Skip to content

Commit

Permalink
Merge pull request #1154 from itflow-org/develop
Browse files Browse the repository at this point in the history
Release 25.01
  • Loading branch information
johnnyq authored Jan 25, 2025
2 parents 0bde1cc + 33f80cb commit e8c3cab
Show file tree
Hide file tree
Showing 1,180 changed files with 28,284 additions and 19,551 deletions.
2 changes: 2 additions & 0 deletions .htaccess
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Prevent access to .git, .github, and config.php
RedirectMatch 404 ^/(\.git|\.github|config\.php)
67 changes: 67 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# Changelog

This file documents all notable changes made to ITFlow.

## [25.01]

### Added / Changed
- Added support for saving cards in Stripe for automatic invoice payments.
- Page titles now display detailed information (e.g., page name, client selection, company name, ticket and invoice info) for easier multi-tab navigation.
- Reintroduced the new admin role-check for admin pages.
- Admin roles can now be archived.
- Debug mode now shows the current Git branch.
- The auto-acknowledgment email for email-parsed tickets now includes a guest link.
- Recurring tickets no longer require a contact.
- Stripe online payment setup now prompts you to set the income/expense account.
- New cron/CLI scripts have been moved to the `/scripts` subfolder — remember to update your cron configurations!
- Moved modal includes to `/modals` to tidy up the root directory.
- Moved most include files to `/includes` to improve directory structure.
- Moved guest pages to `/guest` for better organization.
- Renamed the include file `pagination.php` to `filter_footer.php`, as it is used in conjunction with `filter_header.php` for page filtering.
- Guest ticket feedback now shows the ticket prefix and number, not just the ID.
- Individual POST handler logic pages are no longer directly accessible.
- Added the ability to delete payments on the Payments and Client Payments pages.
- Implemented domain history tracking.
- Added Asset Interface Linking/Connections to show what interface is connected to which interface port of another asset.
- Added Force Recurring Ticket option in more locations, not just for recurring tickets.
- Implemented row spanning and centered devices that occupy multiple units in a rack.
- Added tooltips to main navigation badge counts to clarify what is being counted.
- Reduced max records per page from 500 to 100 to prevent performance issues.
- Updated several plugins:
- `stripe-php` from 10.5.0 to 16.4.0
- `Inputmask` from 5.0.8 to 5.0.9
- `DataTables` from 2.1.8 to 2.2.1
- `pdfmake` from 0.2.8 to 0.2.18
- `php-mime-mail-parser` to 9.0.1
- `TinyMCE` from 7.5.1 to 7.6.1
- Removed unused libraries from the vendor folder and moved Stripe to the plugins folder, eliminating the vendor folder.
- Merged the MFA TOTP functionality files `base32static.php` and `rfc6238.php` into a single file (`totp`) and moved it to the plugins folder.
- No longer need to pass the DB connection (`$mysqli`) to the `addToMailQueue` function.
- Disabled HTML Purifier caching.
- Replaced the `nullable_htmlentities` function with `htmlspecialchars`.
- Updated filter variable naming.
- Implemented other minor UI updates, performance optimizations, and directory cleanups.

### Fixed
- Fixed an issue where the ticket edit modal didn't show multi-client or no-client projects.
- Fixed asset interface losing DHCP settings.
- Fixed a 500 error when creating or editing recurring expenses due to an incorrect variable name.
- Fixed tickets created via the portal/email not being marked as billable.
- Fixed issues with editing recurring expenses.
- Resolved a regression where the TinyMCE editor didn’t display when adding or editing ticket templates.
- Fixed a TinyMCE license issue.

### Removed / Deprecated
- Deprecated the cron scripts in the root directory. Cron jobs should now use the ones in the `/scripts` subfolder, which no longer require a cron key and must be run via CLI.

### BREAKING CHANGES
- The client portal has been moved from `/portal` to `/client`:
- Links in previous emails will be broken.
- The Azure Entra ID SSO Redirect URI needs to be updated to `/client`.
- You may need to update other links (e.g., website, support page).
- Guest links have been moved from `/` to `/guest`. Previous links will be broken.

## [24.12]

### Added / Changed
- Introduced versioned releases for the first time!
64 changes: 18 additions & 46 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,10 @@
<!-- PROJECT SHIELDS -->
[![Contributors][contributors-shield]][contributors-url]
[![Stargazers][stars-shield]][stars-url]
[![Issues][issues-shield]][issues-url]
[![Commits][commit-shield]][commit-url]
[![GPL License][license-shield]][license-url]

<!-- PROJECT LOGO -->
<div align="center">
<!-- <a href="https://github.com/itflow-org/itflow">
<img src="images/logo.png" alt="Logo" width="80" height="80">
</a> -->

<h3 align="center">ITFlow</h3>

Expand Down Expand Up @@ -47,43 +42,26 @@


### The Problem
- You're a busy MSP with 101 things to do.
- Information about your clients is unorganised and unstructured: scattered in random tickets or folders - when you do eventually find it, it's out of date.
- For some issues, you spend longer looking for the relevant documentation than actually working the ticket.
- You're a small but busy managed service provider with 101 things to do. Information about your clients is unorganised, unstructured and outdated.
- For some work, you seem to spend longer looking for the relevant documentation than actually working on the issue/project.
- On top of the technical day to day, you also have to take care of the financial side of the business - consistent pricing, quotes/invoicing, and accounting.

### The Solution: ITFlow
- ITFlow consolidates common MSP needs (IT Documentation, ticketing and billing) into one system

### In Beta
* This project is in beta with many ongoing changes. Updates may unintentionally introduce bugs/security issues. Writing functional, secure code is very difficult.
* Whilst we are confident the code is safe, nothing in life is 100% safe or risk-free. Use your best judgement before deciding to store highly confidential information in ITFlow.
* We are hoping to have a stable 1.0 release by early 2025.
- ITFlow consolidates common MSP needs (documentation, ticketing and billing) into one unified system.

<!-- GETTING STARTED -->
## Getting Started

ITFlow is self-hosted. There is a full installation guide in the [docs](https://docs.itflow.org/installation).


<!-- EASY INSTALL -->
### Installation via Script (Recommended Method)
**Requirements**
- Clean Install of Debian 12 or Ubuntu 22.04
- A public IP Address
- Ports 80 (HTTP) and 443 (HTTPS) TCP accessible from the outside in
- A Fully Qualified Domain Name pointing to the public IP Address – example itflow.example.com
### Self Hosting
- The best installation method is to use the [install script](https://docs.itflow.org/installation_script) on Ubuntu/Debian. A video walk through is available [here](https://www.youtube.com/watch?v=kKz9NOU_1XE).
```
wget -O itflow_install.sh https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh
bash itflow_install.sh
```
- Other manual installation methods are available in the [docs](https://docs.itflow.org/installation).

**Process**
- Login as root
- Download & run install script
```
wget -O itflow_install.sh https://github.com/itflow-org/itflow-install-script/raw/main/itflow_install.sh
bash itflow_install.sh
```
- Follow Instructions & navigate to setup URL shown
- Leave us feedback in the [forum](https://forum.itflow.org/d/11-road-map)
### Managed Hosting
- If you'd prefer, we can [host ITFlow for you](https://services.itflow.org/hosting.php).

<!-- FEATURES -->
## Key Features
Expand All @@ -95,14 +73,7 @@ ITFlow is self-hosted. There is a full installation guide in the [docs](https://

<!-- ROADMAP -->
## Roadmap / Future to-do
* Comprehensive API to allow custom third party integration
* CalDAV to integrate with 3rd party calendars
* CardDAV to integrate with 3rd party Address books
* Recent caller toast alerts to click and bring up the clients account right away
* FIDO2 WebAuthn Support for passwordless auth (TPM Fingerprint), (USB Hardware keys such as Yubikey)
See the [forum](https://forum.itflow.org/t/added-to-roadmap) and the [open issues](https://github.com/itflow-org/itflow/issues) for a full list of proposed features & known issues.
We track the implementation of confirmed features and bugs via [TaskFlow](https://tasks.dev.itflow.org/tasks.php). Use the [forum](https://forum.itflow.org) to request features or raise bug reports.

<!-- CONTRIBUTING -->
## Support & Contributions
Expand All @@ -111,7 +82,7 @@ See the [forum](https://forum.itflow.org/t/added-to-roadmap) and the [open issue
For help using ITFlow, bugs, feature requests, and general ideas / discussions please use the community [forum](https://forum.itflow.org).

### Contributing
If you want to improve ITFlow, feel free to fork the repo and create a pull request, but make sure to discuss significant changes or new features with fellow contributors on the forum first. This helps ensure that your contributions are aligned with project goals, and saves time for everyone. All contributions should follow our [code standards](https://docs.itflow.org/code_standards).
If you want to improve ITFlow, feel free to fork the repo and create a pull reques. Make sure to discuss significant changes or new features with fellow contributors on the forum first. This helps ensure that your contributions are aligned with project goals, and saves time for everyone. All contributions should follow our [code standards](https://docs.itflow.org/code_standards). See the [contributing guide](https://docs.itflow.org/contribute).

#### Contributors
<a href="https://github.com/itflow-org/itflow/graphs/contributors">
Expand All @@ -122,13 +93,14 @@ If you want to improve ITFlow, feel free to fork the repo and create a pull requ
We’re incredibly grateful to the organizations and individuals who support the project - a big thank you to:
- CompuMatter
- F1 for HELP
- JetBrains

<!-- LICENSE -->
## License
ITFlow is distributed "as is" under the GPL License, WITHOUT WARRANTY OF ANY KIND. See [`LICENSE`](https://github.com/itflow-org/itflow/blob/master/LICENSE) for details.

## Security
* As of 2025, we now have a stable release of the project.
* Whilst we are confident in the safety of the code, no system is risk-free. Nearly all software has bugs. Use your best judgement before storing highly confidential information in ITFlow.
* If you have a security concern, privately report it [here](https://github.com/itflow-org/itflow/security/policy).

<!-- MARKDOWN LINKS & IMAGES -->
<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->
Expand Down
22 changes: 9 additions & 13 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -1,25 +1,21 @@
# Security Policy

## **Please do NOT report security concerns/vulnerabilities publicly (Github issues/forum)**
## **Please do NOT report security concerns/vulnerabilities publicly (Issues/forum)**

---
**We take security seriously**

## In Beta

ITFlow is currently in beta and is a work in progress.

**We take security seriously.** Whilst we are confident the code is safe, nothing in life is 100% safe or risk-free. You should use your best judgment before entering confidential information into the app.

We attempt to follow security best practices where possible, including [automated code scanning](https://sonarcloud.io/component_measures?id=itflow-org_itflow&metric=security_rating&view=list).

[![Security](https://sonarcloud.io/api/project_badges/measure?project=itflow-org_itflow&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=itflow-org_itflow)
- Whilst we are confident in the safety of the code, no system is risk-free. Nearly all software has bugs. Use your best judgement before storing highly confidential information in ITFlow.
- We attempt to follow security best practices where possible, including [automated code scanning](https://sonarcloud.io/component_measures?id=itflow-org_itflow&metric=security_rating&view=list).
- [![Security](https://sonarcloud.io/api/project_badges/measure?project=itflow-org_itflow&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=itflow-org_itflow)

## Supported Versions
We operate a rolling release model. Any bug fixes will be released into latest version of ITFlow, so you must stay up-to-date.

| Version | Supported |
| ------- | ------------------ |
| Beta | :white_check_mark: |
| 1.0 | Yet to be released |
| Beta | :x: |
| 24.12 | :white_check_mark: |
| 25.1 | :white_check_mark: (When released) |

## Reporting a Vulnerability via GitHub Security Advisories

Expand Down
10 changes: 5 additions & 5 deletions accounts.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
$sort = "account_name";
$order = "ASC";

require_once "inc_all.php";
require_once "includes/inc_all.php";

// Perms
enforceUserPermission('module_financial');
Expand Down Expand Up @@ -109,18 +109,18 @@
</tr>

<?php
include "account_edit_modal.php";
require "modals/account_edit_modal.php";
}
?>

</tbody>
</table>
</div>
<?php require_once "pagination.php"; ?>
<?php require_once "includes/filter_footer.php"; ?>
</div>
</div>

<?php

require_once "account_add_modal.php";
require_once "footer.php";
require_once "modals/account_add_modal.php";
require_once "includes/footer.php";
8 changes: 4 additions & 4 deletions admin_api.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
$sort = "api_key_name";
$order = "ASC";

require_once "inc_all_admin.php";
require_once "includes/inc_all_admin.php";


//Rebuild URL
Expand Down Expand Up @@ -166,15 +166,15 @@
</form>

</div>
<?php require_once "pagination.php";
<?php require_once "includes/filter_footer.php";
?>
</div>
</div>

<script src="js/bulk_actions.js"></script>

<?php
require_once "admin_api_key_add_modal.php";
require_once "modals/admin_api_key_add_modal.php";

require_once "footer.php";
require_once "includes/footer.php";

22 changes: 11 additions & 11 deletions admin_app_log.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,26 +4,26 @@
$sort = "app_log_id";
$order = "DESC";

require_once "inc_all_admin.php";
require_once "includes/inc_all_admin.php";

// Log Type Filter
if (isset($_GET['type']) & !empty($_GET['type'])) {
$log_type_query = "AND (app_log_type = '" . sanitizeInput($_GET['type']) . "')";
$type = nullable_htmlentities($_GET['type']);
$type_filter = nullable_htmlentities($_GET['type']);
} else {
// Default - any
$log_type_query = '';
$type = '';
$type_filter = '';
}

// Log Category Filter
if (isset($_GET['category']) & !empty($_GET['catergory'])) {
$log_category_query = "AND (app_log_category = '" . sanitizeInput($_GET['category']) . "')";
$category = nullable_htmlentities($_GET['category']);
$category_filter = nullable_htmlentities($_GET['category']);
} else {
// Default - any
$log_category_query = '';
$category = '';
$category_filter = '';
}

//Rebuild URL
Expand Down Expand Up @@ -63,14 +63,14 @@
<div class="col-sm-2">
<div class="form-group">
<select class="form-control select2" name="type" onchange="this.form.submit()">
<option value="" <?php if ($type == "") { echo "selected"; } ?>>- All Types -</option>
<option value="">- All Types -</option>

<?php
$sql_types_filter = mysqli_query($mysqli, "SELECT DISTINCT app_log_type FROM app_logs ORDER BY app_log_type ASC");
while ($row = mysqli_fetch_array($sql_types_filter)) {
$log_type = nullable_htmlentities($row['app_log_type']);
?>
<option <?php if ($type == $log_type) { echo "selected"; } ?>><?php echo $log_type; ?></option>
<option <?php if ($type_filter == $log_type) { echo "selected"; } ?>><?php echo $log_type; ?></option>
<?php
}
?>
Expand All @@ -82,14 +82,14 @@
<div class="col-sm-2">
<div class="form-group">
<select class="form-control select2" name="category" onchange="this.form.submit()">
<option value="" <?php if ($category == "") { echo "selected"; } ?>>- All Categories -</option>
<option value="">- All Categories -</option>

<?php
$sql_categories_filter = mysqli_query($mysqli, "SELECT DISTINCT app_log_category FROM app_logs ORDER BY app_log_category ASC");
while ($row = mysqli_fetch_array($sql_categories_filter)) {
$log_category = nullable_htmlentities($row['app_log_category']);
?>
<option <?php if ($category == $log_category) { echo "selected"; } ?>><?php echo $log_category; ?></option>
<option <?php if ($category_filter == $log_category) { echo "selected"; } ?>><?php echo $log_category; ?></option>
<?php
}
?>
Expand Down Expand Up @@ -184,10 +184,10 @@
</tbody>
</table>
</div>
<?php require_once "pagination.php";
<?php require_once "includes/filter_footer.php";
?>
</div>
</div>

<?php
require_once "footer.php";
require_once "includes/footer.php";
Loading

0 comments on commit e8c3cab

Please sign in to comment.