From 8a5d426ccd7579155935a38c7eaa2463e77d7264 Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Thu, 2 Mar 2023 19:33:32 -0600 Subject: [PATCH 01/11] Use correct LicenseSeat property --- app/Http/Controllers/Licenses/LicenseCheckinController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/Licenses/LicenseCheckinController.php b/app/Http/Controllers/Licenses/LicenseCheckinController.php index a34de73d7..257722b00 100644 --- a/app/Http/Controllers/Licenses/LicenseCheckinController.php +++ b/app/Http/Controllers/Licenses/LicenseCheckinController.php @@ -61,7 +61,7 @@ class LicenseCheckinController extends Controller $license = License::find($licenseSeat->license_id); // LicenseSeat is not assigned, it can't be checked in - if (is_null($licenseSeat->assignedTo) && is_null($licenseSeat->asset_id)) { + if (is_null($licenseSeat->assigned_to) && is_null($licenseSeat->asset_id)) { return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkin.error')); } From 0b3becee7aa402c46318675364d606cba5717c17 Mon Sep 17 00:00:00 2001 From: Achmad Fienan Rahardianto Date: Sat, 4 Mar 2023 11:27:00 +0700 Subject: [PATCH 02/11] enable sortable for ID column --- resources/views/groups/index.blade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/views/groups/index.blade.php b/resources/views/groups/index.blade.php index ffc193c7c..4958e3a4d 100755 --- a/resources/views/groups/index.blade.php +++ b/resources/views/groups/index.blade.php @@ -41,7 +41,7 @@ - {{ trans('general.id') }} + {{ trans('general.id') }} {{ trans('admin/groups/table.name') }} {{ trans('admin/groups/table.users') }} {{ trans('general.created_at') }} From 1d4f4b92de5e74582f0168a8d6d29d9b8c4715fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Rodr=C3=ADguez=20Guimer=C3=A1ns?= Date: Sun, 5 Mar 2023 17:17:48 +0100 Subject: [PATCH 03/11] Include path in the expected URL during Pre-Flight So that the message displayed to the user when the URL Pre-Flight check fails is: > Snipe-IT thinks your URL is SCHEME://DOMAIN, but your real URL is SCHEME://DOMAIN/setup instead of: > Snipe-IT thinks your URL is SCHEME://DOMAIN/setup, but your real URL is SCHEME://DOMAIN/setup Having a missing "/setup" in the expected URL might confuse the user into thinking that it is an additional configuration problem they need to fix. With this change, the comparison between the expected and actual URL will not contain any accidental difference anymore. Only those that the user really needs to be aware of and fix in their setup. --- app/Http/Controllers/SettingsController.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 549818756..407788a61 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -74,9 +74,8 @@ class SettingsController extends Controller } $pageURL = $protocol.$host.$_SERVER['REQUEST_URI']; - $start_settings['url_valid'] = (url('/').'/setup' === $pageURL); - - $start_settings['url_config'] = url('/'); + $start_settings['url_config'] = url('/').'/setup'; + $start_settings['url_valid'] = ($start_settings['url_config'] === $pageURL); $start_settings['real_url'] = $pageURL; $start_settings['php_version_min'] = true; From 548ae7ad22a5c1db703edfd9dcce9bce87e3fd2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Rodr=C3=ADguez=20Guimer=C3=A1ns?= Date: Mon, 27 Feb 2023 21:32:47 +0100 Subject: [PATCH 04/11] Add Reverse Proxy support to Pre-Flight URL check Before this change, the Pre-Flight URL check would inevitably fail whenever Snipe-IT was running behind a reverse proxy or load balancer. The URL check tries to ensure that the configured application URL matches the URL that is actually used to reach the application. However, when running behind an HTTP intermediary (like a reverse proxy or a load balancer) the HTTP connection that Snipe-IT receives is not the _real_ connection from the user anymore, but a connection from the HTTP intermediary. The scheme, host and port that Snipe-IT would obtain from that incoming intermediary connection wouldn't match what is configured as application URL and, therefore, the URL check would fail. This commit solves the situation by making Snipe-IT's Pre-Flight URL check aware of the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. These headers represent the _de-facto_ standard used by reverse proxies and other HTTP intermediary components to convey information about the incoming HTTP connection to the upstream application. Being the upstream application, Snipe-IT can then make use of this information to correctly evaluate the validity of the configured application URL. --- app/Http/Controllers/SettingsController.php | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 549818756..a8212d135 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -65,12 +65,22 @@ class SettingsController extends Controller $start_settings['db_error'] = $e->getMessage(); } - $protocol = array_key_exists('HTTPS', $_SERVER) && ('on' == $_SERVER['HTTPS']) ? 'https://' : 'http://'; + if (array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER)) { + $protocol = $_SERVER["HTTP_X_FORWARDED_PROTO"] . "://"; + } elseif (array_key_exists('HTTPS', $_SERVER) && ('on' == $_SERVER['HTTPS'])) { + $protocol = "https://"; + } else { + $protocol = "http://"; + } - $host = array_key_exists('SERVER_NAME', $_SERVER) ? $_SERVER['SERVER_NAME'] : null; - $port = array_key_exists('SERVER_PORT', $_SERVER) ? $_SERVER['SERVER_PORT'] : null; - if (('http://' === $protocol && '80' != $port) || ('https://' === $protocol && '443' != $port)) { - $host .= ':'.$port; + if (array_key_exists("HTTP_X_FORWARDED_HOST", $_SERVER)) { + $host = $_SERVER["HTTP_X_FORWARDED_HOST"]; + } else { + $host = array_key_exists('SERVER_NAME', $_SERVER) ? $_SERVER['SERVER_NAME'] : null; + $port = array_key_exists('SERVER_PORT', $_SERVER) ? $_SERVER['SERVER_PORT'] : null; + if (('http://' === $protocol && '80' != $port) || ('https://' === $protocol && '443' != $port)) { + $host .= ':'.$port; + } } $pageURL = $protocol.$host.$_SERVER['REQUEST_URI']; From e5deb4b41386388e715005f0e7b5940c7bbbe98a Mon Sep 17 00:00:00 2001 From: Godfrey M Date: Mon, 6 Mar 2023 09:41:14 -0800 Subject: [PATCH 05/11] doesn't allow months to be zero --- app/Models/Depreciation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Models/Depreciation.php b/app/Models/Depreciation.php index 39fb93549..9faa1b86e 100755 --- a/app/Models/Depreciation.php +++ b/app/Models/Depreciation.php @@ -16,7 +16,7 @@ class Depreciation extends SnipeModel // Declare the rules for the form validation protected $rules = [ 'name' => 'required|min:3|max:255|unique:depreciations,name', - 'months' => 'required|max:3600|integer', + 'months' => 'required|max:3600|integer|gt:0', ]; /** From cc7325074e517f2e6eccf59553d4913f77d97196 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 6 Mar 2023 10:47:28 -0800 Subject: [PATCH 06/11] Check that the file exists before trying to stat it for filesize Signed-off-by: snipe --- app/Http/Controllers/Api/ImportController.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/Http/Controllers/Api/ImportController.php b/app/Http/Controllers/Api/ImportController.php index 2426a49be..5874d9603 100644 --- a/app/Http/Controllers/Api/ImportController.php +++ b/app/Http/Controllers/Api/ImportController.php @@ -126,7 +126,12 @@ class ImportController extends Controller } $file_name = date('Y-m-d-his').'-'.$fixed_filename; $import->file_path = $file_name; - $import->filesize = filesize($path.'/'.$file_name); + $import->filesize = null; + + if (file_exists($path.'/'.$file_name)) { + $import->filesize = filesize($path.'/'.$file_name); + } + $import->save(); $results[] = $import; } From 8b6e8898c1681f61254270a2c1a15402f4c8f0cd Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 6 Mar 2023 15:09:12 -0800 Subject: [PATCH 07/11] Fixed hardcoded string Signed-off-by: snipe --- app/Http/Controllers/Api/SettingsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/Api/SettingsController.php b/app/Http/Controllers/Api/SettingsController.php index d0f7fea60..a0438ef07 100644 --- a/app/Http/Controllers/Api/SettingsController.php +++ b/app/Http/Controllers/Api/SettingsController.php @@ -271,7 +271,7 @@ class SettingsController extends Controller $headers = ['ContentType' => 'application/zip']; return Storage::download($path.'/'.$file, $file, $headers); } else { - return response()->json(Helper::formatStandardApiResponse('error', null, 'File not found')); + return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_not_found'))); } } From e1069ac2341af39a78d9ac80069194508660c4b9 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 6 Mar 2023 15:09:37 -0800 Subject: [PATCH 08/11] =?UTF-8?q?Return=20a=20file=20not=20found=20error?= =?UTF-8?q?=20if=20it=20doesn=E2=80=99t=20appear=20on=20disk?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: snipe --- app/Http/Controllers/Api/ImportController.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Api/ImportController.php b/app/Http/Controllers/Api/ImportController.php index 5874d9603..6f5fc05ff 100644 --- a/app/Http/Controllers/Api/ImportController.php +++ b/app/Http/Controllers/Api/ImportController.php @@ -128,9 +128,11 @@ class ImportController extends Controller $import->file_path = $file_name; $import->filesize = null; - if (file_exists($path.'/'.$file_name)) { - $import->filesize = filesize($path.'/'.$file_name); + if (!file_exists($path.'/'.$file_name)) { + return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_not_found')), 500); } + + $import->filesize = filesize($path.'/'.$file_name); $import->save(); $results[] = $import; From 16bd2cde0f0d07942c71194cc00cbeff0b29e382 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 6 Mar 2023 15:09:45 -0800 Subject: [PATCH 09/11] Updated string for file not found Signed-off-by: snipe --- resources/lang/de/general.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/lang/de/general.php b/resources/lang/de/general.php index 08412e2e2..3f9634b60 100644 --- a/resources/lang/de/general.php +++ b/resources/lang/de/general.php @@ -395,7 +395,7 @@ return [ 'end_date' => 'Enddatum', 'alt_uploaded_image_thumbnail' => 'Hochgeladene Miniaturansicht', 'placeholder_kit' => 'Kit auswählen', - 'file_not_found' => 'File not found', + 'file_not_found' => 'File not found on server', 'preview_not_available' => '(no preview)', 'setup' => 'Setup', 'pre_flight' => 'Pre-Flight', From dd3c3a142896c3a890ed5e2f9b260d36b1172132 Mon Sep 17 00:00:00 2001 From: Brady Wetherington Date: Mon, 6 Mar 2023 15:24:16 -0800 Subject: [PATCH 10/11] Suppress SCIMExceptions from cluttering up Rollbar --- app/Exceptions/Handler.php | 11 ++++++++--- config/logging.php | 5 +++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php index 37e749597..65a13edb2 100644 --- a/app/Exceptions/Handler.php +++ b/app/Exceptions/Handler.php @@ -6,6 +6,7 @@ use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler; use App\Helpers\Helper; use Illuminate\Validation\ValidationException; use Illuminate\Auth\AuthenticationException; +use ArieTimmerman\Laravel\SCIMServer\Exceptions\SCIMException; use Log; use Throwable; use JsonException; @@ -28,6 +29,7 @@ class Handler extends ExceptionHandler \Intervention\Image\Exception\NotSupportedException::class, \League\OAuth2\Server\Exception\OAuthServerException::class, JsonException::class, + SCIMException::class, //these generally don't need to be reported ]; /** @@ -53,7 +55,7 @@ class Handler extends ExceptionHandler * * @param \Illuminate\Http\Request $request * @param \Exception $e - * @return \Illuminate\Http\Response + * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse|\Illuminate\Http\Response */ public function render($request, Throwable $e) { @@ -70,6 +72,9 @@ class Handler extends ExceptionHandler return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid JSON'), 422); } + if ($e instanceof SCIMException) { + return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid SCIM Request'), 400); + } // Handle Ajax requests that fail because the model doesn't exist if ($request->ajax() || $request->wantsJson()) { @@ -113,8 +118,8 @@ class Handler extends ExceptionHandler * * @param \Illuminate\Http\Request $request * @param \Illuminate\Auth\AuthenticationException $exception - * @return \Illuminate\Http\Response - */ + * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse + */ protected function unauthenticated($request, AuthenticationException $exception) { if ($request->expectsJson()) { diff --git a/config/logging.php b/config/logging.php index 94495a2a3..65b717750 100644 --- a/config/logging.php +++ b/config/logging.php @@ -117,6 +117,11 @@ $config = [ \Log::info("IGNORING E_WARNING in production mode: ".$args->getMessage()); return true; // "TRUE - you should ignore it!" } + $needle = "ArieTimmerman\\Laravel\\SCIMServer\\Exceptions\\SCIMException"; + if (App::environment('production') && is_string($args) && strncmp($args, $needle, strlen($needle) ) === 0 ) { + \Log::info("String: '$args' looks like a SCIM Exception; ignoring error"); + return true; //yes, *do* ignore it + } return false; }, ], From ef27c35d1d9510df4f5cf41d4034d57345524759 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Mon, 6 Mar 2023 16:33:40 -0800 Subject: [PATCH 11/11] Update array keys to set asset location properly --- database/factories/ActionlogFactory.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/database/factories/ActionlogFactory.php b/database/factories/ActionlogFactory.php index 33cc83ead..382a6412c 100644 --- a/database/factories/ActionlogFactory.php +++ b/database/factories/ActionlogFactory.php @@ -55,7 +55,7 @@ class ActionlogFactory extends Factory [ 'assigned_to' => $target->id, 'assigned_type' => \App\Models\User::class, - 'assigned_to' => $target->location_id, + 'location_id' => $target->location_id, ] ); @@ -84,7 +84,7 @@ class ActionlogFactory extends Factory [ 'assigned_to' => $target->id, 'assigned_type' => \App\Models\Location::class, - 'assigned_to' => $target->id, + 'location_id' => $target->id, ] );