cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-12 16:40:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bug fixes. Adjustment in user input validation

Browse Source
This commit is contained in:
Khanh Ngo 2018-08-25 14:53:10 +07:00
parent 32dcc6482f
commit 07e1bcdc47
No known key found for this signature in database
GPG Key ID: B9AE3BAF6D5A7B22
6 changed files with 115 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/models.py
View File

@ -276,7 +276,7 @@ class User(db.Model):
# user already exists in database, set their admin status based on group membership (if enabled) # user already exists in database, set their admin status based on group membership (if enabled)
if LDAP_GROUP_SECURITY_ENABLED: if LDAP_GROUP_SECURITY_ENABLED:
self.set_admin(isadmin) self.set_admin(isadmin)
self.update_profile()
return True return True
else: else:
logging.error('Unsupported authentication method') logging.error('Unsupported authentication method')
@ -314,9 +314,9 @@ class User(db.Model):
if User.query.count() == 0: if User.query.count() == 0:
self.role_id = Role.query.filter_by(name='Administrator').first().id self.role_id = Role.query.filter_by(name='Administrator').first().id
self.password = self.get_hashed_password(self.plain_text_password) self.password = self.get_hashed_password(self.plain_text_password) if self.plain_text_password else '*'
if self.password: if self.password and self.password != '*':
self.password = self.password.decode("utf-8") self.password = self.password.decode("utf-8")
db.session.add(self) db.session.add(self)

4
app/templates/admin_setting_authentication.html
View File

@ -181,10 +181,10 @@
<dd>Define how you want to filter your user in LDAP query. <dd>Define how you want to filter your user in LDAP query.
<ul> <ul>
<li> <li>
Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for LDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory) Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory)
</li> </li>
<li> <li>
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for LDAP and <i>userPrincipalName</i> for Active Directory) Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> or <i>userPrincipalName</i> for Active Directory)
</li> </li>
</ul> </ul>
</dd> </dd>

22
app/templates/login.html
View File

@ -31,22 +31,14 @@
{{ error }} {{ error }}
</div> </div>
{% endif %} {% endif %}
<form action="" method="post"> <form action="" method="post" data-toggle="validator">
<div class="form-group"> <div class="form-group">
{% if username %} <input type="text" class="form-control" placeholder="Username" name="username" data-error="Please input your username" required {% if username %}value="{{ username }}"{% endif %}>
<input type="text" class="form-control" placeholder="Username" name="username" value="{{ username }}"> <span class="help-block with-errors"></span>
{% else %}
<input type="text" class="form-control" placeholder="Username" name="username">
{% endif %}
<span class="glyphicon glyphicon-user form-control-feedback"></span>
</div> </div>
<div class="form-group"> <div class="form-group">
{% if password %} <input type="password" class="form-control" placeholder="Password" name="password" data-error="Please input your password" required {% if password %}value="{{ password }}"{% endif %}>
<input type="password" class="form-control" placeholder="Password" name="password" value="{{ password }}"> <span class="help-block with-errors"></span>
{% else %}
<input type="password" class="form-control" placeholder="Password" name="password">
{% endif %}
<span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="otptoken" class="form-control" placeholder="OTP Token" name="otptoken"> <input type="otptoken" class="form-control" placeholder="OTP Token" name="otptoken">
@ -125,6 +117,10 @@
{% assets "js_login" -%} {% assets "js_login" -%}
<script type="text/javascript" src="{{ ASSET_URL }}"></script> <script type="text/javascript" src="{{ ASSET_URL }}"></script>
{%- endassets %} {%- endassets %}
{% assets "js_validation" -%}
<script type="text/javascript" src="{{ ASSET_URL }}"></script>
{%- endassets %}
<script> <script>
$(function () { $(function () {
$('input').iCheck({ $('input').iCheck({

2
app/templates/maintenance.html
View File

@ -12,7 +12,7 @@
<article> <article>
<h1>We&rsquo;ll be back soon!</h1> <h1>We&rsquo;ll be back soon!</h1>
<div> <div>
<p>Sorry for the inconvenience but we&rsquo;re performing some maintenance at the moment. If you need to you can always <a href="mailto:ngokhanhit@gmail.com">contact us</a>, otherwise we&rsquo;ll be back online shortly!</p> <p>Sorry for the inconvenience but we&rsquo;re performing some maintenance at the moment. Please contact the System Administrator if you need more information</a>, otherwise we&rsquo;ll be back online shortly!</p>
<p>&mdash; Team</p> <p>&mdash; Team</p>
</div> </div>
</article> </article>

194
app/templates/register.html
View File

@ -1,96 +1,98 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Register - {{ SITE_NAME }}</title> <title>Register - {{ SITE_NAME }}</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport"> <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
{% assets "css_login" -%} {% assets "css_login" -%}
<link rel="stylesheet" href="{{ ASSET_URL }}"> <link rel="stylesheet" href="{{ ASSET_URL }}">
{%- endassets %} {%- endassets %}
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]> <!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]--> <![endif]-->
</head> </head>
<body class="hold-transition register-page"> <body class="hold-transition register-page">
<div class="register-box"> <div class="register-box">
<div class="register-logo"> <div class="register-logo">
<a href="{{ url_for('index') }}"><b>PowerDNS</b>-Admin</a> <a href="{{ url_for('index') }}"><b>PowerDNS</b>-Admin</a>
</div> </div>
<div class="register-box-body"> <div class="register-box-body">
{% if error %} {% if error %}
<div class="alert alert-danger alert-dismissible"> <div class="alert alert-danger alert-dismissible">
<button type="button" class="close" data-dismiss="alert" <button type="button" class="close" data-dismiss="alert"
aria-hidden="true">&times;</button> aria-hidden="true">&times;</button>
{{ error }} {{ error }}
</div> </div>
{% endif %} {% endif %}
<p class="login-box-msg">Enter your personal details below</p> <p class="login-box-msg">Enter your personal details below</p>
<form action="{{ url_for('login') }}" method="post"> <form action="{{ url_for('login') }}" method="post" data-toggle="validator">
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="text" class="form-control" placeholder="First Name" <input type="text" class="form-control" placeholder="First Name" name="firstname" data-error="Please input your first name" required>
name="firstname"> <span <span class="glyphicon glyphicon-user form-control-feedback"></span>
class="glyphicon glyphicon-user form-control-feedback"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="text" class="form-control" placeholder="Last name" <input type="text" class="form-control" placeholder="Last name" name="lastname" data-error="Please input your last name" required>
name="lastname"> <span <span class="glyphicon glyphicon-user form-control-feedback"></span>
class="glyphicon glyphicon-user form-control-feedback"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="email" class="form-control" placeholder="Email" <input type="email" class="form-control" placeholder="Email" name="email" data-error="Please input your valid email address"
name="email"> <span pattern="^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$" required>
class="glyphicon glyphicon-envelope form-control-feedback"></span> <span class="glyphicon glyphicon-envelope form-control-feedback"></span>
</div> <span class="help-block with-errors"></span>
<p class="login-box-msg">Enter your account details below</p> </div>
<div class="form-group has-feedback"> <p class="login-box-msg">Enter your account details below</p>
<input type="text" class="form-control" placeholder="Username" <div class="form-group has-feedback">
name="username"> <span <input type="text" class="form-control" placeholder="Username" name="username" data-error="Please input your username" required>
class="glyphicon glyphicon-user form-control-feedback"></span> <span class="glyphicon glyphicon-user form-control-feedback"></span>
</div> <span class="help-block with-errors"></span>
<div class="form-group has-feedback"> </div>
<input type="password" class="form-control" placeholder="Password" <div class="form-group has-feedback">
name="password"> <span <input type="password" class="form-control" placeholder="Password" id="password" name="password" data-error="Please input your password" required>
class="glyphicon glyphicon-lock form-control-feedback"></span> <span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div> </div>
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="password" class="form-control" <input type="password" class="form-control" placeholder="Retype password" name="rpassword" data-match="#password" data-match-error="Password confirmation does not match" required>
placeholder="Retype password" name="rpassword"> <span <span class="glyphicon glyphicon-log-in form-control-feedback"></span>
class="glyphicon glyphicon-log-in form-control-feedback"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="row"> <div class="row">
<div class="col-xs-4 pull-left"> <div class="col-xs-4 pull-left">
<button type="button" class="btn btn-flat btn-block" <button type="button" class="btn btn-flat btn-block" id="button_back">Back</button>
id="button_back">Back</button> </div>
</div> <div class="col-xs-4 pull-right">
<div class="col-xs-4 pull-right"> <button type="submit" class="btn btn-flat btn-primary btn-block">Register</button>
<button type="submit" class="btn btn-flat btn-primary btn-block">Register</button> </div>
</div> <!-- /.col -->
<!-- /.col --> </div>
</div> </form>
</form> </div>
</div> <!-- /.form-box -->
<!-- /.form-box --> <div class="login-box-footer">
<div class="login-box-footer"> <center><p>Powered by <a href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</a></p></center>
<center><p>Powered by <a href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</a></p></center> </div>
</div> </div>
</div> <!-- /.login-box -->
<!-- /.login-box -->
{% assets "js_login" -%}
{% assets "js_login" -%} <script type="text/javascript" src="{{ ASSET_URL }}"></script>
<script type="text/javascript" src="{{ ASSET_URL }}"></script> {%- endassets %}
{%- endassets %} {% assets "js_validation" -%}
<script> <script type="text/javascript" src="{{ ASSET_URL }}"></script>
$(function () { {%- endassets %}
$('#button_back').click(function(){ <script>
window.location.href='{{ url_for('login') }}'; $(function () {
}) $('#button_back').click(function(){
}); window.location.href='{{ url_for('login') }}';
</script> })
</body> });
</html> </script>
</body>
</html>

7
app/views.py
View File

@ -68,7 +68,7 @@ def before_request():
# check site maintenance mode # check site maintenance mode
maintenance = Setting().get('maintenance') maintenance = Setting().get('maintenance')
if maintenance and g.user.role.name != 'Administrator': if maintenance and current_user.is_authenticated and current_user.role.name != 'Administrator':
return render_template('maintenance.html') return render_template('maintenance.html')
@ -297,7 +297,6 @@ def login():
email = user_data['email'] email = user_data['email']
user = User.query.filter_by(username=email).first() user = User.query.filter_by(username=email).first()
if not user: if not user:
# create user
user = User(username=email, user = User(username=email,
firstname=first_name, firstname=first_name,
lastname=surname, lastname=surname,
@ -389,15 +388,13 @@ def login():
# registration case # registration case
user = User(username=username, plain_text_password=password, firstname=firstname, lastname=lastname, email=email) user = User(username=username, plain_text_password=password, firstname=firstname, lastname=lastname, email=email)
# TODO: Move this into the JavaScript
# validate password and password confirmation
if password != rpassword: if password != rpassword:
error = "Password confirmation does not match" error = "Password confirmation does not match"
return render_template('register.html', error=error) return render_template('register.html', error=error)
try: try:
result = user.create_local_user() result = user.create_local_user()
if result == True: if result and result['status']:
return render_template('login.html', saml_enabled=SAML_ENABLED, username=username, password=password) return render_template('login.html', saml_enabled=SAML_ENABLED, username=username, password=password)
else: else:
return render_template('register.html', error=result['msg']) return render_template('register.html', error=result['msg'])