* Disable GET login by default
GET login allows users to put username and password in the url, this is helpful for displays where you cannot login interactively.
Unfortunately, the plaintext password will be in the access logs.
GET login also allows brute force attacks against your install.
* Apply fixes from StyleCI
---------
Co-authored-by: StyleCI Bot <bot@styleci.io>
* Move `resources/lang` folder
* Shift registered middleware
* Remove `fruitcake/laravel-cors` dependency
* Streamline `$commands` property
* Upgrade to Flysystem 3.0
* Shift core files
* Convert `optional()` to nullsafe operator
* Remove unnecessary `$model` property
* Convert route options to fluent methods
Laravel 8 adopts the tuple syntax for controller actions. Since the old options array is incompatible with this syntax, Shift converted them to use modern, fluent methods.
* Convert deprecated `$dates` property to `$casts`
* Shift config files
* Default config files
In an effort to make upgrading the constantly changing config files
easier, Shift defaulted them and merged your true customizations -
where ENV variables may not be used.
* Bump Laravel dependencies
* Use `<env>` tags for configuration
`<env>` tags have a lower precedence than system environment variables making it easier to overwrite PHPUnit configuration values in additional environments, such a CI.
Review this blog post for more details on configuration precedence when testing Laravel: https://jasonmccreary.me/articles/laravel-testing-configuration-precedence/
* Fix error provider
* Match new symfony syntax
* Match upstream syntax
* Fix route syntax
* generate composer.lock
* Sync back configs
* routes
* composer
* Fix more flare
* fix cors
* sync lang
* Apply fixes from StyleCI (#14517)
Co-authored-by: StyleCI Bot <bot@styleci.io>
* bump larastan
* update packages
* wip
* Temporarily lower phpstan level
* Update phpstan.neon
* wip
* wip
* wip
* Apply fixes from StyleCI (#14592)
Co-authored-by: StyleCI Bot <bot@styleci.io>
* test
* Update CiHelper.php
* Update test.yml
* Update CiHelper.php
* Update CiHelper.php
* Apply fixes from StyleCI (#14616)
Co-authored-by: StyleCI Bot <bot@styleci.io>
* test?
* fix phpstan problems
* dont run snmpsim on github ci
* Fix whitespace
* More whitespace
* More whitespace ???
* I think the space broke it
* fix the reset of the whitespace
* hard code auth guard
---------
Co-authored-by: Shift <shift@laravelshift.com>
Co-authored-by: StyleCI Bot <bot@styleci.io>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* More secure external graph access
Add @signedGraphTag() and @signedGraphUrl() blade directives
Takes either an array of graph variables or a url to a graph
Uses a signed url that is accessible without user login, embeds signature in url to authenticate access
See Laravel Signed Url for more details.
Adds Laravel route to graphs (does not change links to use it yet)
@graphImage requires the other PR
Also APP_URL is required in .env
* missing files from rebase
* Fix url parsing with a get string
* allow width and height to be omitted
* Documentation
* Add to, otherwise it will always be now
* Doc note for to and from relative security
* fix vars.inc.php (Laravel has a dummy url here)
* Implement OAuth and SAML2 support via Socialite
* Add socialite docs
* fixes
* Additional information added
* wip
* 22.3.0 targeted version
* Allow mysql auth as long as there is a password saved
Co-authored-by: laf <gh+n@laf.io>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Shift HTTP kernel and middleware
* Shift service providers
* Shift console routes
* Shift to class based factories
* Namespace seeders
* Shift PSR-4 autoloading
* Default config files
In an effort to make upgrading the constantly changing config files
easier, Shift defaulted them. This allows you to review the commit
diff for once for customizations when you are done Shifting.
Moving forward, consider using ENV variables or create a separate
config file to allow the core config files to remain as default
as possible.
* Shift Laravel dependencies
* Shift return type of base TestCase methods
From the [PHPUnit 8 release notes][1], the `TestCase` methods below now declare a `void` return type:
- `setUpBeforeClass()`
- `setUp()`
- `assertPreConditions()`
- `assertPostConditions()`
- `tearDown()`
- `tearDownAfterClass()`
- `onNotSuccessfulTest()`
[1]: https://phpunit.de/announcements/phpunit-8.html
* Shift cleanup
* console routes
* composer update
* factories
* phpunit
* bootstrap pagination
* model factory
* wip
* Apply fixes from StyleCI (#12236)
* wip
* Apply fixes from StyleCI (#12238)
* wip
* wip
* wip
* wip
* Apply fixes from StyleCI (#12240)
* wip
* Apply fixes from StyleCI (#12242)
* composer update
* Bump to PHP 7.3 minimum
Co-authored-by: Laravel Shift <shift@laravelshift.com>
* Shift bindings
PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser.
* Shift core files
* Shift to Throwable
* Shift Laravel dependencies
Add laravel/ui dependency
Use our fork of string-blade-compiler
* Shift config files
Default config files
In an effort to make upgrading the constantly changing config files
easier, Shift defaulted them so you can review the commit diff for
changes. Moving forward, you should use ENV variables or create a
separate config file to allow the core config files to remain
automatically upgradeable.
Restore config header comment
* Remove duplicate named routes
* add basic trust host middleware
* Trusted proxies should be default null
* Fix missed rename
* wip
* Rename routes
* Update trustedproxy.php
* Update Kernel.php
* revert trustedproxy.php
It only accepted '*' and not ['*']
* Fix tests
fake request was causing the error
Co-authored-by: Laravel Shift <shift@laravelshift.com>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* Change CORS implementation
allows for upstream integration of Laravel 7
* migrate config
* skip implementing patterns for now
* Expose settings to the webui
* Make db settings apply
Better validation when config.php does not exist
Update docs and quote password
only populate legacy vars in config_to_json
drop .travis.yml config copy
remove credentials from config.php.default
Check for existance of .env instead of config.php in python scripts
legacy credential cleanup
tiny cleanups
consistent env for artisan server and artisan dusk
* allow user specific themes
* add missing newline
* use global function getDefinitions
* some fixes
* .
* travis fix
* .
* Optimize preference loading
Aka, don't run multiple sql queries per page load, now it is 0-1 queries (for preferences)
* Add a default option for user preferences
* Remove unused code
* more
* Remove $_SESSION usage, except install
Fixes issue with device debug capture
Removes secure_cookies setting, use the .env variable SESSION_SECURE_COOKIE instead. Reminder secure cookies requires cookies are transported over https, if everything is already transported via https, the setting won't make a difference.
* Fix availability map controls
* Support for system APP_LOCALE
* Start preferences re-write
* port 2fa form
* Working user preferences
* Language user preference
* Don't look up locale from the DB every request
* Device list working
* Deny demo user middleware
* Finish password changing
* remove used resource methods
* remove leftover use
* warn that translation is incomplete
* fix style
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
After you are done testing, you can remove the changes with `./scripts/github-remove`. If there are schema changes, you can ask on discord how to revert.
* First attempt at ldap-auth fixes
* no, guest, so it is not allowed.
* cast to int
* don't count on Session
* return full user
* Specific error for guest not allowed.
* fix up external auth user creation
* fix check
* Fix user level missing
Simplify middleware
* use guard if configured
* Use Laravel for authentication
Support legacy auth methods
Always create DB entry for users (segregate by auth method)
Port api auth to Laravel
restrict poller errors to devices the user has access to
Run checks on every page load. But set a 5 minute (configurable) timer.
Only run some checks if the user is an admin
Move toastr down a few pixels so it isn't as annoying.
Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user.
Add two missing menu entries in the laravel menu
Rewrite 2FA code
Simplify some and verify code before applying
Get http-auth working
Handle legacy $_SESSION differently. Allows Auth::once(), etc to work.
* Fix tests and mysqli extension check
* remove duplicate Toastr messages
* Fix new items
* Rename 266.sql to 267.sql
* Add Laravel to LibreNMS.
* Try to set permissions during initial install and first composer update to Laravel.
* Fix composer.lock
Fix missing db config keys
* Start building v1 layout
Port ajax_setresolution, inject csrf into jquery ajax calls
Layout works, building menu
Partially done.
* Fix device group list
remove stupid count relationships
* Print messages for common boot errors.
Don't log to laravel.log file.
Log to error_log until booted, then librenms.log
* Fix up some issues with Config loading
Start of custom directives
* Custom blade directives: config, notconfig, admin
* Preflight checks
Only load config files once.
* Update the composer.lock for php 5.6
* Menu through routing
* Start of alert menu
* Better alert scopes
* reduce cruft in models
* Alerting menu more or less working :D
* Fix style
* Improved preflight
* Fix chicken-eggs!
* Remove examples
* Better alert_rule status queries
Debugbar
* fix app.env check
* User Menu
* Settings bar (dropped refresh)
Search JS
* Toastr messages
* Rename preflight
* Use hasAccess(User) on most models.
Add port counts
* Missed a Preflight -> Checks rename
* Fix some formatting
* Boot Eloquent outside of Laravel
Use Eloquent for Config and Plugins so we don't have to connect with dbFacile inside Laravel.
Move locate_binary() into Config class
* Config WIP
* Try to fix a lot of config loading issues.
* Improve menu for non-admins removing unneeded menus
url() for all in menu
* Only use eloquent if it exists
* Include APP_URL in initial .env settings
* Implement Legacy User Provider
* Helper class for using Eloquent outside of Laravel.
Allows access to DB style queries too and checking the connection status.
* Fix up tests
* Fix device groups query
* Checking Travis
* copy config.test.php earlier
* dbFacile check config before connecting
Don't use exception to check if eloquent is connected, it gets grabbed by the exception handler.
Ignore missing config.php error.
* Fix config load with database is not migrated yet.
* Remove Config::load() from early boot.
* Use laravel config settings to init db (this prefers .env settings)
Fix bgp vars not set in menu
add _ide_helper.php to .gitignore
* Restrict dependencies to versions that support php 5.6
* Update ConfigTest
* Fix a couple of installation issues
* Add unique NODE_ID to .env
* Correct handling of title image
* Fix database config not loading. Thanks @laf
* Don't prepend /
* add class_exists checks for development service providers
* Fix config value casting
* Don't use functions that may not exist
* Update dbFacile.php
* d_echo may not be defined when Config used called.
* Add SELinux configuration steps
More detailed permissions check.
Check all and give complete corrective commands in one step.
* Ignore node_modules directory
* Re-add accidetal removal
