cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2025-01-07 10:55:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support only having one auth method enabled (which isn't ldap/local)

Browse Source
This commit is contained in:
Marcus Knight 2020-04-16 15:46:27 +08:00
parent 452c4a02d8
commit 0e093d4eec
3 changed files with 148 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

222
powerdnsadmin/routes/admin.py
View File

@ -602,6 +602,20 @@ def setting_records():
Setting().set('reverse_records_allow_edit', str(rr)) Setting().set('reverse_records_allow_edit', str(rr))
return redirect(url_for('admin.setting_records')) return redirect(url_for('admin.setting_records'))
def has_an_auth_method(local_db_enabled = None,ldap_enabled = None,google_oauth_enabled = None,github_oauth_enabled = None,oidc_oauth_enabled = None,azure_oauth_enabled = None):
if local_db_enabled is None:
local_db_enabled = Setting().get('local_db_enabled')
if ldap_enabled is None:
ldap_enabled = Setting().get('ldap_enabled')
if google_oauth_enabled is None:
google_oauth_enabled = Setting().get('google_oauth_enabled')
if github_oauth_enabled is None:
github_oauth_enabled = Setting().get('github_oauth_enabled')
if oidc_oauth_enabled is None:
oidc_oauth_enabled = Setting().get('oidc_oauth_enabled')
if azure_oauth_enabled is None:
azure_oauth_enabled = Setting().get('azure_oauth_enabled')
return local_db_enabled or ldap_enabled or google_oauth_enabled or github_oauth_enabled or oidc_oauth_enabled or azure_oauth_enabled
@admin_bp.route('/setting/authentication', methods=['GET', 'POST']) @admin_bp.route('/setting/authentication', methods=['GET', 'POST'])
@login_required @login_required
@ -619,12 +633,12 @@ def setting_authentication():
signup_enabled = True if request.form.get( signup_enabled = True if request.form.get(
'signup_enabled', ) else False 'signup_enabled', ) else False
if not local_db_enabled and not Setting().get('ldap_enabled'): if not has_an_auth_method(local_db_enabled=local_db_enabled):
result = { result = {
'status': 'status':
False, False,
'msg': 'msg':
'Local DB and LDAP Authentication can not be disabled at the same time.' 'Must have at least one authentication method enabled.'
} }
else: else:
Setting().set('local_db_enabled', local_db_enabled) Setting().set('local_db_enabled', local_db_enabled)
@ -633,12 +647,12 @@ def setting_authentication():
elif conf_type == 'ldap': elif conf_type == 'ldap':
ldap_enabled = True if request.form.get('ldap_enabled') else False ldap_enabled = True if request.form.get('ldap_enabled') else False
if not ldap_enabled and not Setting().get('local_db_enabled'): if not has_an_auth_method(ldap_enabled=ldap_enabled):
result = { result = {
'status': 'status':
False, False,
'msg': 'msg':
'Local DB and LDAP Authentication can not be disabled at the same time.' 'Must have at least one authentication method enabled.'
} }
else: else:
Setting().set('ldap_enabled', ldap_enabled) Setting().set('ldap_enabled', ldap_enabled)
@ -669,88 +683,128 @@ def setting_authentication():
Setting().set('ldap_domain', request.form.get('ldap_domain')) Setting().set('ldap_domain', request.form.get('ldap_domain'))
result = {'status': True, 'msg': 'Saved successfully'} result = {'status': True, 'msg': 'Saved successfully'}
elif conf_type == 'google': elif conf_type == 'google':
Setting().set( google_oauth_enabled = True if request.form.get(
'google_oauth_enabled', 'google_oauth_enabled') else False
True if request.form.get('google_oauth_enabled') else False) if not has_an_auth_method(google_oauth_enabled=google_oauth_enabled):
Setting().set('google_oauth_client_id', result = {
request.form.get('google_oauth_client_id')) 'status':
Setting().set('google_oauth_client_secret', False,
request.form.get('google_oauth_client_secret')) 'msg':
Setting().set('google_token_url', 'Must have at least one authentication method enabled.'
request.form.get('google_token_url')) }
Setting().set('google_oauth_scope', else:
request.form.get('google_oauth_scope')) Setting().set(
Setting().set('google_authorize_url', 'google_oauth_enabled',
request.form.get('google_authorize_url')) google_oauth_enabled)
Setting().set('google_base_url', Setting().set('google_oauth_client_id',
request.form.get('google_base_url')) request.form.get('google_oauth_client_id'))
result = { Setting().set('google_oauth_client_secret',
'status': True, request.form.get('google_oauth_client_secret'))
'msg': 'Saved successfully. Please reload PDA to take effect.' Setting().set('google_token_url',
} request.form.get('google_token_url'))
Setting().set('google_oauth_scope',
request.form.get('google_oauth_scope'))
Setting().set('google_authorize_url',
request.form.get('google_authorize_url'))
Setting().set('google_base_url',
request.form.get('google_base_url'))
result = {
'status': True,
'msg': 'Saved successfully. Please reload PDA to take effect.'
}
elif conf_type == 'github': elif conf_type == 'github':
Setting().set( github_oauth_enabled = True if request.form.get(
'github_oauth_enabled', 'github_oauth_enabled') else False
True if request.form.get('github_oauth_enabled') else False) if not has_an_auth_method(github_oauth_enabled=github_oauth_enabled):
Setting().set('github_oauth_key', result = {
request.form.get('github_oauth_key')) 'status':
Setting().set('github_oauth_secret', False,
request.form.get('github_oauth_secret')) 'msg':
Setting().set('github_oauth_scope', 'Must have at least one authentication method enabled.'
request.form.get('github_oauth_scope')) }
Setting().set('github_oauth_api_url', else:
request.form.get('github_oauth_api_url')) Setting().set(
Setting().set('github_oauth_token_url', 'github_oauth_enabled',
request.form.get('github_oauth_token_url')) github_oauth_enabled)
Setting().set('github_oauth_authorize_url', Setting().set('github_oauth_key',
request.form.get('github_oauth_authorize_url')) request.form.get('github_oauth_key'))
result = { Setting().set('github_oauth_secret',
'status': True, request.form.get('github_oauth_secret'))
'msg': 'Saved successfully. Please reload PDA to take effect.' Setting().set('github_oauth_scope',
} request.form.get('github_oauth_scope'))
Setting().set('github_oauth_api_url',
request.form.get('github_oauth_api_url'))
Setting().set('github_oauth_token_url',
request.form.get('github_oauth_token_url'))
Setting().set('github_oauth_authorize_url',
request.form.get('github_oauth_authorize_url'))
result = {
'status': True,
'msg': 'Saved successfully. Please reload PDA to take effect.'
}
elif conf_type == 'azure': elif conf_type == 'azure':
Setting().set( azure_oauth_enabled = True if request.form.get(
'azure_oauth_enabled', 'azure_oauth_enabled') else False
True if request.form.get('azure_oauth_enabled') else False) if not has_an_auth_method(azure_oauth_enabled=azure_oauth_enabled):
Setting().set('azure_oauth_key', result = {
request.form.get('azure_oauth_key')) 'status':
Setting().set('azure_oauth_secret', False,
request.form.get('azure_oauth_secret')) 'msg':
Setting().set('azure_oauth_scope', 'Must have at least one authentication method enabled.'
request.form.get('azure_oauth_scope')) }
Setting().set('azure_oauth_api_url', else:
request.form.get('azure_oauth_api_url')) Setting().set(
Setting().set('azure_oauth_token_url', 'azure_oauth_enabled',
request.form.get('azure_oauth_token_url')) azure_oauth_enabled)
Setting().set('azure_oauth_authorize_url', Setting().set('azure_oauth_key',
request.form.get('azure_oauth_authorize_url')) request.form.get('azure_oauth_key'))
Setting().set('azure_sg_enabled', True if request.form.get('azure_sg_enabled')=='ON' else False) Setting().set('azure_oauth_secret',
Setting().set('azure_admin_group', request.form.get('azure_admin_group')) request.form.get('azure_oauth_secret'))
Setting().set('azure_operator_group', request.form.get('azure_operator_group')) Setting().set('azure_oauth_scope',
Setting().set('azure_user_group', request.form.get('azure_user_group')) request.form.get('azure_oauth_scope'))
result = { Setting().set('azure_oauth_api_url',
'status': True, request.form.get('azure_oauth_api_url'))
'msg': 'Saved successfully. Please reload PDA to take effect.' Setting().set('azure_oauth_token_url',
} request.form.get('azure_oauth_token_url'))
Setting().set('azure_oauth_authorize_url',
request.form.get('azure_oauth_authorize_url'))
Setting().set('azure_sg_enabled', True if request.form.get('azure_sg_enabled')=='ON' else False)
Setting().set('azure_admin_group', request.form.get('azure_admin_group'))
Setting().set('azure_operator_group', request.form.get('azure_operator_group'))
Setting().set('azure_user_group', request.form.get('azure_user_group'))
result = {
'status': True,
'msg': 'Saved successfully. Please reload PDA to take effect.'
}
elif conf_type == 'oidc': elif conf_type == 'oidc':
Setting().set( oidc_oauth_enabled = True if request.form.get(
'oidc_oauth_enabled', 'oidc_oauth_enabled') else False
True if request.form.get('oidc_oauth_enabled') else False) if not has_an_auth_method(oidc_oauth_enabled=oidc_oauth_enabled):
Setting().set('oidc_oauth_key', request.form.get('oidc_oauth_key')) result = {
Setting().set('oidc_oauth_secret', 'status':
request.form.get('oidc_oauth_secret')) False,
Setting().set('oidc_oauth_scope', 'msg':
request.form.get('oidc_oauth_scope')) 'Must have at least one authentication method enabled.'
Setting().set('oidc_oauth_api_url', }
request.form.get('oidc_oauth_api_url')) else:
Setting().set('oidc_oauth_token_url', Setting().set(
request.form.get('oidc_oauth_token_url')) 'oidc_oauth_enabled',
Setting().set('oidc_oauth_authorize_url', True if request.form.get('oidc_oauth_enabled') else False)
request.form.get('oidc_oauth_authorize_url')) Setting().set('oidc_oauth_key', request.form.get('oidc_oauth_key'))
result = { Setting().set('oidc_oauth_secret',
'status': True, request.form.get('oidc_oauth_secret'))
'msg': 'Saved successfully. Please reload PDA to take effect.' Setting().set('oidc_oauth_scope',
} request.form.get('oidc_oauth_scope'))
Setting().set('oidc_oauth_api_url',
request.form.get('oidc_oauth_api_url'))
Setting().set('oidc_oauth_token_url',
request.form.get('oidc_oauth_token_url'))
Setting().set('oidc_oauth_authorize_url',
request.form.get('oidc_oauth_authorize_url'))
result = {
'status': True,
'msg': 'Saved successfully. Please reload PDA to take effect.'
}
else: else:
return abort(400) return abort(400)

6
powerdnsadmin/routes/index.py
View File

@ -321,6 +321,12 @@ def login():
'authentication_type'] = 'LDAP' if auth_method != 'LOCAL' else 'LOCAL' 'authentication_type'] = 'LDAP' if auth_method != 'LOCAL' else 'LOCAL'
remember_me = True if 'remember' in request.form else False remember_me = True if 'remember' in request.form else False
if auth_method == 'LOCAL' and not Setting().get('local_db_enabled'):
return render_template(
'login.html',
saml_enabled=SAML_ENABLED,
error='Local authentication is disabled')
user = User(username=username, user = User(username=username,
password=password, password=password,
plain_text_password=password) plain_text_password=password)

4
powerdnsadmin/templates/login.html
View File

@ -32,6 +32,7 @@
{{ error }} {{ error }}
</div> </div>
{% endif %} {% endif %}
{% if SETTING.get('ldap_enabled') or SETTING.get('local_db_enabled') %}
<form action="" method="post" data-toggle="validator"> <form action="" method="post" data-toggle="validator">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}"> <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
@ -87,9 +88,12 @@
<!-- /.col --> <!-- /.col -->
</div> </div>
</form> </form>
{% endif %}
{% if SETTING.get('google_oauth_enabled') or SETTING.get('github_oauth_enabled') or SETTING.get('oidc_oauth_enabled') or SETTING.get('azure_oauth_enabled') %} {% if SETTING.get('google_oauth_enabled') or SETTING.get('github_oauth_enabled') or SETTING.get('oidc_oauth_enabled') or SETTING.get('azure_oauth_enabled') %}
<div class="social-auth-links text-center"> <div class="social-auth-links text-center">
{% if SETTING.get('ldap_enabled') or SETTING.get('local_db_enabled') %}
<p>- OR -</p> <p>- OR -</p>
{% endif %}
{% if SETTING.get('oidc_oauth_enabled') %} {% if SETTING.get('oidc_oauth_enabled') %}
<a href="{{ url_for('index.oidc_login') }}" class="btn btn-block btn-social btn-openid btn-flat"><i <a href="{{ url_for('index.oidc_login') }}" class="btn btn-block btn-social btn-openid btn-flat"><i
class="fa fa-openid"></i> Sign in using class="fa fa-openid"></i> Sign in using