diff --git a/app/models.py b/app/models.py index e939343..41a4a13 100644 --- a/app/models.py +++ b/app/models.py @@ -23,19 +23,6 @@ from app.lib import utils logging = logger.getLogger(__name__) -if 'LDAP_TYPE' in app.config.keys(): - LDAP_URI = app.config['LDAP_URI'] - LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE'] - LDAP_TYPE = app.config['LDAP_TYPE'] - LDAP_FILTER = app.config['LDAP_FILTER'] - LDAP_USERNAMEFIELD = app.config['LDAP_USERNAMEFIELD'] - - LDAP_GROUP_SECURITY = app.config.get('LDAP_GROUP_SECURITY') - if LDAP_GROUP_SECURITY == True: - LDAP_ADMIN_GROUP = app.config['LDAP_ADMIN_GROUP'] - LDAP_USER_GROUP = app.config['LDAP_USER_GROUP'] -else: - LDAP_TYPE = False if 'PRETTY_IPV6_PTR' in app.config.keys(): import dns.inet @@ -147,7 +134,7 @@ class User(db.Model): def ldap_init_conn(self): ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) - conn = ldap.initialize(LDAP_URI) + conn = ldap.initialize(Setting().get('ldap_uri')) conn.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF) conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3) conn.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND) @@ -162,7 +149,7 @@ class User(db.Model): try: conn = self.ldap_init_conn() - conn.simple_bind_s(app.config['LDAP_ADMIN_USERNAME'], app.config['LDAP_ADMIN_PASSWORD']) + conn.simple_bind_s(Setting().get('ldap_admin_username'), Setting().get('ldap_admin_password')) ldap_result_id = conn.search(baseDN, searchScope, searchFilter, retrieveAttributes) result_set = [] @@ -177,6 +164,8 @@ class User(db.Model): except ldap.LDAPError as e: logging.error(e) + logging.debug('baseDN: {0}'.format(baseDN)) + logging.debug(traceback.format_exc()) raise def ldap_auth(self, ldap_username, password): @@ -207,34 +196,38 @@ class User(db.Model): if method == 'LDAP': isadmin = False - if not LDAP_TYPE: - logging.error('LDAP authentication is disabled') - return False + LDAP_TYPE = Setting().get('ldap_type') + LDAP_BASE_DN = Setting().get('ldap_base_dn') + LDAP_FILTER_BASIC = Setting().get('ldap_filter_basic') + LDAP_FILTER_USERNAME = Setting().get('ldap_filter_username') + LDAP_ADMIN_GROUP = Setting().get('ldap_admin_group') + LDAP_USER_GROUP = Setting().get('ldap_user_group') + LDAP_GROUP_SECURITY_ENABLED = Setting().get('ldap_sg_enabled') if LDAP_TYPE == 'ldap': - searchFilter = "(&({0}={1}){2})".format(LDAP_USERNAMEFIELD, self.username, LDAP_FILTER) + searchFilter = "(&({0}={1}){2})".format(LDAP_FILTER_USERNAME, self.username, LDAP_FILTER_BASIC) logging.debug('Ldap searchFilter "{0}"'.format(searchFilter)) elif LDAP_TYPE == 'ad': - searchFilter = "(&(objectcategory=person)({0}={1}){2})".format(LDAP_USERNAMEFIELD, self.username, LDAP_FILTER) + searchFilter = "(&(objectcategory=person)({0}={1}){2})".format(LDAP_FILTER_USERNAME, self.username, LDAP_FILTER_BASIC) - ldap_result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE) + ldap_result = self.ldap_search(searchFilter, LDAP_BASE_DN) if not ldap_result: logging.warning('LDAP User "{0}" does not exist. Authentication request from {1}'.format(self.username, src_ip)) return False else: try: ldap_username = ldap.filter.escape_filter_chars(ldap_result[0][0][0]) - # check if LDAP_SECURITY_GROUP is enabled + # check if LDAP_GROUP_SECURITY_ENABLED is True # user can be assigned to ADMIN or USER role. - if LDAP_GROUP_SECURITY: + if LDAP_GROUP_SECURITY_ENABLED: try: if (self.ldap_search(searchFilter, LDAP_ADMIN_GROUP)): isadmin = True - logging.info('User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'.format(self.username,LDAP_ADMIN_GROUP)) + logging.info('User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'.format(self.username, LDAP_ADMIN_GROUP)) elif (self.ldap_search(searchFilter, LDAP_USER_GROUP)): - logging.info('User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'.format(self.username,LDAP_USER_GROUP)) + logging.info('User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'.format(self.username, LDAP_USER_GROUP)) else: - logging.error('User {0} is not part of the "{1}" or "{2}" groups that allow access to PowerDNS-Admin'.format(self.username,LDAP_ADMIN_GROUP,LDAP_USER_GROUP)) + logging.error('User {0} is not part of the "{1}" or "{2}" groups that allow access to PowerDNS-Admin'.format(self.username, LDAP_ADMIN_GROUP, LDAP_USER_GROUP)) return False except Exception as e: logging.error('LDAP group lookup for user "{0}" has failed. Authentication request from {1}'.format(self.username, src_ip)) @@ -256,13 +249,12 @@ class User(db.Model): self.firstname = self.username self.lastname = '' try: - # try to get user's firstname & lastname from LDAP - # this might be changed in the future + # try to get user's firstname, lastname and email address from LDAP attributes self.firstname = ldap_result[0][0][1]['givenName'][0].decode("utf-8") self.lastname = ldap_result[0][0][1]['sn'][0].decode("utf-8") self.email = ldap_result[0][0][1]['mail'][0].decode("utf-8") except Exception as e: - logging.info("Reading ldap data threw an exception {0}".format(e)) + logging.warning("Reading ldap data threw an exception {0}".format(e)) logging.debug(traceback.format_exc()) # first register user will be in Administrator role @@ -271,7 +263,7 @@ class User(db.Model): self.role_id = Role.query.filter_by(name='Administrator').first().id # user will be in Administrator role if part of LDAP Admin group - if LDAP_GROUP_SECURITY: + if LDAP_GROUP_SECURITY_ENABLED: if isadmin == True: self.role_id = Role.query.filter_by(name='Administrator').first().id @@ -279,7 +271,7 @@ class User(db.Model): logging.info('Created user "{0}" in the DB'.format(self.username)) # user already exists in database, set their admin status based on group membership (if enabled) - if LDAP_GROUP_SECURITY: + if LDAP_GROUP_SECURITY_ENABLED: self.set_admin(isadmin) self.update_profile() return True @@ -951,7 +943,7 @@ class Domain(db.Model): domain_obj = Domain.query.filter(Domain.name == domain_name).first() domain_auto_ptr = DomainSetting.query.filter(DomainSetting.domain == domain_obj).filter(DomainSetting.setting == 'auto_ptr').first() domain_auto_ptr = strtobool(domain_auto_ptr.value) if domain_auto_ptr else False - system_auto_ptr = strtobool(Setting().get('auto_ptr')) + system_auto_ptr = Setting().get('auto_ptr') self.name = domain_name domain_id = self.get_id_by_name(domain_reverse_name) if None == domain_id and \ @@ -1504,8 +1496,8 @@ class Record(object): }) postdata_for_new = {"rrsets": final_records} - logging.info(postdata_for_new) - logging.info(postdata_for_delete) + logging.debug(postdata_for_new) + logging.debug(postdata_for_delete) logging.info(urljoin(PDNS_STATS_URL, API_EXTENDED_URL + '/servers/localhost/zones/{0}'.format(domain))) try: headers = {} @@ -1523,7 +1515,8 @@ class Record(object): logging.info('Record was applied successfully.') return {'status': 'ok', 'msg': 'Record was applied successfully'} except Exception as e: - logging.error("Cannot apply record changes to domain {0}. DETAIL: {1}".format(e, domain)) + logging.error("Cannot apply record changes to domain {0}. Error: {1}".format(domain, e)) + logging.debug(traceback.format_exc()) return {'status': 'error', 'msg': 'There was something wrong, please contact administrator'} def auto_ptr(self, domain, new_records, deleted_records): @@ -1534,7 +1527,7 @@ class Record(object): domain_auto_ptr = DomainSetting.query.filter(DomainSetting.domain == domain_obj).filter(DomainSetting.setting == 'auto_ptr').first() domain_auto_ptr = strtobool(domain_auto_ptr.value) if domain_auto_ptr else False - system_auto_ptr = strtobool(Setting().get('auto_ptr')) + system_auto_ptr = Setting().get('auto_ptr') if system_auto_ptr or domain_auto_ptr: try: @@ -1785,6 +1778,7 @@ class Setting(db.Model): 'default_domain_table_size': 10, 'auto_ptr': False, 'allow_quick_edit': True, + 'site_name': 'PowerDNS-Admin', 'pdns_api_url': '', 'pdns_api_key': '', 'pdns_version': '4.1.1', @@ -1793,6 +1787,7 @@ class Setting(db.Model): 'ldap_enabled': False, 'ldap_type': 'ldap', 'ldap_uri': '', + 'ldap_base_dn': '', 'ldap_admin_username': '', 'ldap_admin_password': '', 'ldap_filter_basic': '', diff --git a/app/templates/admin.html b/app/templates/admin.html index 8677b9d..3d7a917 100644 --- a/app/templates/admin.html +++ b/app/templates/admin.html @@ -1,6 +1,6 @@ {% extends "base.html" %} {% set active_page = "admin_console" %} -{% block title %}DNS Control Panel - Admin Console{% endblock %} +{% block title %}Admin Console - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %} diff --git a/app/templates/admin_editaccount.html b/app/templates/admin_editaccount.html index 68be658..7a46a89 100644 --- a/app/templates/admin_editaccount.html +++ b/app/templates/admin_editaccount.html @@ -1,6 +1,6 @@ {% extends "base.html" %} {% set active_page = "admin_accounts" %} -{% block title %}DNS Control Panel - Edit Account{% endblock %} +{% block title %}Edit Account - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %} diff --git a/app/templates/admin_edituser.html b/app/templates/admin_edituser.html index 7e10445..d374d22 100644 --- a/app/templates/admin_edituser.html +++ b/app/templates/admin_edituser.html @@ -1,6 +1,6 @@ {% extends "base.html" %} {% set active_page = "admin_users" %} -{% block title %}DNS Control Panel - Edit User{% endblock %} +{% block title %}Edit Use - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %} diff --git a/app/templates/admin_history.html b/app/templates/admin_history.html index a515d02..936cc7a 100644 --- a/app/templates/admin_history.html +++ b/app/templates/admin_history.html @@ -1,7 +1,7 @@ {% extends "base.html" %} {% set active_page = "admin_history" %} {% block title %} -DNS Control Panel - History +History - {{ SITE_NAME }} {% endblock %} {% block dashboard_stat %}
diff --git a/app/templates/admin_manageaccount.html b/app/templates/admin_manageaccount.html index d439ba9..579d463 100644 --- a/app/templates/admin_manageaccount.html +++ b/app/templates/admin_manageaccount.html @@ -1,7 +1,7 @@ {% extends "base.html" %} {% set active_page = "admin_accounts" %} {% block title %} -DNS Control Panel - Account Management +Account Management - {{ SITE_NAME }} {% endblock %} {% block dashboard_stat %}

diff --git a/app/templates/admin_manageuser.html b/app/templates/admin_manageuser.html index 005060c..653738e 100644 --- a/app/templates/admin_manageuser.html +++ b/app/templates/admin_manageuser.html @@ -1,7 +1,7 @@ {% extends "base.html" %} {% set active_page = "admin_users" %} {% block title %} -DNS Control Panel - User Management +User Management - {{ SITE_NAME }} {% endblock %} {% block dashboard_stat %}

diff --git a/app/templates/admin_setting_authentication.html b/app/templates/admin_setting_authentication.html index 4be5437..32e9b05 100644 --- a/app/templates/admin_setting_authentication.html +++ b/app/templates/admin_setting_authentication.html @@ -1,7 +1,7 @@ {% extends "base.html" %} {% set active_page = "admin_settings" %} {% block title %} -DNS Control Panel - Authentication Settings +Authentication Settings - {{ SITE_NAME }} {% endblock %} {% block dashboard_stat %}
@@ -79,13 +79,17 @@ +
+ + +
- +
diff --git a/app/templates/admin_setting_basic.html b/app/templates/admin_setting_basic.html index a885d12..b289f75 100644 --- a/app/templates/admin_setting_basic.html +++ b/app/templates/admin_setting_basic.html @@ -1,7 +1,7 @@ {% extends "base.html" %} {% set active_page = "admin_settings" %} {% block title %} -DNS Control Panel - Basic Settings +Basic Settings - {{ SITE_NAME }} {% endblock %} {% block dashboard_stat %}
diff --git a/app/templates/admin_setting_pdns.html b/app/templates/admin_setting_pdns.html index ba77b65..2508859 100644 --- a/app/templates/admin_setting_pdns.html +++ b/app/templates/admin_setting_pdns.html @@ -1,7 +1,7 @@ {% extends "base.html" %} {% set active_page = "admin_settings" %} {% block title %} -DNS Control Panel - PDNS Settings +PDNS Settings - {{ SITE_NAME }} {% endblock %} {% block dashboard_stat %}
diff --git a/app/templates/base.html b/app/templates/base.html index ed9022c..4cc88d7 100644 --- a/app/templates/base.html +++ b/app/templates/base.html @@ -4,7 +4,7 @@ {% block head %} - {% block title %}DNS Control Panel{% endblock %} + {% block title %}{{ SITE_NAME }}{% endblock %} diff --git a/app/templates/dashboard.html b/app/templates/dashboard.html index cf771fc..364883e 100644 --- a/app/templates/dashboard.html +++ b/app/templates/dashboard.html @@ -1,6 +1,6 @@ {% extends "base.html" %} {% set active_page = "dashboard" %} -{% block title %}DNS Control Panel - HOME{% endblock %} +{% block title %}Dashboard - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %} diff --git a/app/templates/domain.html b/app/templates/domain.html index c6f62be..9d4a94d 100644 --- a/app/templates/domain.html +++ b/app/templates/domain.html @@ -1,5 +1,5 @@ {% extends "base.html" %} -{% block title %}{{ domain.name }} - DNS Control Panel{% endblock %} +{% block title %}{{ domain.name }} - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %}
diff --git a/app/templates/domain_add.html b/app/templates/domain_add.html index 516fbd1..39d5f8e 100644 --- a/app/templates/domain_add.html +++ b/app/templates/domain_add.html @@ -1,6 +1,6 @@ {% extends "base.html" %} {% set active_page = "new_domain" %} -{% block title %}DNS Control Panel - Add Domain{% endblock %} +{% block title %}Add Domain - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %} diff --git a/app/templates/domain_management.html b/app/templates/domain_management.html index 23589e0..0cbb9bc 100644 --- a/app/templates/domain_management.html +++ b/app/templates/domain_management.html @@ -1,5 +1,5 @@ {% extends "base.html" %} -{% block title %}DNS Control Panel - Domain Management{% endblock %} +{% block title %}Domain Management - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %} {% if status %} diff --git a/app/templates/login.html b/app/templates/login.html index e5f4a00..be201df 100644 --- a/app/templates/login.html +++ b/app/templates/login.html @@ -3,7 +3,7 @@ - DNS Control Panel - Log In + Log In - {{ SITE_NAME }} {% assets "css_login" -%} @@ -20,7 +20,7 @@ diff --git a/app/templates/register.html b/app/templates/register.html index 24b347b..0efc19f 100644 --- a/app/templates/register.html +++ b/app/templates/register.html @@ -3,7 +3,7 @@ - DNS Control Panel - Register + Register - {{ SITE_NAME }} {% assets "css_login" -%} @@ -77,7 +77,7 @@ diff --git a/app/templates/template.html b/app/templates/template.html index 2f4b15d..4f1e1fe 100644 --- a/app/templates/template.html +++ b/app/templates/template.html @@ -1,6 +1,6 @@ {% extends "base.html" %} {% set active_page = "admin_domain_template" %} -{% block title %}DNS Control Panel - Templates{% endblock %} +{% block title %}Templates - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %} diff --git a/app/templates/template_add.html b/app/templates/template_add.html index c1efef4..35dfda5 100644 --- a/app/templates/template_add.html +++ b/app/templates/template_add.html @@ -1,6 +1,6 @@ {% extends "base.html" %} {% set active_page = "admin_domain_template" %} -{% block title %}DNS Control Panel - Create Template{% endblock %} +{% block title %}Create Template - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %} diff --git a/app/templates/template_edit.html b/app/templates/template_edit.html index e6224ab..69a6c7c 100644 --- a/app/templates/template_edit.html +++ b/app/templates/template_edit.html @@ -1,6 +1,6 @@ {% extends "base.html" %} {% set active_page = "admin_domain_template" %} -{% block title %}DNS Control Panel - Edit Template{% endblock %} +{% block title %}Edit Template - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %}
diff --git a/app/templates/user_profile.html b/app/templates/user_profile.html index 37ec41d..80a8504 100644 --- a/app/templates/user_profile.html +++ b/app/templates/user_profile.html @@ -1,5 +1,5 @@ {% extends "base.html" %} -{% block title %}DNS Control Panel - My Profile{% endblock %} +{% block title %}My Profile - {{ SITE_NAME }}{% endblock %} {% block dashboard_stat %}
diff --git a/app/views.py b/app/views.py index 50e4c63..8066293 100644 --- a/app/views.py +++ b/app/views.py @@ -43,6 +43,11 @@ else: NEW_SCHEMA = False +@app.context_processor +def inject_sitename(): + setting = Setting().get('site_name') + return dict(SITE_NAME=setting) + @app.context_processor def inject_setting(): setting = Setting() @@ -134,8 +139,7 @@ def error(code, msg=None): @app.route('/register', methods=['GET']) def register(): - SIGNUP_ENABLED = app.config['SIGNUP_ENABLED'] - if SIGNUP_ENABLED: + if Setting().get('signup_enabled'): return render_template('register.html') else: return render_template('errors/404.html'), 404 @@ -268,11 +272,6 @@ def saml_authorized(): @login_manager.unauthorized_handler def login(): LOGIN_TITLE = app.config['LOGIN_TITLE'] if 'LOGIN_TITLE' in app.config.keys() else '' - BASIC_ENABLED = app.config['BASIC_ENABLED'] - SIGNUP_ENABLED = app.config['SIGNUP_ENABLED'] - LDAP_ENABLED = app.config.get('LDAP_ENABLED') - GITHUB_ENABLE = app.config.get('GITHUB_OAUTH_ENABLE') - GOOGLE_ENABLE = app.config.get('GOOGLE_OAUTH_ENABLE') SAML_ENABLED = app.config.get('SAML_ENABLED') if g.user is not None and current_user.is_authenticated: @@ -323,13 +322,7 @@ def login(): return redirect(url_for('index')) if request.method == 'GET': - return render_template('login.html', github_enabled=GITHUB_ENABLE, - google_enabled=GOOGLE_ENABLE, - saml_enabled=SAML_ENABLED, - ldap_enabled=LDAP_ENABLED, - login_title=LOGIN_TITLE, - basic_enabled=BASIC_ENABLED, - signup_enabled=SIGNUP_ENABLED) + return render_template('login.html', saml_enabled=SAML_ENABLED) # process login username = request.form['username'] @@ -357,46 +350,18 @@ def login(): try: auth = user.is_validate(method=auth_method, src_ip=request.remote_addr) if auth == False: - return render_template('login.html', error='Invalid credentials', - github_enabled=GITHUB_ENABLE, - google_enabled=GOOGLE_ENABLE, - saml_enabled=SAML_ENABLED, - ldap_enabled=LDAP_ENABLED, - login_title=LOGIN_TITLE, - basic_enabled=BASIC_ENABLED, - signup_enabled=SIGNUP_ENABLED) + return render_template('login.html', saml_enabled=SAML_ENABLED, error='Invalid credentials') except Exception as e: - return render_template('login.html', error=e, - github_enabled=GITHUB_ENABLE, - google_enabled=GOOGLE_ENABLE, - saml_enabled=SAML_ENABLED, - ldap_enabled=LDAP_ENABLED, - login_title=LOGIN_TITLE, - basic_enabled=BASIC_ENABLED, - signup_enabled=SIGNUP_ENABLED) + return render_template('login.html', saml_enabled=SAML_ENABLED, error=e) # check if user enabled OPT authentication if user.otp_secret: if otp_token and otp_token.isdigit(): good_token = user.verify_totp(otp_token) if not good_token: - return render_template('login.html', error='Invalid credentials', - github_enabled=GITHUB_ENABLE, - google_enabled=GOOGLE_ENABLE, - saml_enabled=SAML_ENABLED, - ldap_enabled=LDAP_ENABLED, - login_title=LOGIN_TITLE, - basic_enabled=BASIC_ENABLED, - signup_enabled=SIGNUP_ENABLED) + return render_template('login.html', saml_enabled=SAML_ENABLED, error='Invalid credentials') else: - return render_template('login.html', error='Token required', - github_enabled=GITHUB_ENABLE, - google_enabled=GOOGLE_ENABLE, - saml_enabled=SAML_ENABLED, - ldap_enabled=LDAP_ENABLED, - login_title=LOGIN_TITLE, - basic_enabled=BASIC_ENABLED, - signup_enabled=SIGNUP_ENABLED) + return render_template('login.html', saml_enabled=SAML_ENABLED, error='Token required') login_user(user, remember = remember_me) return redirect(request.args.get('next') or url_for('index')) @@ -416,14 +381,7 @@ def login(): try: result = user.create_local_user() if result == True: - return render_template('login.html', username=username, password=password, - github_enabled=GITHUB_ENABLE, - google_enabled=GOOGLE_ENABLE, - saml_enabled=SAML_ENABLED, - ldap_enabled=LDAP_ENABLED, - login_title=LOGIN_TITLE, - basic_enabled=BASIC_ENABLED, - signup_enabled=SIGNUP_ENABLED) + return render_template('login.html', saml_enabled=SAML_ENABLED, username=username, password=password) else: return render_template('register.html', error=result['msg']) except Exception as e: @@ -1416,6 +1374,7 @@ def admin_setting_authentication(): Setting().set('ldap_enabled', True if request.form.get('ldap_enabled') else False) Setting().set('ldap_type', request.form.get('ldap_type')) Setting().set('ldap_uri', request.form.get('ldap_uri')) + Setting().set('ldap_base_dn', request.form.get('ldap_base_dn')) Setting().set('ldap_admin_username', request.form.get('ldap_admin_username')) Setting().set('ldap_admin_password', request.form.get('ldap_admin_password')) Setting().set('ldap_filter_basic', request.form.get('ldap_filter_basic')) diff --git a/config_template.py b/config_template.py index 51e7c87..acfea5f 100644 --- a/config_template.py +++ b/config_template.py @@ -6,7 +6,6 @@ WTF_CSRF_ENABLED = True SECRET_KEY = 'We are the world' BIND_ADDRESS = '127.0.0.1' PORT = 9191 -LOGIN_TITLE = "PDNS" # TIMEOUT - for large zones TIMEOUT = 10 @@ -35,22 +34,6 @@ SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'pdns.db') SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository') SQLALCHEMY_TRACK_MODIFICATIONS = True -# LDAP CONFIG -LDAP_ENABLED = False -LDAP_TYPE = 'ldap' -LDAP_URI = 'ldaps://your-ldap-server:636' -LDAP_ADMIN_USERNAME = 'cn=admin,dc=mydomain,dc=com' -LDAP_ADMIN_PASSWORD = 'password' -LDAP_SEARCH_BASE = 'dc=mydomain,dc=com' - -# Additional options only if LDAP_TYPE=ldap -LDAP_USERNAMEFIELD = 'uid' -LDAP_FILTER = '(objectClass=inetorgperson)' - -# enable LDAP_GROUP_SECURITY to allow Admin and User roles based on LDAP groups -LDAP_GROUP_SECURITY = False # True or False -LDAP_ADMIN_GROUP = 'cn=sysops,dc=mydomain,dc=com' -LDAP_USER_GROUP = 'cn=user,dc=mydomain,dc=com' ## AD CONFIG #LDAP_TYPE = 'ad' @@ -158,9 +141,6 @@ SAML_LOGOUT = False #for example redirect to google.com after successful saml logout #SAML_LOGOUT_URL = 'https://google.com' -#Default Auth -BASIC_ENABLED = True -SIGNUP_ENABLED = True # POWERDNS CONFIG PDNS_STATS_URL = 'http://172.16.214.131:8081/' diff --git a/migrations/versions/59729e468045_add_view_column_to_setting_table.py b/migrations/versions/59729e468045_add_view_column_to_setting_table.py index 8485b1a..afb5079 100644 --- a/migrations/versions/59729e468045_add_view_column_to_setting_table.py +++ b/migrations/versions/59729e468045_add_view_column_to_setting_table.py @@ -32,36 +32,38 @@ def update_data(): # add more new settings op.bulk_insert(setting_table, [ - {'id': 8, 'name': 'pdns_api_url', 'value': '', 'view': 'pdns'}, - {'id': 9, 'name': 'pdns_api_key', 'value': '', 'view': 'pdns'}, - {'id': 10, 'name': 'pdns_version', 'value': '4.1.1', 'view': 'pdns'}, - {'id': 11, 'name': 'local_db_enabled', 'value': 'True', 'view': 'authentication'}, - {'id': 12, 'name': 'signup_enabled', 'value': 'True', 'view': 'authentication'}, - {'id': 13, 'name': 'ldap_enabled', 'value': 'False', 'view': 'authentication'}, - {'id': 14, 'name': 'ldap_type', 'value': 'ldap', 'view': 'authentication'}, - {'id': 15, 'name': 'ldap_uri', 'value': '', 'view': 'authentication'}, - {'id': 16, 'name': 'ldap_admin_username', 'value': '', 'view': 'authentication'}, - {'id': 17, 'name': 'ldap_admin_password', 'value': '', 'view': 'authentication'}, - {'id': 18, 'name': 'ldap_filter_basic', 'value': '', 'view': 'authentication'}, - {'id': 19, 'name': 'ldap_filter_username', 'value': '', 'view': 'authentication'}, - {'id': 20, 'name': 'ldap_sg_enabled', 'value': 'False', 'view': 'authentication'}, - {'id': 21, 'name': 'ldap_admin_group', 'value': '', 'view': 'authentication'}, - {'id': 22, 'name': 'ldap_user_group', 'value': '', 'view': 'authentication'}, - {'id': 23, 'name': 'github_oauth_enabled', 'value': 'False', 'view': 'authentication'}, - {'id': 24, 'name': 'github_oauth_key', 'value': '', 'view': 'authentication'}, - {'id': 25, 'name': 'github_oauth_secret', 'value': '', 'view': 'authentication'}, - {'id': 26, 'name': 'github_oauth_scope', 'value': 'email', 'view': 'authentication'}, - {'id': 27, 'name': 'github_oauth_api_url', 'value': 'https://api.github.com/user', 'view': 'authentication'}, - {'id': 28, 'name': 'github_oauth_token_url', 'value': 'https://github.com/login/oauth/access_token', 'view': 'authentication'}, - {'id': 29, 'name': 'github_oauth_authorize_url', 'value': 'https://github.com/login/oauth/authorize', 'view': 'authentication'}, - {'id': 30, 'name': 'google_oauth_enabled', 'value': 'False', 'view': 'authentication'}, - {'id': 31, 'name': 'google_oauth_client_id', 'value': '', 'view': 'authentication'}, - {'id': 32, 'name': 'google_oauth_client_secret', 'value': '', 'view': 'authentication'}, - {'id': 33, 'name': 'google_redirect_uri', 'value': '/user/authorized', 'view': 'authentication'}, - {'id': 34, 'name': 'google_token_url', 'value': 'https://accounts.google.com/o/oauth2/token', 'view': 'authentication'}, - {'id': 35, 'name': 'google_token_params', 'value': "{'scope': 'email profile'}", 'view': 'authentication'}, - {'id': 36, 'name': 'google_authorize_url', 'value': 'https://accounts.google.com/o/oauth2/auth', 'view': 'authentication'}, - {'id': 37, 'name': 'google_base_url', 'value': 'https://www.googleapis.com/oauth2/v1/', 'view': 'authentication'}, + {'id': 8, 'name': 'site_name', 'value': 'PowerDNS-Admin', 'view': 'basic'}, + {'id': 9, 'name': 'pdns_api_url', 'value': '', 'view': 'pdns'}, + {'id': 10, 'name': 'pdns_api_key', 'value': '', 'view': 'pdns'}, + {'id': 11, 'name': 'pdns_version', 'value': '4.1.1', 'view': 'pdns'}, + {'id': 12, 'name': 'local_db_enabled', 'value': 'True', 'view': 'authentication'}, + {'id': 13, 'name': 'signup_enabled', 'value': 'True', 'view': 'authentication'}, + {'id': 14, 'name': 'ldap_enabled', 'value': 'False', 'view': 'authentication'}, + {'id': 15, 'name': 'ldap_type', 'value': 'ldap', 'view': 'authentication'}, + {'id': 16, 'name': 'ldap_uri', 'value': '', 'view': 'authentication'}, + {'id': 17, 'name': 'ldap_base_dn', 'value': '', 'view': 'authentication'}, + {'id': 18, 'name': 'ldap_admin_username', 'value': '', 'view': 'authentication'}, + {'id': 19, 'name': 'ldap_admin_password', 'value': '', 'view': 'authentication'}, + {'id': 20, 'name': 'ldap_filter_basic', 'value': '', 'view': 'authentication'}, + {'id': 21, 'name': 'ldap_filter_username', 'value': '', 'view': 'authentication'}, + {'id': 22, 'name': 'ldap_sg_enabled', 'value': 'False', 'view': 'authentication'}, + {'id': 23, 'name': 'ldap_admin_group', 'value': '', 'view': 'authentication'}, + {'id': 24, 'name': 'ldap_user_group', 'value': '', 'view': 'authentication'}, + {'id': 25, 'name': 'github_oauth_enabled', 'value': 'False', 'view': 'authentication'}, + {'id': 26, 'name': 'github_oauth_key', 'value': '', 'view': 'authentication'}, + {'id': 27, 'name': 'github_oauth_secret', 'value': '', 'view': 'authentication'}, + {'id': 28, 'name': 'github_oauth_scope', 'value': 'email', 'view': 'authentication'}, + {'id': 29, 'name': 'github_oauth_api_url', 'value': 'https://api.github.com/user', 'view': 'authentication'}, + {'id': 30, 'name': 'github_oauth_token_url', 'value': 'https://github.com/login/oauth/access_token', 'view': 'authentication'}, + {'id': 31, 'name': 'github_oauth_authorize_url', 'value': 'https://github.com/login/oauth/authorize', 'view': 'authentication'}, + {'id': 32, 'name': 'google_oauth_enabled', 'value': 'False', 'view': 'authentication'}, + {'id': 33, 'name': 'google_oauth_client_id', 'value': '', 'view': 'authentication'}, + {'id': 34, 'name': 'google_oauth_client_secret', 'value': '', 'view': 'authentication'}, + {'id': 35, 'name': 'google_redirect_uri', 'value': '/user/authorized', 'view': 'authentication'}, + {'id': 36, 'name': 'google_token_url', 'value': 'https://accounts.google.com/o/oauth2/token', 'view': 'authentication'}, + {'id': 37, 'name': 'google_token_params', 'value': "{'scope': 'email profile'}", 'view': 'authentication'}, + {'id': 38, 'name': 'google_authorize_url', 'value': 'https://accounts.google.com/o/oauth2/auth', 'view': 'authentication'}, + {'id': 39, 'name': 'google_base_url', 'value': 'https://www.googleapis.com/oauth2/v1/', 'view': 'authentication'}, ] )