Users were able to submit changes to fields they should not have access to change by bypassing the frontend validation. Correct backend validation to prevent that.
* Implement OAuth and SAML2 support via Socialite
* Add socialite docs
* fixes
* Additional information added
* wip
* 22.3.0 targeted version
* Allow mysql auth as long as there is a password saved
Co-authored-by: laf <gh+n@laf.io>
Co-authored-by: Tony Murray <murraytony@gmail.com>
* PHP-Flasher for toast messages
Allows customized template
removes dependency on unmaintained package using dev stability
no solution for javascript toasts yet
Use DI in places it makes sense
allow html in flashes
Use "template.librenms" as a default notification style
merge toast containers
toastr needs to be second because it will find the containr made by flasher, but the inverse is not true
upgrade php-flasher to add custom options and persistent notifications
Add dark theme
* update composer.lock
* Kick other session when changing password
Invalidate other sessions when a user password gets changed
* Don't logout admin users when they change passwords.
Cleanup phpstan exceptions
* only restore user if needed
* comment odd behavior
* $current_user typehint
* two-factor UI config and status display additions
* force test re-run
* removal of blade foreach via keyBy
* remove where clause against all()
* attempt where filtering with keyBy
* use @config and getPref in blade
* another forgotten @config changed
Co-authored-by: PipoCanaja <38363551+PipoCanaja@users.noreply.github.com>
* Support for system APP_LOCALE
* Start preferences re-write
* port 2fa form
* Working user preferences
* Language user preference
* Don't look up locale from the DB every request
* Device list working
* Deny demo user middleware
* Finish password changing
* remove used resource methods
* remove leftover use
* warn that translation is incomplete
* fix style
* Rewrite user management.
Error management
Revert edituser legacy page
Connect user permissions button to legacy page for now.
Implement user creation
Refine form
Remove PingCheck.php accidental add :)
Fixes for redirection and deletion
More fixes: realname accidental validation setting, hide can modify for read-only auths
Use a panel to improve style
Add icon to panel-title
Not allowed to delete own user (at least via the click of a button)
Use request validation to reduce complexity of controller.
Improve protection against users doing things they should not.
Switch to horizontal form and not nearly as wide of layout :)
delete without refresh.
Fix for buttons
Include all users (not just from this auth)
Hide the auth column if there is only one auth type
Show username if real name isn't set
Don't allow creation of demo users via the webui
a fix to the lnms user:add command, it didn't set auth_id
update edituser.inc.php to current
just redirect to users page
* Remove TwoFactorTest for now
* Update edituser.inc.php
* Update .env.dusk.testing
* Enable 2fa for 2fa test...
