Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
Refs #3809 - Remove cops for empty lines
Refs #3809 - Remove useless assignments
Fixes #7733 - Remove hosts.yml fixtures and use FactoryGirl instead
fixes #3272 - allow 'admin' account to be removed and replaced
fixes #2969 - remove all legacy api code in UI controllers, add deprecation response
Fixes #2414 - Move puppet report processing code to the report processor
This creates a API route for POST:/api/reports which matches the GETformat for reports. Tests are updated, with the report model testsmoving to the puppet-foreman module (along with the report fixtures).
fixes #2151 - use DN environment variable instead of CN
nginx is unable to pass bits of the X.509 subject, only the entire DN, sosupport that as a lowest common denominator.
fixes #2121, #2069 - restrict importers and ENC to puppetmasters and users
CVE-2013-0171: report and fact importers parse YAML directly from the remotehost without authentication. Untrusted YAML can instantiate objects and beused to exploit Foreman.
CVE-2013-0174: external nodes (ENC) output is available to any source and...
auto create admin-user when missing in API requests
add getter for admin user User.admin which auto creates admin when missing
fixes #1446 - expire idle web sessions
WIP rails3 migration
Feature #882 - add api call to reports page to get the index section
Signed-off-by: Corey Osman <corey@logicminds.biz>Signed-off-by: Ohad Levy <ohadlevy@gmail.com>
fixes #847 - Retrieve last report information per host via the api
this adds two URLS to the API:
/hosts/fqdn/reports/last/reports/last
both supports JSON output which provides all of the report information.
fixes #445 - ensure that all anonymous actions are accessible
Fixes #366 - Redmine authorization port
This is a major feature which provides RBAC authorization within Foremana mental note to myself - never ever work on large commits
Fixes #405 and Fixes #349 - Adds support to 2.6.x reports
NOTE: Its recommended to Backup your DB prior to using this patch.
Fixes #261 - parameters now use a single reference_id
This implementation uses STI but the table looks the same for allvariants. This is a little strange but it seems to work.
Also removed obsolete controllers and testsAdded more tests
Fixes #249 - Remove AS from reports
Added a searchbar for hostname, reporting period and the type of report.
Fixes #170 - implement usergroups
Added migrationAdded testsAdded MVC filesAdded the routes as wellAdded the program logic and additional viewsAdded RESTful actions for update and createAdded validations to ensure that usergroup.name and user.login do not collide...
fix broken tests
Commented failing test due to unimplemented validation in OperatingSystem.
added some explanations in reports_controller_test, fact_values_test, users_controller_test, fact_value_controller_test, user_test, about why there is some missing tests. Refactored the auth_source_ldap_controller.
added rr gem to testing. Commented a couple of lines of Report controller test, seems to be a bug in the controller, need to ask about this
Several corrections and improvements. See full description for more detail.
1. Corrected a bug in domain model. In countFact method there was a mistaken search, with the domain name.2. Finished the domain test3. Corrected a bug in host_mailer model. In summary method when the conditions hash is declared, in order was a mistaken search with the hosts names....
commented two Logger.new lines, they were creating log files.
reports controller test is stand-by. puppetclasses controller test finished.
erased a debugger line... sorry
unknown failure in the create test from reports controller... help!
Fixes #9 and introduce a basic reporting viewing over http