Add new setting to verify outgoing SSL connections

The new setting 'verify_ssl_connections' tells the requests library to
verify secured outgoing HTTP connections.
Usually verifying is desired and helps to reveal configuration
problems. It also disables an ugly warning when HTTPS connections
are made without verification.
This commit is contained in:
Enrico Tröger 2020-01-25 19:44:11 +01:00
parent 1cd423041c
commit 68843d9664
7 changed files with 50 additions and 19 deletions

View File

@ -24,11 +24,12 @@ def fetch_remote(remote_url,
accept=None, accept=None,
params=None, params=None,
timeout=None, timeout=None,
headers=None): headers=None,
verify=True):
if data is not None and type(data) != str: if data is not None and type(data) != str:
data = json.dumps(data) data = json.dumps(data)
verify = False verify = bool(verify) # enforce type boolean
our_headers = { our_headers = {
'user-agent': 'powerdnsadmin/0', 'user-agent': 'powerdnsadmin/0',
@ -64,13 +65,15 @@ def fetch_json(remote_url,
data=None, data=None,
params=None, params=None,
headers=None, headers=None,
timeout=None): timeout=None,
verify=True):
r = fetch_remote(remote_url, r = fetch_remote(remote_url,
method=method, method=method,
data=data, data=data,
params=params, params=params,
headers=headers, headers=headers,
timeout=timeout, timeout=timeout,
verify=verify,
accept='application/json; q=1') accept='application/json; q=1')
if method == "DELETE": if method == "DELETE":

View File

@ -81,7 +81,8 @@ class Domain(db.Model):
'/servers/localhost/zones/{0}'.format(domain_name)), '/servers/localhost/zones/{0}'.format(domain_name)),
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout'))) Setting().get('pdns_api_timeout')),
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
def get_domains(self): def get_domains(self):
@ -94,7 +95,8 @@ class Domain(db.Model):
urljoin(self.PDNS_STATS_URL, urljoin(self.PDNS_STATS_URL,
self.API_EXTENDED_URL + '/servers/localhost/zones'), self.API_EXTENDED_URL + '/servers/localhost/zones'),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout'))) timeout=int(Setting().get('pdns_api_timeout')),
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
def get_id_by_name(self, name): def get_id_by_name(self, name):
@ -125,7 +127,8 @@ class Domain(db.Model):
urljoin(self.PDNS_STATS_URL, urljoin(self.PDNS_STATS_URL,
self.API_EXTENDED_URL + '/servers/localhost/zones'), self.API_EXTENDED_URL + '/servers/localhost/zones'),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout'))) timeout=int(Setting().get('pdns_api_timeout')),
verify=Setting().get('verify_ssl_connections'))
list_jdomain = [d['name'].rstrip('.') for d in jdata] list_jdomain = [d['name'].rstrip('.') for d in jdata]
current_app.logger.info( current_app.logger.info(
"Found {} entrys in PowerDNS server".format(len(list_jdomain))) "Found {} entrys in PowerDNS server".format(len(list_jdomain)))
@ -233,6 +236,7 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='POST', method='POST',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata.keys(): if 'error' in jdata.keys():
current_app.logger.error(jdata['error']) current_app.logger.error(jdata['error'])
@ -265,7 +269,8 @@ class Domain(db.Model):
'/servers/localhost/zones/{0}'.format( '/servers/localhost/zones/{0}'.format(
domain_dict['name'])), domain_dict['name'])),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout'))) timeout=int(Setting().get('pdns_api_timeout')),
verify=Setting().get('verify_ssl_connections'))
except Exception as e: except Exception as e:
current_app.logger.error('Can not read Domain from PDNS') current_app.logger.error('Can not read Domain from PDNS')
current_app.logger.error(e) current_app.logger.error(e)
@ -325,6 +330,7 @@ class Domain(db.Model):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata.keys(): if 'error' in jdata.keys():
current_app.logger.error(jdata['error']) current_app.logger.error(jdata['error'])
@ -368,6 +374,7 @@ class Domain(db.Model):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata.keys(): if 'error' in jdata.keys():
current_app.logger.error(jdata['error']) current_app.logger.error(jdata['error'])
@ -494,7 +501,8 @@ class Domain(db.Model):
'/servers/localhost/zones/{0}'.format(domain_name)), '/servers/localhost/zones/{0}'.format(domain_name)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='DELETE') method='DELETE',
verify=Setting().get('verify_ssl_connections'))
current_app.logger.info( current_app.logger.info(
'Deleted domain successfully from PowerDNS-Entity: {0}'.format( 'Deleted domain successfully from PowerDNS-Entity: {0}'.format(
domain_name)) domain_name))
@ -587,7 +595,8 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PUT') method='PUT',
verify=Setting().get('verify_ssl_connections'))
return {'status': 'ok', 'msg': r.get('result')} return {'status': 'ok', 'msg': r.get('result')}
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(
@ -617,7 +626,8 @@ class Domain(db.Model):
domain.name)), domain.name)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
if 'error' in jdata: if 'error' in jdata:
return { return {
'status': 'error', 'status': 'error',
@ -655,6 +665,7 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata: if 'error' in jdata:
return { return {
@ -674,6 +685,7 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='POST', method='POST',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata: if 'error' in jdata:
return { return {
@ -719,7 +731,8 @@ class Domain(db.Model):
domain.name, key_id)), domain.name, key_id)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='DELETE') method='DELETE',
verify=Setting().get('verify_ssl_connections'))
if jdata != True: if jdata != True:
return { return {
'status': 'status':
@ -740,6 +753,7 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata: if 'error' in jdata:
return { return {
@ -796,6 +810,7 @@ class Domain(db.Model):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata.keys(): if 'error' in jdata.keys():

View File

@ -52,7 +52,8 @@ class Record(object):
'/servers/localhost/zones/{0}'.format(domain)), '/servers/localhost/zones/{0}'.format(domain)),
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
headers=headers) headers=headers,
verify=Setting().get('verify_ssl_connections'))
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(
"Cannot fetch domain's record data from remote powerdns api. DETAIL: {0}" "Cannot fetch domain's record data from remote powerdns api. DETAIL: {0}"
@ -96,6 +97,7 @@ class Record(object):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=rrset) data=rrset)
current_app.logger.debug(jdata) current_app.logger.debug(jdata)
return {'status': 'ok', 'msg': 'Record was added successfully'} return {'status': 'ok', 'msg': 'Record was added successfully'}
@ -281,6 +283,7 @@ class Record(object):
'/servers/localhost/zones/{0}'.format(domain_name)), '/servers/localhost/zones/{0}'.format(domain_name)),
headers=headers, headers=headers,
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=del_rrsets) data=del_rrsets)
if 'error' in jdata1.keys(): if 'error' in jdata1.keys():
current_app.logger.error( current_app.logger.error(
@ -300,6 +303,7 @@ class Record(object):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=new_rrsets) data=new_rrsets)
if 'error' in jdata2.keys(): if 'error' in jdata2.keys():
current_app.logger.error( current_app.logger.error(
@ -451,6 +455,7 @@ class Record(object):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=data) data=data)
current_app.logger.debug(jdata) current_app.logger.debug(jdata)
return {'status': 'ok', 'msg': 'Record was removed successfully'} return {'status': 'ok', 'msg': 'Record was removed successfully'}
@ -522,6 +527,7 @@ class Record(object):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=data) data=data)
current_app.logger.debug("dyndns data: {0}".format(data)) current_app.logger.debug("dyndns data: {0}".format(data))
return {'status': 'ok', 'msg': 'Record was updated successfully'} return {'status': 'ok', 'msg': 'Record was updated successfully'}
@ -544,7 +550,8 @@ class Record(object):
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
serial = jdata['serial'] serial = jdata['serial']
domain = Domain.query.filter(Domain.name == domain).first() domain = Domain.query.filter(Domain.name == domain).first()

View File

@ -33,7 +33,8 @@ class Server(object):
'/servers/{0}/config'.format(self.server_id)), '/servers/{0}/config'.format(self.server_id)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(
@ -54,7 +55,8 @@ class Server(object):
'/servers/{0}/statistics'.format(self.server_id)), '/servers/{0}/statistics'.format(self.server_id)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(
@ -77,7 +79,8 @@ class Server(object):
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(

View File

@ -32,6 +32,7 @@ class Setting(db.Model):
'pdns_api_key': '', 'pdns_api_key': '',
'pdns_api_timeout': 30, 'pdns_api_timeout': 30,
'pdns_version': '4.1.1', 'pdns_version': '4.1.1',
'verify_ssl_connections': True,
'local_db_enabled': True, 'local_db_enabled': True,
'signup_enabled': True, 'signup_enabled': True,
'verify_user_email': False, 'verify_user_email': False,

View File

@ -501,7 +501,7 @@ def setting_basic():
'pretty_ipv6_ptr', 'dnssec_admins_only', 'pretty_ipv6_ptr', 'dnssec_admins_only',
'allow_user_create_domain', 'bg_domain_updates', 'site_name', 'allow_user_create_domain', 'bg_domain_updates', 'site_name',
'session_timeout', 'warn_session_timeout', 'ttl_options', 'session_timeout', 'warn_session_timeout', 'ttl_options',
'pdns_api_timeout', 'verify_user_email' 'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email'
] ]
return render_template('admin_setting_basic.html', settings=settings) return render_template('admin_setting_basic.html', settings=settings)

View File

@ -144,7 +144,8 @@ def api_login_create_zone():
method='POST', method='POST',
data=request.get_json(force=True), data=request.get_json(force=True),
headers=headers, headers=headers,
accept='application/json; q=1') accept='application/json; q=1',
verify=Setting().get('verify_ssl_connections'))
except Exception as e: except Exception as e:
current_app.logger.error("Cannot create domain. Error: {}".format(e)) current_app.logger.error("Cannot create domain. Error: {}".format(e))
abort(500) abort(500)
@ -219,7 +220,8 @@ def api_login_delete_zone(domain_name):
resp = utils.fetch_remote(urljoin(pdns_api_url, api_full_uri), resp = utils.fetch_remote(urljoin(pdns_api_url, api_full_uri),
method='DELETE', method='DELETE',
headers=headers, headers=headers,
accept='application/json; q=1') accept='application/json; q=1',
verify=Setting().get('verify_ssl_connections'))
if resp.status_code == 204: if resp.status_code == 204:
current_app.logger.debug("Request to powerdns API successful") current_app.logger.debug("Request to powerdns API successful")