AZEN-SGG/Kavita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security Hotfix (#1415)

Browse source 
* Updated ngx-extended-pdf-viewer to 14.5.2 + misc security vuln

* Hooked up remove from want to read AND fixed a bug in the logic that was removing everything BUT what was passed.

Allow for bookmarks to have date info for better ordering.

* Implemented a quick way to set darkneses level on manga reader for when nightlight just isn't dark enough

* Added Japanese Series name support in the Parser

* Updated our security file with our Huntr.

* Fixed a security vulnerability where through the API, an unauthorized user could delete/modify reading lists that did not belong to them.

Fixed a bug where when creating a reading list with the name of another users, the API would throw an exception (but reading list would still get created)

* Ensure all reading list apis are authorized

* Ensured all APIs require authentication, except those that explicitly don't. All APIs are default requiring Authentication.

Fixed a security vulnerability which would allow a user to take over an admin account.

* Fixed a bug where cover-upload would accept filenames that were not expected.

* Explicitly check that a user has access to the pdf file before we serve it back.

* Enabled lock out when invalid user auth occurs. After 5 invalid auths, the user account will be locked out for 10 mins.
This commit is contained in:
Joseph Milazzo 2022-08-08 15:47:37 -05:00 committed by GitHub
parent 331e0d0ca9
commit 88b5ebeb69
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
35 changed files with 1988 additions and 358 deletions
Download patch file Download diff file Expand all files Collapse all files

8
API/Entities/AppUserBookmark.cs
View file

@ -1,11 +1,13 @@
using System.Text.Json.Serialization;
using System;
using System.Text.Json.Serialization;
using API.Entities.Interfaces;
namespace API.Entities
{
/// <summary>
/// Represents a saved page in a Chapter entity for a given user.
/// </summary>
public class AppUserBookmark
public class AppUserBookmark : IEntityDate
{
public int Id { get; set; }
public int Page { get; set; }
@ -23,5 +25,7 @@ namespace API.Entities
[JsonIgnore]
public AppUser AppUser { get; set; }
public int AppUserId { get; set; }
public DateTime Created { get; set; }
public DateTime LastModified { get; set; }
}
}