Updated version

Signed-off-by: snipe <snipe@snipe.net>

.env.example

@@ -152,4 +152,5 @@ LDAP_TIME_LIM=600
 IMPORT_TIME_LIMIT=600
 IMPORT_MEMORY_LIMIT=500M
 REPORT_TIME_LIMIT=12000
-
+REQUIRE_SAML=false
+API_THROTTLE_PER_MINUTE=120

app/Exceptions/Handler.php

@@ -84,10 +84,12 @@ class Handler extends ExceptionHandler
                 switch ($e->getStatusCode()) {
                     case '404':
                        return response()->json(Helper::formatStandardApiResponse('error', null, $statusCode . ' endpoint not found'), 404);
-                    case '405':
+                    case '429':
+                        return response()->json(Helper::formatStandardApiResponse('error', null, 'Too many requests'), 429);
+                     case '405':
                         return response()->json(Helper::formatStandardApiResponse('error', null, 'Method not allowed'), 405);
                     default:
-                        return response()->json(Helper::formatStandardApiResponse('error', null, $statusCode), 405);
+                        return response()->json(Helper::formatStandardApiResponse('error', null, $statusCode), $statusCode);
 
                 }
             }

app/Http/Controllers/Api/AssetMaintenancesController.php

@@ -33,6 +33,7 @@ class AssetMaintenancesController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('view', Asset::class);
         $maintenances = AssetMaintenance::with('asset', 'asset.model','asset.location', 'supplier', 'asset.company', 'admin');
 
         if ($request->filled('search')) {
@@ -101,6 +102,7 @@ class AssetMaintenancesController extends Controller
      */
     public function store(Request $request)
     {
+        $this->authorize('edit', Asset::class);
         // create a new model instance
         $assetMaintenance = new AssetMaintenance();
         $assetMaintenance->supplier_id = $request->input('supplier_id');
@@ -153,6 +155,7 @@ class AssetMaintenancesController extends Controller
      */
     public function update(Request $request, $assetMaintenanceId = null)
     {
+        $this->authorize('edit', Asset::class);
         // Check if the asset maintenance exists
         $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
 
@@ -216,6 +219,7 @@ class AssetMaintenancesController extends Controller
      */
     public function destroy($assetMaintenanceId)
     {
+        $this->authorize('edit', Asset::class);
         // Check if the asset maintenance exists
         $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
 
@@ -241,6 +245,7 @@ class AssetMaintenancesController extends Controller
      */
     public function show($assetMaintenanceId)
     {
+        $this->authorize('view', Asset::class);
         $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
         if (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot view a maintenance for that asset'));

app/Http/Controllers/Api/LicensesController.php

@@ -82,6 +82,10 @@ class LicensesController extends Controller
             $licenses = $licenses->TextSearch($request->input('search'));
         }
 
+        if ($request->input('deleted')=='true') {
+            $licenses->onlyTrashed();
+        }
+
 
         // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
         // case we override with the actual count, so we should return 0 items.

app/Http/Controllers/AssetMaintenancesController.php

@@ -50,6 +50,7 @@ class AssetMaintenancesController extends Controller
     */
     public function index()
     {
+        $this->authorize('view', Asset::class);
         return view('asset_maintenances/index');
     }
 
@@ -66,6 +67,7 @@ class AssetMaintenancesController extends Controller
      */
     public function create()
     {
+        $this->authorize('edit', Asset::class);
         $asset = null;
 
         if ($asset = Asset::find(request('asset_id'))) {
@@ -96,6 +98,7 @@ class AssetMaintenancesController extends Controller
     */
     public function store(Request $request)
     {
+        $this->authorize('edit', Asset::class);
         // create a new model instance
         $assetMaintenance = new AssetMaintenance();
         $assetMaintenance->supplier_id = $request->input('supplier_id');
@@ -148,6 +151,7 @@ class AssetMaintenancesController extends Controller
     */
     public function edit($assetMaintenanceId = null)
     {
+        $this->authorize('edit', Asset::class);
         // Check if the asset maintenance exists
         if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
             // Redirect to the improvement management page
@@ -200,6 +204,7 @@ class AssetMaintenancesController extends Controller
      */
     public function update(Request $request, $assetMaintenanceId = null)
     {
+        $this->authorize('edit', Asset::class);
         // Check if the asset maintenance exists
         if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
             // Redirect to the asset maintenance management page
@@ -266,6 +271,7 @@ class AssetMaintenancesController extends Controller
     */
     public function destroy($assetMaintenanceId)
     {
+        $this->authorize('edit', Asset::class);
         // Check if the asset maintenance exists
         if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
             // Redirect to the asset maintenance management page
@@ -294,6 +300,8 @@ class AssetMaintenancesController extends Controller
     */
     public function show($assetMaintenanceId)
     {
+        $this->authorize('view', Asset::class);
+
         // Check if the asset maintenance exists
         if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
             // Redirect to the asset maintenance management page

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -87,6 +87,8 @@ class ForgotPasswordController extends Controller
             \Log::info('Password reset attempt: User '.$request->input('username').'failed with exception: '.$e );
         }
 
+        // Prevent timing attack to enumerate users.
+        usleep(500000 + random_int(0, 1500000));
 
         if ($response === \Password::RESET_LINK_SENT) {
             \Log::info('Password reset attempt: User '.$request->input('username').' WAS found, password reset sent');

app/Http/Controllers/Auth/LoginController.php

@@ -75,6 +75,13 @@ class LoginController extends Controller
             return redirect()->intended('/');
         }
 
+        // If the environment is set to ALWAYS require SAML, go straight to the SAML route.
+        // We don't need to check other settings, as this should override those.
+        if (config('app.require_saml')) {
+            return redirect()->route('saml.login');
+        }
+
+
         if ($this->saml->isEnabled() && Setting::getSettings()->saml_forcelogin == "1" && !($request->has('nosaml') || $request->session()->has('error'))) {
             return redirect()->route('saml.login');
         }
@@ -197,6 +204,12 @@ class LoginController extends Controller
      */
     public function login(Request $request)
     {
+
+        //If the environment is set to ALWAYS require SAML, return access denied
+        if (config('app.require_saml')) {
+            return view('errors.403');
+        }
+
         if (Setting::getSettings()->login_common_disabled == "1") {
             return view('errors.403');
         }
@@ -363,7 +376,7 @@ class LoginController extends Controller
         if (Google2FA::verifyKey($user->two_factor_secret, $secret)) {
             $user->two_factor_enrolled = 1;
             $user->save();
-            $request->session()->put('2fa_authed', 'true');
+            $request->session()->put('2fa_authed', $user->id);
             return redirect()->route('home')->with('success', 'You are logged in!');
         }
 

app/Http/Controllers/SettingsController.php

@@ -8,6 +8,7 @@ use App\Http\Requests\ImageUploadRequest;
 use App\Http\Requests\SettingsSamlRequest;
 use App\Http\Requests\SetupUserRequest;
 use App\Models\Setting;
+use App\Models\Asset;
 use App\Models\User;
 use App\Notifications\FirstAdminNotification;
 use App\Notifications\MailTest;
@@ -621,6 +622,26 @@ class SettingsController extends Controller
             return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
         }
 
+        // Check if the audit interval has changed - if it has, we want to update ALL of the assets audit dates
+        if ($request->input('audit_interval') != $setting->audit_interval) {
+
+            // Be careful - this could be a negative number
+            $audit_diff_months = ((int)$request->input('audit_interval') - (int)($setting->audit_interval));
+            
+            // Grab all of the assets that have an existing next_audit_date
+            $assets = Asset::whereNotNull('next_audit_date')->get();
+
+            // Update all of the assets' next_audit_date values
+            foreach ($assets as $asset) {
+
+                if ($asset->next_audit_date != '') {
+                    $old_next_audit = new \DateTime($asset->next_audit_date);
+                    $asset->next_audit_date = $old_next_audit->modify($audit_diff_months.' month')->format('Y-m-d');
+                    $asset->forceSave();
+                }
+            }
+        } 
+
         $alert_email    = rtrim($request->input('alert_email'), ',');
         $alert_email    = trim($alert_email);
         $admin_cc_email = rtrim($request->input('admin_cc_email'), ',');

app/Http/Controllers/SuppliersController.php

@@ -184,6 +184,7 @@ class SuppliersController extends Controller
      */
     public function show($supplierId = null)
     {
+        $this->authorize('view', Supplier::class);
         $supplier = Supplier::find($supplierId);
 
         if (isset($supplier->id)) {

app/Http/Kernel.php

@@ -24,6 +24,7 @@ class Kernel extends HttpKernel
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
         \App\Http\Middleware\SecurityHeaders::class,
         \App\Http\Middleware\PreventBackHistory::class,
+        \Fruitcake\Cors\HandleCors::class,
 
     ];
 
@@ -44,8 +45,6 @@ class Kernel extends HttpKernel
         ],
 
         'api' => [
-            \Barryvdh\Cors\HandleCors::class,
-            'throttle:120,1',
             'auth:api',
         ],
     ];

app/Http/Middleware/CheckForTwoFactor.php

@@ -32,7 +32,7 @@ class CheckForTwoFactor
         if ($settings = Setting::getSettings()) {
             if (Auth::check() && ($settings->two_factor_enabled != '')) {
                 // This user is already 2fa-authed
-                if ($request->session()->get('2fa_authed')) {
+                if ($request->session()->get('2fa_authed')==Auth::user()->id) {
                     return $next($request);
                 }
 

app/Http/Transformers/LicensesTransformer.php

@@ -45,7 +45,9 @@ class LicensesTransformer
             'category' =>  ($license->category) ? ['id' => (int)  $license->category->id,'name'=> e($license->category->name)] : null,
             'created_at' => Helper::getFormattedDateObject($license->created_at, 'datetime'),
             'updated_at' => Helper::getFormattedDateObject($license->updated_at, 'datetime'),
+            'deleted_at' => Helper::getFormattedDateObject($license->deleted_at, 'datetime'),
             'user_can_checkout' => (bool) ($license->free_seats_count > 0),
+
         ];
 
         $permissions_array['available_actions'] = [

app/Importer/AssetImporter.php

@@ -71,7 +71,7 @@ class AssetImporter extends ItemImporter
             $this->log("No Matching Asset, Creating a new one");
             $asset = new Asset;
         }
-
+        $this->item['notes'] = $this->findCsvMatch($row, 'asset_notes');
         $this->item['image'] = $this->findCsvMatch($row, "image");
         $this->item['requestable'] = $this->fetchHumanBoolean($this->findCsvMatch($row, "requestable"));;
         $asset->requestable =  $this->fetchHumanBoolean($this->findCsvMatch($row, "requestable"));

app/Importer/ItemImporter.php

@@ -208,6 +208,7 @@ class ItemImporter extends Importer
             $this->log("Matching Model found, updating it.");
             $item = $this->sanitizeItemForStoring($asset_model, $editingModel);
             $item['name'] = $asset_model_name;
+            $item['notes'] = $this->findCsvMatch($row, 'model_notes');
             
             if(!empty($asset_modelNumber)){
                 $item['model_number'] = $asset_modelNumber;
@@ -224,6 +225,7 @@ class ItemImporter extends Importer
         $item = $this->sanitizeItemForStoring($asset_model, $editingModel);
         $item['name'] = $asset_model_name;
         $item['model_number'] = $asset_modelNumber;
+        $item['notes'] = $this->findCsvMatch($row, 'model_notes');
 
         $asset_model->fill($item);
         $item = null;

composer.json

@@ -20,7 +20,6 @@
     "adldap2/adldap2": "^10.2",
     "alek13/slack": "^1.12",
     "bacon/bacon-qr-code": "^1.0",
-    "barryvdh/laravel-cors": "^0.11.3",
     "barryvdh/laravel-debugbar": "^3.2",
     "doctrine/cache": "^1.10",
     "doctrine/common": "^2.12",
@@ -31,6 +30,7 @@
     "enshrined/svg-sanitize": "^0.13.3",
     "erusev/parsedown": "^1.7",
     "fideloper/proxy": "^4.3",
+    "fruitcake/laravel-cors": "^2.2",
     "guzzlehttp/guzzle": "^6.5",
     "intervention/image": "^2.5",
     "javiereguiluz/easyslugger": "^1.0",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "252b4b452ca73e3e8f3d8543fce394d2",
+    "content-hash": "6bd73d729675b968cf296bdf68f6a523",
     "packages": [
         {
             "name": "adldap2/adldap2",
@@ -139,36 +139,36 @@
         },
         {
             "name": "asm89/stack-cors",
-            "version": "1.3.0",
+            "version": "v2.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/asm89/stack-cors.git",
-                "reference": "b9c31def6a83f84b4d4a40d35996d375755f0e08"
+                "reference": "73e5b88775c64ccc0b84fb60836b30dc9d92ac4a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/asm89/stack-cors/zipball/b9c31def6a83f84b4d4a40d35996d375755f0e08",
-                "reference": "b9c31def6a83f84b4d4a40d35996d375755f0e08",
+                "url": "https://api.github.com/repos/asm89/stack-cors/zipball/73e5b88775c64ccc0b84fb60836b30dc9d92ac4a",
+                "reference": "73e5b88775c64ccc0b84fb60836b30dc9d92ac4a",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.5.9",
-                "symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0",
-                "symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0"
+                "php": "^7.2|^8.0",
+                "symfony/http-foundation": "^4|^5|^6",
+                "symfony/http-kernel": "^4|^5|^6"
             },
             "require-dev": {
-                "phpunit/phpunit": "^5.0 || ^4.8.10",
-                "squizlabs/php_codesniffer": "^2.3"
+                "phpunit/phpunit": "^7|^9",
+                "squizlabs/php_codesniffer": "^3.5"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.2-dev"
+                    "dev-master": "2.1-dev"
                 }
             },
             "autoload": {
                 "psr-4": {
-                    "Asm89\\Stack\\": "src/Asm89/Stack/"
+                    "Asm89\\Stack\\": "src/"
                 }
             },
             "notification-url": "https://packagist.org/downloads/",
@@ -189,9 +189,9 @@
             ],
             "support": {
                 "issues": "https://github.com/asm89/stack-cors/issues",
-                "source": "https://github.com/asm89/stack-cors/tree/1.3.0"
+                "source": "https://github.com/asm89/stack-cors/tree/v2.1.1"
             },
-            "time": "2019-12-24T22:41:47+00:00"
+            "time": "2022-01-18T09:12:03+00:00"
         },
         {
             "name": "aws/aws-sdk-php",
@@ -333,72 +333,6 @@
             },
             "time": "2017-10-17T09:59:25+00:00"
         },
-        {
-            "name": "barryvdh/laravel-cors",
-            "version": "v0.11.4",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/fruitcake/laravel-cors.git",
-                "reference": "03492f1a3bc74a05de23f93b94ac7cc5c173eec9"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/fruitcake/laravel-cors/zipball/03492f1a3bc74a05de23f93b94ac7cc5c173eec9",
-                "reference": "03492f1a3bc74a05de23f93b94ac7cc5c173eec9",
-                "shasum": ""
-            },
-            "require": {
-                "asm89/stack-cors": "^1.2",
-                "illuminate/support": "^5.5|^6",
-                "php": ">=7",
-                "symfony/http-foundation": "^3.1|^4",
-                "symfony/http-kernel": "^3.1|^4"
-            },
-            "require-dev": {
-                "laravel/framework": "^5.5",
-                "orchestra/testbench": "3.3.x|3.4.x|3.5.x|3.6.x|3.7.x",
-                "phpunit/phpunit": "^4.8|^5.2|^7.0",
-                "squizlabs/php_codesniffer": "^2.3"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "0.11-dev"
-                },
-                "laravel": {
-                    "providers": [
-                        "Barryvdh\\Cors\\ServiceProvider"
-                    ]
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Barryvdh\\Cors\\": "src/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Barry vd. Heuvel",
-                    "email": "barryvdh@gmail.com"
-                }
-            ],
-            "description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application",
-            "keywords": [
-                "api",
-                "cors",
-                "crossdomain",
-                "laravel"
-            ],
-            "support": {
-                "issues": "https://github.com/fruitcake/laravel-cors/issues",
-                "source": "https://github.com/fruitcake/laravel-cors/tree/v0.11.4"
-            },
-            "time": "2019-08-28T11:27:11+00:00"
-        },
         {
             "name": "barryvdh/laravel-debugbar",
             "version": "v3.6.2",
@@ -2042,6 +1976,85 @@
             },
             "time": "2021-06-23T19:00:23+00:00"
         },
+        {
+            "name": "fruitcake/laravel-cors",
+            "version": "v2.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/fruitcake/laravel-cors.git",
+                "reference": "783a74f5e3431d7b9805be8afb60fd0a8f743534"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/fruitcake/laravel-cors/zipball/783a74f5e3431d7b9805be8afb60fd0a8f743534",
+                "reference": "783a74f5e3431d7b9805be8afb60fd0a8f743534",
+                "shasum": ""
+            },
+            "require": {
+                "asm89/stack-cors": "^2.0.1",
+                "illuminate/contracts": "^6|^7|^8|^9",
+                "illuminate/support": "^6|^7|^8|^9",
+                "php": ">=7.2"
+            },
+            "require-dev": {
+                "laravel/framework": "^6|^7.24|^8",
+                "orchestra/testbench-dusk": "^4|^5|^6|^7",
+                "phpunit/phpunit": "^6|^7|^8|^9",
+                "squizlabs/php_codesniffer": "^3.5"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.1-dev"
+                },
+                "laravel": {
+                    "providers": [
+                        "Fruitcake\\Cors\\CorsServiceProvider"
+                    ]
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Fruitcake\\Cors\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Fruitcake",
+                    "homepage": "https://fruitcake.nl"
+                },
+                {
+                    "name": "Barry vd. Heuvel",
+                    "email": "barryvdh@gmail.com"
+                }
+            ],
+            "description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application",
+            "keywords": [
+                "api",
+                "cors",
+                "crossdomain",
+                "laravel"
+            ],
+            "support": {
+                "issues": "https://github.com/fruitcake/laravel-cors/issues",
+                "source": "https://github.com/fruitcake/laravel-cors/tree/v2.2.0"
+            },
+            "funding": [
+                {
+                    "url": "https://fruitcake.nl",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/barryvdh",
+                    "type": "github"
+                }
+            ],
+            "time": "2022-02-23T14:25:13+00:00"
+        },
         {
             "name": "guzzlehttp/guzzle",
             "version": "6.5.5",
@@ -11625,5 +11638,5 @@
     "platform-overrides": {
         "php": "7.2.5"
     },
-    "plugin-api-version": "2.0.0"
+    "plugin-api-version": "2.1.0"
 }

config/app.php

@@ -255,7 +255,20 @@ return [
     'enable_csp' => env('ENABLE_CSP', false),
 
 
+    /*
+     |--------------------------------------------------------------------------
+     | Require SAML Login
+     |--------------------------------------------------------------------------
+     |
+     | Disable the ability to login via form login, and disables the 'nosaml'
+     | workaround. It requires all logins to process via SAML login.
+     | (This is for high security setups. If your SAML configuration is not
+     | working, this option should be set to false. This option is not needed
+     | to successfully configure SAML authentication.)
+     |
+     */
 
+    'require_saml' => env('REQUIRE_SAML', false),
 
     /*
     |--------------------------------------------------------------------------
@@ -412,4 +425,15 @@ return [
 
     ],
 
+    /*
+    |--------------------------------------------------------------------------
+    | API Throttling
+    |--------------------------------------------------------------------------
+    |
+    | This value determines the number of API requests permitted per minute
+    |
+    */
+
+    'api_throttle_per_minute' => env('API_THROTTLE_PER_MINUTE', 120),
+
 ];

config/cors.php

@@ -37,12 +37,13 @@ return [
     |
     */
    
-    'supportsCredentials' => false,
-    'allowedOrigins' => $allowed_origins,
-    'allowedOriginsPatterns' => [],
-    'allowedHeaders' => ['*'],
-    'allowedMethods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'],
-    'exposedHeaders' => [],
-    'maxAge' => 0,
+    'supports_credentials' => false,
+    'allowed_origins' => $allowed_origins,
+    'allowed_origins_patterns' => [],
+    'allowed_headers' => ['*'],
+    'allowed_methods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'],
+    'exposed_headers' => [],
+    'max_age' => 0,
+    'paths' => ['api/*', 'sanctum/csrf-cookie'],
 
 ];

config/version.php

@@ -1,10 +1,10 @@
 <?php
 return array (
-  'app_version' => 'v5.3.9',
-  'full_app_version' => 'v5.3.9 - build 6673-gf5ffda805',
-  'build_version' => '6673',
+  'app_version' => 'v5.4.0',
+  'full_app_version' => 'v5.4.0 - build 6685-dfbff274839',
+  'build_version' => '6685',
   'prerelease_version' => '',
-  'hash_version' => 'gf5ffda805',
-  'full_hash' => 'v5.3.9-52-gf5ffda805',
+  'hash_version' => 'dfbff274839',
+  'full_hash' => 'v5.4.0-1-dfbff274839',
   'branch' => 'master',
-);
+);

package-lock.json

@@ -16238,9 +16238,9 @@
       "integrity": "sha1-G+i3twTdOFcVJwiu+x1KSzpp+zM="
     },
     "jquery-ui": {
-      "version": "1.13.0",
-      "resolved": "https://registry.npmjs.org/jquery-ui/-/jquery-ui-1.13.0.tgz",
-      "integrity": "sha512-Osf7ECXNTYHtKBkn9xzbIf9kifNrBhfywFEKxOeB/OVctVmLlouV9mfc2qXCp6uyO4Pn72PXKOnj09qXetopCw==",
+      "version": "1.13.1",
+      "resolved": "https://registry.npmjs.org/jquery-ui/-/jquery-ui-1.13.1.tgz",
+      "integrity": "sha512-2VlU59N5P4HaumDK1Z3XEVjSvegFbEOQRgpHUBaB2Ak98Axl3hFhJ6RFcNQNuk9SfL6WxIbuLst8dW/U56NSiA==",
       "requires": {
         "jquery": ">=1.8.0 <4.0.0"
       }

package.json

@@ -41,7 +41,7 @@
     "imagemin": "^5.3.1",
     "jquery-form-validator": "^2.3.79",
     "jquery-slimscroll": "^1.3.8",
-    "jquery-ui": "^1.13.0",
+    "jquery-ui": "^1.13.1",
     "jquery-ui-bundle": "^1.12.1",
     "jquery.iframe-transport": "^1.0.0",
     "less": "^3.13.1",

public/js/build/app.js.LICENSE.txt

@@ -36,7 +36,7 @@
  */
 
 /*!
- * jQuery UI Widget 1.13.0
+ * jQuery UI Widget 1.13.1
  * http://jqueryui.com
  *
  * Copyright jQuery Foundation and other contributors

public/mix-manifest.json

@@ -1,5 +1,5 @@
 {
-    "/js/build/app.js": "/js/build/app.js?id=45f6fb8b6b6121469cd6",
+    "/js/build/app.js": "/js/build/app.js?id=7f0aa35a0e80a6a64427",
     "/css/build/AdminLTE.css": "/css/build/AdminLTE.css?id=89f2b7816c4e00784b59",
     "/css/build/app.css": "/css/build/app.css?id=423186da9bf73779ce2a",
     "/css/build/overrides.css": "/css/build/overrides.css?id=e0c3caf0357a7ab0a2e9",
@@ -26,7 +26,7 @@
     "/css/dist/bootstrap-table.css": "/css/dist/bootstrap-table.css?id=810d7e520c3057ee500e",
     "/js/build/vendor.js": "/js/build/vendor.js?id=b93877b4a88a76e1b18b",
     "/js/dist/bootstrap-table.js": "/js/dist/bootstrap-table.js?id=473d249fc27f1b907d07",
-    "/js/dist/all.js": "/js/dist/all.js?id=7fbd7aad35364c6060e6",
+    "/js/dist/all.js": "/js/dist/all.js?id=1b9488168279292af5c4",
     "/css/dist/skins/skin-green.min.css": "/css/dist/skins/skin-green.min.css?id=1f137fd2dcbac676d291",
     "/css/dist/skins/skin-green-dark.min.css": "/css/dist/skins/skin-green-dark.min.css?id=af88a4cc8e58dc298963",
     "/css/dist/skins/skin-black.min.css": "/css/dist/skins/skin-black.min.css?id=5ef650950378aeb72dfa",

resources/assets/js/components/importer/importer-file.vue

@@ -130,7 +130,6 @@
                         {id: 'location', text: 'Location' },
                         {id: 'maintained', text: 'Maintained' },
                         {id: 'manufacturer', text: 'Manufacturer' },
-                        {id: 'notes', text: 'Notes' },
                         {id: 'order_number', text: 'Order Number' },
                         {id: 'purchase_cost', text: 'Purchase Cost' },
                         {id: 'purchase_date', text: 'Purchase Date' },
@@ -143,10 +142,13 @@
                     ],
                     accessories:[
                         {id: 'model_number', text: 'Model Number'},
+                        {id: 'notes', text: 'Notes' },
                     ],
                     assets: [
                         {id: 'asset_tag', text: 'Asset Tag' },
                         {id: 'asset_model', text: 'Model Name' },
+                        {id: 'asset_notes', text: 'Asset Notes' },
+                        {id: 'model_notes', text: 'Model Notes' },
                         {id: 'checkout_class', text: 'Checkout Type' },
                         {id: 'checkout_location', text: 'Checkout Location' },
                         {id: 'image', text: 'Image Filename' },
@@ -159,6 +161,7 @@
                         {id: 'item_no', text: "Item Number"},
                         {id: 'model_number', text: "Model Number"},
                         {id: 'min_amt', text: "Minimum Quantity"},
+                        {id: 'notes', text: 'Notes' },
                     ],
                     licenses: [
                         {id: 'asset_tag', text: 'Assigned To Asset'},
@@ -166,6 +169,7 @@
                         {id: 'full_name', text: 'Full Name' },
                         {id: 'license_email', text: 'Licensed To Email' },
                         {id: 'license_name', text: 'Licensed To Name' },
+                        {id: 'notes', text: 'Notes' },
                         {id: 'purchase_order', text: 'Purchase Order' },
                         {id: 'reassignable', text: 'Reassignable' },
                         {id: 'seats', text: 'Seats' },
@@ -178,6 +182,7 @@
                         {id: 'phone_number', text: 'Phone Number' },
                         {id: 'manager_first_name', text: 'Manager First Name' },
                         {id: 'manager_last_name', text: 'Manager Last Name' },
+                        {id: 'notes', text: 'Notes' },
                         {id: 'activated', text: 'Activated' },
                         {id: 'address', text: 'Address' },
                         {id: 'city', text: 'City' },

resources/lang/en/admin/settings/general.php

@@ -21,7 +21,7 @@ return [
     'allow_user_skin_help_text' => 'Checking this box will allow a user to override the UI skin with a different one.',
     'asset_ids'					=> 'Asset IDs',
     'audit_interval'            => 'Audit Interval',
-    'audit_interval_help'       => 'If you are required to regularly physically audit your assets, enter the interval in months.',
+    'audit_interval_help'       => 'If you are required to regularly physically audit your assets, enter the interval in months that you use. If you update this value, all of the "next audit dates" for assets with an upcoming audit date.',
     'audit_warning_days'        => 'Audit Warning Threshold',
     'audit_warning_days_help'   => 'How many days in advance should we warn you when assets are due for auditing?',
     'auto_increment_assets'		=> 'Generate auto-incrementing asset tags',
@@ -174,7 +174,7 @@ return [
     'saml_idp_metadata_help'    => 'You can specify the IdP metadata using a URL or XML file.',
     'saml_attr_mapping_username' => 'Attribute Mapping - Username',
     'saml_attr_mapping_username_help' => 'NameID will be used if attribute mapping is unspecified or invalid.',
-    'saml_forcelogin_label'     => 'SAML Force Login',
+    'saml_forcelogin_label'     => 'SAML Default Login',
     'saml_forcelogin'           => 'Make SAML the primary login',
     'saml_forcelogin_help'      => 'You can use \'/login?nosaml\' to get to the normal login page.',
     'saml_slo_label'            => 'SAML Single Log Out',

resources/lang/en/passwords.php

@@ -1,6 +1,6 @@
 <?php
 
 return [
-    'sent'	        => 'Your password link has been sent!',
+    'sent'	        => 'Success: If that email address exists in our system, a password recovery email has been sent.',
     'user'			=> 'No matching active user found with that email.',
 ];

resources/views/settings/saml.blade.php

@@ -39,7 +39,7 @@
                 <div class="box-header with-border">
                     <h2 class="box-title">
                         <i class="fa fa-sign-in"></i> SAML
-                    </h4>
+                    </h2>
                 </div>
                 <div class="box-body">
 

routes/api.php

@@ -11,10 +11,14 @@ use Illuminate\Http\Request;
 | routes are loaded by the RouteServiceProvider within a group which
 | is assigned the "api" middleware group. Enjoy building your API!
 |
+| We *could* put the middleware specification in the RouteServiceProvider's mapApiRoutes() 
+| method, but we felt it was clearer to keep it here, since we look at the api routes for more
+| often than we look at the RouteServiceProvider. - @snipe
+| 
 */
 
 
-Route::group(['prefix' => 'v1','namespace' => 'Api', 'middleware' => 'auth:api'], function () {
+Route::group(['prefix' => 'v1','namespace' => 'Api', 'middleware' => ['api', 'throttle:'.config('app.api_throttle_per_minute').',1']], function () {
 
 
     Route::get('/', function() {