Merge pull request #644 from eht16/add_ssl_verify_setting

Add new setting to verify outgoing SSL connections
This commit is contained in:
Khanh Ngo 2020-01-29 22:36:47 +07:00 committed by GitHub
commit e2207fd8d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 50 additions and 19 deletions

View File

@ -24,11 +24,12 @@ def fetch_remote(remote_url,
accept=None, accept=None,
params=None, params=None,
timeout=None, timeout=None,
headers=None): headers=None,
verify=True):
if data is not None and type(data) != str: if data is not None and type(data) != str:
data = json.dumps(data) data = json.dumps(data)
verify = False verify = bool(verify) # enforce type boolean
our_headers = { our_headers = {
'user-agent': 'powerdnsadmin/0', 'user-agent': 'powerdnsadmin/0',
@ -64,13 +65,15 @@ def fetch_json(remote_url,
data=None, data=None,
params=None, params=None,
headers=None, headers=None,
timeout=None): timeout=None,
verify=True):
r = fetch_remote(remote_url, r = fetch_remote(remote_url,
method=method, method=method,
data=data, data=data,
params=params, params=params,
headers=headers, headers=headers,
timeout=timeout, timeout=timeout,
verify=verify,
accept='application/json; q=1') accept='application/json; q=1')
if method == "DELETE": if method == "DELETE":

View File

@ -81,7 +81,8 @@ class Domain(db.Model):
'/servers/localhost/zones/{0}'.format(domain_name)), '/servers/localhost/zones/{0}'.format(domain_name)),
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout'))) Setting().get('pdns_api_timeout')),
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
def get_domains(self): def get_domains(self):
@ -94,7 +95,8 @@ class Domain(db.Model):
urljoin(self.PDNS_STATS_URL, urljoin(self.PDNS_STATS_URL,
self.API_EXTENDED_URL + '/servers/localhost/zones'), self.API_EXTENDED_URL + '/servers/localhost/zones'),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout'))) timeout=int(Setting().get('pdns_api_timeout')),
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
def get_id_by_name(self, name): def get_id_by_name(self, name):
@ -125,7 +127,8 @@ class Domain(db.Model):
urljoin(self.PDNS_STATS_URL, urljoin(self.PDNS_STATS_URL,
self.API_EXTENDED_URL + '/servers/localhost/zones'), self.API_EXTENDED_URL + '/servers/localhost/zones'),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout'))) timeout=int(Setting().get('pdns_api_timeout')),
verify=Setting().get('verify_ssl_connections'))
list_jdomain = [d['name'].rstrip('.') for d in jdata] list_jdomain = [d['name'].rstrip('.') for d in jdata]
current_app.logger.info( current_app.logger.info(
"Found {} entries in PowerDNS server".format(len(list_jdomain))) "Found {} entries in PowerDNS server".format(len(list_jdomain)))
@ -233,6 +236,7 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='POST', method='POST',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata.keys(): if 'error' in jdata.keys():
current_app.logger.error(jdata['error']) current_app.logger.error(jdata['error'])
@ -265,7 +269,8 @@ class Domain(db.Model):
'/servers/localhost/zones/{0}'.format( '/servers/localhost/zones/{0}'.format(
domain_dict['name'])), domain_dict['name'])),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout'))) timeout=int(Setting().get('pdns_api_timeout')),
verify=Setting().get('verify_ssl_connections'))
except Exception as e: except Exception as e:
current_app.logger.error('Can not read domain from PDNS') current_app.logger.error('Can not read domain from PDNS')
current_app.logger.error(e) current_app.logger.error(e)
@ -325,6 +330,7 @@ class Domain(db.Model):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata.keys(): if 'error' in jdata.keys():
current_app.logger.error(jdata['error']) current_app.logger.error(jdata['error'])
@ -368,6 +374,7 @@ class Domain(db.Model):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata.keys(): if 'error' in jdata.keys():
current_app.logger.error(jdata['error']) current_app.logger.error(jdata['error'])
@ -494,7 +501,8 @@ class Domain(db.Model):
'/servers/localhost/zones/{0}'.format(domain_name)), '/servers/localhost/zones/{0}'.format(domain_name)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='DELETE') method='DELETE',
verify=Setting().get('verify_ssl_connections'))
current_app.logger.info( current_app.logger.info(
'Deleted domain successfully from PowerDNS: {0}'.format( 'Deleted domain successfully from PowerDNS: {0}'.format(
domain_name)) domain_name))
@ -587,7 +595,8 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PUT') method='PUT',
verify=Setting().get('verify_ssl_connections'))
return {'status': 'ok', 'msg': r.get('result')} return {'status': 'ok', 'msg': r.get('result')}
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(
@ -617,7 +626,8 @@ class Domain(db.Model):
domain.name)), domain.name)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
if 'error' in jdata: if 'error' in jdata:
return { return {
'status': 'error', 'status': 'error',
@ -655,6 +665,7 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata: if 'error' in jdata:
return { return {
@ -674,6 +685,7 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='POST', method='POST',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata: if 'error' in jdata:
return { return {
@ -719,7 +731,8 @@ class Domain(db.Model):
domain.name, key_id)), domain.name, key_id)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='DELETE') method='DELETE',
verify=Setting().get('verify_ssl_connections'))
if jdata != True: if jdata != True:
return { return {
'status': 'status':
@ -740,6 +753,7 @@ class Domain(db.Model):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata: if 'error' in jdata:
return { return {
@ -796,6 +810,7 @@ class Domain(db.Model):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PUT', method='PUT',
verify=Setting().get('verify_ssl_connections'),
data=post_data) data=post_data)
if 'error' in jdata.keys(): if 'error' in jdata.keys():

View File

@ -52,7 +52,8 @@ class Record(object):
'/servers/localhost/zones/{0}'.format(domain)), '/servers/localhost/zones/{0}'.format(domain)),
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
headers=headers) headers=headers,
verify=Setting().get('verify_ssl_connections'))
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(
"Cannot fetch domain's record data from remote powerdns api. DETAIL: {0}" "Cannot fetch domain's record data from remote powerdns api. DETAIL: {0}"
@ -96,6 +97,7 @@ class Record(object):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=rrset) data=rrset)
current_app.logger.debug(jdata) current_app.logger.debug(jdata)
return {'status': 'ok', 'msg': 'Record was added successfully'} return {'status': 'ok', 'msg': 'Record was added successfully'}
@ -281,6 +283,7 @@ class Record(object):
'/servers/localhost/zones/{0}'.format(domain_name)), '/servers/localhost/zones/{0}'.format(domain_name)),
headers=headers, headers=headers,
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=del_rrsets) data=del_rrsets)
if 'error' in jdata1.keys(): if 'error' in jdata1.keys():
current_app.logger.error( current_app.logger.error(
@ -300,6 +303,7 @@ class Record(object):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=new_rrsets) data=new_rrsets)
if 'error' in jdata2.keys(): if 'error' in jdata2.keys():
current_app.logger.error( current_app.logger.error(
@ -451,6 +455,7 @@ class Record(object):
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=data) data=data)
current_app.logger.debug(jdata) current_app.logger.debug(jdata)
return {'status': 'ok', 'msg': 'Record was removed successfully'} return {'status': 'ok', 'msg': 'Record was removed successfully'}
@ -522,6 +527,7 @@ class Record(object):
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='PATCH', method='PATCH',
verify=Setting().get('verify_ssl_connections'),
data=data) data=data)
current_app.logger.debug("dyndns data: {0}".format(data)) current_app.logger.debug("dyndns data: {0}".format(data))
return {'status': 'ok', 'msg': 'Record was updated successfully'} return {'status': 'ok', 'msg': 'Record was updated successfully'}
@ -544,7 +550,8 @@ class Record(object):
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
serial = jdata['serial'] serial = jdata['serial']
domain = Domain.query.filter(Domain.name == domain).first() domain = Domain.query.filter(Domain.name == domain).first()

View File

@ -33,7 +33,8 @@ class Server(object):
'/servers/{0}/config'.format(self.server_id)), '/servers/{0}/config'.format(self.server_id)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(
@ -54,7 +55,8 @@ class Server(object):
'/servers/{0}/statistics'.format(self.server_id)), '/servers/{0}/statistics'.format(self.server_id)),
headers=headers, headers=headers,
timeout=int(Setting().get('pdns_api_timeout')), timeout=int(Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(
@ -77,7 +79,8 @@ class Server(object):
headers=headers, headers=headers,
timeout=int( timeout=int(
Setting().get('pdns_api_timeout')), Setting().get('pdns_api_timeout')),
method='GET') method='GET',
verify=Setting().get('verify_ssl_connections'))
return jdata return jdata
except Exception as e: except Exception as e:
current_app.logger.error( current_app.logger.error(

View File

@ -33,6 +33,7 @@ class Setting(db.Model):
'pdns_api_key': '', 'pdns_api_key': '',
'pdns_api_timeout': 30, 'pdns_api_timeout': 30,
'pdns_version': '4.1.1', 'pdns_version': '4.1.1',
'verify_ssl_connections': True,
'local_db_enabled': True, 'local_db_enabled': True,
'signup_enabled': True, 'signup_enabled': True,
'verify_user_email': False, 'verify_user_email': False,

View File

@ -501,7 +501,7 @@ def setting_basic():
'pretty_ipv6_ptr', 'dnssec_admins_only', 'pretty_ipv6_ptr', 'dnssec_admins_only',
'allow_user_create_domain', 'bg_domain_updates', 'site_name', 'allow_user_create_domain', 'bg_domain_updates', 'site_name',
'session_timeout', 'warn_session_timeout', 'ttl_options', 'session_timeout', 'warn_session_timeout', 'ttl_options',
'pdns_api_timeout', 'verify_user_email' 'pdns_api_timeout', 'verify_ssl_connections', 'verify_user_email'
] ]
return render_template('admin_setting_basic.html', settings=settings) return render_template('admin_setting_basic.html', settings=settings)

View File

@ -144,7 +144,8 @@ def api_login_create_zone():
method='POST', method='POST',
data=request.get_json(force=True), data=request.get_json(force=True),
headers=headers, headers=headers,
accept='application/json; q=1') accept='application/json; q=1',
verify=Setting().get('verify_ssl_connections'))
except Exception as e: except Exception as e:
current_app.logger.error("Cannot create domain. Error: {}".format(e)) current_app.logger.error("Cannot create domain. Error: {}".format(e))
abort(500) abort(500)
@ -219,7 +220,8 @@ def api_login_delete_zone(domain_name):
resp = utils.fetch_remote(urljoin(pdns_api_url, api_full_uri), resp = utils.fetch_remote(urljoin(pdns_api_url, api_full_uri),
method='DELETE', method='DELETE',
headers=headers, headers=headers,
accept='application/json; q=1') accept='application/json; q=1',
verify=Setting().get('verify_ssl_connections'))
if resp.status_code == 204: if resp.status_code == 204:
current_app.logger.debug("Request to powerdns API successful") current_app.logger.debug("Request to powerdns API successful")