diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
index 4c005da..943d3a3 100644
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@@ -6,6 +6,7 @@ name: MegaLinter
on:
push:
branches-ignore:
+ - "*"
- "dev"
- "main"
- "master"
diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py
index 6b46817..2b1c7d7 100644
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@@ -28,8 +28,8 @@ class Setting(db.Model):
'allow_user_create_domain': False,
'allow_user_remove_domain': False,
'allow_user_view_history': False,
- 'delete_sso_accounts': False,
'custom_history_header': '',
+ 'delete_sso_accounts': False,
'bg_domain_updates': False,
'enable_api_rr_history': True,
'preserve_history': False,
@@ -45,7 +45,7 @@ class Setting(db.Model):
'local_db_enabled': True,
'signup_enabled': True,
'autoprovisioning': False,
- 'urn_value':'',
+ 'urn_value': '',
'autoprovisioning_attribute': '',
'purge': False,
'verify_user_email': False,
@@ -70,15 +70,19 @@ class Setting(db.Model):
'github_oauth_scope': 'email',
'github_oauth_api_url': 'https://api.github.com/user',
'github_oauth_token_url':
- 'https://github.com/login/oauth/access_token',
+ 'https://github.com/login/oauth/access_token',
'github_oauth_authorize_url':
- 'https://github.com/login/oauth/authorize',
+ 'https://github.com/login/oauth/authorize',
+ 'github_oauth_jwks_url': '',
+ 'github_oauth_metadata_url': '',
'google_oauth_enabled': False,
'google_oauth_client_id': '',
'google_oauth_client_secret': '',
'google_token_url': 'https://oauth2.googleapis.com/token',
'google_oauth_scope': 'openid email profile',
'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth',
+ 'google_oauth_jwks_url': '',
+ 'google_oauth_metadata_url': '',
'google_base_url': 'https://www.googleapis.com/oauth2/v3/',
'azure_oauth_enabled': False,
'azure_oauth_key': '',
@@ -86,9 +90,11 @@ class Setting(db.Model):
'azure_oauth_scope': 'User.Read openid email profile',
'azure_oauth_api_url': 'https://graph.microsoft.com/v1.0/',
'azure_oauth_token_url':
- 'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
+ 'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token',
'azure_oauth_authorize_url':
- 'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
+ 'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize',
+ 'azure_oauth_jwks_url': '',
+ 'azure_oauth_metadata_url': '',
'azure_sg_enabled': False,
'azure_admin_group': '',
'azure_operator_group': '',
@@ -105,6 +111,7 @@ class Setting(db.Model):
'oidc_oauth_api_url': '',
'oidc_oauth_token_url': '',
'oidc_oauth_authorize_url': '',
+ 'oidc_oauth_jwks_url': '',
'oidc_oauth_metadata_url': '',
'oidc_oauth_logout_url': '',
'oidc_oauth_username': 'preferred_username',
@@ -285,7 +292,7 @@ class Setting(db.Model):
result = self.query.filter(Setting.name == setting).first()
if result is not None:
- if hasattr(result,'value'):
+ if hasattr(result, 'value'):
result = result.value
return strtobool(result) if result in [
'True', 'False'
diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py
index 759316f..4333977 100644
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@@ -1637,12 +1637,16 @@ def setting_authentication():
request.form.get('google_oauth_client_id'))
Setting().set('google_oauth_client_secret',
request.form.get('google_oauth_client_secret'))
+ Setting().set('google_oauth_metadata_url',
+ request.form.get('google_oauth_metadata_url'))
Setting().set('google_token_url',
request.form.get('google_token_url'))
Setting().set('google_oauth_scope',
request.form.get('google_oauth_scope'))
Setting().set('google_authorize_url',
request.form.get('google_authorize_url'))
+ Setting().set('google_oauth_jwks_url',
+ request.form.get('google_oauth_jwks_url'))
Setting().set('google_base_url',
request.form.get('google_base_url'))
result = {
@@ -1670,10 +1674,14 @@ def setting_authentication():
request.form.get('github_oauth_scope'))
Setting().set('github_oauth_api_url',
request.form.get('github_oauth_api_url'))
+ Setting().set('github_oauth_metadata_url',
+ request.form.get('github_oauth_metadata_url'))
Setting().set('github_oauth_token_url',
request.form.get('github_oauth_token_url'))
Setting().set('github_oauth_authorize_url',
request.form.get('github_oauth_authorize_url'))
+ Setting().set('github_oauth_jwks_url',
+ request.form.get('github_oauth_jwks_url'))
result = {
'status': True,
'msg':
@@ -1699,10 +1707,14 @@ def setting_authentication():
request.form.get('azure_oauth_scope'))
Setting().set('azure_oauth_api_url',
request.form.get('azure_oauth_api_url'))
+ Setting().set('azure_oauth_metadata_url',
+ request.form.get('azure_oauth_metadata_url'))
Setting().set('azure_oauth_token_url',
request.form.get('azure_oauth_token_url'))
Setting().set('azure_oauth_authorize_url',
request.form.get('azure_oauth_authorize_url'))
+ Setting().set('azure_oauth_jwks_url',
+ request.form.get('azure_oauth_jwks_url'))
Setting().set(
'azure_sg_enabled', True
if request.form.get('azure_sg_enabled') == 'ON' else False)
@@ -1750,12 +1762,14 @@ def setting_authentication():
request.form.get('oidc_oauth_scope'))
Setting().set('oidc_oauth_api_url',
request.form.get('oidc_oauth_api_url'))
+ Setting().set('oidc_oauth_metadata_url',
+ request.form.get('oidc_oauth_metadata_url'))
Setting().set('oidc_oauth_token_url',
request.form.get('oidc_oauth_token_url'))
Setting().set('oidc_oauth_authorize_url',
request.form.get('oidc_oauth_authorize_url'))
- Setting().set('oidc_oauth_metadata_url',
- request.form.get('oidc_oauth_metadata_url'))
+ Setting().set('oidc_oauth_jwks_url',
+ request.form.get('oidc_oauth_jwks_url'))
Setting().set('oidc_oauth_logout_url',
request.form.get('oidc_oauth_logout_url'))
Setting().set('oidc_oauth_username',
diff --git a/powerdnsadmin/services/azure.py b/powerdnsadmin/services/azure.py
index 46fb1af..c1fb626 100644
--- a/powerdnsadmin/services/azure.py
+++ b/powerdnsadmin/services/azure.py
@@ -23,6 +23,8 @@ def azure_oauth():
request_token_url=None,
access_token_url=Setting().get('azure_oauth_token_url'),
authorize_url=Setting().get('azure_oauth_authorize_url'),
+ jwks_url=Setting().get('azure_oauth_jwks_url'),
+ server_metadata_url=Setting().get('azure_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('azure_oauth_scope')},
fetch_token=fetch_azure_token,
)
diff --git a/powerdnsadmin/services/github.py b/powerdnsadmin/services/github.py
index cf615e8..13c2f00 100644
--- a/powerdnsadmin/services/github.py
+++ b/powerdnsadmin/services/github.py
@@ -24,6 +24,8 @@ def github_oauth():
request_token_url=None,
access_token_url=Setting().get('github_oauth_token_url'),
authorize_url=Setting().get('github_oauth_authorize_url'),
+ jwks_url=Setting().get('github_oauth_jwks_url'),
+ server_metadata_url=Setting().get('github_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('github_oauth_scope')},
fetch_token=fetch_github_token,
update_token=update_token)
diff --git a/powerdnsadmin/services/google.py b/powerdnsadmin/services/google.py
index 68775a2..fc9af12 100644
--- a/powerdnsadmin/services/google.py
+++ b/powerdnsadmin/services/google.py
@@ -23,6 +23,8 @@ def google_oauth():
request_token_url=None,
access_token_url=Setting().get('google_token_url'),
authorize_url=Setting().get('google_authorize_url'),
+ jwks_url=Setting().get('google_oauth_jwks_url'),
+ server_metadata_url=Setting().get('google_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('google_oauth_scope')},
fetch_token=fetch_google_token,
update_token=update_token)
diff --git a/powerdnsadmin/services/oidc.py b/powerdnsadmin/services/oidc.py
index b5da89e..432457f 100644
--- a/powerdnsadmin/services/oidc.py
+++ b/powerdnsadmin/services/oidc.py
@@ -23,6 +23,7 @@ def oidc_oauth():
request_token_url=None,
access_token_url=Setting().get('oidc_oauth_token_url'),
authorize_url=Setting().get('oidc_oauth_authorize_url'),
+ jwks_url=Setting().get('oidc_oauth_jwks_url'),
server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
fetch_token=fetch_oidc_token,
diff --git a/powerdnsadmin/templates/admin_setting_authentication.html b/powerdnsadmin/templates/admin_setting_authentication.html
index 26d9a72..7675797 100644
--- a/powerdnsadmin/templates/admin_setting_authentication.html
+++ b/powerdnsadmin/templates/admin_setting_authentication.html
@@ -630,9 +630,16 @@
value="{{ SETTING.get('google_oauth_client_secret') }}">
-
-
-
@@ -871,9 +907,6 @@
value="{{ SETTING.get('azure_oauth_secret') }}">
-
-