Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: SSO, JSON field types, and File Upload Mutations #513

Merged
merged 99 commits into from
Sep 23, 2024
Merged

Release: SSO, JSON field types, and File Upload Mutations #513

merged 99 commits into from
Sep 23, 2024

Conversation

chrismaddalena
Copy link
Collaborator

Summary

This includes #489, #494, #501, and #502. Not much has changed from each individual PR, but this branch has been tested with all of them combined.

CHANGELOG

[4.3.0] – 3 Sep 2024

Added

  • Added two mutations to the GraphQL API to support uploading new evidence files and report template files
  • Added a new adapter for handling authentication for Single Sign-On (SSO) providers
    • The adapter fills-in a nearly full profile for any new accounts (full name, email address)
    • Usernames for new accounts will default to the first half of the email address
    • If an existing account has the same email address, the accounts will be linked
    • Review the wiki for more information
  • Added support for loading customized config files
    • These are files you can use to modify settings normally found in /config/settings/base.py and production.py
    • Admins can make changes to the custom config files without worrying about the changes needing to be stashed prior to pulling an update
  • Added support for a JSON field type for custom fields

Changed

  • Updated the django-allauth module used for authentication and SSO
    • Important: This change impacts anyone currently using SSO with Azure
    • The azure provider is now microsoft and SSO configurations will need to be updated
  • Changed the cloud infrastructure monitoring task to also check auxiliary IP addresses when determining if a cloud host is tracked in a project

ColonelThirtyTwo and others added 30 commits June 21, 2024 14:30
@ColonelThirtyTwo
Add uploadEvidence graphql mutation
89f16ca 
Takes similar fields to the evidence upload form. Due to Hasura issue
number 2419, the file data must be passed in as a base64 string. The
filename must also be provided separately.

Tags are parsed by Taggit, as documented at [1]. tldr: a space or comma
separated string, optionally with double quotes around tags.

[1]: https://django-taggit.readthedocs.io/en/latest/forms.html
@ColonelThirtyTwo
Add uploadReportTemplate graphql mutation
3bb1a77 
See notes of the previous commit for uploadEvidence for usage notes.
@ColonelThirtyTwo
Add JSON extra field type
bdc3961 
The extra field stores an arbitrary JSON subobject as a field on the
root extra_fields object. This is intended for automated systems to fill
out and provide data for templating. Since it's likely to contain a
large value, Tte UI hides the value behind a button, like rich text
fields. It also uses a plain non-rich-text textarea for editing.
@ColonelThirtyTwo
Defer loading of extra_fields on project lists
fd4937a 
With integrations attaching potentially large JSON blobs to the extra
fields, they should not be loaded unless actually needed.
@ColonelThirtyTwo
Merge branch 'master' into extra-field-json
01a22dd
@ColonelThirtyTwo
Merge branch 'master' into graphql-api-file-upload-dev
8321615
@chrismaddalena
Merge branch 'master' into graphql-api-file-upload-dev
ed7969a
@ColonelThirtyTwo
Fix linting issues, add test for evidence upload
bfd9478
@ColonelThirtyTwo
Merge branch 'graphql-api-file-upload-dev' into json-and-file-upload-dev
9fbb218
@ColonelThirtyTwo
Merge branch 'extra-field-json' into json-and-file-upload-dev
23bfa84
@chrismaddalena
Removed duplicate JSOn field display
c95104c
@chrismaddalena
Added check for decode errors for evidence display
b1afa60 
If someone uses the API endpoint to upload an image with a text file extension, the template tries to display the content as text and unicode throws an unhandled 500 error with `UnicodeDecodeError`. This change adds a check for a `UnicodeError`.
@chrismaddalena
Changes to profiles and emails for SSO additions
3fcab66
@chrismaddalena
Fixed template issue with blocks
6ba3e0d
@chrismaddalena
Initial commit of customized social adapter
b3e3b67
@chrismaddalena
Added social account domain allowlist
d822464
@chrismaddalena
Adjusted reg unavailable page to be more helpful for troubleshooting
64e4a62
@chrismaddalena
Added social reg domain allowlist option
c565a9a
@chrismaddalena
Initial commit for user-created settings files
0e5e793
@chrismaddalena
Applied changes from PR #501
4b914ea
@chrismaddalena
Updated to implement the social domain allowlist
f27b935
@chrismaddalena
Updated adapter with logging and better allowlist handling
150c7e6
@chrismaddalena
Fixed instructions in comments
cc4f789
@chrismaddalena
Added config for SOCIALACCOUNT_LOGIN_ON_GET for easier control
cd1e823
@chrismaddalena
Updated binaries to v0.2.20
f375e51
@chrismaddalena
Updated for django-allauth v0.63.6
09a5111
@chrismaddalena
Bumped django-allauth to v0.63.6
11aee93
@chrismaddalena
Customized sign-up page to make it look better
f54e218
@chrismaddalena
Added customized UserSignupForm
060d4f5
@chrismaddalena
Linting change
0562f71
@chrismaddalena
Added updated logo image files and inverted versions
6371b88
@chrismaddalena
Added labels to ignore
204b3d3
@chrismaddalena
Updated for delayed release
e6d36a9
@chrismaddalena
Added shared func for filtering tags with django-filters
ab77bf4
@chrismaddalena
Updated filters to use the shared search_tags func
1ee1de6
@chrismaddalena
Added a "Tags" column to the tables
6e51835
@chrismaddalena
Updated for the latest changes
1e4a0d6
@chrismaddalena
Merge branch 'master' into feature/sso-json-and-file-api
52d8b5c
@chrismaddalena
Merge branch 'master' into feature/sso-json-and-file-api
fcbaf6f
@chrismaddalena
Removed repeated forgot password link
99b32ce
@chrismaddalena
Merge branch 'feature/sso-json-and-file-api' of https://github.com/Gh…
7347005 
…ostManager/Ghostwriter into feature/sso-json-and-file-api
@chrismaddalena
Merged duplicate 0050 migration files
426e527
@chrismaddalena
Removed broke p element
915587f
@chrismaddalena
Fixed user profile always showing current user's profile picture
eb9975d
@chrismaddalena
Removed duplicated update_badges()
7cba799
@chrismaddalena
Changed autocomplete to attach clicked items
f250bc5
@chrismaddalena
Moved findings and observations tables and related JS to dedicated files
199cdfe
@chrismaddalena
Updated styling for autocomplete boxes
f4bc445 
This change prevents autocomplete from being infinitely tall and makes it scrollable.
@chrismaddalena
Added autocomplete for observations and return table HTML on assignment
2512d58
@chrismaddalena
Automated code format clean up
6a0bd4f
@chrismaddalena
Updated release date for final v4.3.0
d6bd2ed
@chrismaddalena
Fixed assignee color not syncing with finding status changes
c73f2d8
@chrismaddalena
Updated views to also use an optional report value from POST
fc685c4
@chrismaddalena
Changed "Add Blank" buttons to not require a page refresh
2127ae2
@chrismaddalena
Updated tests to match view changes
438c5f2
@chrismaddalena
Fixed tests for new JSON response
ad0b177
@chrismaddalena
Added a check to see if cloud server shares an IP with a checkout
667988b
@chrismaddalena
Updated wiki links for release
f3fe783
@chrismaddalena chrismaddalena merged commit cb7f13e into master Sep 23, 2024
5 of 8 checks passed
@chrismaddalena chrismaddalena deleted the feature/sso-json-and-file-api branch September 30, 2024 23:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chrismaddalena @smcgu @ColonelThirtyTwo