": "library", + "autoload": { + "psr-4": { + "JakubOnderka\\PhpConsoleColor\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-2-Clause" + ], + "authors": [ + { + "name": "Jakub Onderka", + "email": "jakub.onderka@gmail.com" + } + ], + "support": { + "issues": "https://github.com/php-parallel-lint/PHP-Console-Color/issues", + "source": "https://github.com/php-parallel-lint/PHP-Console-Color/tree/master" + }, + "time": "2020-05-14T05:47:14+00:00" + }, + { + "name": "php-parallel-lint/php-console-highlighter", + "version": "v0.5", + "source": { + "type": "git", + "url": "https://github.com/php-parallel-lint/PHP-Console-Highlighter.git", + "reference": "21bf002f077b177f056d8cb455c5ed573adfdbb8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-parallel-lint/PHP-Console-Highlighter/zipball/21bf002f077b177f056d8cb455c5ed573adfdbb8", + "reference": "21bf002f077b177f056d8cb455c5ed573adfdbb8", + "shasum": "" + }, + "require": { + "ext-tokenizer": "*", + "php": ">=5.4.0", + "php-parallel-lint/php-console-color": "~0.2" + }, + "replace": { + "jakub-onderka/php-console-highlighter": "*" + }, + "require-dev": { + "php-parallel-lint/php-code-style": "~1.0", + "php-parallel-lint/php-parallel-lint": "~1.0", + "php-parallel-lint/php-var-dump-check": "~0.1", + "phpunit/phpunit": "~4.0", + "squizlabs/php_codesniffer": "~1.5" + }, + "type": "library", + "autoload": { + "psr-4": { + "JakubOnderka\\PhpConsoleHighlighter\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jakub Onderka", + "email": "acci@acci.cz", + "homepage": "http://www.acci.cz/" + } + ], + "description": "Highlight PHP code in terminal", + "support": { + "issues": "https://github.com/php-parallel-lint/PHP-Console-Highlighter/issues", + "source": "https://github.com/php-parallel-lint/PHP-Console-Highlighter/tree/master" + }, + "time": "2020-05-13T07:37:49+00:00" + }, { "name": "php-webdriver/webdriver", "version": "1.10.0", diff --git a/phpunit.xml b/phpunit.xml index ad15b6f59a..cb6b6c20ed 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -1,5 +1,6 @@ Date: Wed, 17 Mar 2021 16:56:32 -0700 Subject: [PATCH 4/5] Removed unused class references --- config/app.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/app.php b/config/app.php index 0d59971338..55184884dc 100755 --- a/config/app.php +++ b/config/app.php @@ -333,7 +333,6 @@ return [ Laravel\Passport\PassportServiceProvider::class, Laravel\Tinker\TinkerServiceProvider::class, Unicodeveloper\DumbPassword\DumbPasswordServiceProvider::class, - //Schuppo\PasswordStrength\PasswordStrengthServiceProvider::class, Tightenco\Ziggy\ZiggyServiceProvider::class, // Laravel routes in vue Eduardokum\LaravelMailAutoEmbed\ServiceProvider::class, @@ -403,11 +402,9 @@ return [ 'URL' => Illuminate\Support\Facades\URL::class, 'Validator' => Illuminate\Support\Facades\Validator::class, 'View' => Illuminate\Support\Facades\View::class, - //'Input' => Illuminate\Support\Facades\Input::class, 'Form' => Collective\Html\FormFacade::class, 'Html' => Collective\Html\HtmlFacade::class, 'Google2FA' => PragmaRX\Google2FALaravel\Facade::class, - // 'Debugbar' => Barryvdh\Debugbar\Facade::class, //autodiscover should handle this 'Image' => Intervention\Image\ImageServiceProvider::class, 'Carbon' => Carbon\Carbon::class, From 8fd8e716ac8391b40c4ec59b737297304f56bb1d Mon Sep 17 00:00:00 2001 From: snipe Date: Wed, 17 Mar 2021 19:24:28 -0700 Subject: [PATCH 5/5] Changed debug level on bad LDAP connection (#9314) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Changed debug level on bad LDAP connection TODO: Unfuck all of this. It’s a mess and it really doesn’t work the way we think it does. AdLdap library strikes again. :( Signed-off-by: snipe * Improved phrasing Signed-off-by: snipe --- .../Controllers/Api/SettingsController.php | 35 ++++++++++++------- app/Services/LdapAd.php | 6 ++-- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/app/Http/Controllers/Api/SettingsController.php b/app/Http/Controllers/Api/SettingsController.php index f4177ea663..462c685361 100644 --- a/app/Http/Controllers/Api/SettingsController.php +++ b/app/Http/Controllers/Api/SettingsController.php @@ -36,13 +36,17 @@ class SettingsController extends Controller public function ldapAdSettingsTest(LdapAd $ldap): JsonResponse { if(!$ldap->init()) { - Log::info('LDAP is not enabled cannot test.'); + Log::info('LDAP is not enabled so we cannot test.'); return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400); } // The connect, bind and resulting users message $message = []; + + // This is all kinda fucked right now. The connection test doesn't actually do what you think, + // // and the way we parse the errors + // on the JS side is horrible. Log::info('Preparing to test LDAP user login'); // Test user can connect to the LDAP server try { @@ -51,13 +55,11 @@ class SettingsController extends Controller 'message' => 'Successfully connected to LDAP server.' ]; } catch (\Exception $ex) { - \Log::debug('LDAP connected but Bind failed. Please check your LDAP settings and try again.'); - return response()->json([ - 'message' => 'Error logging into LDAP server, error: ' . $ex->getMessage() . ' - Verify your that your username and password are correct']); + \Log::debug('Connection to LDAP server '.Setting::getSettings()->ldap_server.' failed. Please check your LDAP settings and try again. Server Responded with error: ' . $ex->getMessage()); + return response()->json( + ['message' => 'Connection to LDAP server '.Setting::getSettings()->ldap_server." failed. Verify that the LDAP hostname is entered correctly and that it can be reached from this web server. \n\nServer Responded with error: " . $ex->getMessage() - } catch (\Exception $e) { - \Log::info('LDAP connection failed but we cannot debug it any further on our end.'); - return response()->json(['message' => 'The LDAP connection failed but we cannot debug it any further on our end. The error from the server is: '.$e->getMessage()], 500); + ], 400); } Log::info('Preparing to test LDAP bind connection'); @@ -66,12 +68,11 @@ class SettingsController extends Controller Log::info('Testing Bind'); $ldap->testLdapAdBindConnection(); $message['bind'] = [ - 'message' => 'Successfully binded to LDAP server.' + 'message' => 'Successfully bound to LDAP server.' ]; } catch (\Exception $ex) { Log::info('LDAP Bind failed'); - return response()->json([ - 'message' => 'Error binding to LDAP server, error: ' . $ex->getMessage() + return response()->json(['message' => 'Connection to LDAP successful, but we were unable to Bind the LDAP user '.Setting::getSettings()->ldap_uname.". Verify your that your LDAP Bind username and password are correct. \n\nServer Responded with error: " . $ex->getMessage() ], 400); } @@ -94,9 +95,17 @@ class SettingsController extends Controller 'email' => $item[$settings['ldap_email']][0] ?? null, ]; }); - $message['user_sync'] = [ - 'users' => $users - ]; + if ($users->count() > 0) { + $message['user_sync'] = [ + 'users' => $users + ]; + } else { + $message['user_sync'] = [ + 'message' => 'Connection to LDAP was successful, however there were no users returned from your query. You should confirm the Base Bind DN above.' + ]; + return response()->json($message, 400); + } + } catch (\Exception $ex) { Log::info('LDAP sync failed'); $message['user_sync'] = [ diff --git a/app/Services/LdapAd.php b/app/Services/LdapAd.php index 85410ce7d1..01e6f77d59 100644 --- a/app/Services/LdapAd.php +++ b/app/Services/LdapAd.php @@ -504,9 +504,9 @@ class LdapAd extends LdapAdConfiguration { try { $this->ldap->connect(); - } catch (\Adldap\Auth\BindException $e) { - Log::error($e); - throw new Exception('Unable to connect to LDAP directory!'); + } catch (\Exception $e) { + Log::debug('LDAP ERROR: '.$e->getMessage()); + throw new Exception($e->getMessage()); } }