mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-09 15:10:27 +00:00
feat(authentication): added admin settings for password policies
This commit is contained in:
parent
73447d396a
commit
bb6d2d0497
@ -205,6 +205,14 @@ class Setting(db.Model):
|
|||||||
'deny_domain_override': False,
|
'deny_domain_override': False,
|
||||||
'account_name_extra_chars': False,
|
'account_name_extra_chars': False,
|
||||||
'gravatar_enabled': False,
|
'gravatar_enabled': False,
|
||||||
|
'pwd_enforce_characters': False,
|
||||||
|
'pwd_min_len': 10,
|
||||||
|
'pwd_min_lowercase': 3,
|
||||||
|
'pwd_min_uppercase': 2,
|
||||||
|
'pwd_min_digits': 2,
|
||||||
|
'pwd_min_special': 1,
|
||||||
|
'pwd_enforce_complexity': False,
|
||||||
|
'pwd_min_complexity': 11
|
||||||
}
|
}
|
||||||
|
|
||||||
def __init__(self, id=None, name=None, value=None):
|
def __init__(self, id=None, name=None, value=None):
|
||||||
|
@ -1550,7 +1550,23 @@ def setting_authentication():
|
|||||||
local_db_enabled = True if request.form.get(
|
local_db_enabled = True if request.form.get(
|
||||||
'local_db_enabled') else False
|
'local_db_enabled') else False
|
||||||
signup_enabled = True if request.form.get(
|
signup_enabled = True if request.form.get(
|
||||||
'signup_enabled', ) else False
|
'signup_enabled') else False
|
||||||
|
|
||||||
|
pwd_enforce_characters = True if request.form.get('pwd_enforce_characters') else False
|
||||||
|
pwd_min_len = safe_cast(request.form.get('pwd_min_len', Setting().defaults["pwd_min_len"]), int,
|
||||||
|
Setting().defaults["pwd_min_len"])
|
||||||
|
pwd_min_lowercase = safe_cast(request.form.get('pwd_min_lowercase', Setting().defaults["pwd_min_lowercase"]), int,
|
||||||
|
Setting().defaults["pwd_min_lowercase"])
|
||||||
|
pwd_min_uppercase = safe_cast(request.form.get('pwd_min_uppercase', Setting().defaults["pwd_min_uppercase"]), int,
|
||||||
|
Setting().defaults["pwd_min_uppercase"])
|
||||||
|
pwd_min_digits = safe_cast(request.form.get('pwd_min_digits', Setting().defaults["pwd_min_digits"]), int,
|
||||||
|
Setting().defaults["pwd_min_digits"])
|
||||||
|
pwd_min_special = safe_cast(request.form.get('pwd_min_special', Setting().defaults["pwd_min_special"]), int,
|
||||||
|
Setting().defaults["pwd_min_special"])
|
||||||
|
|
||||||
|
pwd_enforce_complexity = True if request.form.get('pwd_enforce_complexity') else False
|
||||||
|
pwd_min_complexity = safe_cast(request.form.get('pwd_min_complexity', Setting().defaults["pwd_min_complexity"]), int,
|
||||||
|
Setting().defaults["pwd_min_complexity"])
|
||||||
|
|
||||||
if not has_an_auth_method(local_db_enabled=local_db_enabled):
|
if not has_an_auth_method(local_db_enabled=local_db_enabled):
|
||||||
result = {
|
result = {
|
||||||
@ -1562,7 +1578,19 @@ def setting_authentication():
|
|||||||
else:
|
else:
|
||||||
Setting().set('local_db_enabled', local_db_enabled)
|
Setting().set('local_db_enabled', local_db_enabled)
|
||||||
Setting().set('signup_enabled', signup_enabled)
|
Setting().set('signup_enabled', signup_enabled)
|
||||||
|
|
||||||
|
Setting().set('pwd_enforce_characters', pwd_enforce_characters)
|
||||||
|
Setting().set('pwd_min_len', pwd_min_len)
|
||||||
|
Setting().set('pwd_min_lowercase', pwd_min_lowercase)
|
||||||
|
Setting().set('pwd_min_uppercase', pwd_min_uppercase)
|
||||||
|
Setting().set('pwd_min_digits', pwd_min_digits)
|
||||||
|
Setting().set('pwd_min_special', pwd_min_special)
|
||||||
|
|
||||||
|
Setting().set('pwd_enforce_complexity', pwd_enforce_complexity)
|
||||||
|
Setting().set('pwd_min_complexity', pwd_min_complexity)
|
||||||
|
|
||||||
result = {'status': True, 'msg': 'Saved successfully'}
|
result = {'status': True, 'msg': 'Saved successfully'}
|
||||||
|
|
||||||
elif conf_type == 'ldap':
|
elif conf_type == 'ldap':
|
||||||
ldap_enabled = True if request.form.get('ldap_enabled') else False
|
ldap_enabled = True if request.form.get('ldap_enabled') else False
|
||||||
|
|
||||||
@ -2144,3 +2172,10 @@ def validateURN(value):
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
|
def safe_cast(val, to_type, default=None):
|
||||||
|
try:
|
||||||
|
return to_type(val)
|
||||||
|
except (ValueError, TypeError):
|
||||||
|
return default
|
||||||
|
@ -78,24 +78,89 @@
|
|||||||
<h3 class="card-title">Basic Settings</h3>
|
<h3 class="card-title">Basic Settings</h3>
|
||||||
</div>
|
</div>
|
||||||
<!-- /.card-header -->
|
<!-- /.card-header -->
|
||||||
<div class="card-body">
|
<fieldset>
|
||||||
<div class="form-group">
|
<div class="card-body">
|
||||||
<input type="checkbox" id="local_db_enabled"
|
<div class="form-group">
|
||||||
name="local_db_enabled"
|
<input type="checkbox" id="local_db_enabled"
|
||||||
class="checkbox"
|
name="local_db_enabled"
|
||||||
{% if SETTING.get('local_db_enabled') %}checked{% endif %}>
|
class="checkbox"
|
||||||
<label for="local_db_enabled">Local DB
|
{% if SETTING.get('local_db_enabled') %}checked{% endif %}>
|
||||||
Authentication</label>
|
<label for="local_db_enabled">Local DB
|
||||||
|
Authentication</label>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<input type="checkbox" id="signup_enabled"
|
||||||
|
name="signup_enabled"
|
||||||
|
class="checkbox"
|
||||||
|
{% if SETTING.get('signup_enabled') %}checked{% endif %}>
|
||||||
|
<label for="signup_enabled">Allow users to sign
|
||||||
|
up</label>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
</fieldset>
|
||||||
<input type="checkbox" id="signup_enabled"
|
<fieldset>
|
||||||
name="signup_enabled"
|
<legend>PASSWORD REQUIREMENTS</legend>
|
||||||
class="checkbox"
|
<div class="card-body">
|
||||||
{% if SETTING.get('signup_enabled') %}checked{% endif %}>
|
<div class="form-group">
|
||||||
<label for="signup_enabled">Allow users to sign
|
<input type="checkbox" id="pwd_enforce_characters"
|
||||||
up</label>
|
name="pwd_enforce_characters" class="checkbox"
|
||||||
|
{% if SETTING.get('pwd_enforce_characters') %}checked{% endif %}>
|
||||||
|
<label for="pwd_enforce_characters">
|
||||||
|
Enforce Character Requirements
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="pwd_min_len">Minimum Password Length</label>
|
||||||
|
<input type="text" class="form-control"
|
||||||
|
name="pwd_min_len" id="pwd_min_len"
|
||||||
|
data-error="Please enter a minimum password length"
|
||||||
|
value="{{ SETTING.get('pwd_min_len') }}">
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="pwd_min_lowercase">Minimum Lowercase Characters</label>
|
||||||
|
<input type="text" class="form-control"
|
||||||
|
name="pwd_min_lowercase" id="pwd_min_lowercase"
|
||||||
|
data-error="Please enter the minimum number of lowercase letters required"
|
||||||
|
value="{{ SETTING.get('pwd_min_lowercase') }}">
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="pwd_min_uppercase">Minimum Uppercase Characters</label>
|
||||||
|
<input type="text" class="form-control"
|
||||||
|
name="pwd_min_uppercase" id="pwd_min_uppercase"
|
||||||
|
data-error="Please enter the minimum number of uppercase letters required"
|
||||||
|
value="{{ SETTING.get('pwd_min_uppercase') }}">
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="pwd_min_digits">Minimum Digit Characters</label>
|
||||||
|
<input type="text" class="form-control"
|
||||||
|
name="pwd_min_digits" id="pwd_min_digits"
|
||||||
|
data-error="Please enter the minimum number of digits required"
|
||||||
|
value="{{ SETTING.get('pwd_min_digits') }}">
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="pwd_min_special">Minimum Special Characters</label>
|
||||||
|
<input type="text" class="form-control"
|
||||||
|
name="pwd_min_special" id="pwd_min_special"
|
||||||
|
data-error="Please enter the minimum number of special characters required"
|
||||||
|
value="{{ SETTING.get('pwd_min_special') }}">
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<input type="checkbox" id="pwd_enforce_complexity"
|
||||||
|
name="pwd_enforce_complexity" class="checkbox"
|
||||||
|
{% if SETTING.get('pwd_enforce_complexity') %}checked{% endif %}>
|
||||||
|
<label for="pwd_enforce_complexity">
|
||||||
|
Enforce Complexity Requirement
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="pwd_min_complexity">Minimum Complexity (zxcvbn)</label>
|
||||||
|
<input type="text" class="form-control"
|
||||||
|
name="pwd_min_complexity" id="pwd_min_complexity"
|
||||||
|
data-error="Please enter the minimum password complexity required"
|
||||||
|
value="{{ SETTING.get('pwd_min_complexity') }}">
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</fieldset>
|
||||||
<!-- /.card-body -->
|
<!-- /.card-body -->
|
||||||
<div class="card-footer">
|
<div class="card-footer">
|
||||||
<button type="submit" class="btn btn-primary"
|
<button type="submit" class="btn btn-primary"
|
||||||
@ -117,7 +182,49 @@
|
|||||||
</div>
|
</div>
|
||||||
<!-- /.card-header -->
|
<!-- /.card-header -->
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<p>Fill in all the fields in the left form.</p>
|
<dl class="dl-horizontal">
|
||||||
|
<dt>Local DB Authentication</dt>
|
||||||
|
<dd>Enable/disable local database authentication.</dd>
|
||||||
|
<dt>Allow Users to Signup</dt>
|
||||||
|
<dd>Allow users to signup. This requires local database authentication
|
||||||
|
to be enabled.</dd>
|
||||||
|
<legend>PASSWORD REQUIREMENTS</legend>
|
||||||
|
This section allows you to customize your local DB password requirements
|
||||||
|
and ensure that when users change their password or signup they are
|
||||||
|
picking strong passwords.
|
||||||
|
<br/>
|
||||||
|
Setting any entry field to a blank value will revert it back to default.
|
||||||
|
|
||||||
|
<dt>Enforce Character Requirements</dt>
|
||||||
|
<dd>This option will enforce the character type requirements for
|
||||||
|
passwords.
|
||||||
|
<ul>
|
||||||
|
<li>Minimum Lowercase Characters - Minimum number of lowercase
|
||||||
|
characters required to appear in the password.</li>
|
||||||
|
<li>Minimum Uppercase Characters - Minimum number of uppercase
|
||||||
|
characters required to appear in the password.</li>
|
||||||
|
<li>Minimum Digit Characters - Minimum number of digits
|
||||||
|
required to appear in the password. Digits include
|
||||||
|
1234567890.</li>
|
||||||
|
<li>Minimum Special Characters - Minimum number of special
|
||||||
|
characters required to appear in the password. Special
|
||||||
|
characters include
|
||||||
|
`!@#$%^&*()_-=+[]\{}|;:",.></?.</li>
|
||||||
|
</ul>
|
||||||
|
</dd>
|
||||||
|
<dt>Enforce Complexity Requirement</dt>
|
||||||
|
<dd>Enable the enforcement of complex passwords. We currently use
|
||||||
|
<a href="https://github.com/dropbox/zxcvbn">zxcvbn</a> for
|
||||||
|
determining this.
|
||||||
|
<ul>
|
||||||
|
<li>Minimum Complexity - The default value of the log factor
|
||||||
|
is 11 as it is considered secure. More information about
|
||||||
|
the this can be found at
|
||||||
|
<a href="https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_wheeler.pdf">here</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
</div>
|
</div>
|
||||||
<!-- /.card-body -->
|
<!-- /.card-body -->
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
Reference in New Issue
Block a user