Merge branch 'feature/privacy-first'

2024-09-16 13:29:35 +00:00 · 2023-01-24 05:32:38 -05:00 · 2023-01-24 05:32:38 -05:00 · 948973ac83
commit 948973ac83
parent 0c42bdad5f 3a8ad7c444
16 changed files with 100 additions and 84 deletions
--- a/configs/development.py
+++ b/configs/development.py
@ -7,7 +7,6 @@ SALT = '$2b$12$yLUMTIfl21FKJQpTkRQXCu'
 SECRET_KEY = 'e951e5a1f4b94151b360f47edf596dd2'
 BIND_ADDRESS = '0.0.0.0'
 PORT = 9191
 OFFLINE_MODE = False
 ### DATABASE CONFIG
 SQLA_DB_USER = 'pda'
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@ -50,7 +50,6 @@ legal_envvars = (
    'SAML_LOGOUT',
    'SAML_LOGOUT_URL',
    'SAML_ASSERTION_ENCRYPTED',
    'OFFLINE_MODE',
    'REMOTE_USER_LOGOUT_URL',
    'REMOTE_USER_COOKIES',
    'SIGNUP_ENABLED',
@ -77,7 +76,6 @@ legal_envvars_bool = (
    'SAML_WANT_MESSAGE_SIGNED',
    'SAML_LOGOUT',
    'SAML_ASSERTION_ENCRYPTED',
    'OFFLINE_MODE',
    'REMOTE_USER_ENABLED',
    'SIGNUP_ENABLED',
    'LOCAL_DB_ENABLED',
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -15,4 +15,3 @@ services:
      - GUNICORN_TIMEOUT=60
      - GUNICORN_WORKERS=2
      - GUNICORN_LOGLEVEL=DEBUG
      - OFFLINE_MODE=False # True for offline, False for external resources
--- a/powerdnsadmin/init.py
+++ b/powerdnsadmin/init.py
@ -74,8 +74,6 @@ def create_app(config=None):
    app.jinja_env.filters['display_record_name'] = utils.display_record_name
    app.jinja_env.filters['display_master_name'] = utils.display_master_name
    app.jinja_env.filters['display_second_to_time'] = utils.display_time
    app.jinja_env.filters[
        'email_to_gravatar_url'] = utils.email_to_gravatar_url
    app.jinja_env.filters[
        'display_setting_state'] = utils.display_setting_state
    app.jinja_env.filters['pretty_domain_name'] = utils.pretty_domain_name
@ -93,9 +91,4 @@ def create_app(config=None):
        setting = Setting()
        return dict(SETTING=setting)
    @app.context_processor
    def inject_mode():
        setting = app.config.get('OFFLINE_MODE', False)
        return dict(OFFLINE_MODE=setting)
    return app
--- a/powerdnsadmin/default_config.py
+++ b/powerdnsadmin/default_config.py
@ -8,7 +8,6 @@ SECRET_KEY = 'e951e5a1f4b94151b360f47edf596dd2'
 BIND_ADDRESS = '0.0.0.0'
 PORT = 9191
 HSTS_ENABLED = False
 OFFLINE_MODE = False
 FILESYSTEM_SESSIONS_ENABLED = False
 SESSION_COOKIE_SAMESITE = 'Lax'
 CSRF_COOKIE_HTTPONLY = True
--- a/powerdnsadmin/lib/utils.py
+++ b/powerdnsadmin/lib/utils.py
@ -2,14 +2,12 @@ import logging
 import re
 import json
 import requests
 import hashlib
 import ipaddress
 import idna
 from collections.abc import Iterable
 from distutils.version import StrictVersion
 from urllib.parse import urlparse
 from datetime import datetime, timedelta
 def auth_from_url(url):
@ -186,17 +184,6 @@ def pdns_api_extended_uri(version):
        return ""
 def email_to_gravatar_url(email="", size=100):
    """
    AD doesn't necessarily have email
    """
    if email is None:
        email = ""
    hash_string = hashlib.md5(email.encode('utf-8')).hexdigest()
    return "https://s.gravatar.com/avatar/{0}?s={1}".format(hash_string, size)
 def display_setting_state(value):
    if value == 1:
        return "ON"
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@ -193,7 +193,8 @@ class Setting(db.Model):
        'otp_force': False,
        'max_history_records': 1000,
        'deny_domain_override': False,
-        'account_name_extra_chars': False
+        'account_name_extra_chars': False,
        'gravatar_enabled': False,
    }
    def __init__(self, id=None, name=None, value=None):
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@ -1259,20 +1259,41 @@ def history_table():    # ajax call data
@login_required
@operator_role_required
 def setting_basic():
-    if request.method == 'GET':
+    settings = [
-        settings = [
+        'account_name_extra_chars',
-            'maintenance', 'fullscreen_layout', 'record_helper',
+        'allow_user_create_domain',
-            'login_ldap_first', 'default_record_table_size',
+        'allow_user_remove_domain',
-            'default_domain_table_size', 'auto_ptr', 'record_quick_edit',
+        'allow_user_view_history',
-            'pretty_ipv6_ptr', 'dnssec_admins_only',
+        'auto_ptr',
-            'allow_user_create_domain', 'allow_user_remove_domain', 'allow_user_view_history', 'bg_domain_updates', 'site_name',
+        'bg_domain_updates',
-            'session_timeout', 'warn_session_timeout', 'ttl_options',
+        'custom_css',
-            'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email',
+        'default_domain_table_size',
-            'delete_sso_accounts', 'otp_field_enabled', 'custom_css', 'enable_api_rr_history', 'max_history_records', 'otp_force',
+        'default_record_table_size',
-            'deny_domain_override', 'enforce_api_ttl', 'account_name_extra_chars'
+        'delete_sso_accounts',
-        ]
+        'deny_domain_override',
        'dnssec_admins_only',
        'enable_api_rr_history',
        'enforce_api_ttl',
        'fullscreen_layout',
        'gravatar_enabled',
        'login_ldap_first',
        'maintenance',
        'max_history_records',
        'otp_field_enabled',
        'otp_force',
        'pdns_api_timeout',
        'pretty_ipv6_ptr',
        'record_helper',
        'record_quick_edit',
        'session_timeout',
        'site_name',
        'ttl_options',
        'verify_ssl_connections',
        'verify_user_email',
        'warn_session_timeout',
    ]
-        return render_template('admin_setting_basic.html', settings=settings)
+    return render_template('admin_setting_basic.html', settings=settings)
@admin_bp.route('/setting/basic/<path:setting>/edit', methods=['POST'])
--- a/powerdnsadmin/routes/user.py
+++ b/powerdnsadmin/routes/user.py
@ -1,5 +1,10 @@
 import datetime
-from flask import Blueprint, request, render_template, make_response, jsonify, redirect, url_for, g, session, current_app
+import hashlib
 import imghdr
 import mimetypes
 from flask import Blueprint, request, render_template, make_response, jsonify, redirect, url_for, g, session, \
    current_app, after_this_request, abort
 from flask_login import current_user, login_required, login_manager
 from ..models.user import User, Anonymous
@ -96,4 +101,55 @@ def qrcode():
        'Cache-Control': 'no-cache, no-store, must-revalidate',
        'Pragma': 'no-cache',
        'Expires': '0'
-    }
+    }
@user_bp.route('/image', methods=['GET'])
@login_required
 def image():
    """Returns the user profile image or avatar."""
    @after_this_request
    def add_cache_headers(response_):
        """When the response is ok, add cache headers."""
        if 200 <= response_.status_code <= 399:
            response_.cache_control.private = True
            response_.cache_control.max_age = int(datetime.timedelta(days=1).total_seconds())
        return response_
    def return_image(content, content_type=None):
        """Return the given binary image content. Guess the type if not given."""
        if not content_type:
            guess = mimetypes.guess_type('example.' + imghdr.what(None, h=content))
            if guess and guess[0]:
                content_type = guess[0]
        return content, 200, {'Content-Type': content_type}
    # To prevent "cache poisoning", the username query parameter is required
    if request.args.get('username', None) != current_user.username:
        abort(400)
    setting = Setting()
    if session['authentication_type'] == 'LDAP':
        search_filter = '(&({0}={1}){2})'.format(setting.get('ldap_filter_username'),
                                                 current_user.username,
                                                 setting.get('ldap_filter_basic'))
        result = User().ldap_search(search_filter, setting.get('ldap_base_dn'))
        if result and result[0] and result[0][0] and result[0][0][1]:
            user_obj = result[0][0][1]
            for key in ['jpegPhoto', 'thumbnailPhoto']:
                if key in user_obj and user_obj[key] and user_obj[key][0]:
                    current_app.logger.debug(f'Return {key} from ldap as user image')
                    return return_image(user_obj[key][0])
    email = current_user.email
    if email and setting.get('gravatar_enabled'):
        hash_ = hashlib.md5(email.encode('utf-8')).hexdigest()
        url = f'https://s.gravatar.com/avatar/{hash_}?s=100'
        current_app.logger.debug('Redirect user image request to gravatar')
        return redirect(url, 307)
    # Fallback to the local default image
    return current_app.send_static_file('img/user_image.png')
--- a/powerdnsadmin/static/custom/css/custom.css
+++ b/powerdnsadmin/static/custom/css/custom.css
@ -42,15 +42,6 @@ table td {
    background-position: center;
 }
 .navbar-nav>.user-menu>.dropdown-menu>li.user-header>img.img-circle.offline {
    filter: brightness(0);
    border-color: black;
 }
 .navbar-nav>.user-menu .user-image.offline {
    filter: brightness(0);
 }
 .search-input {
    width: 100%;
 }
--- a/powerdnsadmin/static/img/gravatar.png
+++ b/powerdnsadmin/static/img/gravatar.png
--- a/powerdnsadmin/static/img/user_image.png
+++ b/powerdnsadmin/static/img/user_image.png
--- a/powerdnsadmin/templates/admin_pdns_stats.html
+++ b/powerdnsadmin/templates/admin_pdns_stats.html
@ -35,7 +35,7 @@
                        <tbody>
                            {% for statistic in statistics %}
                            <tr class="odd gradeX">
-                                <td><a href="https://google.com/search?q=site:doc.powerdns.com+{{ statistic['name'] }}"
+                                <td><a href="https://doc.powerdns.com/authoritative/search.html?q={{ statistic['name'] }}"
                                        target="_blank" class="btn btn-flat btn-xs blue"><i
                                            class="fa fa-search"></i></a></td>
                                <td>{{ statistic['name'] }}</td>
@ -70,7 +70,7 @@
                        <tbody>
                            {% for config in configs %}
                            <tr class="odd gradeX">
-                                <td><a href="https://google.com/search?q=site:doc.powerdns.com+{{ config['name'] }}"
+                                <td><a href="https://doc.powerdns.com/authoritative/search.html?q={{ config['name'] }}"
                                        target="_blank" class="btn btn-flat btn-xs blue"><i
                                            class="fa fa-search"></i></a></td>
                                <td>{{ config['name'] }}</td>
--- a/powerdnsadmin/templates/base.html
+++ b/powerdnsadmin/templates/base.html
@ -8,13 +8,8 @@
  {% block title %}<title>{{ SITE_NAME }}</title>{% endblock %}
  <link rel="stylesheet" href="{{ url_for('static', filename='assets/css/style.css') }}">
  <!--  Get Google Fonts we like -->
  {% if OFFLINE_MODE %}
  <link rel="stylesheet" href="{{ url_for('static', filename='assets/css/source_sans_pro.css') }}">
  <link rel="stylesheet" href="{{ url_for('static', filename='assets/css/roboto_mono.css') }}">
  {% else %}
  <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
  <link rel="stylesheet" href="//fonts.googleapis.com/css?family=Roboto+Mono:400,300,700">
  {% endif %}
  <!-- Tell the browser to be responsive to screen width -->
  <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
  <!-- Tell Safari to not recognise telephone numbers -->
@ -25,20 +20,10 @@
 {% if SETTING.get('custom_css') %}
  <link rel="stylesheet" href="/static/custom/{{ SETTING.get('custom_css') }}">
 {% endif %}
  <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
  <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
  <!--[if lt IE 9]>
  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
  <![endif]-->
  {% endblock %}
 </head>
 <body class="hold-transition skin-blue sidebar-mini {% if not SETTING.get('fullscreen_layout') %}layout-boxed{% endif %}">
-  {% if OFFLINE_MODE %}
+{% set user_image_url = url_for('user.image', username=current_user.username) %}
  {% set gravatar_url = url_for('static', filename='img/gravatar.png') %}
  {% elif current_user.email is defined %}
  {% set gravatar_url = current_user.email|email_to_gravatar_url(size=80) %}
  {% endif %}
 <div class="wrapper">
  {% block pageheader %}
  <header class="main-header">
@ -62,14 +47,14 @@
          <!-- User Account: style can be found in dropdown.less -->
          <li class="dropdown user user-menu">
            <a href="#" class="dropdown-toggle" data-toggle="dropdown">
-              <img src="{{ gravatar_url }}" class="user-image {{ 'offline' if OFFLINE_MODE }}" alt="User Image"/>
+              <img src="{{ user_image_url }}" class="user-image" alt="User Image"/>
              <span class="hidden-xs">
                {{ current_user.firstname }}
              </span>
            </a>
            <ul class="dropdown-menu">
                <li class="user-header">
-                  <img src="{{ gravatar_url }}" class="img-circle {{ 'offline' if OFFLINE_MODE }}" alt="User Image"/>
+                  <img src="{{ user_image_url }}" class="img-circle" alt="User Image"/>
                  <p>
                    {{ current_user.firstname }} {{ current_user.lastname }}
                    <small>{{ current_user.role.name }}</small>
@ -100,7 +85,7 @@
    {% if current_user.id is defined %}
      <div class="user-panel">
        <div class="pull-left image">
-          <img src="{{ gravatar_url }}" class="img-circle" alt="User Image"/>
+          <img src="{{ user_image_url }}" class="img-circle" alt="User Image"/>
        </div>
        <div class="pull-left info">
          <p>{{ current_user.firstname }} {{ current_user.lastname }}</p>
--- a/powerdnsadmin/templates/login.html
+++ b/powerdnsadmin/templates/login.html
@ -15,12 +15,6 @@
 {% if SETTING.get('custom_css') %}
  <link rel="stylesheet" href="/static/custom/{{ SETTING.get('custom_css') }}">
 {% endif %}
  <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
  <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
  <!--[if lt IE 9]>
  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
  <![endif]-->
 </head>
 <body class="hold-transition login-page">
--- a/powerdnsadmin/templates/register.html
+++ b/powerdnsadmin/templates/register.html
@ -11,13 +11,6 @@
  {% assets "css_login" -%}
  <link rel="stylesheet" href="{{ ASSET_URL }}">
  {%- endassets %}
  <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
  <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
  <!--[if lt IE 9]>
  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
  <![endif]-->
 </head>
 <body class="hold-transition register-page">