CDN Features for files uploaded to system #123
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If the search_base is not defined or not correct for the user being authenticated and a search user and password is given and is correct, attempt to lookup the user's DN and authenticate as the found DN with the given password.
Add the "Telephone Number" field on the "General" tab of the Windows user manager dialog to the "Phone Number" field of the user-to-be-created when adding users from the LDAP directory into the system.
If the DNS servers were not considered, the empty string would be interpreted as a list of one DNS server with an empty IP address. Therefore, the name servers specified in the system DNS configuration would not be used. This patch corrects the issue by filtering empty DNS server specifications.
This is necessary so we can split Staff/User authentication.
(For when we get there)
Authentication Backends Revisited Reviewed-By: Jared Hancock <[email protected]>
Add plugin builder script to create PHAR files
Previously the DN length was capped at 80 chars. This patch allows specification of up to 120 chars.
ldap: Allow specification of extremely long DNs
ldap: AD: Add validation errors
Also search for inetOrgPerson objectClass objects for standard LDAP systems rather than assuming that all users have the posixAccount class as well.
display some more information to the admin user configuring the plugin
Use composer to download and manage dependencies
Attachment storage in Amazon S3 Reviewed-By: Peter Rotich <[email protected]>
This addresses an issue where we are still using the static ID instead of using the Backend ID causing Agent lookups and searches to fail. This updates both places we use the static ID to `getBkId()` instead. This will retrieve the proper Backend ID and will allow Agent lookups and searches to function successfully.
This addresses an issue reported on the Forum where you click a direct link from an email or something, you hit the login page, you login via OAuth2 SSO, and when you are redirected back you are not presented with the original URL. This is due to not accounting for the destination URL in the `onSignIn()` methods for the OAuth2 User/Agent backends. This adds a ternary statement that uses the dest URL from the session, otherwise it defaults to the base URL.
This addresses an issue where `msad` schemas can return `false` when calling `current()` on an LDAP search result. We do not check if `current()` is false before attempting to call `dn()` on it so this adds a check to see if `current()` returns a value before using it.
This commit addresses an issue where Refersh Token expires after 90 days for users using Office 365 as the provider. It turns out Microsoft (Office 365) issues a new Refresh Token everytime Access Token is refreshed, otherwise the original Refresh Token expires after 90 days from the time it was issued. This commit adds the logic to update Refresh Token while refreshing Access Token, **if reissued**.
This issue has been discussed in the following forum post https://forum.osticket.com/d/101462-oauth2-shared-mailboxes/34 This push fixes and resolves the issue so that the **`resource_owner_email`** is set correctly as the **Shared Mailbox** email on the **_Remote Mailbox_** tab and the **User Mailbox / Global Admin** is set on the **_Outgoing (SMTP)_** tab. The logic for this is - To pickup emails you need to use the email address of the account that emails were sent to, this can either be a **User Mailbox** or a **Shared Mailbox**. - To send emails a **_Licenced Microsoft 365 User Mailbox_** must be used, so the emails are sent from the **User Mailbox** account that is used to authenticate the **Shared Mailbox** or the actual **User Mailbox** on the Microsoft 365 OAuth2 challenge. If using Shared Mailboxes, the User Mailbox account that is used to send emails is often referred to as a **Service Account** or a **Global Admin** account. This account needs to have permissions to be able to access and send emails on behalf of the Shared Mailbox(es) that you configure on your osTicket configuration.
This commit simply cleans up the logic in commit `231acddb1` to make sure it only targets Office 365 Accounts as intended.
This is a temp hack to delegate strict matching mode checking to provider.
This commit reverses changes added in 512d93d to remove Application logic from plugin level. Core osTicket will handle Shared Mailbox logic going forward.
Reviewed-By: protich <[email protected]>, JediKev <[email protected]>
Reviewed-By: protich <[email protected]>, JediKev <[email protected]>
Reviewed-By: protich <[email protected]>, JediKev <[email protected]>
Reviewed-By: protich <[email protected]>, JediKev <[email protected]>
Reviewed-By: protich <[email protected]>, JediKev <[email protected]>
This resolves and issue where when hydrating the S3 plugin it's still including uneeded dependencies even though the plugin info includes the script and extra tags. This is due to `make.php` not taking those into account when resolving the dependencies. This updates the `resolveDependencies` method to account for the scripts and extra tags and will include them if found. This also addresses an small issue where the extra value needs to be an array otherwise it causes fatal error.
…s-and-extra Reviewed-By: Peter Rotich <[email protected]>
This adds the OAuth2 Authentication defaults for Okta provider. This will make Okta setup a little easier.
This is the second part to the main core pull that fixes an issue where using any other language than English and attempting to export `All` events for a specific object fails. This removes the translation method from the instances that do not need it and cause issues.
This addresses PHP 8.1 compatibilty issues with the LDAP plugin. Since the LDAP resources were converted to LDAP\Connection, LDAP\Result, and LDAP\ResultEntry objects respectively, the previous `is_resource()` checks fail. This updates all relevant cases of `is_resource()` to `!== false` checks to make LDAP plugin compatible with PHP 8.1.
This addresses an error reported in 270 where we are attempting to call `dn()` on `$r->current()` but `current()` can sometimes return `false`. This adds a check for `!$r->current()` before continuing to `dn()`. See similar issue here: 260
Reviewed-By: JediKev <[email protected]>
Reviewed-By: JediKev <[email protected]>
Reviewed-By: JediKev <[email protected]>
Reviewed-By: JediKev <[email protected]>
This is a commit that goes along with a core commit for password length. We should limit passwords to minimum of 1 and maximum of 128.
Reviewed-By: JediKev <[email protected]>
This addresses an issue where `ldap://` and `ldaps://` gets stripped from the hostname by weak REGEX. This updates the REGEX to make it account for `ldap://` and `ldaps://` so that it remains as part of the hostname. This will allow people to typehint LDAPS connections.
Reviewed-By: Peter Rotich <[email protected]>
…nt-selection-prompt Reviewed-By: Peter Rotich <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Can you add this functionality o a script of php, just like the CDN rules that transfer or store all files on another server? Currently base on the plugin available, it oly store data in a folder. This will be a big help for a small storage server.