Commit Graph

69 Commits

Author SHA1 Message Date
Matt Scott
c842d09195
Overhauled app settings implementation to remove redundancy of definitions. Additionally, re-factored settings initialization code to allow for every setting to be defined by environment variable for both bare metal and Docker container deployments. 2023-04-14 07:12:02 -04:00
Matt Scott
8cfc62e9d0
Corrected issue with SERVER_EXTERNAL_SSL setting not being extracted from the app's environment. 2023-04-13 13:40:06 -04:00
Matt Scott
003ee07596
Updated the default value of the SERVER_EXTERNAL_SSL environment setting. 2023-04-12 08:07:40 -04:00
Matt Scott
ab4495dc46
Completed the implementation of the SERVER_EXTERNAL_SSL environment setting into the app config files.
Completed the implementation of the aforementioned environment setting into the OAuth workflows.

Documented the aforementioned setting in the Environment-variables.md wiki document.
2023-04-08 17:05:27 -04:00
Stefan Ubbink
c61489adfc Improve things for using PostgreSQL 2023-03-12 13:11:20 +01:00
Matt Scott
356667f989 Tweaked PR to include the latest asset build changes for CSS minimizer. Also updated the default session storage to use SQLAlchemy instead of the file system. 2023-03-10 16:34:55 -05:00
Rauno Tuul
c707f1e1c5 Added support for dict/json environment variables for docker image 2023-03-10 15:20:18 +02:00
Rauno Tuul
aa70951964 Read flask session type from environment variable and create sessions table if not exist. 2023-03-08 17:05:32 +02:00
Rauno Tuul
68d9fb3755 Support multiple Flask session types, not just filesystem. Set via generic SESSION_TYPE environment variable 2023-03-08 12:08:07 +02:00
Ymage
63db17ec21 Add missing OIDC env vars
Set SAML_ENABLED default to false
2023-02-23 22:13:19 +01:00
AdvanticGmbH
5ad384bfe9 Add support for oidc_oauth_metadata_url configuration option
This commit adds support for the `oidc_oauth_metadata_url` configuration
option. This option specifies the URL of the OIDC server's
metadata endpoint, which contains information about the OIDC server's
endpoints, supported scopes, and other configuration details. By using this
option, we can ensure compatibility with different OIDC servers and reduce
the risk of errors due to manual endpoint configuration.
2023-02-23 09:21:01 +01:00
ichisuke55
25dcc81e03 fix: configurable CAPTCHA_ENABLE env when docker use 2023-02-21 00:17:22 +09:00
Matt Scott
516bc52c2f Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade""
This reverts commit e2ad3e2001.
2023-02-18 11:04:14 -05:00
Matt Scott
e2ad3e2001 Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"
This reverts commit 929cb6302d, reversing
changes made to 0418edddd9.
2023-02-18 09:04:37 -05:00
Matt Scott
e82759cbc4 Updated Docker file to include npm as a new requirement for the admin-lte npm module.
Also added session persistence setting to default and docker configuration files.

Changed the default persistence configuration of the default config file to use SQLite instead of MySQL.
2023-02-17 19:00:09 -05:00
Tyler Todd
e411bc9f19 Enable CAPTCHA 2023-01-30 22:46:59 +00:00
Matt Scott
51249aecd3
Merge pull request #1212 from corubba/feature/privacy-first
Privacy first
2023-01-24 05:34:30 -05:00
corubba
3a8ad7c444 Remove OFFLINE_MODE config option 2022-06-18 19:11:16 +02:00
corubba
52b704baeb Set SameSite on cookies
Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.

Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.

The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.

[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
2022-06-18 18:51:42 +02:00
corubba
1a77524447 Allow secure cookies in docker
Setting these two options to True is recommended if (and only if) you
serve PDA via TLS. It will break things on plain-HTTP deployments.
For plain deployments these can be set in the flask config file, for
docker they have to be whitelisted to be set via env vars.
2022-06-18 18:51:42 +02:00
corubba
ae2ad6527a Set csrf cookie to httponly
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
2022-06-18 18:51:42 +02:00
Vasileios Markopoulos
83d2f3c791
Merge pull request #1205 from joshsol1/master
Modification to SAML groups and group management
2022-06-18 13:39:01 +03:00
Josh Matthews
2020055ab2 added code to pull the operator and admin groups from SAML auth requests 2022-05-23 14:39:29 +10:00
pixelrebel
8c85e80c2b Add SAML_ATTRIBUTE_GROUP and SAML_GROUP_ADMIN_NAME to the development config, with instructions for use 2022-05-19 20:36:28 -07:00
pixelrebel
9221d58a1b Allow SAML AttributeStatements to be optional 2022-05-19 14:52:51 -07:00
pixelrebel
5b36ad034d Rename incorrect SAML cert/key config variables 2022-05-19 14:02:04 -07:00
Dominic Zöller
701a442d12 default config: add exemplary URL encoding step for SQLA DB URL params
SQLAlchemy database URLs follow RFC-1738, so parameters like username
and password need to be encoded accordingly.

https://docs.sqlalchemy.org/en/13/core/engines.html#database-urls
2021-11-30 22:29:00 +01:00
benshalev849
3081036c2c
Env oauth url (#1030)
Overriding settings in DB using environment variable in docker
2021-11-05 18:22:38 +02:00
Ian Bobbitt
39cddd3b34
SAML improvements for Docker (#929)
* Fix typo in managing user account membership with SAML assertion

* Support more config options from Docker env.

* Improve support for SAML key and cert from Docker secrets

Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
jodygilbert
7f86730909
allow-server-side-sessions (#855) 2021-01-24 09:09:53 +01:00
Nicolás Fantone
eb730be8f9 Add remote user config settings 2020-05-25 14:12:32 +01:00
Roei Ganor
483c767d26 Offline installation and searchable inputs 2020-04-30 17:20:37 +00:00
Felix Kaechele
06266846ec Use sqlite by default in docker
This allows for easy setup with no extra configuration.
Also update docs to reflect the new and easy way to run PowerDNS-Admin.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2020-04-20 18:32:36 -04:00
Khanh Ngo
452c4a02d8
Merge pull request #690 from Atisom/master
SAML debug attributes
2020-04-06 09:40:03 +07:00
Khanh Ngo
b2d72d6603
Fix docker bool config value 2020-04-02 09:41:26 +07:00
Benjamin Bässler
7e97bec07f
Add docker secrets support 2020-03-27 00:59:28 +01:00
Attila DEBRECZENI
a581aa3cf2 add SAML_ASSERTION_ENCRYPTED envrionment 2020-03-25 21:35:20 +00:00
Khanh Ngo
7739bf7cfc
Add user email verification 2019-12-21 21:43:03 +07:00
Neven1986
3688cec91a Support for SAML metadata Requested Attributes
Enhancements:

- More robust check when creating self-signed certificates
- Added support for SAML Requested Attributes through "SAML_SP_REQUESTED_ATTRIBUTES" parameter
2019-12-20 03:24:26 +01:00
Neven1986
567430790c SAML certificate fix and enhancement
Problems resolved:

- Method create_self_signed_cert() was invoked nowhere. This puts parameter "SAML_SIGN_REQUEST" description in configs/development.py as incorrect
- Method create_self_signed_cert() was returning error while trying to write out certificate and private key. File handler was opened for writing out TEXT instead of BINARY data

Enhancements:

- Two new parameters are introduced SAML_CERT_FILE and SAML_KEY_FILE. User can now explicitly define own certificate and key file anywhere on file-system.
- If parameters mentioned in previous bullet aren't explicitly defined, in PowerDNS-Admin root directory self-signed certificate will be created.
- Certificates will be used or generated in any case, because in saml.py there are explicit parameters defined which require certificate/key in order to work normally. If they aren't, exception will be thrown. Examples of parameters defined in saml.py requiring certificate: wantAssertionsEncrypted, signMetadata, wantAssertionsSigned.
2019-12-19 00:40:25 +01:00
Khanh Ngo
8de6df4d3b Fix the tests
Fix the tests

Fix the tests
2019-12-06 10:59:19 +07:00
Khanh Ngo
840e2a4750 Update docker stuff and bug fixes 2019-12-04 11:50:46 +07:00
Tim Jacomb
08de197cff
Sync config templates 2019-03-03 15:07:51 +00:00
Pavol Ipoth
1feb77e2f3 Add Api to PowerDNS-Admin 2019-03-01 23:50:04 +01:00
Pavol Ipoth
1ca311e120 Fix logging path, needs absolute path 2018-12-22 13:13:15 +01:00
Khanh Ngo
10d915ef92 Merge branch 'master' of github.com:ngoduykhanh/PowerDNS-Admin 2018-11-21 10:24:48 +07:00
Khanh Ngo
5f049debe5 Adding Flask-SeaSurf module for CSRF protection. 2018-11-21 10:24:33 +07:00
Balint Csergo
be96921864 support arbitrary db port, pdns_proto and pdns_port 2018-11-12 13:21:04 +01:00
Josh Soref
50e219039b spelling: retrieve 2018-10-02 07:25:36 +00:00
Josh Soref
573291b4f5 spelling: configures 2018-10-02 07:05:42 +00:00