AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,552 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

491 Commits

Author SHA1 Message Date
Marcus Hill f4537ac80a Remove remaining instances of updating *updated_at - SQL DB does this now for us automatically 2022-05-07 16:39:34 +01:00
johnnyq 42f98479e7 Fixed Issue where if server had an IP client PDF Export would not work #395 2022-05-05 10:55:04 -04:00
Johnny 5e4870df90
Merge branch 'master' into csrf 2022-05-02 11:31:42 -04:00
Marcus Hill 61777116a9 CSRF Token 
Upon login, issue the user a CSRF token (in their session). This token should be provided when completing sensitive actions (e.g. deleting companies/clients, changing their password, etc.)

Ref: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern
 2022-05-01 18:43:53 +01:00
johnnyq 0641b0bfd4 Completely remove the last bits of departments 2022-04-29 16:50:25 -04:00
johnnyq 7b35431021 Remove Departments table and remove it from the client side nav, takes up too much space, added it as a text input on contact add/edit instead 2022-04-29 16:39:15 -04:00
johnnyq d5922b25a9 Updated Licence Type var under client export pdf 2022-04-29 12:11:57 -04:00
johnnyq ba57078810 Created Sanitize file name function to fix issues with exporting PDF Documentation with clients having ' in the name ex ben's 2022-04-29 11:54:50 -04:00
johnnyq ca5ba0c6d2 Removed , before WHERE statement Fixed Edit Client 2022-04-29 11:21:46 -04:00
johnnyq 6310ef5aae Added Rename and Delete folder capabilities to documents and some minor UI cleanup 2022-04-27 22:31:15 -04:00
johnnyq 0fb4ff17a3 Removed the last bits of Document Tagging 2022-04-27 01:03:01 -04:00
johnnyq 1b866b75cd Added Folder support to Client Documents, partially removed legacy document tagging 2022-04-27 00:53:45 -04:00
Marcus Hill 013b153078 Remove created_at DB references - these are automatic now 2022-04-24 12:24:00 +01:00
Marcus Hill a792498b5b Add IP/User agent to all logs 2022-04-24 12:13:07 +01:00
Marcus Hill 13c12dad3a Remove log_created_at now references, as this is now automatic 2022-04-24 11:52:16 +01:00
Marcus Hill 4dd5aa1ea2 Add IP address logging to document create/update/deletes 2022-04-24 10:12:59 +01:00
Marcus Hill f5f033fed4 Remove MeshCentral integration 
As per recent discussions about the API & scripts being a better way forward for all integration, removing the MeshCentral integration that was added.
 2022-04-19 22:42:38 +01:00
Marcus Hill e55622827d Add support for client-specific API keys 
Refactoring API. Added a contact update endpoint.
Small misc changes.
 2022-04-15 17:43:06 +01:00
Marcus Hill fca1627c33 Remove delete user post.php code. Deleting users means we'll lose all tickets/replies which isn't great. 
Correct user archive behaviour so when users are archived they can no longer login. Need to add ability for quick disable/enable of user accounts, as using archive as permanent.
Refactor "You are not permitted to do that!" wording into a constant instead.
 2022-04-15 13:29:27 +01:00
Marcus Hill f707098d37 Redirect to ticket after creation 2022-04-15 12:02:13 +01:00
Marcus Hill 6aa06b4389 Add full text index & search for document contents (related to #440) 2022-04-15 11:42:50 +01:00
johnnyq fd8188095e New Feature Enable/Disable ITFlow Modules now using the automated DB updater 2022-04-14 22:59:36 -04:00
Marcus Hill ca629801af Change all "AND" / "OR" to && / || 2022-04-14 18:40:51 +01:00
Marcus Hill cc4c2e6bf7 - Enforce role check when editing/deleting scheduled tickets 
- Add scheduled tickets to client view
- Add search and pagination to scheduled tickets
- Populate scheduled ticket edit modals dynamically
- Minor typos
 2022-04-10 13:42:47 +01:00
Marcus Hill 815ada9da5 Add agent name when reassigning ticket, improve logic to only allow assigning open tickets to techs/admins 2022-04-07 21:37:14 +01:00
johnnyq a0cead284f Fix Add Payment Email Currency Symbol 2022-04-05 11:56:22 -04:00
johnnyq fdf9d67910 Allow to Add Ticket to an exiting invoice item line 2022-04-02 20:50:55 -04:00
johnnyq a837af6eb4 Fixed Invoice Ticket 2022-04-02 20:13:20 -04:00
Johnny f6df0d3c72
Merge pull request #429 from wrongecho/db-version 
Add database updater
 2022-04-02 16:04:18 -04:00
johnnyq ef29a17d49 DB Structure Update - Added SMTP Encryption Type to Mail settings 2022-04-02 16:03:30 -04:00
Marcus Hill 9096b091b2 Add database updater 2022-04-02 19:39:55 +01:00
Johnny 32f3b0a005
Merge pull request #428 from wrongecho/sharing 
Item/Link Sharing enhancements
 2022-04-02 13:57:12 -04:00
Johnny f85957bd0d
Merge pull request #427 from wrongecho/dom-ssl 
Domains/SSL
 2022-04-02 11:48:39 -04:00
Marcus Hill 2c632a85d0 Create shared links page for each client, with option to deactivate links 2022-04-02 16:41:07 +01:00
Marcus Hill cab2cc923a Improve share features: default modal to 1, cleanup expired/used links 2022-04-02 15:37:17 +01:00
Marcus Hill be70883551 Refactor WHOIS lookups to use hosted heroku app 2022-04-02 12:19:35 +01:00
Marcus Hill 6a2fe3055e Auto-add SSL certificate for new domains 2022-04-02 10:16:20 +01:00
johnnyq a2936754cd Moved Mesh Central and Azure settings from general to its own tab called integrations 2022-04-01 17:20:29 -04:00
johnnyq 991e2bd4d4 Merge branch 'master' of github.com:johnnyq/itflow 2022-04-01 15:59:26 -04:00
johnnyq 6866addeee Minor Fixups 2022-04-01 15:58:18 -04:00
Marcus Hill 51a6ba6084 Allow admins to disable 2FA for users 2022-04-01 19:53:49 +01:00
johnnyq 8c98163e1c DB Structure Updated 2 new settings config_backup_enable and config_backup_path. This is to fix an issue where not specifying the full backup path would cause cron to error out and not run completely 2022-03-29 12:59:42 -04:00
Marcus Hill 0020c5708a Fix = vs == role check mistake 2022-03-28 21:48:20 +01:00
Marcus Hill 4ba313f752 Fix potential sql injection in delete_file if param add_location was also specified - post.php 2022-03-28 20:45:31 +01:00
Marcus Hill d83906508d Fix potential sql injection in add_company - post.php 2022-03-28 20:39:35 +01:00
Marcus Hill bba68f4d17 Name uploaded files with provided name, if specified 2022-03-27 23:00:45 +01:00
Marcus Hill 9040fdf847 Misc small changes/fixes 2022-03-27 22:26:22 +01:00
Johnny aafb6a677f
Merge pull request #412 from wrongecho/misc 
Misc incl SQL Injection / XSS fixes
 2022-03-27 15:05:07 -04:00
Marcus Hill 816ba87485 SQL Injection / XSS fixes 2022-03-27 20:02:16 +01:00
Marcus Hill c3fadfab3b Add role based access for API functions 2022-03-27 16:03:41 +01:00