Commit Graph

3124 Commits

Author SHA1 Message Date
Jens L 8eb73d3a16
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:18:09 +01:00
Jens Langhammer 83f46f6ff1 release: 2022.10.3 2022-12-02 23:01:17 +02:00
Jens Langhammer 0e7cc6da4c web: bump API version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 22:51:09 +02:00
Jens Langhammer a262171671 release: 2022.10.2 2022-12-01 10:40:58 +02:00
Jens Langhammer 87b8ca7be4 *: backport CVE-2022-46145 fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-01 10:40:51 +02:00
Jens Langhammer f3a72761c0 release: 2022.10.1 2022-10-29 17:24:55 +02:00
dependabot[bot] 8a50279142
web: bump @sentry/browser from 7.16.0 to 7.17.2 in /web (#3897) 2022-10-28 15:03:40 +02:00
dependabot[bot] f1e1911788
web: bump @babel/plugin-proposal-decorators from 7.19.6 to 7.20.0 in /web (#3893) 2022-10-28 14:53:22 +02:00
dependabot[bot] 0b712d22a8
web: bump @sentry/tracing from 7.16.0 to 7.17.1 in /web (#3894) 2022-10-28 14:53:05 +02:00
dependabot[bot] 4e2ba8c916
web: bump pyright from 1.1.276 to 1.1.277 in /web (#3881) 2022-10-26 08:46:23 +02:00
dependabot[bot] 98666cc5e9
web: bump @codemirror/lang-python from 6.0.3 to 6.0.4 in /web (#3867)
Bumps [@codemirror/lang-python](https://github.com/codemirror/lang-python) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/codemirror/lang-python/releases)
- [Changelog](https://github.com/codemirror/lang-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-python/compare/6.0.3...6.0.4)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-python"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:02:30 +02:00
dependabot[bot] dbaad90c3e
web: bump @typescript-eslint/eslint-plugin from 5.40.1 to 5.41.0 in /web (#3866)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.40.1 to 5.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.41.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:00:50 +02:00
dependabot[bot] 63b5656cca
web: bump @codemirror/lang-javascript from 6.1.0 to 6.1.1 in /web (#3871)
Bumps [@codemirror/lang-javascript](https://github.com/codemirror/lang-javascript) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/codemirror/lang-javascript/releases)
- [Changelog](https://github.com/codemirror/lang-javascript/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-javascript/compare/6.1.0...6.1.1)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-javascript"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 10:00:37 +02:00
dependabot[bot] 96713a82dd
web: bump @typescript-eslint/parser from 5.40.1 to 5.41.0 in /web (#3869)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.40.1 to 5.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.41.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:35 +02:00
dependabot[bot] 2b20b89c80
web: bump @codemirror/legacy-modes from 6.1.0 to 6.2.0 in /web (#3870)
Bumps [@codemirror/legacy-modes](https://github.com/codemirror/legacy-modes) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/codemirror/legacy-modes/releases)
- [Changelog](https://github.com/codemirror/legacy-modes/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/legacy-modes/compare/6.1.0...6.2.0)

---
updated-dependencies:
- dependency-name: "@codemirror/legacy-modes"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:13 +02:00
dependabot[bot] cbb24dfddd
web: bump @codemirror/lang-html from 6.1.2 to 6.1.3 in /web (#3868)
Bumps [@codemirror/lang-html](https://github.com/codemirror/lang-html) from 6.1.2 to 6.1.3.
- [Release notes](https://github.com/codemirror/lang-html/releases)
- [Changelog](https://github.com/codemirror/lang-html/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-html/compare/6.1.2...6.1.3)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-html"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-25 09:59:03 +02:00
dependabot[bot] 056ff5ff59
web: bump @codemirror/lang-xml from 6.0.0 to 6.0.1 in /web (#3865) 2022-10-25 09:35:29 +02:00
Jens Langhammer 3da7fcfc1d web/common: disable API Drawer by default in user interface
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-24 22:08:47 +02:00
dependabot[bot] c7ea4b5a7f
web: bump @rollup/plugin-node-resolve from 15.0.0 to 15.0.1 in /web (#3855) 2022-10-24 10:05:18 +02:00
dependabot[bot] c2933f0681
web: bump @rollup/plugin-typescript from 9.0.1 to 9.0.2 in /web (#3854) 2022-10-24 10:05:10 +02:00
dependabot[bot] 27636cc49f
web: bump @rollup/plugin-commonjs from 23.0.1 to 23.0.2 in /web (#3856) 2022-10-24 09:56:55 +02:00
dependabot[bot] 42196f554e
web: bump @rollup/plugin-replace from 5.0.0 to 5.0.1 in /web (#3853) 2022-10-24 09:56:24 +02:00
dependabot[bot] ad5fc139eb
web: bump eslint from 8.25.0 to 8.26.0 in /web (#3857) 2022-10-24 09:54:43 +02:00
dependabot[bot] 93984b35b3
web: bump @rollup/plugin-babel from 6.0.0 to 6.0.2 in /web (#3858) 2022-10-24 09:53:36 +02:00
github-actions[bot] e67464b8a0
web: bump API Client version (#3846)
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-10-21 22:35:21 +02:00
Jens Langhammer 89dc46a7ff release: 2022.10.0 2022-10-21 19:42:38 +02:00
dependabot[bot] b4a8a5cd32
web: bump @babel/plugin-transform-runtime from 7.19.1 to 7.19.6 in /web (#3837) 2022-10-21 09:09:27 +02:00
dependabot[bot] 81a05e901c
web: bump @babel/core from 7.19.3 to 7.19.6 in /web (#3834) 2022-10-21 09:08:48 +02:00
dependabot[bot] f5ef92ca6f
web: bump @webcomponents/webcomponentsjs from 2.6.0 to 2.7.0 in /web (#3835) 2022-10-21 09:07:32 +02:00
dependabot[bot] b479fa7d78
web: bump @rollup/plugin-commonjs from 23.0.0 to 23.0.1 in /web (#3836) 2022-10-21 09:07:25 +02:00
dependabot[bot] 70372834ef
web: bump @trivago/prettier-plugin-sort-imports from 3.3.1 to 3.4.0 in /web (#3838) 2022-10-21 09:07:12 +02:00
dependabot[bot] b1f9b0b215
web: bump @babel/plugin-proposal-decorators from 7.19.3 to 7.19.6 in /web (#3839) 2022-10-21 09:06:59 +02:00
Jens Langhammer f1b143606e web/admin: fix scrolling in remaning modals
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-20 10:20:32 +02:00
dependabot[bot] d191c2ed7d
web: bump @sentry/browser from 7.15.0 to 7.16.0 in /web (#3825)
Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 7.15.0 to 7.16.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.15.0...7.16.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-20 10:14:09 +02:00
dependabot[bot] 5dde3b8096
web: bump @codemirror/lang-python from 6.0.2 to 6.0.3 in /web (#3826)
Bumps [@codemirror/lang-python](https://github.com/codemirror/lang-python) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/codemirror/lang-python/releases)
- [Changelog](https://github.com/codemirror/lang-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-python/compare/6.0.2...6.0.3)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-python"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-20 10:04:36 +02:00
dependabot[bot] 6677196baf
web: bump @sentry/tracing from 7.15.0 to 7.16.0 in /web (#3824)
Bumps [@sentry/tracing](https://github.com/getsentry/sentry-javascript) from 7.15.0 to 7.16.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.15.0...7.16.0)

---
updated-dependencies:
- dependency-name: "@sentry/tracing"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-20 10:04:21 +02:00
github-actions[bot] 2a7639cb01
web: bump API Client version (#3830)
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-10-20 10:03:41 +02:00
Jens Langhammer 0b6dd49f36 web/admin: show oauth2 docs on oauth2 provider view page
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 10:11:15 +02:00
dependabot[bot] fac3d8b8c9
web: bump pyright from 1.1.275 to 1.1.276 in /web (#3815) 2022-10-19 09:31:32 +02:00
github-actions[bot] 8385dd77cc
web: bump API Client version (#3812)
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-10-19 00:10:55 +02:00
Jens L b06a3a8f9f
admin: add authorisations metric (#3811)
add authorizations metric

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 00:06:45 +02:00
Jens Langhammer a8bca5edd0 web: fix linting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:29:28 +02:00
github-actions[bot] ea12715e01
web: bump API Client version (#3809)
Signed-off-by: GitHub <noreply@github.com>

Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: BeryJu <BeryJu@users.noreply.github.com>
2022-10-18 22:07:43 +02:00
Jens L 0efee2a660
flows: improved import (#3807)
* return logs when importing flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* improve error handling, show logs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-18 22:01:42 +02:00
dependabot[bot] e9eede5a80
web: bump @typescript-eslint/parser from 5.40.0 to 5.40.1 in /web (#3805) 2022-10-18 09:49:08 +02:00
dependabot[bot] ebfd6e1fe6
web: bump @typescript-eslint/eslint-plugin from 5.40.0 to 5.40.1 in /web (#3804) 2022-10-18 09:31:02 +02:00
dependabot[bot] fa63c06394
web: bump @trivago/prettier-plugin-sort-imports from 3.3.0 to 3.3.1 in /web (#3795)
web: bump @trivago/prettier-plugin-sort-imports in /web

Bumps [@trivago/prettier-plugin-sort-imports](https://github.com/trivago/prettier-plugin-sort-imports) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/trivago/prettier-plugin-sort-imports/releases)
- [Changelog](https://github.com/trivago/prettier-plugin-sort-imports/blob/master/CHANGELOG.md)
- [Commits](https://github.com/trivago/prettier-plugin-sort-imports/commits/v3.3.1)

---
updated-dependencies:
- dependency-name: "@trivago/prettier-plugin-sort-imports"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-17 10:09:16 +02:00
Jens Langhammer 96a30af0eb sources/oauth: allow overriding of all scopes
closes #3747

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 21:21:43 +02:00
Jens Langhammer d6a14019c6 web/admin: rework scrolling in modals, ensure overlay covers everything
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 16:02:51 +02:00
Jens Langhammer b515126061 web: use drawSelection to workaround cursor bug when using CodeMirror with ShadowDOM in firefox
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-16 13:55:53 +02:00