cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-14 01:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bug fixes. Adjustment in user input validation

Browse Source
This commit is contained in:
Khanh Ngo 2018-08-25 14:53:10 +07:00
parent 32dcc6482f
commit 07e1bcdc47
No known key found for this signature in database
GPG Key ID: B9AE3BAF6D5A7B22
6 changed files with 115 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/models.py
View File

@ -276,7 +276,7 @@ class User(db.Model):
# user already exists in database, set their admin status based on group membership (if enabled) # user already exists in database, set their admin status based on group membership (if enabled)
if LDAP_GROUP_SECURITY_ENABLED: if LDAP_GROUP_SECURITY_ENABLED:
self.set_admin(isadmin) self.set_admin(isadmin)
self.update_profile()
return True return True
else: else:
logging.error('Unsupported authentication method') logging.error('Unsupported authentication method')
@ -314,9 +314,9 @@ class User(db.Model):
if User.query.count() == 0: if User.query.count() == 0:
self.role_id = Role.query.filter_by(name='Administrator').first().id self.role_id = Role.query.filter_by(name='Administrator').first().id
self.password = self.get_hashed_password(self.plain_text_password) self.password = self.get_hashed_password(self.plain_text_password) if self.plain_text_password else '*'
if self.password: if self.password and self.password != '*':
self.password = self.password.decode("utf-8") self.password = self.password.decode("utf-8")
db.session.add(self) db.session.add(self)

4
app/templates/admin_setting_authentication.html
View File

@ -181,10 +181,10 @@
<dd>Define how you want to filter your user in LDAP query. <dd>Define how you want to filter your user in LDAP query.
<ul> <ul>
<li> <li>
Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for LDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory) Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory)
</li> </li>
<li> <li>
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for LDAP and <i>userPrincipalName</i> for Active Directory) Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> or <i>userPrincipalName</i> for Active Directory)
</li> </li>
</ul> </ul>
</dd> </dd>

22
app/templates/login.html
View File

@ -31,22 +31,14 @@
{{ error }} {{ error }}
</div> </div>
{% endif %} {% endif %}
<form action="" method="post"> <form action="" method="post" data-toggle="validator">
<div class="form-group"> <div class="form-group">
{% if username %} <input type="text" class="form-control" placeholder="Username" name="username" data-error="Please input your username" required {% if username %}value="{{ username }}"{% endif %}>
<input type="text" class="form-control" placeholder="Username" name="username" value="{{ username }}"> <span class="help-block with-errors"></span>
{% else %}
<input type="text" class="form-control" placeholder="Username" name="username">
{% endif %}
<span class="glyphicon glyphicon-user form-control-feedback"></span>
</div> </div>
<div class="form-group"> <div class="form-group">
{% if password %} <input type="password" class="form-control" placeholder="Password" name="password" data-error="Please input your password" required {% if password %}value="{{ password }}"{% endif %}>
<input type="password" class="form-control" placeholder="Password" name="password" value="{{ password }}"> <span class="help-block with-errors"></span>
{% else %}
<input type="password" class="form-control" placeholder="Password" name="password">
{% endif %}
<span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="otptoken" class="form-control" placeholder="OTP Token" name="otptoken"> <input type="otptoken" class="form-control" placeholder="OTP Token" name="otptoken">
@ -125,6 +117,10 @@
{% assets "js_login" -%} {% assets "js_login" -%}
<script type="text/javascript" src="{{ ASSET_URL }}"></script> <script type="text/javascript" src="{{ ASSET_URL }}"></script>
{%- endassets %} {%- endassets %}
{% assets "js_validation" -%}
<script type="text/javascript" src="{{ ASSET_URL }}"></script>
{%- endassets %}
<script> <script>
$(function () { $(function () {
$('input').iCheck({ $('input').iCheck({

2
app/templates/maintenance.html
View File

@ -12,7 +12,7 @@
<article> <article>
<h1>We&rsquo;ll be back soon!</h1> <h1>We&rsquo;ll be back soon!</h1>
<div> <div>
<p>Sorry for the inconvenience but we&rsquo;re performing some maintenance at the moment. If you need to you can always <a href="mailto:ngokhanhit@gmail.com">contact us</a>, otherwise we&rsquo;ll be back online shortly!</p> <p>Sorry for the inconvenience but we&rsquo;re performing some maintenance at the moment. Please contact the System Administrator if you need more information</a>, otherwise we&rsquo;ll be back online shortly!</p>
<p>&mdash; Team</p> <p>&mdash; Team</p>
</div> </div>
</article> </article>

44
app/templates/register.html
View File

@ -31,42 +31,41 @@
</div> </div>
{% endif %} {% endif %}
<p class="login-box-msg">Enter your personal details below</p> <p class="login-box-msg">Enter your personal details below</p>
<form action="{{ url_for('login') }}" method="post"> <form action="{{ url_for('login') }}" method="post" data-toggle="validator">
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="text" class="form-control" placeholder="First Name" <input type="text" class="form-control" placeholder="First Name" name="firstname" data-error="Please input your first name" required>
name="firstname"> <span <span class="glyphicon glyphicon-user form-control-feedback"></span>
class="glyphicon glyphicon-user form-control-feedback"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="text" class="form-control" placeholder="Last name" <input type="text" class="form-control" placeholder="Last name" name="lastname" data-error="Please input your last name" required>
name="lastname"> <span <span class="glyphicon glyphicon-user form-control-feedback"></span>
class="glyphicon glyphicon-user form-control-feedback"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="email" class="form-control" placeholder="Email" <input type="email" class="form-control" placeholder="Email" name="email" data-error="Please input your valid email address"
name="email"> <span pattern="^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$" required>
class="glyphicon glyphicon-envelope form-control-feedback"></span> <span class="glyphicon glyphicon-envelope form-control-feedback"></span>
<span class="help-block with-errors"></span>
</div> </div>
<p class="login-box-msg">Enter your account details below</p> <p class="login-box-msg">Enter your account details below</p>
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="text" class="form-control" placeholder="Username" <input type="text" class="form-control" placeholder="Username" name="username" data-error="Please input your username" required>
name="username"> <span <span class="glyphicon glyphicon-user form-control-feedback"></span>
class="glyphicon glyphicon-user form-control-feedback"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="password" class="form-control" placeholder="Password" <input type="password" class="form-control" placeholder="Password" id="password" name="password" data-error="Please input your password" required>
name="password"> <span <span class="glyphicon glyphicon-lock form-control-feedback"></span>
class="glyphicon glyphicon-lock form-control-feedback"></span>
</div> </div>
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="password" class="form-control" <input type="password" class="form-control" placeholder="Retype password" name="rpassword" data-match="#password" data-match-error="Password confirmation does not match" required>
placeholder="Retype password" name="rpassword"> <span <span class="glyphicon glyphicon-log-in form-control-feedback"></span>
class="glyphicon glyphicon-log-in form-control-feedback"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="row"> <div class="row">
<div class="col-xs-4 pull-left"> <div class="col-xs-4 pull-left">
<button type="button" class="btn btn-flat btn-block" <button type="button" class="btn btn-flat btn-block" id="button_back">Back</button>
id="button_back">Back</button>
</div> </div>
<div class="col-xs-4 pull-right"> <div class="col-xs-4 pull-right">
<button type="submit" class="btn btn-flat btn-primary btn-block">Register</button> <button type="submit" class="btn btn-flat btn-primary btn-block">Register</button>
@ -85,6 +84,9 @@
{% assets "js_login" -%} {% assets "js_login" -%}
<script type="text/javascript" src="{{ ASSET_URL }}"></script> <script type="text/javascript" src="{{ ASSET_URL }}"></script>
{%- endassets %} {%- endassets %}
{% assets "js_validation" -%}
<script type="text/javascript" src="{{ ASSET_URL }}"></script>
{%- endassets %}
<script> <script>
$(function () { $(function () {
$('#button_back').click(function(){ $('#button_back').click(function(){

7
app/views.py
View File

@ -68,7 +68,7 @@ def before_request():
# check site maintenance mode # check site maintenance mode
maintenance = Setting().get('maintenance') maintenance = Setting().get('maintenance')
if maintenance and g.user.role.name != 'Administrator': if maintenance and current_user.is_authenticated and current_user.role.name != 'Administrator':
return render_template('maintenance.html') return render_template('maintenance.html')
@ -297,7 +297,6 @@ def login():
email = user_data['email'] email = user_data['email']
user = User.query.filter_by(username=email).first() user = User.query.filter_by(username=email).first()
if not user: if not user:
# create user
user = User(username=email, user = User(username=email,
firstname=first_name, firstname=first_name,
lastname=surname, lastname=surname,
@ -389,15 +388,13 @@ def login():
# registration case # registration case
user = User(username=username, plain_text_password=password, firstname=firstname, lastname=lastname, email=email) user = User(username=username, plain_text_password=password, firstname=firstname, lastname=lastname, email=email)
# TODO: Move this into the JavaScript
# validate password and password confirmation
if password != rpassword: if password != rpassword:
error = "Password confirmation does not match" error = "Password confirmation does not match"
return render_template('register.html', error=error) return render_template('register.html', error=error)
try: try:
result = user.create_local_user() result = user.create_local_user()
if result == True: if result and result['status']:
return render_template('login.html', saml_enabled=SAML_ENABLED, username=username, password=password) return render_template('login.html', saml_enabled=SAML_ENABLED, username=username, password=password)
else: else:
return render_template('register.html', error=result['msg']) return render_template('register.html', error=result['msg'])