cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-12 16:40:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
84d792ac07
powerdns-admin/powerdnsadmin/routes/admin.py

2160 lines
95 KiB
Python
Raw Normal View History

Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
import json
User session improvement - Add session handler on other blueprint's before request - Adjustment in using jTimeout to close warning popup on other tabs when we extend the session
2019-12-18 08:25:20 +00:00
import datetime
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
import traceback
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
import re
Add API Key to the UI
2020-08-08 13:41:18 +00:00
from base64 import b64encode
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
from ast import literal_eval
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
from flask import Blueprint, render_template, render_template_string, make_response, url_for, current_app, request, \
redirect, jsonify, abort, flash, session
LGTM fixes. Remove unused import and variables
2019-12-07 13:20:40 +00:00
from flask_login import login_required, current_user
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Allow user role to view history (#890)
2021-03-27 18:33:11 +00:00
from ..decorators import operator_role_required, admin_role_required, history_access_required
LGTM fixes. Remove unused import and variables
2019-12-07 13:20:40 +00:00
from ..models.user import User
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
from ..models.account import Account
from ..models.account_user import AccountUser
from ..models.role import Role
from ..models.server import Server
from ..models.setting import Setting
from ..models.history import History
from ..models.domain import Domain
Allow user role to view history (#890)
2021-03-27 18:33:11 +00:00
from ..models.domain_user import DomainUser
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
from ..models.record import Record
from ..models.domain_template import DomainTemplate
from ..models.domain_template_record import DomainTemplateRecord
Add API Key to the UI
2020-08-08 13:41:18 +00:00
from ..models.api_key import ApiKey
Allow user role to view history (#890)
2021-03-27 18:33:11 +00:00
from ..models.base import db
Add API Key to the UI
2020-08-08 13:41:18 +00:00
Fix rrest typo in history detail There is a misspelling of rrset throughout the history logic, which also effects the json payload in the database. Code-wise this is a simple search-and-replace, and the migration will fix the payloads.
2022-05-18 22:53:35 +00:00
from ..lib.errors import ApiKeyCreateFail
Add API Key to the UI
2020-08-08 13:41:18 +00:00
from ..lib.schema import ApiPlainKeySchema
apikey_plain_schema = ApiPlainKeySchema(many=True)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
admin_bp = Blueprint('admin',
__name__,
template_folder='templates',
url_prefix='/admin')
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
Fix rrest typo in history detail There is a misspelling of rrset throughout the history logic, which also effects the json payload in the database. Code-wise this is a simple search-and-replace, and the migration will fix the payloads.
2022-05-18 22:53:35 +00:00
def get_record_changes(del_rrset, add_rrset):
Diff-ify changelog view for zone changes Improve and document the diff-computation and presentation, so you can easier see what changed.
2023-03-03 12:22:29 +00:00
"""Use the given deleted and added RRset to build a list of record changes.
Args:
del_rrset: The RRset with changetype DELETE, or None
add_rrset: The RRset with changetype REPLACE, or None
Returns:
A list of tuples in the format `(old_state, new_state, change_type)`. `old_state` and
`new_state` are dictionaries with the keys "disabled", "content" and "comment".
`change_type` can be "addition", "deletion", "edit" or "unchanged". When it's "addition"
then `old_state` is None, when it's "deletion" then `new_state` is None.
"""
def get_records(rrset):
"""For the given RRset return a combined list of records and comments."""
if not rrset or 'records' not in rrset:
return []
records = [dict(record) for record in rrset['records']]
for i, record in enumerate(records):
if 'comments' in rrset and len(rrset['comments']) > i:
record['comment'] = rrset['comments'][i].get('content', None)
else:
record['comment'] = None
return records
def record_is_unchanged(old, new):
"""Returns True if the old record is not different from the new one."""
if old['content'] != new['content']:
raise ValueError("Can't compare records with different content")
# check everything except the content
return old['disabled'] == new['disabled'] and old['comment'] == new['comment']
def to_state(record):
"""For the given record, return the state dict."""
return {
"disabled": record['disabled'],
"content": record['content'],
"comment": record.get('comment', ''),
}
add_records = get_records(add_rrset)
del_records = get_records(del_rrset)
changeset = []
for add_record in add_records:
for del_record in list(del_records):
if add_record['content'] == del_record['content']:
# either edited or unchanged
if record_is_unchanged(del_record, add_record):
# unchanged
changeset.append((to_state(del_record), to_state(add_record), "unchanged"))
else:
# edited
changeset.append((to_state(del_record), to_state(add_record), "edit"))
del_records.remove(del_record)
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
break
Diff-ify changelog view for zone changes Improve and document the diff-computation and presentation, so you can easier see what changed.
2023-03-03 12:22:29 +00:00
else: # not mis-indented, else block for the del_records for loop
# addition
changeset.append((None, to_state(add_record), "addition"))
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
Diff-ify changelog view for zone changes Improve and document the diff-computation and presentation, so you can easier see what changed.
2023-03-03 12:22:29 +00:00
# Because the first loop removed edit/unchanged records from the del_records list,
# it now only contains real deletions.
for del_record in del_records:
changeset.append((to_state(del_record), None, "deletion"))
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
Diff-ify changelog view for zone changes Improve and document the diff-computation and presentation, so you can easier see what changed.
2023-03-03 12:22:29 +00:00
# Sort them by the old content. For Additions the new state will be used.
changeset.sort(key=lambda change: change[0]['content'] if change[0] else change[1]['content'])
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
Diff-ify changelog view for zone changes Improve and document the diff-computation and presentation, so you can easier see what changed.
2023-03-03 12:22:29 +00:00
return changeset
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
Refactored zone history retrieval, parsing and displaying code.
2023-04-04 12:32:52 +00:00
def filter_rr_list_by_name_and_type(rrset, record_name, record_type):
return list(filter(lambda rr: rr['name'] == record_name and rr['type'] == record_type, rrset))
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
# out_changes is a list of HistoryRecordEntry objects in which we will append the new changes
Fix rrest typo in history detail There is a misspelling of rrset throughout the history logic, which also effects the json payload in the database. Code-wise this is a simple search-and-replace, and the migration will fix the payloads.
2022-05-18 22:53:35 +00:00
# a HistoryRecordEntry represents a pair of add_rrset and del_rrset
Refactored zone history retrieval, parsing and displaying code.
2023-04-04 12:32:52 +00:00
def extract_changelogs_from_history(histories, record_name=None, record_type=None):
out_changes = []
for entry in histories:
changes = []
if "add_rrsets" in entry.detail:
details = json.loads(entry.detail)
if not details['add_rrsets'] and not details['del_rrsets']:
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
continue
Refactored zone history retrieval, parsing and displaying code.
2023-04-04 12:32:52 +00:00
else: # not a record entry
continue
# filter only the records with the specific record_name, record_type
if record_name != None and record_type != None:
details['add_rrsets'] = list(filter_rr_list_by_name_and_type(details['add_rrsets'], record_name, record_type))
details['del_rrsets'] = list(filter_rr_list_by_name_and_type(details['del_rrsets'], record_name, record_type))
if not details['add_rrsets'] and not details['del_rrsets']:
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
continue
Refactored zone history retrieval, parsing and displaying code.
2023-04-04 12:32:52 +00:00
# same record name and type RR are being deleted and created in same entry.
del_add_changes = set([(r['name'], r['type']) for r in details['add_rrsets']]).intersection([(r['name'], r['type']) for r in details['del_rrsets']])
for del_add_change in del_add_changes:
changes.append(HistoryRecordEntry(
entry,
filter_rr_list_by_name_and_type(details['del_rrsets'], del_add_change[0], del_add_change[1]).pop(0),
filter_rr_list_by_name_and_type(details['add_rrsets'], del_add_change[0], del_add_change[1]).pop(0),
"*")
)
for rrset in details['add_rrsets']:
if (rrset['name'], rrset['type']) not in del_add_changes:
changes.append(HistoryRecordEntry(entry, {}, rrset, "+"))
for rrset in details['del_rrsets']:
if (rrset['name'], rrset['type']) not in del_add_changes:
changes.append(HistoryRecordEntry(entry, rrset, {}, "-"))
# sort changes by the record name
if changes:
changes.sort(key=lambda change:
change.del_rrset['name'] if change.del_rrset else change.add_rrset['name']
)
out_changes.extend(changes)
return out_changes
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
# records with same (name,type) are considered as a single HistoryRecordEntry
# history_entry is of type History - used to extract created_by and created_on
Fix rrest typo in history detail There is a misspelling of rrset throughout the history logic, which also effects the json payload in the database. Code-wise this is a simple search-and-replace, and the migration will fix the payloads.
2022-05-18 22:53:35 +00:00
# add_rrset is a dictionary of replace
# del_rrset is a dictionary of remove
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
class HistoryRecordEntry:
Fix rrest typo in history detail There is a misspelling of rrset throughout the history logic, which also effects the json payload in the database. Code-wise this is a simple search-and-replace, and the migration will fix the payloads.
2022-05-18 22:53:35 +00:00
def __init__(self, history_entry, del_rrset, add_rrset, change_type):
# search the add_rrset index into the add_rrset set for the key (name, type)
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
self.history_entry = history_entry
Fix rrest typo in history detail There is a misspelling of rrset throughout the history logic, which also effects the json payload in the database. Code-wise this is a simple search-and-replace, and the migration will fix the payloads.
2022-05-18 22:53:35 +00:00
self.add_rrset = add_rrset
self.del_rrset = del_rrset
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
self.change_type = change_type # "*": edit or unchanged, "+" new tuple(name,type), "-" deleted (name,type) tuple
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
self.changed_fields = [] # contains a subset of : [ttl, name, type]
self.changeSet = [] # all changes for the records of this add_rrset-del_rrset pair
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
Refactored zone history retrieval, parsing and displaying code.
2023-04-04 12:32:52 +00:00
if change_type == "+" or change_type == "-":
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
self.changed_fields.append("name")
self.changed_fields.append("type")
self.changed_fields.append("ttl")
elif change_type == "*": # edit of unchanged
Fix rrest typo in history detail There is a misspelling of rrset throughout the history logic, which also effects the json payload in the database. Code-wise this is a simple search-and-replace, and the migration will fix the payloads.
2022-05-18 22:53:35 +00:00
if add_rrset['ttl'] != del_rrset['ttl']:
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
self.changed_fields.append("ttl")
Refactored zone history retrieval, parsing and displaying code.
2023-04-04 12:32:52 +00:00
self.changeSet = get_record_changes(del_rrset, add_rrset)
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
def toDict(self):
return {
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
"add_rrset": self.add_rrset,
"del_rrset": self.del_rrset,
"changed_fields": self.changed_fields,
"created_on": self.history_entry.created_on,
"created_by": self.history_entry.created_by,
"change_type": self.change_type,
"changeSet": self.changeSet
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
}
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
def __eq__(self, obj2): # used for removal of objects from a list
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
return True if obj2.toDict() == self.toDict() else False
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
User session improvement - Add session handler on other blueprint's before request - Adjustment in using jTimeout to close warning popup on other tabs when we extend the session
2019-12-18 08:25:20 +00:00
@admin_bp.before_request
def before_request():
# Manage session timeout
session.permanent = True
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
# current_app.permanent_session_lifetime = datetime.timedelta(
# minutes=int(Setting().get('session_timeout')))
User session improvement - Add session handler on other blueprint's before request - Adjustment in using jTimeout to close warning popup on other tabs when we extend the session
2019-12-18 08:25:20 +00:00
current_app.permanent_session_lifetime = datetime.timedelta(
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
minutes=int(Setting().get('session_timeout')))
User session improvement - Add session handler on other blueprint's before request - Adjustment in using jTimeout to close warning popup on other tabs when we extend the session
2019-12-18 08:25:20 +00:00
session.modified = True
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
@admin_bp.route('/server/statistics', methods=['GET'])
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
@login_required
@operator_role_required
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
def server_statistics():
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
if not Setting().get('pdns_api_url') or not Setting().get(
'pdns_api_key') or not Setting().get('pdns_version'):
return redirect(url_for('admin.setting_pdns'))
domains = Domain.query.all()
users = User.query.all()
server = Server(server_id='localhost')
statistics = server.get_statistic()
history_number = History.query.count()
if statistics:
uptime = list([
uptime for uptime in statistics if uptime['name'] == 'uptime'
])[0]['value']
else:
uptime = 0
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
return render_template('admin_server_statistics.html',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
domains=domains,
users=users,
statistics=statistics,
uptime=uptime,
history_number=history_number)
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
@admin_bp.route('/server/configuration', methods=['GET'])
@login_required
@operator_role_required
def server_configuration():
if not Setting().get('pdns_api_url') or not Setting().get(
'pdns_api_key') or not Setting().get('pdns_version'):
return redirect(url_for('admin.setting_pdns'))
domains = Domain.query.all()
users = User.query.all()
server = Server(server_id='localhost')
configs = server.get_config()
history_number = History.query.count()
return render_template('admin_server_configuration.html',
domains=domains,
users=users,
configs=configs,
history_number=history_number)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
@admin_bp.route('/user/edit/<user_username>', methods=['GET', 'POST'])
@admin_bp.route('/user/edit', methods=['GET', 'POST'])
@login_required
@operator_role_required
def edit_user(user_username=None):
if user_username:
user = User.query.filter(User.username == user_username).first()
create = False
if not user:
return render_template('errors/404.html'), 404
if user.role.name == 'Administrator' and current_user.role.name != 'Administrator':
return render_template('errors/401.html'), 401
else:
user = None
create = True
if request.method == 'GET':
return render_template('admin_edit_user.html',
user=user,
create=create)
elif request.method == 'POST':
fdata = request.form
if create:
strip() whitespace from new local user master data (#1019) When creating a new local user, there is a chance that, due to a copy & paste or typing error, whitespace will be introduced at the start or end of the username. This can lead to issues when trying to log in using the affected username, as such a condition can easily be overlooked - no user will be found in the database if entering the username without the aforementioned whitespace. This commit therefore strip()s the username string within routes/{admin,index}.py. The firstname, lastname and email strings within routes/{admin,index,user}.py are also strip()ped on this occasion.
2021-11-05 15:04:35 +00:00
user_username = fdata.get('username', '').strip()
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
user = User(username=user_username,
strip() whitespace from new local user master data (#1019) When creating a new local user, there is a chance that, due to a copy & paste or typing error, whitespace will be introduced at the start or end of the username. This can lead to issues when trying to log in using the affected username, as such a condition can easily be overlooked - no user will be found in the database if entering the username without the aforementioned whitespace. This commit therefore strip()s the username string within routes/{admin,index}.py. The firstname, lastname and email strings within routes/{admin,index,user}.py are also strip()ped on this occasion.
2021-11-05 15:04:35 +00:00
plain_text_password=fdata.get('password', ''),
firstname=fdata.get('firstname', '').strip(),
lastname=fdata.get('lastname', '').strip(),
email=fdata.get('email', '').strip(),
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
reload_info=False)
if create:
strip() whitespace from new local user master data (#1019) When creating a new local user, there is a chance that, due to a copy & paste or typing error, whitespace will be introduced at the start or end of the username. This can lead to issues when trying to log in using the affected username, as such a condition can easily be overlooked - no user will be found in the database if entering the username without the aforementioned whitespace. This commit therefore strip()s the username string within routes/{admin,index}.py. The firstname, lastname and email strings within routes/{admin,index,user}.py are also strip()ped on this occasion.
2021-11-05 15:04:35 +00:00
if not fdata.get('password', ''):
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
return render_template('admin_edit_user.html',
user=user,
create=create,
blank_password=True)
result = user.create_local_user()
history = History(msg='Created user {0}'.format(user.username),
created_by=current_user.username)
else:
result = user.update_local_user()
history = History(msg='Updated user {0}'.format(user.username),
created_by=current_user.username)
if result['status']:
history.add()
return redirect(url_for('admin.manage_user'))
return render_template('admin_edit_user.html',
user=user,
create=create,
error=result['msg'])
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
Add API Key to the UI
2020-08-08 13:41:18 +00:00
@admin_bp.route('/key/edit/<key_id>', methods=['GET', 'POST'])
@admin_bp.route('/key/edit', methods=['GET', 'POST'])
@login_required
@operator_role_required
def edit_key(key_id=None):
domains = Domain.query.all()
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
accounts = Account.query.all()
Add API Key to the UI
2020-08-08 13:41:18 +00:00
roles = Role.query.all()
apikey = None
create = True
plain_key = None
if key_id:
apikey = ApiKey.query.filter(ApiKey.id == key_id).first()
create = False
if not apikey:
return render_template('errors/404.html'), 404
if request.method == 'GET':
return render_template('admin_edit_key.html',
key=apikey,
domains=domains,
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
accounts=accounts,
Add API Key to the UI
2020-08-08 13:41:18 +00:00
roles=roles,
create=create)
if request.method == 'POST':
fdata = request.form
description = fdata['description']
role = fdata.getlist('key_role')[0]
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
domain_list = fdata.getlist('key_multi_domain')
account_list = fdata.getlist('key_multi_account')
Add API Key to the UI
2020-08-08 13:41:18 +00:00
# Create new apikey
if create:
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
if role == "User":
domain_obj_list = Domain.query.filter(Domain.name.in_(domain_list)).all()
account_obj_list = Account.query.filter(Account.name.in_(account_list)).all()
else:
account_obj_list, domain_obj_list = [], []
Add API Key to the UI
2020-08-08 13:41:18 +00:00
apikey = ApiKey(desc=description,
role_name=role,
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
domains=domain_obj_list,
accounts=account_obj_list)
Add API Key to the UI
2020-08-08 13:41:18 +00:00
try:
apikey.create()
except Exception as e:
current_app.logger.error('Error: {0}'.format(e))
raise ApiKeyCreateFail(message='Api key create failed')
plain_key = apikey_plain_schema.dump([apikey])[0]["plain_key"]
plain_key = b64encode(plain_key.encode('utf-8')).decode('utf-8')
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
history_message = "Created API key {0}".format(apikey.id)
Add API Key to the UI
2020-08-08 13:41:18 +00:00
# Update existing apikey
else:
try:
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
if role != "User":
domain_list, account_list = [], []
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
apikey.update(role, description, domain_list, account_list)
history_message = "Updated API key {0}".format(apikey.id)
Add API Key to the UI
2020-08-08 13:41:18 +00:00
except Exception as e:
current_app.logger.error('Error: {0}'.format(e))
history = History(msg=history_message,
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
detail=json.dumps({
'key': apikey.id,
'role': apikey.role.name,
'description': apikey.description,
'domains': [domain.name for domain in apikey.domains],
'accounts': [a.name for a in apikey.accounts]
}),
Add API Key to the UI
2020-08-08 13:41:18 +00:00
created_by=current_user.username)
history.add()
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
Add API Key to the UI
2020-08-08 13:41:18 +00:00
return render_template('admin_edit_key.html',
key=apikey,
domains=domains,
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
accounts=accounts,
Add API Key to the UI
2020-08-08 13:41:18 +00:00
roles=roles,
create=create,
plain_key=plain_key)
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
Add API Key to the UI
2020-08-08 13:41:18 +00:00
@admin_bp.route('/manage-keys', methods=['GET', 'POST'])
@login_required
@operator_role_required
def manage_keys():
if request.method == 'GET':
try:
apikeys = ApiKey.query.all()
except Exception as e:
current_app.logger.error('Error: {0}'.format(e))
abort(500)
return render_template('admin_manage_keys.html',
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
keys=apikeys)
Add API Key to the UI
2020-08-08 13:41:18 +00:00
elif request.method == 'POST':
jdata = request.json
if jdata['action'] == 'delete_key':
apikey = ApiKey.query.get(jdata['data'])
try:
history_apikey_id = apikey.id
history_apikey_role = apikey.role.name
history_apikey_description = apikey.description
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
history_apikey_domains = [domain.name for domain in apikey.domains]
feat: Associate an API Key with accounts (#1044)
2021-12-03 14:12:11 +00:00
Add API Key to the UI
2020-08-08 13:41:18 +00:00
apikey.delete()
except Exception as e:
current_app.logger.error('Error: {0}'.format(e))
current_app.logger.info('Delete API key {0}'.format(apikey.id))
history = History(msg='Delete API key {0}'.format(apikey.id),
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
detail=json.dumps({
'key': history_apikey_id,
'role': history_apikey_role,
'description': history_apikey_description,
'domains': history_apikey_domains
}),
Add API Key to the UI
2020-08-08 13:41:18 +00:00
created_by=current_user.username)
history.add()
return make_response(
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
jsonify({
'status': 'ok',
'msg': 'Key has been removed.'
}), 200)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
@admin_bp.route('/manage-user', methods=['GET', 'POST'])
@login_required
@operator_role_required
def manage_user():
if request.method == 'GET':
roles = Role.query.all()
users = User.query.order_by(User.username).all()
return render_template('admin_manage_user.html',
users=users,
roles=roles)
if request.method == 'POST':
#
# post data should in format
# {'action': 'delete_user', 'data': 'username'}
#
try:
jdata = request.json
data = jdata['data']
if jdata['action'] == 'user_otp_disable':
user = User(username=data)
result = user.update_profile(enable_otp=False)
if result:
history = History(
msg='Two factor authentication disabled for user {0}'.
format(data),
created_by=current_user.username)
history.add()
return make_response(
jsonify({
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'ok',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'Two factor authentication has been disabled for user.'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 200)
else:
return make_response(
jsonify({
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'error',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'Cannot disable two factor authentication for user.'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 500)
elif jdata['action'] == 'delete_user':
user = User(username=data)
if user.username == current_user.username:
return make_response(
jsonify({
'status': 'error',
'msg': 'You cannot delete yourself.'
}), 400)
# Remove account associations first
user_accounts = Account.query.join(AccountUser).join(
User).filter(AccountUser.user_id == user.id,
AccountUser.account_id == Account.id).all()
for uc in user_accounts:
uc.revoke_privileges_by_id(user.id)
# Then delete the user
result = user.delete()
if result:
Add more log and history data
2019-12-16 04:01:16 +00:00
history = History(msg='Delete user {0}'.format(data),
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
created_by=current_user.username)
history.add()
return make_response(
jsonify({
'status': 'ok',
'msg': 'User has been removed.'
}), 200)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Cannot remove user.'
}), 500)
elif jdata['action'] == 'revoke_user_privileges':
user = User(username=data)
result = user.revoke_privilege()
if result:
history = History(
msg='Revoke {0} user privileges'.format(data),
created_by=current_user.username)
history.add()
return make_response(
jsonify({
'status': 'ok',
'msg': 'Revoked user privileges.'
}), 200)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Cannot revoke user privilege.'
}), 500)
elif jdata['action'] == 'update_user_role':
username = data['username']
role_name = data['role_name']
if username == current_user.username:
return make_response(
jsonify({
'status': 'error',
'msg': 'You cannot change you own roles.'
}), 400)
user = User.query.filter(User.username == username).first()
if not user:
return make_response(
jsonify({
'status': 'error',
'msg': 'User does not exist.'
}), 404)
if user.role.name == 'Administrator' and current_user.role.name != 'Administrator':
return make_response(
jsonify({
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'error',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'You do not have permission to change Administrator users role.'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 400)
if role_name == 'Administrator' and current_user.role.name != 'Administrator':
return make_response(
jsonify({
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'error',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'You do not have permission to promote a user to Administrator role.'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 400)
user = User(username=username)
result = user.set_role(role_name)
if result['status']:
history = History(
msg='Change user role of {0} to {1}'.format(
username, role_name),
created_by=current_user.username)
history.add()
return make_response(
jsonify({
'status': 'ok',
'msg': 'Changed user role successfully.'
}), 200)
else:
return make_response(
jsonify({
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'error',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'Cannot change user role. {0}'.format(
result['msg'])
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 500)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Action not supported.'
}), 400)
except Exception as e:
current_app.logger.error(
'Cannot update user. Error: {0}'.format(e))
current_app.logger.debug(traceback.format_exc())
return make_response(
jsonify({
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'error',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'There is something wrong, please contact Administrator.'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 400)
@admin_bp.route('/account/edit/<account_name>', methods=['GET', 'POST'])
@admin_bp.route('/account/edit', methods=['GET', 'POST'])
@login_required
@operator_role_required
def edit_account(account_name=None):
users = User.query.all()
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
account = Account.query.filter(
Account.name == account_name).first()
all_accounts = Account.query.all()
Update powerdnsadmin/routes/admin.py Looks good to me Co-authored-by: Corubba <97832352+corubba@users.noreply.github.com>
2022-06-29 06:56:01 +00:00
accounts = {acc.id: acc for acc in all_accounts}
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
domains = Domain.query.all()
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
if request.method == 'GET':
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
if account_name is None or not account:
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
return render_template('admin_edit_account.html',
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
account=None,
setting account_user_ids to empty list on GET /account/edit (#966)
2021-08-05 17:41:28 +00:00
account_user_ids=[],
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
users=users,
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
domains=domains,
accounts=accounts,
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
create=1)
else:
account = Account.query.filter(
Account.name == account_name).first()
account_user_ids = account.get_user()
return render_template('admin_edit_account.html',
account=account,
account_user_ids=account_user_ids,
users=users,
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
domains=domains,
accounts=accounts,
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
create=0)
if request.method == 'POST':
fdata = request.form
new_user_list = request.form.getlist('account_multi_user')
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
new_domain_list = request.form.getlist('account_domains')
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
# on POST, synthesize account and account_user_ids from form data
if not account_name:
account_name = fdata['accountname']
account = Account(name=account_name,
description=fdata['accountdescription'],
contact=fdata['accountcontact'],
mail=fdata['accountmail'])
account_user_ids = []
for username in new_user_list:
userid = User(username=username).get_user_info_by_username().id
account_user_ids.append(userid)
create = int(fdata['create'])
if create:
# account __init__ sanitizes and lowercases the name, so to manage expectations
# we let the user reenter the name until it's not empty and it's valid (ignoring the case)
if account.name == "" or account.name != account_name.lower():
return render_template('admin_edit_account.html',
account=account,
account_user_ids=account_user_ids,
users=users,
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
domains=domains,
accounts=accounts,
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
create=create,
invalid_accountname=True)
if Account.query.filter(Account.name == account.name).first():
return render_template('admin_edit_account.html',
account=account,
account_user_ids=account_user_ids,
users=users,
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
domains=domains,
accounts=accounts,
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
create=create,
duplicate_accountname=True)
result = account.create_account()
else:
result = account.update_account()
if result['status']:
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
account = Account.query.filter(
Account.name == account_name).first()
old_domains = Domain.query.filter(Domain.account_id == account.id).all()
for domain_name in new_domain_list:
domain = Domain.query.filter(
Domain.name == domain_name).first()
if account.id != domain.account_id:
Domain(name=domain_name).assoc_account(account.id)
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
Add list to manage with an account associated domains
2022-06-28 09:15:43 +00:00
for domain in old_domains:
if domain.name not in new_domain_list:
Domain(name=domain.name).assoc_account(None)
history = History(msg='{0} account {1}'.format('Create' if create else 'Update', account.name),
created_by=current_user.username)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
account.grant_privileges(new_user_list)
history.add()
return redirect(url_for('admin.manage_account'))
return render_template('admin_edit_account.html',
account=account,
account_user_ids=account_user_ids,
users=users,
create=create,
error=result['msg'])
@admin_bp.route('/manage-account', methods=['GET', 'POST'])
@login_required
@operator_role_required
def manage_account():
if request.method == 'GET':
accounts = Account.query.order_by(Account.name).all()
for account in accounts:
account.user_num = AccountUser.query.filter(
AccountUser.account_id == account.id).count()
return render_template('admin_manage_account.html', accounts=accounts)
if request.method == 'POST':
#
# post data should in format
# {'action': 'delete_account', 'data': 'accountname'}
#
try:
jdata = request.json
data = jdata['data']
if jdata['action'] == 'delete_account':
account = Account.query.filter(Account.name == data).first()
if not account:
return make_response(
jsonify({
'status': 'error',
'msg': 'Account not found.'
}), 404)
# Remove account association from domains first
for domain in account.domains:
Domain(name=domain.name).assoc_account(None)
# Then delete the account
result = account.delete_account()
if result:
history = History(msg='Delete account {0}'.format(data),
created_by=current_user.username)
history.add()
return make_response(
jsonify({
'status': 'ok',
'msg': 'Account has been removed.'
}), 200)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Cannot remove account.'
}), 500)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Action not supported.'
}), 400)
except Exception as e:
current_app.logger.error(
'Cannot update account. Error: {0}'.format(e))
current_app.logger.debug(traceback.format_exc())
return make_response(
jsonify({
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'error',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'There is something wrong, please contact Administrator.'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 400)
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
class DetailedHistory():
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
def __init__(self, history, change_set):
self.history = history
self.detailed_msg = ""
self.change_set = change_set
if not history.detail:
self.detailed_msg = ""
return
Use json.dumps for every detail in history This works much better instead of just writing a str to the db and expect it to be loaded just fine from json.loads
2022-04-05 08:50:15 +00:00
detail_dict = json.loads(history.detail)
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
if 'domain_type' in detail_dict and 'account_id' in detail_dict: # this is a zone creation
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
self.detailed_msg = render_template_string("""
<table class="table table-bordered table-striped">
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
<tr><td>Zone Type:</td><td>{{ domaintype }}</td></tr>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
<tr><td>Account:</td><td>{{ account }}</td></tr>
</table>
""",
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
domaintype=detail_dict['domain_type'],
account=Account.get_name_by_id(self=None, account_id=detail_dict[
'account_id']) if detail_dict[
'account_id'] != "0" else "None")
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
elif 'authenticator' in detail_dict: # this is a user authentication
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
self.detailed_msg = render_template_string("""
Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"" This reverts commit e2ad3e200179dd02bd8dfe42913b59bae9bd4263.
2023-02-18 16:04:14 +00:00
<table class="table table-bordered table-striped"">
<tbody>
Fix user auth history modal and provide more info
2023-02-17 22:47:23 +00:00
<tr>
Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"" This reverts commit e2ad3e200179dd02bd8dfe42913b59bae9bd4263.
2023-02-18 16:04:14 +00:00
<td>Username:</td>
<td>{{ username }}</td>
</tr>
<tr>
<td>Authentication Result:</td>
<td>{{ auth_result }}</td>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
</tr>
<tr>
<td>Authenticator Type:</td>
Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"" This reverts commit e2ad3e200179dd02bd8dfe42913b59bae9bd4263.
2023-02-18 16:04:14 +00:00
<td>{{ authenticator }}</td>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
</tr>
<tr>
Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"" This reverts commit e2ad3e200179dd02bd8dfe42913b59bae9bd4263.
2023-02-18 16:04:14 +00:00
<td>IP Address:</td>
<td>{{ ip_address }}</td>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
</tr>
</tbody>
</table>
""",
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
background_rgba="68,157,68" if detail_dict[
'success'] == 1 else "201,48,44",
username=detail_dict['username'],
auth_result="success" if detail_dict[
'success'] == 1 else "failure",
authenticator=detail_dict['authenticator'],
ip_address=detail_dict['ip_address'])
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
elif 'add_rrsets' in detail_dict: # this is a zone record change
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
self.detailed_msg = ""
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
elif 'name' in detail_dict and 'template' in history.msg: # template creation / deletion
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
self.detailed_msg = render_template_string("""
<table class="table table-bordered table-striped">
<tr><td>Template name:</td><td>{{ template_name }}</td></tr>
<tr><td>Description:</td><td>{{ description }}</td></tr>
</table>
""",
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
template_name=DetailedHistory.get_key_val(detail_dict, "name"),
description=DetailedHistory.get_key_val(detail_dict,
"description"))
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
Make sure old history items will also be shown
2023-03-16 17:36:47 +00:00
elif any(msg in history.msg for msg in ['Change zone','Change domain']) and 'access control' in history.msg: # added or removed a user from a zone
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
users_with_access = DetailedHistory.get_key_val(detail_dict, "user_has_access")
self.detailed_msg = render_template_string("""
<table class="table table-bordered table-striped">
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
<tr><td>Users with access to this zone</td><td>{{ users_with_access }}</td></tr>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
<tr><td>Number of users:</td><td>{{ users_with_access | length }}</td><tr>
</table>
""",
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
users_with_access=users_with_access)
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
elif 'Created API key' in history.msg or 'Updated API key' in history.msg:
self.detailed_msg = render_template_string("""
<table class="table table-bordered table-striped">
<tr><td>Key: </td><td>{{ keyname }}</td></tr>
<tr><td>Role:</td><td>{{ rolename }}</td></tr>
<tr><td>Description:</td><td>{{ description }}</td></tr>
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
<tr><td>Accessible zones with this API key:</td><td>{{ linked_domains }}</td></tr>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
<tr><td>Accessible accounts with this API key:</td><td>{{ linked_accounts }}</td></tr>
</table>
""",
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
keyname=DetailedHistory.get_key_val(detail_dict, "key"),
rolename=DetailedHistory.get_key_val(detail_dict, "role"),
description=DetailedHistory.get_key_val(detail_dict,
"description"),
linked_domains=DetailedHistory.get_key_val(detail_dict,
"domains" if "domains" in detail_dict else "domain_acl"),
linked_accounts=DetailedHistory.get_key_val(detail_dict,
"accounts"))
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
elif 'Delete API key' in history.msg:
self.detailed_msg = render_template_string("""
<table class="table table-bordered table-striped">
<tr><td>Key: </td><td>{{ keyname }}</td></tr>
<tr><td>Role:</td><td>{{ rolename }}</td></tr>
<tr><td>Description:</td><td>{{ description }}</td></tr>
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
<tr><td>Accessible zones with this API key:</td><td>{{ linked_domains }}</td></tr>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
</table>
""",
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
keyname=DetailedHistory.get_key_val(detail_dict, "key"),
rolename=DetailedHistory.get_key_val(detail_dict, "role"),
description=DetailedHistory.get_key_val(detail_dict,
"description"),
linked_domains=DetailedHistory.get_key_val(detail_dict,
"domains"))
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
Make sure old history items will also be shown
2023-03-16 17:36:47 +00:00
elif any(msg in history.msg for msg in ['Update type for zone','Update type for domain']):
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
self.detailed_msg = render_template_string("""
<table class="table table-bordered table-striped">
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
<tr><td>Zone: </td><td>{{ domain }}</td></tr>
<tr><td>Zone type:</td><td>{{ domain_type }}</td></tr>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
<tr><td>Masters:</td><td>{{ masters }}</td></tr>
</table>
""",
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
domain=DetailedHistory.get_key_val(detail_dict, "domain"),
domain_type=DetailedHistory.get_key_val(detail_dict, "type"),
masters=DetailedHistory.get_key_val(detail_dict, "masters"))
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
elif 'reverse' in history.msg:
self.detailed_msg = render_template_string("""
<table class="table table-bordered table-striped">
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
<tr><td>Zone Type: </td><td>{{ domain_type }}</td></tr>
<tr><td>Zone Master IPs:</td><td>{{ domain_master_ips }}</td></tr>
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
</table>
""",
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
domain_type=DetailedHistory.get_key_val(detail_dict,
"domain_type"),
domain_master_ips=DetailedHistory.get_key_val(detail_dict,
"domain_master_ips"))
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
Add more detailed info to the history when a msg and status exists
2022-04-04 15:22:41 +00:00
elif DetailedHistory.get_key_val(detail_dict, 'msg') and DetailedHistory.get_key_val(detail_dict, 'status'):
self.detailed_msg = render_template_string('''
<table class="table table-bordered table-striped">
<tr><td>Status: </td><td>{{ history_status }}</td></tr>
<tr><td>Message:</td><td>{{ history_msg }}</td></tr>
</table>
''',
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
history_status=DetailedHistory.get_key_val(detail_dict,
'status'),
history_msg=DetailedHistory.get_key_val(detail_dict, 'msg'))
Make sure old history items will also be shown
2023-03-16 17:36:47 +00:00
elif any(msg in history.msg for msg in ['Update zone','Update domain']) and 'associate account' in history.msg: # When an account gets associated or dissociate with zones
Add history entries for association changes of domains
2022-06-28 09:16:45 +00:00
self.detailed_msg = render_template_string('''
<table class="table table-bordered table-striped">
<tr><td>Associate: </td><td>{{ history_assoc_account }}</td></tr>
<tr><td>Dissociate:</td><td>{{ history_dissoc_account }}</td></tr>
</table>
''',
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
history_assoc_account=DetailedHistory.get_key_val(detail_dict,
'assoc_account'),
history_dissoc_account=DetailedHistory.get_key_val(detail_dict,
'dissoc_account'))
Add more detailed info to the history when a msg and status exists
2022-04-04 15:22:41 +00:00
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
# check for lower key as well for old databases
@staticmethod
def get_key_val(_dict, key):
routes/admin.py: DetailedHistory: backward-compatibility See https://github.com/ngoduykhanh/PowerDNS-Admin/pull/1066
2021-12-04 16:38:48 +00:00
return str(_dict.get(key, _dict.get(key.title(), '')))
routes/admin.py: refactor DetailedHistory - Run HTML through the template engine, preventing XSS from various vectors - Fix uncaught exception when a history entry about domain template deletion is processed - Adapt indentation to 4 space characters per level
2021-12-04 14:36:05 +00:00
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
# convert a list of History objects into DetailedHistory objects
def convert_histories(histories):
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
detailedHistories = []
Refactored zone history retrieval, parsing and displaying code.
2023-04-04 12:32:52 +00:00
for history in histories:
if history.detail and ('add_rrsets' in history.detail or 'del_rrsets' in history.detail):
history_as_list = list()
history_as_list.append(history)
detailedHistories.append(DetailedHistory(history, extract_changelogs_from_history(history_as_list)))
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
else:
Refactored zone history retrieval, parsing and displaying code.
2023-04-04 12:32:52 +00:00
detailedHistories.append(DetailedHistory(history, None))
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
return detailedHistories
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
@admin_bp.route('/history', methods=['GET', 'POST'])
@login_required
Allow user role to view history (#890)
2021-03-27 18:33:11 +00:00
@history_access_required
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
def history():
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
if request.method == 'POST':
if current_user.role.name != 'Administrator':
return make_response(
jsonify({
'status': 'error',
'msg': 'You do not have permission to remove history.'
}), 401)
if Setting().get('preserve_history'):
return make_response(
jsonify({
'status': 'error',
'msg': 'History removal is not allowed (toggle preserve_history in settings).'
}), 401)
h = History()
result = h.remove_all()
if result:
history = History(msg='Remove all histories',
created_by=current_user.username)
history.add()
return make_response(
jsonify({
'status': 'ok',
'msg': 'Changed user role successfully.'
}), 200)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Can not remove histories.'
}), 500)
if request.method == 'GET':
doms = accounts = users = ""
if current_user.role.name in ['Administrator', 'Operator']:
all_domain_names = Domain.query.all()
all_account_names = Account.query.all()
all_user_names = User.query.all()
for d in all_domain_names:
doms += d.name + " "
for acc in all_account_names:
accounts += acc.name + " "
for usr in all_user_names:
users += usr.username + " "
else: # special autocomplete for users
all_domain_names = db.session.query(Domain) \
.outerjoin(DomainUser, Domain.id == DomainUser.domain_id) \
.outerjoin(Account, Domain.account_id == Account.id) \
.outerjoin(AccountUser, Account.id == AccountUser.account_id) \
.filter(
db.or_(
DomainUser.user_id == current_user.id,
AccountUser.user_id == current_user.id
)).all()
all_account_names = db.session.query(Account) \
.outerjoin(Domain, Domain.account_id == Account.id) \
.outerjoin(DomainUser, Domain.id == DomainUser.domain_id) \
.outerjoin(AccountUser, Account.id == AccountUser.account_id) \
.filter(
db.or_(
DomainUser.user_id == current_user.id,
AccountUser.user_id == current_user.id
)).all()
all_user_names = []
for a in all_account_names:
temp = db.session.query(User) \
.join(AccountUser, AccountUser.user_id == User.id) \
.outerjoin(Account, Account.id == AccountUser.account_id) \
.filter(
db.or_(
Account.id == a.id,
AccountUser.account_id == a.id
)
) \
.all()
for u in temp:
if u in all_user_names:
continue
all_user_names.append(u)
for d in all_domain_names:
doms += d.name + " "
for a in all_account_names:
accounts += a.name + " "
for u in all_user_names:
users += u.username + " "
return render_template('admin_history.html', all_domain_names=doms, all_account_names=accounts,
all_usernames=users)
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
# local_offset is the offset of the utc to the local time
# offset must be int
# return the date converted and simplified
def from_utc_to_local(local_offset, timeframe):
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
offset = str(local_offset * (-1))
date_split = str(timeframe).split(".")[0]
date_converted = datetime.datetime.strptime(date_split, '%Y-%m-%d %H:%M:%S') + datetime.timedelta(
minutes=int(offset))
return date_converted
History Tab Overhaul & Domain Record Modifications Changelog (#1042) Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com> Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com> Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com> Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 09:02:37 +00:00
@admin_bp.route('/history_table', methods=['GET', 'POST'])
@login_required
@history_access_required
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
def history_table(): # ajax call data
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
if request.method == 'POST':
if current_user.role.name != 'Administrator':
return make_response(
jsonify({
'status': 'error',
'msg': 'You do not have permission to remove history.'
}), 401)
h = History()
result = h.remove_all()
if result:
history = History(msg='Remove all histories',
created_by=current_user.username)
history.add()
return make_response(
jsonify({
'status': 'ok',
'msg': 'Changed user role successfully.'
}), 200)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Can not remove histories.'
}), 500)
detailedHistories = []
lim = int(Setting().get('max_history_records')) # max num of records
if request.method == 'GET':
if current_user.role.name in ['Administrator', 'Operator']:
base_query = History.query
else:
# if the user isn't an administrator or operator,
# allow_user_view_history must be enabled to get here,
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
# so include history for the zones for the user
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
base_query = db.session.query(History) \
.join(Domain, History.domain_id == Domain.id) \
.outerjoin(DomainUser, Domain.id == DomainUser.domain_id) \
.outerjoin(Account, Domain.account_id == Account.id) \
.outerjoin(AccountUser, Account.id == AccountUser.account_id) \
.filter(
db.or_(
DomainUser.user_id == current_user.id,
AccountUser.user_id == current_user.id
))
domain_name = request.args.get('domain_name_filter') if request.args.get('domain_name_filter') != None \
and len(
request.args.get('domain_name_filter')) != 0 else None
account_name = request.args.get('account_name_filter') if request.args.get('account_name_filter') != None \
and len(
request.args.get('account_name_filter')) != 0 else None
user_name = request.args.get('auth_name_filter') if request.args.get('auth_name_filter') != None \
and len(request.args.get('auth_name_filter')) != 0 else None
min_date = request.args.get('min') if request.args.get('min') != None and len(
request.args.get('min')) != 0 else None
if min_date != None: # get 1 day earlier, to check for timezone errors
min_date = str(datetime.datetime.strptime(min_date, '%Y-%m-%d') - datetime.timedelta(days=1))
max_date = request.args.get('max') if request.args.get('max') != None and len(
request.args.get('max')) != 0 else None
if max_date != None: # get 1 day later, to check for timezone errors
max_date = str(datetime.datetime.strptime(max_date, '%Y-%m-%d') + datetime.timedelta(days=1))
tzoffset = request.args.get('tzoffset') if request.args.get('tzoffset') != None and len(
request.args.get('tzoffset')) != 0 else None
changed_by = request.args.get('user_name_filter') if request.args.get('user_name_filter') != None \
and len(
request.args.get('user_name_filter')) != 0 else None
"""
Auth methods: LOCAL, Github OAuth, Azure OAuth, SAML, OIDC OAuth, Google OAuth
"""
auth_methods = []
if (request.args.get('auth_local_only_checkbox') is None \
and request.args.get('auth_oauth_only_checkbox') is None \
and request.args.get('auth_saml_only_checkbox') is None and request.args.get(
'auth_all_checkbox') is None):
auth_methods = []
if request.args.get('auth_all_checkbox') == "on":
auth_methods.append("")
if request.args.get('auth_local_only_checkbox') == "on":
auth_methods.append("LOCAL")
if request.args.get('auth_oauth_only_checkbox') == "on":
auth_methods.append("OAuth")
if request.args.get('auth_saml_only_checkbox') == "on":
auth_methods.append("SAML")
if request.args.get('domain_changelog_only_checkbox') != None:
changelog_only = True if request.args.get('domain_changelog_only_checkbox') == "on" else False
else:
changelog_only = False
# users cannot search for authentication
if user_name != None and current_user.role.name not in ['Administrator', 'Operator']:
histories = []
elif domain_name != None:
if not changelog_only:
histories = base_query \
.filter(
db.and_(
db.or_(
Make sure old history items will also be shown
2023-03-16 17:36:47 +00:00
History.msg.like("%domain " + domain_name) if domain_name != "*" else History.msg.like("%domain%"),
History.msg.like("%zone " + domain_name) if domain_name != "*" else History.msg.like("%zone%"),
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
History.msg.like(
"%domain " + domain_name + " access control") if domain_name != "*" else History.msg.like(
Make sure old history items will also be shown
2023-03-16 17:36:47 +00:00
"%domain%access control"),
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
History.msg.like(
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
"%zone " + domain_name + " access control") if domain_name != "*" else History.msg.like(
"%zone%access control")
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
),
History.created_on <= max_date if max_date != None else True,
History.created_on >= min_date if min_date != None else True,
History.created_by == changed_by if changed_by != None else True
)
).order_by(History.created_on.desc()).limit(lim).all()
else:
# search for records changes only
histories = base_query \
.filter(
db.and_(
Make sure old history items will also be shown
2023-03-16 17:36:47 +00:00
db.or_(
History.msg.like("Apply record changes to domain " + domain_name) if domain_name != "*" \
else History.msg.like("Apply record changes to domain%"),
History.msg.like("Apply record changes to zone " + domain_name) if domain_name != "*" \
else History.msg.like("Apply record changes to zone%"),
),
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
History.created_on <= max_date if max_date != None else True,
History.created_on >= min_date if min_date != None else True,
History.created_by == changed_by if changed_by != None else True
)
).order_by(History.created_on.desc()) \
.limit(lim).all()
elif account_name != None:
if current_user.role.name in ['Administrator', 'Operator']:
histories = base_query \
.join(Domain, History.domain_id == Domain.id) \
.outerjoin(Account, Domain.account_id == Account.id) \
.filter(
db.and_(
Account.id == Domain.account_id,
account_name == Account.name if account_name != "*" else True,
History.created_on <= max_date if max_date != None else True,
History.created_on >= min_date if min_date != None else True,
History.created_by == changed_by if changed_by != None else True
)
).order_by(History.created_on.desc()) \
.limit(lim).all()
else:
histories = base_query \
.filter(
db.and_(
Account.id == Domain.account_id,
account_name == Account.name if account_name != "*" else True,
History.created_on <= max_date if max_date != None else True,
History.created_on >= min_date if min_date != None else True,
History.created_by == changed_by if changed_by != None else True
)
).order_by(History.created_on.desc()) \
.limit(lim).all()
elif user_name != None and current_user.role.name in ['Administrator',
'Operator']: # only admins can see the user login-logouts
histories = History.query \
.filter(
db.and_(
db.or_(
History.msg.like(
"User " + user_name + " authentication%") if user_name != "*" and user_name != None else History.msg.like(
"%authentication%"),
History.msg.like(
"User " + user_name + " was not authorized%") if user_name != "*" and user_name != None else History.msg.like(
"User%was not authorized%")
),
History.created_on <= max_date if max_date != None else True,
History.created_on >= min_date if min_date != None else True,
History.created_by == changed_by if changed_by != None else True
)
) \
.order_by(History.created_on.desc()).limit(lim).all()
temp = []
for h in histories:
for method in auth_methods:
if method in h.detail:
temp.append(h)
break
histories = temp
elif (changed_by != None or max_date != None) and current_user.role.name in ['Administrator',
'Operator']: # select changed by and date filters only
histories = History.query \
.filter(
db.and_(
History.created_on <= max_date if max_date != None else True,
History.created_on >= min_date if min_date != None else True,
History.created_by == changed_by if changed_by != None else True
)
) \
.order_by(History.created_on.desc()).limit(lim).all()
elif (
changed_by != None or max_date != None): # special filtering for user because one user does not have access to log-ins logs
histories = base_query \
.filter(
db.and_(
History.created_on <= max_date if max_date != None else True,
History.created_on >= min_date if min_date != None else True,
History.created_by == changed_by if changed_by != None else True
)
) \
.order_by(History.created_on.desc()).limit(lim).all()
elif max_date != None: # if changed by == null and only date is applied
histories = base_query.filter(
db.and_(
History.created_on <= max_date if max_date != None else True,
History.created_on >= min_date if min_date != None else True,
)
).order_by(History.created_on.desc()).limit(lim).all()
else: # default view
if current_user.role.name in ['Administrator', 'Operator']:
histories = History.query.order_by(History.created_on.desc()).limit(lim).all()
else:
histories = db.session.query(History) \
.join(Domain, History.domain_id == Domain.id) \
.outerjoin(DomainUser, Domain.id == DomainUser.domain_id) \
.outerjoin(Account, Domain.account_id == Account.id) \
.outerjoin(AccountUser, Account.id == AccountUser.account_id) \
.order_by(History.created_on.desc()) \
.filter(
db.or_(
DomainUser.user_id == current_user.id,
AccountUser.user_id == current_user.id
)).limit(lim).all()
detailedHistories = convert_histories(histories)
# Remove dates from previous or next day that were brought over
if tzoffset != None:
if min_date != None:
min_date_split = min_date.split()[0]
if max_date != None:
max_date_split = max_date.split()[0]
for i, history_rec in enumerate(detailedHistories):
local_date = str(from_utc_to_local(int(tzoffset), history_rec.history.created_on).date())
if (min_date != None and local_date == min_date_split) or (
max_date != None and local_date == max_date_split):
detailedHistories[i] = None
# Remove elements previously flagged as None
detailedHistories = [h for h in detailedHistories if h is not None]
return render_template('admin_history_table.html', histories=detailedHistories,
len_histories=len(detailedHistories), lim=lim)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
@admin_bp.route('/setting/basic', methods=['GET'])
@login_required
@operator_role_required
def setting_basic():
Rework user image handling Moved all the logic out of the template into a separate endpoint. This makes it easy to extend to also support images from different sources like LDAP/SAML/OIDC. Session-based caching is hard to do, so to allow time-based caching in the browser, the url needs to be unique for every user by using a query parameter. Replaced the default/fallback user image with a new one. It is based on the old one, but does not need css to be visible. And removed said css. Gravatar has now its own setting named `gravatar_enabled`, which is disabled by default.
2022-05-27 11:01:46 +00:00
settings = [
'account_name_extra_chars',
'allow_user_create_domain',
'allow_user_remove_domain',
'allow_user_view_history',
'auto_ptr',
'bg_domain_updates',
'custom_css',
'default_domain_table_size',
'default_record_table_size',
'delete_sso_accounts',
Added custom header in created_by segment option
2023-03-12 13:36:30 +00:00
'custom_history_header',
Rework user image handling Moved all the logic out of the template into a separate endpoint. This makes it easy to extend to also support images from different sources like LDAP/SAML/OIDC. Session-based caching is hard to do, so to allow time-based caching in the browser, the url needs to be unique for every user by using a query parameter. Replaced the default/fallback user image with a new one. It is based on the old one, but does not need css to be visible. And removed said css. Gravatar has now its own setting named `gravatar_enabled`, which is disabled by default.
2022-05-27 11:01:46 +00:00
'deny_domain_override',
'dnssec_admins_only',
'enable_api_rr_history',
'enforce_api_ttl',
'fullscreen_layout',
'gravatar_enabled',
'login_ldap_first',
'maintenance',
'max_history_records',
'otp_field_enabled',
'otp_force',
'pdns_api_timeout',
Preserve domain records history after domain deletion.
2023-02-13 10:08:03 +00:00
'preserve_history',
Rework user image handling Moved all the logic out of the template into a separate endpoint. This makes it easy to extend to also support images from different sources like LDAP/SAML/OIDC. Session-based caching is hard to do, so to allow time-based caching in the browser, the url needs to be unique for every user by using a query parameter. Replaced the default/fallback user image with a new one. It is based on the old one, but does not need css to be visible. And removed said css. Gravatar has now its own setting named `gravatar_enabled`, which is disabled by default.
2022-05-27 11:01:46 +00:00
'pretty_ipv6_ptr',
'record_helper',
'record_quick_edit',
'session_timeout',
'site_name',
'ttl_options',
'verify_ssl_connections',
'verify_user_email',
'warn_session_timeout',
]
return render_template('admin_setting_basic.html', settings=settings)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
@admin_bp.route('/setting/basic/<path:setting>/edit', methods=['POST'])
@login_required
@operator_role_required
def setting_basic_edit(setting):
jdata = request.json
new_value = jdata['value']
result = Setting().set(setting, new_value)
if (result):
return make_response(
jsonify({
'status': 'ok',
'msg': 'Toggled setting successfully.'
}), 200)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Unable to toggle setting.'
}), 500)
@admin_bp.route('/setting/basic/<path:setting>/toggle', methods=['POST'])
@login_required
@operator_role_required
def setting_basic_toggle(setting):
result = Setting().toggle(setting)
if (result):
return make_response(
jsonify({
'status': 'ok',
'msg': 'Toggled setting successfully.'
}), 200)
else:
return make_response(
jsonify({
'status': 'error',
'msg': 'Unable to toggle setting.'
}), 500)
@admin_bp.route('/setting/pdns', methods=['GET', 'POST'])
@login_required
@admin_role_required
def setting_pdns():
if request.method == 'GET':
pdns_api_url = Setting().get('pdns_api_url')
pdns_api_key = Setting().get('pdns_api_key')
pdns_version = Setting().get('pdns_version')
return render_template('admin_setting_pdns.html',
pdns_api_url=pdns_api_url,
pdns_api_key=pdns_api_key,
pdns_version=pdns_version)
elif request.method == 'POST':
pdns_api_url = request.form.get('pdns_api_url')
pdns_api_key = request.form.get('pdns_api_key')
pdns_version = request.form.get('pdns_version')
Setting().set('pdns_api_url', pdns_api_url)
Setting().set('pdns_api_key', pdns_api_key)
Setting().set('pdns_version', pdns_version)
return render_template('admin_setting_pdns.html',
pdns_api_url=pdns_api_url,
pdns_api_key=pdns_api_key,
pdns_version=pdns_version)
@admin_bp.route('/setting/dns-records', methods=['GET', 'POST'])
@login_required
@operator_role_required
def setting_records():
if request.method == 'GET':
_fr = Setting().get('forward_records_allow_edit')
_rr = Setting().get('reverse_records_allow_edit')
f_records = literal_eval(_fr) if isinstance(_fr, str) else _fr
r_records = literal_eval(_rr) if isinstance(_rr, str) else _rr
return render_template('admin_setting_records.html',
f_records=f_records,
r_records=r_records)
elif request.method == 'POST':
fr = {}
rr = {}
records = Setting().defaults['forward_records_allow_edit']
for r in records:
fr[r] = True if request.form.get('fr_{0}'.format(
r.lower())) else False
rr[r] = True if request.form.get('rr_{0}'.format(
r.lower())) else False
Setting().set('forward_records_allow_edit', str(fr))
Setting().set('reverse_records_allow_edit', str(rr))
return redirect(url_for('admin.setting_records'))
Code formating
2020-04-30 03:17:08 +00:00
def has_an_auth_method(local_db_enabled=None,
ldap_enabled=None,
google_oauth_enabled=None,
github_oauth_enabled=None,
oidc_oauth_enabled=None,
azure_oauth_enabled=None):
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
if local_db_enabled is None:
local_db_enabled = Setting().get('local_db_enabled')
if ldap_enabled is None:
ldap_enabled = Setting().get('ldap_enabled')
if google_oauth_enabled is None:
google_oauth_enabled = Setting().get('google_oauth_enabled')
if github_oauth_enabled is None:
github_oauth_enabled = Setting().get('github_oauth_enabled')
if oidc_oauth_enabled is None:
oidc_oauth_enabled = Setting().get('oidc_oauth_enabled')
if azure_oauth_enabled is None:
azure_oauth_enabled = Setting().get('azure_oauth_enabled')
return local_db_enabled or ldap_enabled or google_oauth_enabled or github_oauth_enabled or oidc_oauth_enabled or azure_oauth_enabled
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Code formating
2020-04-30 03:17:08 +00:00
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
@admin_bp.route('/setting/authentication', methods=['GET', 'POST'])
@login_required
@admin_role_required
def setting_authentication():
if request.method == 'GET':
return render_template('admin_setting_authentication.html')
elif request.method == 'POST':
conf_type = request.form.get('config_tab')
result = None
if conf_type == 'general':
local_db_enabled = True if request.form.get(
'local_db_enabled') else False
signup_enabled = True if request.form.get(
feat(authentication): added admin settings for password policies
2023-03-17 03:42:45 +00:00
'signup_enabled') else False
pwd_enforce_characters = True if request.form.get('pwd_enforce_characters') else False
pwd_min_len = safe_cast(request.form.get('pwd_min_len', Setting().defaults["pwd_min_len"]), int,
Setting().defaults["pwd_min_len"])
pwd_min_lowercase = safe_cast(request.form.get('pwd_min_lowercase', Setting().defaults["pwd_min_lowercase"]), int,
Setting().defaults["pwd_min_lowercase"])
pwd_min_uppercase = safe_cast(request.form.get('pwd_min_uppercase', Setting().defaults["pwd_min_uppercase"]), int,
Setting().defaults["pwd_min_uppercase"])
pwd_min_digits = safe_cast(request.form.get('pwd_min_digits', Setting().defaults["pwd_min_digits"]), int,
Setting().defaults["pwd_min_digits"])
pwd_min_special = safe_cast(request.form.get('pwd_min_special', Setting().defaults["pwd_min_special"]), int,
Setting().defaults["pwd_min_special"])
pwd_enforce_complexity = True if request.form.get('pwd_enforce_complexity') else False
pwd_min_complexity = safe_cast(request.form.get('pwd_min_complexity', Setting().defaults["pwd_min_complexity"]), int,
Setting().defaults["pwd_min_complexity"])
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
if not has_an_auth_method(local_db_enabled=local_db_enabled):
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
result = {
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
False,
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'Must have at least one authentication method enabled.'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}
else:
Setting().set('local_db_enabled', local_db_enabled)
Setting().set('signup_enabled', signup_enabled)
feat(authentication): added admin settings for password policies
2023-03-17 03:42:45 +00:00
Setting().set('pwd_enforce_characters', pwd_enforce_characters)
Setting().set('pwd_min_len', pwd_min_len)
Setting().set('pwd_min_lowercase', pwd_min_lowercase)
Setting().set('pwd_min_uppercase', pwd_min_uppercase)
Setting().set('pwd_min_digits', pwd_min_digits)
Setting().set('pwd_min_special', pwd_min_special)
Setting().set('pwd_enforce_complexity', pwd_enforce_complexity)
Setting().set('pwd_min_complexity', pwd_min_complexity)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
result = {'status': True, 'msg': 'Saved successfully'}
feat(authentication): added admin settings for password policies
2023-03-17 03:42:45 +00:00
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
elif conf_type == 'ldap':
ldap_enabled = True if request.form.get('ldap_enabled') else False
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
if not has_an_auth_method(ldap_enabled=ldap_enabled):
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
result = {
'status':
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
False,
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
'Must have at least one authentication method enabled.'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}
else:
Setting().set('ldap_enabled', ldap_enabled)
Setting().set('ldap_type', request.form.get('ldap_type'))
Setting().set('ldap_uri', request.form.get('ldap_uri'))
Setting().set('ldap_base_dn', request.form.get('ldap_base_dn'))
Setting().set('ldap_admin_username',
request.form.get('ldap_admin_username'))
Setting().set('ldap_admin_password',
request.form.get('ldap_admin_password'))
Setting().set('ldap_filter_basic',
request.form.get('ldap_filter_basic'))
Merge branch 'master' of github.com:johnwarburton/PowerDNS-Admin into feat/groupofnames Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2020-01-08 22:19:51 +00:00
Setting().set('ldap_filter_group',
request.form.get('ldap_filter_group'))
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Setting().set('ldap_filter_username',
request.form.get('ldap_filter_username'))
Merge branch 'master' of github.com:johnwarburton/PowerDNS-Admin into feat/groupofnames Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2020-01-08 22:19:51 +00:00
Setting().set('ldap_filter_groupname',
request.form.get('ldap_filter_groupname'))
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Setting().set(
'ldap_sg_enabled', True
if request.form.get('ldap_sg_enabled') == 'ON' else False)
Setting().set('ldap_admin_group',
request.form.get('ldap_admin_group'))
Setting().set('ldap_operator_group',
request.form.get('ldap_operator_group'))
Setting().set('ldap_user_group',
request.form.get('ldap_user_group'))
Setting().set('ldap_domain', request.form.get('ldap_domain'))
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
Setting().set(
'autoprovisioning', True
if request.form.get('autoprovisioning') == 'ON' else False)
Setting().set('autoprovisioning_attribute',
request.form.get('autoprovisioning_attribute'))
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
if request.form.get('autoprovisioning') == 'ON':
if validateURN(request.form.get('urn_value')):
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
Setting().set('urn_value',
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
request.form.get('urn_value'))
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
else:
return render_template('admin_setting_authentication.html',
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
error="Invalid urn")
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
else:
Setting().set('urn_value',
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
request.form.get('urn_value'))
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
Setting().set('purge', True
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
if request.form.get('purge') == 'ON' else False)
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
result = {'status': True, 'msg': 'Saved successfully'}
elif conf_type == 'google':
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
google_oauth_enabled = True if request.form.get(
'google_oauth_enabled') else False
if not has_an_auth_method(google_oauth_enabled=google_oauth_enabled):
result = {
'status':
False,
'msg':
'Must have at least one authentication method enabled.'
}
else:
Code formating
2020-04-30 03:17:08 +00:00
Setting().set('google_oauth_enabled', google_oauth_enabled)
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
Setting().set('google_oauth_client_id',
request.form.get('google_oauth_client_id'))
Setting().set('google_oauth_client_secret',
request.form.get('google_oauth_client_secret'))
Finished adding new OAuth Server Metadata URL setting to Google, GitHub, and Microsoft OAuth service configuration features.
2023-03-12 13:13:54 +00:00
Setting().set('google_oauth_metadata_url',
request.form.get('google_oauth_metadata_url'))
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
Setting().set('google_token_url',
request.form.get('google_token_url'))
Setting().set('google_oauth_scope',
request.form.get('google_oauth_scope'))
Setting().set('google_authorize_url',
request.form.get('google_authorize_url'))
Setting().set('google_base_url',
request.form.get('google_base_url'))
result = {
'status': True,
Code formating
2020-04-30 03:17:08 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'Saved successfully. Please reload PDA to take effect.'
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
}
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
elif conf_type == 'github':
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
github_oauth_enabled = True if request.form.get(
'github_oauth_enabled') else False
if not has_an_auth_method(github_oauth_enabled=github_oauth_enabled):
result = {
'status':
False,
'msg':
'Must have at least one authentication method enabled.'
}
else:
Code formating
2020-04-30 03:17:08 +00:00
Setting().set('github_oauth_enabled', github_oauth_enabled)
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
Setting().set('github_oauth_key',
request.form.get('github_oauth_key'))
Setting().set('github_oauth_secret',
request.form.get('github_oauth_secret'))
Setting().set('github_oauth_scope',
request.form.get('github_oauth_scope'))
Setting().set('github_oauth_api_url',
request.form.get('github_oauth_api_url'))
Finished adding new OAuth Server Metadata URL setting to Google, GitHub, and Microsoft OAuth service configuration features.
2023-03-12 13:13:54 +00:00
Setting().set('github_oauth_metadata_url',
request.form.get('github_oauth_metadata_url'))
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
Setting().set('github_oauth_token_url',
request.form.get('github_oauth_token_url'))
Setting().set('github_oauth_authorize_url',
request.form.get('github_oauth_authorize_url'))
result = {
'status': True,
Code formating
2020-04-30 03:17:08 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'Saved successfully. Please reload PDA to take effect.'
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
}
Resolve the conflicts and add adjustment to #591
2019-12-06 07:27:35 +00:00
elif conf_type == 'azure':
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
azure_oauth_enabled = True if request.form.get(
'azure_oauth_enabled') else False
if not has_an_auth_method(azure_oauth_enabled=azure_oauth_enabled):
result = {
'status':
False,
'msg':
'Must have at least one authentication method enabled.'
}
else:
Code formating
2020-04-30 03:17:08 +00:00
Setting().set('azure_oauth_enabled', azure_oauth_enabled)
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
Setting().set('azure_oauth_key',
request.form.get('azure_oauth_key'))
Setting().set('azure_oauth_secret',
request.form.get('azure_oauth_secret'))
Setting().set('azure_oauth_scope',
request.form.get('azure_oauth_scope'))
Setting().set('azure_oauth_api_url',
request.form.get('azure_oauth_api_url'))
Finished adding new OAuth Server Metadata URL setting to Google, GitHub, and Microsoft OAuth service configuration features.
2023-03-12 13:13:54 +00:00
Setting().set('azure_oauth_metadata_url',
request.form.get('azure_oauth_metadata_url'))
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
Setting().set('azure_oauth_token_url',
request.form.get('azure_oauth_token_url'))
Setting().set('azure_oauth_authorize_url',
request.form.get('azure_oauth_authorize_url'))
Code formating
2020-04-30 03:17:08 +00:00
Setting().set(
'azure_sg_enabled', True
if request.form.get('azure_sg_enabled') == 'ON' else False)
Setting().set('azure_admin_group',
request.form.get('azure_admin_group'))
Setting().set('azure_operator_group',
request.form.get('azure_operator_group'))
Setting().set('azure_user_group',
request.form.get('azure_user_group'))
Add Account creation/permission handling based on Azure oAuth group membership
2020-07-03 06:55:31 +00:00
Setting().set(
'azure_group_accounts_enabled', True
if request.form.get('azure_group_accounts_enabled') == 'ON' else False)
Setting().set('azure_group_accounts_name',
request.form.get('azure_group_accounts_name'))
Setting().set('azure_group_accounts_name_re',
request.form.get('azure_group_accounts_name_re'))
Setting().set('azure_group_accounts_description',
request.form.get('azure_group_accounts_description'))
Setting().set('azure_group_accounts_description_re',
request.form.get('azure_group_accounts_description_re'))
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
result = {
'status': True,
Code formating
2020-04-30 03:17:08 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'Saved successfully. Please reload PDA to take effect.'
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
}
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
elif conf_type == 'oidc':
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
oidc_oauth_enabled = True if request.form.get(
'oidc_oauth_enabled') else False
if not has_an_auth_method(oidc_oauth_enabled=oidc_oauth_enabled):
result = {
'status':
False,
'msg':
'Must have at least one authentication method enabled.'
}
else:
Setting().set(
'oidc_oauth_enabled',
True if request.form.get('oidc_oauth_enabled') else False)
Code formating
2020-04-30 03:17:08 +00:00
Setting().set('oidc_oauth_key',
request.form.get('oidc_oauth_key'))
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
Setting().set('oidc_oauth_secret',
request.form.get('oidc_oauth_secret'))
Setting().set('oidc_oauth_scope',
request.form.get('oidc_oauth_scope'))
Setting().set('oidc_oauth_api_url',
request.form.get('oidc_oauth_api_url'))
Finished adding new OAuth Server Metadata URL setting to Google, GitHub, and Microsoft OAuth service configuration features.
2023-03-12 13:13:54 +00:00
Setting().set('oidc_oauth_metadata_url',
request.form.get('oidc_oauth_metadata_url'))
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
Setting().set('oidc_oauth_token_url',
request.form.get('oidc_oauth_token_url'))
Setting().set('oidc_oauth_authorize_url',
request.form.get('oidc_oauth_authorize_url'))
fix: actually store OIDC logout URL (#988)
2021-11-05 15:28:21 +00:00
Setting().set('oidc_oauth_logout_url',
request.form.get('oidc_oauth_logout_url'))
oidc custom claims
2020-05-04 07:12:48 +00:00
Setting().set('oidc_oauth_username',
request.form.get('oidc_oauth_username'))
Setting().set('oidc_oauth_firstname',
request.form.get('oidc_oauth_firstname'))
Setting().set('oidc_oauth_last_name',
request.form.get('oidc_oauth_last_name'))
Setting().set('oidc_oauth_email',
request.form.get('oidc_oauth_email'))
Manage Account membership on oidc login
2020-03-06 15:01:18 +00:00
Setting().set('oidc_oauth_account_name_property',
request.form.get('oidc_oauth_account_name_property'))
Setting().set('oidc_oauth_account_description_property',
request.form.get('oidc_oauth_account_description_property'))
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
result = {
'status': True,
Code formating
2020-04-30 03:17:08 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'Saved successfully. Please reload PDA to take effect.'
Support only having one auth method enabled (which isn't ldap/local)
2020-04-16 07:46:27 +00:00
}
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
else:
return abort(400)
return render_template('admin_setting_authentication.html',
result=result)
@admin_bp.route('/templates', methods=['GET', 'POST'])
@admin_bp.route('/templates/list', methods=['GET', 'POST'])
@login_required
@operator_role_required
def templates():
templates = DomainTemplate.query.all()
return render_template('template.html', templates=templates)
@admin_bp.route('/template/create', methods=['GET', 'POST'])
@login_required
@operator_role_required
def create_template():
if request.method == 'GET':
return render_template('template_add.html')
if request.method == 'POST':
try:
name = request.form.getlist('name')[0]
description = request.form.getlist('description')[0]
if ' ' in name or not name or not type:
flash("Please correct your input", 'error')
return redirect(url_for('admin.create_template'))
if DomainTemplate.query.filter(
DomainTemplate.name == name).first():
flash(
"A template with the name {0} already exists!".format(
name), 'error')
return redirect(url_for('admin.create_template'))
t = DomainTemplate(name=name, description=description)
result = t.create()
if result['status'] == 'ok':
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
history = History(msg='Add zone template {0}'.format(name),
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
detail=json.dumps({
'name': name,
'description': description
}),
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
created_by=current_user.username)
history.add()
return redirect(url_for('admin.templates'))
else:
flash(result['msg'], 'error')
return redirect(url_for('admin.create_template'))
except Exception as e:
current_app.logger.error(
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
'Cannot create zone template. Error: {0}'.format(e))
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
current_app.logger.debug(traceback.format_exc())
abort(500)
@admin_bp.route('/template/create-from-zone', methods=['POST'])
@login_required
@operator_role_required
def create_template_from_zone():
try:
jdata = request.json
name = jdata['name']
description = jdata['description']
domain_name = jdata['domain']
if ' ' in name or not name or not type:
return make_response(
jsonify({
'status': 'error',
'msg': 'Please correct template name'
}), 400)
if DomainTemplate.query.filter(DomainTemplate.name == name).first():
return make_response(
jsonify({
'status':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'error',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
'msg':
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
'A template with the name {0} already exists!'.format(name)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 409)
t = DomainTemplate(name=name, description=description)
result = t.create()
if result['status'] == 'ok':
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
history = History(msg='Add zone template {0}'.format(name),
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
detail=json.dumps({
'name': name,
'description': description
}),
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
created_by=current_user.username)
history.add()
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
# After creating the zone in Zone Template in the,
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
# local DB. We add records into it Record Template.
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
records = []
domain = Domain.query.filter(Domain.name == domain_name).first()
if domain:
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
# Query zone's rrsets from PowerDNS API
rrsets = Record().get_rrsets(domain.name)
if rrsets:
for r in rrsets:
name = '@' if r['name'] == domain_name + '.' else r[
'name'].replace('.{}.'.format(domain_name), '')
for record in r['records']:
t_record = DomainTemplateRecord(
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
name=name,
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
type=r['type'],
status=False if record['disabled'] else True,
ttl=r['ttl'],
data=record['content'])
records.append(t_record)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
result = t.replace_records(records)
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
if result['status'] == 'ok':
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
return make_response(
jsonify({
'status': 'ok',
'msg': result['msg']
}), 200)
else:
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
# Revert the zone template (remove it)
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
# ff we cannot add records.
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
t.delete_template()
return make_response(
jsonify({
'status': 'error',
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
'msg': result['msg']
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
}), 500)
else:
return make_response(
jsonify({
'status': 'error',
'msg': result['msg']
}), 500)
except Exception as e:
current_app.logger.error(
'Cannot create template from zone. Error: {0}'.format(e))
current_app.logger.debug(traceback.format_exc())
return make_response(
jsonify({
'status': 'error',
'msg': 'Error when applying new changes'
}), 500)
@admin_bp.route('/template/<path:template>/edit', methods=['GET'])
@login_required
@operator_role_required
def edit_template(template):
try:
t = DomainTemplate.query.filter(
DomainTemplate.name == template).first()
records_allow_to_edit = Setting().get_records_allow_to_edit()
quick_edit = Setting().get('record_quick_edit')
ttl_options = Setting().get_ttl_options()
if t is not None:
records = []
for jr in t.records:
if jr.type in records_allow_to_edit:
record = DomainTemplateRecord(
name=jr.name,
type=jr.type,
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
status='Active' if jr.status else 'Disabled',
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
ttl=jr.ttl,
Add record comment
2019-12-09 10:50:48 +00:00
data=jr.data,
comment=jr.comment if jr.comment else '')
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
records.append(record)
return render_template('template_edit.html',
template=t.name,
records=records,
editable_records=records_allow_to_edit,
quick_edit=quick_edit,
ttl_options=ttl_options)
except Exception as e:
current_app.logger.error(
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
'Cannot open zone template page. DETAIL: {0}'.format(e))
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
current_app.logger.debug(traceback.format_exc())
abort(500)
return redirect(url_for('admin.templates'))
@admin_bp.route('/template/<path:template>/apply',
methods=['POST'],
strict_slashes=False)
@login_required
def apply_records(template):
try:
jdata = request.json
records = []
for j in jdata['records']:
name = '@' if j['record_name'] in ['@', ''] else j['record_name']
type = j['record_type']
data = j['record_data']
Add record comment
2019-12-09 10:50:48 +00:00
comment = j['record_comment']
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
status = 0 if j['record_status'] == 'Disabled' else 1
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
ttl = int(j['record_ttl']) if j['record_ttl'] else 3600
dtr = DomainTemplateRecord(name=name,
type=type,
data=data,
Add record comment
2019-12-09 10:50:48 +00:00
comment=comment,
Fix domain template. Drop PDNS 3.x support
2019-12-16 07:23:17 +00:00
status=status,
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
ttl=ttl)
records.append(dtr)
t = DomainTemplate.query.filter(
DomainTemplate.name == template).first()
result = t.replace_records(records)
if result['status'] == 'ok':
jdata.pop('_csrf_token',
None) # don't store csrf token in the history.
history = History(
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
msg='Apply zone template record changes to zone template {0}'
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
.format(template),
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
detail=json.dumps(jdata),
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
created_by=current_user.username)
history.add()
return make_response(jsonify(result), 200)
else:
return make_response(jsonify(result), 400)
except Exception as e:
current_app.logger.error(
'Cannot apply record changes to the template. Error: {0}'.format(
e))
current_app.logger.debug(traceback.format_exc())
return make_response(
jsonify({
'status': 'error',
'msg': 'Error when applying new changes'
}), 500)
@admin_bp.route('/template/<path:template>/delete', methods=['POST'])
@login_required
@operator_role_required
def delete_template(template):
try:
t = DomainTemplate.query.filter(
DomainTemplate.name == template).first()
if t is not None:
result = t.delete_template()
if result['status'] == 'ok':
history = History(
Change domain(s) to zone(s) in the python code and docs
2023-03-12 19:41:10 +00:00
msg='Deleted zone template {0}'.format(template),
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
detail=json.dumps({'name': template}),
Refactoring the code - Use Flask blueprint - Split model and views into smaller parts - Bug fixes - API adjustment
2019-12-02 03:32:03 +00:00
created_by=current_user.username)
history.add()
return redirect(url_for('admin.templates'))
else:
flash(result['msg'], 'error')
return redirect(url_for('admin.templates'))
except Exception as e:
current_app.logger.error(
'Cannot delete template. Error: {0}'.format(e))
current_app.logger.debug(traceback.format_exc())
abort(500)
return redirect(url_for('admin.templates'))
Add PDNS global search feature Remove POST method in global search route Edit form action
2019-12-11 03:26:17 +00:00
@admin_bp.route('/global-search', methods=['GET'])
@login_required
def global_search():
if request.method == 'GET':
domains = []
records = []
comments = []
query = request.args.get('q')
if query:
server = Server(server_id='localhost')
results = server.global_search(object_type='all', query=query)
Global Search available for all users. Apply allowed domain filter for standard users search result.
2023-02-13 10:10:44 +00:00
# Filter results to domains to which the user has access permission
if current_user.role.name not in [ 'Administrator', 'Operator' ]:
allowed_domains = db.session.query(Domain) \
.outerjoin(DomainUser, Domain.id == DomainUser.domain_id) \
.outerjoin(Account, Domain.account_id == Account.id) \
.outerjoin(AccountUser, Account.id == AccountUser.account_id) \
.filter(
db.or_(
DomainUser.user_id == current_user.id,
AccountUser.user_id == current_user.id
)) \
.with_entities(Domain.name) \
.all()
allowed_domains = [value for value, in allowed_domains]
results = list(filter(lambda r: r['zone_id'][:-1] in allowed_domains, results))
Add PDNS global search feature Remove POST method in global search route Edit form action
2019-12-11 03:26:17 +00:00
# Format the search result
for result in results:
if result['object_type'] == 'zone':
# Remove the dot at the end of string
result['name'] = result['name'][:-1]
domains.append(result)
elif result['object_type'] == 'record':
# Remove the dot at the end of string
result['name'] = result['name'][:-1]
result['zone_id'] = result['zone_id'][:-1]
records.append(result)
elif result['object_type'] == 'comment':
# Get the actual record name, exclude the domain part
result['name'] = result['name'].replace(result['zone_id'], '')
if result['name']:
result['name'] = result['name'][:-1]
else:
result['name'] = '@'
# Remove the dot at the end of string
result['zone_id'] = result['zone_id'][:-1]
comments.append(result)
else:
pass
Working on first-round changes for the global search feature.
2023-02-19 20:54:11 +00:00
params: dict = {
'query': query if query is not None else '',
'domains': domains,
'records': records,
'comments': comments,
}
return render_template('admin_global_search.html', **params)
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
def validateURN(value):
NID_PATTERN = re.compile(r'^[0-9a-z][0-9a-z-]{1,31}$', flags=re.IGNORECASE)
NSS_PCHAR = '[a-z0-9-._~]|%[a-f0-9]{2}|[!$&\'()*+,;=]|:|@'
NSS_PATTERN = re.compile(fr'^({NSS_PCHAR})({NSS_PCHAR}|/|\?)*$', re.IGNORECASE)
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
prefix = value.split(':')
if (len(prefix) < 3):
current_app.logger.warning("Too small urn prefix")
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
return False
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
urn = prefix[0]
nid = prefix[1]
nss = value.replace(urn + ":" + nid + ":", "")
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
if not urn.lower() == "urn":
current_app.logger.warning(urn + ' contains invalid characters ')
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
return False
if not re.match(NID_PATTERN, nid.lower()):
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
current_app.logger.warning(nid + ' contains invalid characters ')
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
return False
if not re.match(NSS_PATTERN, nss):
Split the server statistics and configuration feature into separate pages.
2023-02-19 20:04:30 +00:00
current_app.logger.warning(nss + ' contains invalid characters ')
Provision PDA user privileges based On LDAP Attributes (#980)
2021-08-05 17:37:48 +00:00
return False
return True
feat(authentication): added admin settings for password policies
2023-03-17 03:42:45 +00:00
def safe_cast(val, to_type, default=None):
try:
return to_type(val)
except (ValueError, TypeError):
return default
Reference in New Issue Copy Permalink