cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-12-04 19:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,720 Commits 1 Branch 6 Tags 36 MiB
master
Commit Graph

575 Commits

Author SHA1 Message Date
Matt Scott
764b83b5d5 Working on first-round updates for the authentication settings view. 2023-02-20 10:42:25 -05:00
Matt Scott
772c1129f5 Working on first-round updates for the authentication settings view. 2023-02-20 10:35:15 -05:00
Matt Scott
4bd2519a76 Completed first-found updates for the server settings view. 2023-02-20 10:18:41 -05:00
Matt Scott
09127fb326 Completed first-found updates for the zone record settings view. 2023-02-20 10:14:09 -05:00
Matt Scott
a5d69e3e40 Completed first-found updates for the basic settings view. 2023-02-20 10:08:09 -05:00
Matt Scott
5a4279d7b8 Completed first-found updates for the API key add/edit view. 2023-02-20 09:56:26 -05:00
Matt Scott
db70e34c98 Completed first-found updates for the API keys list view. 2023-02-20 09:39:13 -05:00
Matt Scott
4a12d62828 Completed first-found updates for the user create / edit view. 2023-02-20 09:22:41 -05:00
Matt Scott
9ac81363e3 Completed first-found updates for the users list view. 2023-02-20 09:14:58 -05:00
Matt Scott
0e67366c5f Completed first-found updates for the account creation view. 2023-02-20 09:07:07 -05:00
Matt Scott
8c6fc5e262 Completed first-found updates for the accounts list view. 2023-02-20 08:50:17 -05:00
Matt Scott
a42d610759 Holding on remaining changes to zone template editor as a rebuild is also necessary here. 2023-02-20 08:43:49 -05:00
Matt Scott
e5269b5626 Removed text label from zone template list action dropdown control to reduce space consumption. 2023-02-20 08:32:53 -05:00
Rauno
7635686c43
Merge branch 'master' into historyfix 2023-02-20 10:32:52 +02:00
Matt Scott
4d64076dac Working on the first-round updates for the zone template editor. 2023-02-19 21:20:23 -05:00
Matt Scott
fe49651e81 Completed first-found of updates for the zone template creation view. 2023-02-19 21:05:23 -05:00
Matt Scott
f1d17c166a Completed first-round of updates for the zone templates list view. 2023-02-19 20:50:27 -05:00
Matt Scott
c4d9bf3a9c Started first-round of updates on the activity feature AKA history, but it's a very broken implementation that will require a complete re-build. Saving that for later. 2023-02-19 20:41:26 -05:00
Matt Scott
761909f0f8 Updated client-side navigation matching to only compare the base path without the query string. 2023-02-19 20:27:22 -05:00
Matt Scott
e960326a58 Working on first-round changes for the global search feature. 2023-02-19 16:02:34 -05:00
Matt Scott
f48a6b8209 Working on first-round changes for the global search feature. 2023-02-19 15:54:54 -05:00
Matt Scott
14e534468a Working on first-round changes for the global search feature. 2023-02-19 15:54:11 -05:00
Matt Scott
67040ad9c2 Completed first-round of updates for the server statistics and configuration features. 2023-02-19 15:16:50 -05:00
Matt Scott
62018686f5 Updated global styles for record lists as well as general card styling. 2023-02-19 15:12:34 -05:00
Matt Scott
65bfc53acb Split the server statistics and configuration feature into separate pages. 2023-02-19 15:04:30 -05:00
Matt Scott
55e4f5f829 Working on the first-round updates for the domain settings management view. 
Tweaked sidebar navigation to reflect the latest terminology use in associated views.
 2023-02-19 13:19:26 -05:00
Matt Scott
fd1bc4afa5 Working on the first-round updates for the domain settings management view. 2023-02-19 12:46:11 -05:00
Matt Scott
6e10f97e9d Completed first-found updates of the zone remove view. 
Tweaked cancel button style and help text on the zone add view.
 2023-02-19 12:13:13 -05:00
Matt Scott
75e262e7e9 Completed first-found updates of the zone add view. 2023-02-19 12:06:39 -05:00
Matt Scott
9548cbce1c Removed legacy style tag attribute. 2023-02-19 11:42:39 -05:00
Matt Scott
ec28e76ff5 Moved global styles to base view template until permanently merged into global CSS file. 2023-02-19 11:39:56 -05:00
Matt Scott
b52b7d7e4f Wrapping up first-round changes to the dashboard view. 2023-02-19 11:38:19 -05:00
Matt Scott
b4a354b0f8 Updated icons for sidebar navigation as well as some labels. 
Tweaked zone record list on dashboard to always include the account column, regardless of user role.
 2023-02-19 11:31:24 -05:00
Matt Scott
c0799b95f8 Updated sidebar navigation to use updated terminology of zone instead of domain. 2023-02-19 11:04:45 -05:00
Matt Scott
abf1f4eca3 Moved user profile edit and user logout navigation items into sidebar info block for a more condensed UI. 2023-02-19 11:03:33 -05:00
Matt Scott
1cd5ce9ccc Working on dashboard zone list action controls and styling. 2023-02-19 10:45:19 -05:00
Matt Scott
4a5db674f4 Working on condensing the zones list on the dashboard. 
Changed the terminology for zones on the dashboard from domains to zones.
 2023-02-19 10:19:13 -05:00
Matt Scott
49bc8e948d Continuing work on re-design and clean-up of dashboard view. 2023-02-19 09:54:15 -05:00
Matt Scott
4f83879e95 Added Jinja filter for handle formatting of zone type labels to enforce modern social standards. 
Removed text label of dashboard domain list action menu to reduce size.

Continuing work on re-design and clean-up of dashboard view.
 2023-02-19 09:48:43 -05:00
Matt Scott
d70ded18c2 Added head_styles Jinja block to base view template head section to allow for page specific style injections. 
Continuing work on the re-design and clean-up of the dashboard view.
 2023-02-19 09:11:44 -05:00
Matt Scott
58aabacd91 Re-formatted base view template to be more in-line with PEP8 standards. 
Working on dashboard clean-up and redesign.

Added custom Jinja date/time formatting function to utils.py.
 2023-02-19 08:52:00 -05:00
Matt Scott
bad36b5e75 Added default CAPTCHA settings to default configuration. 
Added flash_sessions directory pattern to git ignore file.
 2023-02-18 19:18:59 -05:00
Tyler Todd
7a61c56c49 Fix reqs and Flask Migrate Order 2023-02-18 17:38:43 +00:00
Matt Scott
516bc52c2f Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"" 
This reverts commit e2ad3e2001.
 2023-02-18 11:04:14 -05:00
Matt Scott
839c1ecf17 Revert "Revert "Error pages updated for Font Awesome v6 - fa-solid"" 
This reverts commit 35493fc218.
 2023-02-18 11:02:47 -05:00
Matt Scott
e2ad3e2001 Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade" 
This reverts commit 929cb6302d, reversing
changes made to 0418edddd9.
 2023-02-18 09:04:37 -05:00
Matt Scott
35493fc218 Revert "Error pages updated for Font Awesome v6 - fa-solid" 
This reverts commit e1bbe10fc3.
 2023-02-18 08:53:46 -05:00
Matt Scott
47b50e5e1e Updated default app config to comment out MySQL default settings. 2023-02-17 19:35:36 -05:00
Matt Scott
d2f135cc6e Removed temporary style from login form that was used for recent development. 2023-02-17 19:07:05 -05:00
Matt Scott
e82759cbc4 Updated Docker file to include npm as a new requirement for the admin-lte npm module. 
Also added session persistence setting to default and docker configuration files.

Changed the default persistence configuration of the default config file to use SQLite instead of MySQL.
 2023-02-17 19:00:09 -05:00
Matt Scott
2ff01fbfe9
Merge branch 'master' into AdminLTE-Upgrade 2023-02-17 18:17:32 -05:00
Tyler Todd
9a7bd27fe3 Formatting changes 2023-02-17 23:07:36 +00:00
Tyler Todd
9b696a42a4 PR Conflict resolution 2023-02-17 22:53:08 +00:00
Tyler Todd
d0961ca5e7 Fix user auth history modal and provide more info 2023-02-17 22:47:23 +00:00
Tyler Todd
a368124040 Font Awesome v6 2023-02-17 22:35:46 +00:00
Tyler Todd
62d95e874a Final page edits for bootstrap v4 and Admin LTE v3.2 2023-02-17 22:25:11 +00:00
Tyler Todd
e1bbe10fc3 Error pages updated for Font Awesome v6 - fa-solid 2023-02-17 21:52:55 +00:00
Matt Scott
0418edddd9
Merge pull request #1078 from famedly/shine/config_table_key_uniqueness 
fix: making the key name in the config database unique
 2023-02-17 13:49:38 -05:00
Matt Scott
ef3880f76d
Merge pull request #1374 from VassilisAsteriou/auto_ptr_bugfix 
Changed auto_ptr() logic to remove-then-add
 2023-02-17 13:35:35 -05:00
Matt Scott
145358113d
Merge pull request #1380 from raunz/preserve_history 
Preserve domain records history after domain deletion
 2023-02-17 13:30:02 -05:00
Matt Scott
c27bf53445
Merge pull request #1381 from raunz/perf_tuning 
Domain records list performance improvement - removing Setting.get query from loop
 2023-02-17 13:28:35 -05:00
Matt Scott
2a3ffe8481
Merge pull request #1339 from ymage/bugfix_tests 
Improve bugfix tests
 2023-02-17 12:19:35 -05:00
Matt Scott
f1b6bef1ab
Merge pull request #1248 from unilogicbv/routes_index_otp_force_oauth 
routes/index.py: otp_force shouldn't apply to OAuth
 2023-02-17 12:14:15 -05:00
Matt Scott
ba14d52c8d
Merge pull request #1231 from AdvanticGmbH/assoc_domain_list 
Allow to manage associated domains under account edit
 2023-02-17 12:04:16 -05:00
Tyler Todd
f888bd79f8 domain -> Changed pull-* to float-* 2023-02-14 18:25:06 +00:00
Tyler Todd
e0f939813e Tabs on dashboard.html now fade effect when switching between 
First pass at HTML conversion from Master/Slave to Primary/Secondary (TODO: Backend)
Start work on migrating admin_auth_settings to Bootstrap v4
admin_setting_basic -> Change plain text for On/Off to toggles in current state, and changed "Action" column to the opposite toggle of current setting
dashboard_domain -> Reduce deuplicate code for the new dropdown-menu for Actions
register -> Add exclamation icon in front of error text
template_add -> changed box-body to card-body
user_profile -> Fixed tab naviation for Bootstrap v4. Tabs also fade between changes
 2023-02-14 02:11:13 +00:00
Tyler Todd
48f80b37ed potential regex code fix for email validation 2023-02-13 15:38:33 +00:00
Rauno Tuul
642fb1605d Move pretty_ipv6_ptr setting retrieval out of record list loop 2023-02-13 14:43:22 +02:00
Rauno Tuul
7221271a7b Preserve domain records history after domain deletion. 2023-02-13 12:08:03 +02:00
Rauno Tuul
187b55e23a Patch API record update/delete logging to match current logging format 2023-02-13 10:25:17 +02:00
Tyler Todd
16d7a4f71e Add shadow element to some cards 2023-02-13 04:43:06 +00:00
Tyler Todd
d6605790bd More navigation Header Changes 
"container-fluid" aditions
More button changes from flat to round and icon placement changes
 2023-02-13 04:38:54 +00:00
Tyler Todd
c00ddea2fc More page formatting 
Added server-side logic for register.html validation
Keep form firelds on register.html in the event of wrong input fields to save users from retyping info
More button rounding
 2023-02-13 03:57:21 +00:00
Kateřina Churanová
c23e89bde3
Merge branch 'PowerDNS-Admin:master' into shine/config_table_key_uniqueness 2023-02-09 12:29:14 +00:00
Vassilis Asteriou
0568a90ec1 Changed auto_ptr() logic to remove-then-add 2023-02-08 15:27:45 +02:00
Tyler Todd
ac786f45be Remove btn-flat to convert to round buttons (first pass) 
Convert col-xs-* to just col-* as part of bootstrap v3 -> v4
Convert box-* -> card-* as part of bootstrap v3 -> v4
Moved domain actions on main dashboard to a dropdown menu to avoid clutter
Added "Log Out" to top header left
Hid OTP on admin edit user to only show the disable card & options if the user account has OTP enabled
 2023-02-06 15:45:13 +00:00
Tyler Todd
7f25e3b555 Initial go at upgrading from Bootstap v3 to v4 and to AdminLTE v3.2.0 2023-02-02 21:19:15 +00:00
Tyler Todd
e411bc9f19 Enable CAPTCHA 2023-01-30 22:46:59 +00:00
Sshafi
91c1907486
Update login.html 
Use SITE_NAME for login box title on login page (with default value).
This can be useful when using multiple powerdns admin in an organization.
 2023-01-26 00:02:08 +01:00
Sshafi
b607c1b7ff
Update base.html 
Use SITE_NAME for upper left title on base page.
This can be useful when using multiple powerdns admin in an organization.
 2023-01-25 23:59:35 +01:00
Matt Scott
d50d57bc70
Merge pull request #1357 from pneb/patch-6 
fix: Potential fix for a regex bug
 2023-01-25 16:19:27 -05:00
Matt Scott
51249aecd3
Merge pull request #1212 from corubba/feature/privacy-first 
Privacy first
 2023-01-24 05:34:30 -05:00
Robert Walter
246ad7f7d2
Fixing Wrapping in History Details Modal in Dashboard 
resolves #1358
 2023-01-13 10:05:20 +01:00
Bernward Sanchez
18bc336d7a
Potential fix 2023-01-11 18:21:40 +08:00
Matt Scott
bb29c27430
Merge pull request #1354 from Metrax/support-pdns4.7 
Support pdns4.7
 2023-01-10 08:01:17 -05:00
Robert Walter
c02cb3b7fe
Model change: Changing domain model type variable to 8 chars 
PowerDNS 4.7 is supporting 2 new zone types: "producer" & "consumer"
Due to the domain type variable is limited to 6 chars, PDA Zone update will fail if producer or cusomer zones exist.
To solve this problem, this commit increases the lenght of the domain model type variable to 8 chars.
 2023-01-10 13:51:04 +01:00
Bernward Sanchez
c7eaec27d8
Update utils.py 2022-12-23 08:23:14 +08:00
Ymage
1d885278d4 Cosmetic 2022-12-22 22:55:05 +01:00
Ymage
7d153932b3 Fix back_populate relationships 2022-12-22 22:50:01 +01:00
corubba
e920bf5009 Fix broken code 
PR #1089 is the culprit, as was already predicted in the review.
 2022-12-19 09:37:01 +01:00
Matt Scott
89f3d4d01a
Revert "enhancement(routes/index.py): OIDC supports HTTP Scheme now" 2022-12-14 20:37:30 -05:00
Bernward Sanchez
f6c49c379d
Update index.py 2022-12-15 06:13:27 +08:00
Matt Scott
30ed68471e
Merge pull request #1322 from Metrax/master 
Fixing Validation problem on LDAP form
 2022-12-13 20:59:22 -05:00
Matt Scott
8373363c4d
Merge pull request #1323 from jbe-dw/fixLDAPDeprecatedOpt 
Draft: Fix pyhton-ldap upgrade
 2022-12-13 20:56:03 -05:00
Aaron Carson
ff671ebabe Fix 1329 2022-12-14 00:34:12 +00:00
Sshafi
d0290ac469
Update login.html 
Use SITE_NAME for login box title on login page.
This can be useful when using multiple powerdns admin in an organization.
 2022-12-13 09:10:21 +01:00
Dominik Fahr
97a79645b0 fix of issue #1261 
split record by "."
idna.encode leads into full stop if the string starts with "_" or "-"
 2022-12-12 17:31:32 +01:00
Dominik Fahr
52169f698c undo of commit a7f55de 
did not fix issue #1261
leaded into issue #1321
 2022-12-12 17:30:42 +01:00
Jérôme BECOT
8d5b92402d
fix: Remove deprecated option OPT_X_TLS 2022-12-12 15:57:11 +01:00
Robert Walter
23e0fdbedf Fixing Validation Problem at LDAP Form 2022-12-12 12:32:32 +01:00
Bernward Sanchez
dfdb0dca17
Update domain.py 2022-12-10 10:37:06 +08:00
Matt Scott
3c0b0a1b2d
Merge pull request #1246 from unilogicbv/admin_edit_key_user_role_default 
admin_edit_key: default to User role for new api keys
 2022-12-08 22:13:23 -05:00
Matt Scott
2cd8f60f8d
Merge pull request #1247 from unilogicbv/models_user_plain_text_password_guard 
models/user.py: properly guard plain_text_password property
 2022-12-08 22:10:21 -05:00
Matt Scott
7873e5f3f8
Merge pull request #1249 from unilogicbv/models_user_totp_valid_window 
models/user.py: add non-zero valid_window to totp.verify
 2022-12-08 22:05:34 -05:00
Matt Scott
e823f079b7
Merge pull request #1266 from WhatshallIbreaktoday/master 
allow null/None JSON data (Used for pdns notifies via api and by LEGO-ACME v 4.9.0)
 2022-12-08 21:57:18 -05:00
Bernward Sanchez
2656242b45
Update api_key.py 
I added the parentheses to the `db.session.rollback` line to call the method, which will now properly roll back any changes made to the database if an error occurs.
 2022-12-09 09:33:17 +08:00
Bernward Sanchez
3e68044420
Update utils.py 
This should fix the error you were experiencing, as it will now only attempt to process the `data` argument if it is a tuple containing two elements. If the `data` argument is not in the expected format, the function will simply return an empty string instead of raising an exception.
 2022-12-09 08:15:13 +08:00
WhatshallIbreaktoday
d25a22272e allow null/None JSON data 
This change permits to proxy pdns zone notify api requests (which are expected to be with empty body)
 2022-10-12 08:10:35 +02:00
corubba
cb835978df Fix order of operations in api payload 
PDNS checks that when a `CNAME` rrset is created that no other rrset of
the same name but a different rtype exists. When changing a record type
to `CNAME`, PDA will send two operations in one api call to PDNS: A
deletion of the old rrset, and the addition of the new rrset. For the
check in PDNS to pass, the deletion needs to happen before the addition.
Before PR #1201 that was the case, the first api call did deletions and
the second handled additions and changes. Currently the api payload
contains additions first and deletions last. PDNS applies these in the
order they are passed in the payload to the api, so to restore the
original/correct/working behaviour the order of operations in the api
payload has to be reversed.

fixes #1251
 2022-09-23 00:19:22 +02:00
Pascal de Bruijn
846c03f154 models/user.py: add non-zero valid_window to totp.verify 
PyOTP's totp.verify defaults to the valid_window of zero, which means
it will reject valid codes, if submitted just past the 30 sec window.
It also means, users will run into authentication issues very quickly
if their phones time-sync isn't perfect.

Therefore valid_window should at the very least be 1 or more, settting
it higher trades security for robustness, especially with regard to
time desync issues.
 2022-09-07 14:23:34 +02:00
Pascal de Bruijn
41a3995865 routes/index.py: otp_force shouldn't apply to OAuth 
as 2FA policies are typically enforced on the OAuth proviers end

Relates to #1051
 2022-09-06 16:28:45 +02:00
Pascal de Bruijn
4fd1b10018 models/user.py: properly guard plain_text_password property 
Resolves the following issue, which occurs with force_otp enabled
and OAuth authentication sources:

File "/srv/powerdnsadmin/powerdnsadmin/models/user.py", line 481, in update_profile
  "utf-8") if self.plain_text_password else user.password
AttributeError: 'User' object has no attribute 'plain_text_password'
 2022-09-06 15:31:43 +02:00
Pascal de Bruijn
9bf74a6baf admin_edit_key: default to User role for new api keys 
hopefully this will prevent accidental administator api keys from being created
 2022-09-06 15:25:28 +02:00
Melchior NOGUES
4383c337d4
fix: ldap type ad search user group when nested groups 2022-09-02 17:12:08 +02:00
Vasileios Markopoulos
204c996c81
Merge pull request #1221 from corubba/bugfix/changelog-hyphen 
Fix rrset changelog for names with hyphen
 2022-07-01 15:52:44 +03:00
AdvanticGmbH
3c68b611c6
Update powerdnsadmin/routes/admin.py 
Looks good to me

Co-authored-by: Corubba <97832352+corubba@users.noreply.github.com>
 2022-06-29 08:56:01 +02:00
AdvanticGmbH
cfab13824d Add history entries for association changes of domains 2022-06-28 11:19:00 +02:00
AdvanticGmbH
6a2ba1b1c3 Add list to manage with an account associated domains 2022-06-28 11:18:53 +02:00
Jérôme BECOT
41642fcea4
fix: Update JS minifier library 2022-06-24 23:03:01 +02:00
corubba
5036619a67 Allow new domains to be absolute 
Allow the new domain name to be input absolute (with a dot at the end).
To keep the rest of the logic working as-is, remove it fairly early in
the function.

Would have loved to use `str.removesuffix()` but that's python v3.9+.
 2022-06-23 22:31:00 +02:00
corubba
9890ddfa64 Fix rrset changelog for names with hyphen 
When clicking the changelog button for a record with the name
`foo-bar.example.org`, the url you get redirected to is
`/domain/example.org/changelog/foo-bar.example.org.-A`. Because of the
non-greedy behaviour of the path converter, the last part gets split at
the *first* hyphen, so the example above gets wrongly dissected into
`record_name=foo` and `record_type=bar.example.org.-A`. This results
for obvious reasons in an empty changelog.

As described in rfc5395 [0], types have to be alphanumerical, so its
converter is changed from path to string.

The hyphen is one of the few characters recommended by rfc1035 [1],
so it is a bad choice as separator. The separator is instead changed to
a slash.
Granted, this does not entirely solve the issue but at least makes it a
lot less likely to happen. Plus, a lot more and other things break in
pda with slashes in names.

[0] https://datatracker.ietf.org/doc/html/rfc5395#section-3.1
[1] https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.1
 2022-06-19 12:16:40 +02:00
jbe-dw
dac232147e
enh: Cookies security (#1211) 
author: corruba
 2022-06-18 22:51:47 +02:00
corubba
3a8ad7c444 Remove OFFLINE_MODE config option 2022-06-18 19:11:16 +02:00
corubba
b809308d31 Add LDAP user images 2022-06-18 19:11:16 +02:00
corubba
607caa1a2d Rework user image handling 
Moved all the logic out of the template into a separate endpoint. This
makes it easy to extend to also support images from different sources
like LDAP/SAML/OIDC. Session-based caching is hard to do, so to allow
time-based caching in the browser, the url needs to be unique for every
user by using a query parameter.

Replaced the default/fallback user image with a new one. It is based on
the old one, but does not need css to be visible. And removed said css.

Gravatar has now its own setting named `gravatar_enabled`, which is
disabled by default.
 2022-06-18 19:11:13 +02:00
corubba
b795f1eadf Use the doc search directly 2022-06-18 19:07:23 +02:00
corubba
fee26b84ba Remove IE8 polyfills 
These old browsers are EOL since 2016 [0], let them finally rest in
peace.

This effectively reverts/replaces commit b8dee5d17056788c2dc9940d14308648e32186d8.

[0] https://web.archive.org/web/20160115070611/https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
 2022-06-18 19:07:23 +02:00
corubba
54b2c5918f Serve the IE8 polyfills from local 2022-06-18 19:07:23 +02:00
corubba
674704609b Always use local fonts 2022-06-18 19:07:23 +02:00
corubba
af902f24a2 Update using only one api call 
Starting with the very first commit, the update was always done with
two api calls: one for DELETE and one for REPLACE. It is however
perfectly valid and save to do both at once, which makes it atomic, so
no need for the rollback. Plus it only updates the serial once.
There is no point in sending the full RRset data when deleting it, the
key attributes to identify it are enough. This also make the behaviour
consistent with the api docs [0] where it says "MUST NOT be included
when changetype is set to DELETE."

[0] https://doc.powerdns.com/authoritative/http-api/zone.html#rrset
 2022-06-18 18:58:39 +02:00
corubba
52b704baeb Set SameSite on cookies 
Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.

Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.

The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.

[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
 2022-06-18 18:51:42 +02:00
corubba
ae2ad6527a Set csrf cookie to httponly 
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
 2022-06-18 18:51:42 +02:00
corubba
3e462dab17 Fix csrf configuration 
CSRF has been initialized *before* the app config was fully read. That
made it impossible to configure CSRF properly. Moved the CSRF init into
the routes module, and switched from programmatic to decorated
exemptions. GET routes don't need to be exempted because they are by
default.
 2022-06-18 18:51:40 +02:00
Jérôme BECOT
a87b931520
feat: Move the account parse calls to a method 2022-06-18 14:30:56 +02:00
Jérôme BECOT
eb13b37e09
feat: Add the extra chars as an option 2022-06-18 14:30:56 +02:00
Jérôme BECOT
a3c50828a6
feat: Allow underscores and hyphens in account name 2022-06-18 14:28:32 +02:00
AdvanticGmbH
beed738d02
enh: Improve performance of domain update (#1218) 
author: @AdvanticGmbH
 2022-06-18 14:23:05 +02:00
RGanor
81f158d9bc
enh: Enforce Record Restrictions in API (#1089) 
Co-authored-by: Tom <tom@tom.com>
 2022-06-18 14:20:49 +02:00
Vasileios Markopoulos
83d2f3c791
Merge pull request #1205 from joshsol1/master 
Modification to SAML groups and group management
 2022-06-18 13:39:01 +03:00
gadall
bf83e68a4b
Fix DynDNS2 using X-Forwarded-For (#1214) 
utils.validate_ipaddress() takes a string, not a list
 2022-06-18 13:11:22 +03:00
TomSebty
1926b862b8
feat: Option to forbid the creation of domain if it exists as a record (#1127) 
When enabled, forbids the creation of a domain if it exists as a record in one of its parent domains (administrators and operators are not limited though).
 2022-06-17 17:50:51 +02:00
jbe-dw
1112105683
feat: Add /api endpoint (#1206) 2022-06-17 16:48:23 +02:00
jbe-dw
2a75013de4
Merge pull request #1163 from AdvanticGmbH/idna_decode 
fix: use idna module to support extended character set
 2022-06-17 15:47:55 +02:00
Vasileios Markopoulos
9d7d701cd9
Merge pull request #1203 from pixelrebel/saml-fixes 
Small fixes to SAML service
 2022-06-15 15:56:28 +03:00
Vasileios Markopoulos
41343fd598
Merge pull request #1199 from corubba/bugfix/rrest-typo 
Fix rrest typo in history detail
 2022-05-25 10:45:50 +03:00
corubba
f98326ea90 Fix remaining typo occurrence 2022-05-24 23:45:14 +02:00
Jérôme BECOT
88df88f30b
fix: Active directory filter is broken 2022-05-24 13:58:45 +02:00
jbe-dw
259bd0a906
Merge pull request #1200 from corubba/feature/modal-consolidation 
enh: Consolidate generic modal code
 2022-05-23 22:50:48 +02:00
jbe-dw
06c12cc3ac
Merge pull request #1172 from RGanor/master 
Added health check
 2022-05-23 20:18:17 +02:00
RGanor
1bee833326 Updated the unknown state 2022-05-23 16:46:11 +00:00
jbe-dw
e81453c5e3
Merge pull request #1188 from corubba/bugfix/pyOpenSSL 
Small bugfixes
 2022-05-23 13:59:18 +02:00
Josh Matthews
715c6b76cd added code to raise user to operator on SAML auth if in the right group 2022-05-23 14:38:16 +10:00
pixelrebel
e4c8c3892f Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs 2022-05-19 19:00:38 -07:00
pixelrebel
9221d58a1b Allow SAML AttributeStatements to be optional 2022-05-19 14:52:51 -07:00
corubba
0dfcdb6c3e Fix rrest typo in history detail 
There is a misspelling of rrset throughout the history logic, which also
effects the json payload in the database. Code-wise this is a simple
search-and-replace, and the migration will fix the payloads.
 2022-05-19 00:53:35 +02:00
corubba
70450315ba Add general modal functions 
The two generic modals are defined in the base template, and are used
in various templates. So provide functions and remove duplicate code.
 2022-05-19 00:53:20 +02:00
RGanor
3d2ad1abc0 LGTM fix - unused variable 2022-05-15 13:57:13 +00:00
Cloud User
b3271e84d6 Using domain model and added authentication 2022-05-15 12:19:04 +00:00
jbe-dw
6579c9e830
Merge pull request #1182 from jbe-dw/revertCorruptedHistoryFix 
fix: Insert valid JSON in history.detail and replace single quotes in the database
 2022-05-12 21:30:20 +02:00
corubba
564ec6086d Replace pyOpenSSL with cryptography 
This is literally the example from the docs [0]. The only thing I
adapted are the parameters for the keys and certificate, so they
stay the same.

Fixes #1086

[0] https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate
 2022-05-07 21:32:19 +02:00
corubba
fec649b747 Header for fixed order column 
Semantically and syntactically it is better to have the same number of
`<th>` as `<td>`. Not that anyone will ever see that new header, since
that column is always invisible (except if the user disables javascript).

Plus remove a unmatched closing html element.
 2022-05-07 21:14:57 +02:00
corubba
0e2cd063c5 Remove python v2 remnant 
As vermin [0] confirms, the codebase has long moved beyond supporting
python v2 (which is not a bad thing). This removes the last explicit py2
piece of code.

And in case anyone wonders, vermin currently reports the minium version
to be v3.6.

[0] https://pypi.org/project/vermin/
 2022-05-07 21:14:48 +02:00
jbe-dw
fa9bdcfde0
Merge pull request #1134 from jbe-dw/fixAPIDeleteAccount 
Fix API Account deletion
 2022-05-06 23:35:24 +02:00
Jérôme BECOT
64f7968af9
fix: Use json.dumps instead of str 2022-05-06 17:04:39 +02:00
jbe-dw
82f03a4de2
Merge pull request #1160 from AdvanticGmbH/json_load_error 
Json load error
 2022-04-26 17:54:08 +02:00
AdvanticGmbH
26c60f175d Remove unnecessary call to str() 
* json.dumps() already returns a str
 2022-04-26 09:11:05 +02:00
jbe-dw
fc56a168c8
Merge pull request #1174 from gunet/ping-no-login-required 
Login requirement removal for /ping endpoint
 2022-04-25 16:22:21 +02:00
ManosKoukoularis
5040cf5282
Merge pull request #1159 from AdvanticGmbH/html_entity_domain_fix 
Decode domain record data and comment from HTML entity to text
 2022-04-25 12:49:10 +03:00
AdvanticGmbH
44c9aff5db Use json.dumps for every detail in history 
This works much better instead of just writing a str to the db and
expect it to be loaded just fine from json.loads
 2022-04-25 10:43:46 +02:00
AdvanticGmbH
3df36adbf4 Add more detailed info to the history when a msg and status exists 2022-04-25 10:43:40 +02:00
AdvanticGmbH
191e919626 Allow IDNA in SOA 
* Previously having characters like "ü" in the SOA wouldnt allow to push
updates to the domain
* Also use the new method to_idna to support characters like "ß"
 2022-04-25 10:19:40 +02:00
AdvanticGmbH
40deb3c145 Create method to encode and decode idna 
Previously strings with characters like "ß" would throw and exception
This seems to happen because the lib behind encode().decode('idna')
cant handle characters like this
 2022-04-25 10:05:46 +02:00
KostasMparmparousis
4d6c6224b4 Login requirement removal for /ping endpoint 2022-04-20 13:31:23 +03:00
RGanor
4958423cc7
Update api.py 2022-04-18 22:11:31 +03:00
root
f41696c310 WIP - Added health check 2022-04-18 09:01:22 +00:00
Vasileios Markopoulos
e891333971
Merge pull request #1166 from LordVeovis/fix/saml 
Fix broken SAML login from 9c00e48f
 2022-04-13 10:16:58 +03:00
Vasileios Markopoulos
c9c82d4244
Merge pull request #1118 from cropalato/master 
Fixing AD login if there is a infinity loop in memberOf groups.
 2022-04-13 10:15:54 +03:00
Veovis
bd92c5946c
Fix broken SAML login from 9c00e48f 2022-04-12 17:14:54 +02:00
Ricardo Melo
ee0511ff4c
[Fix] AD recursive problem 
- Fixing #1011[https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues/1011]
 2022-04-11 08:49:38 -04:00
Vasileios Markopoulos
098224eed1
Merge pull request #1123 from gunet/log-dnssec-enabling 
Log DNSSEC status change for a domain
 2022-04-11 15:21:59 +03:00
ManosKoukoularis
9e90dde144
Merge pull request #1158 from AdvanticGmbH/domain_xss 
Render domain data table fields only as text
 2022-04-11 13:05:43 +03:00
vmarkop
9c62208c2e Updated repository URL 2022-04-11 12:21:34 +03:00
jbe-dw
8cf2985335
Merge pull request #979 from mirko/make-onelogin-pkg-optional 
routes/index.py: Make package 'onelogin.saml2.utils' optional
 2022-04-07 13:37:00 +02:00
jbe-dw
33f1c6ad61
Merge pull request #1027 from mirko/add-WWW-Authenticate-header-for-dyndns 
dyndns: Respond with HTTP header 'WWW-Authenticate' to unauthed requests
 2022-04-07 13:31:03 +02:00
AdvanticGmbH
b534eadf19 Decode domain record data and comment from HTML entity to text 2022-04-04 14:43:02 +02:00
AdvanticGmbH
e596de37f4 Render Name, Type, Status, TTL, Data and Edit as text 2022-04-04 14:16:40 +02:00
AdvanticGmbH
930932d131 Render domain data table fields only as text 2022-04-04 14:06:31 +02:00
jbe-dw
13ff4df9f9
Merge pull request #1122 from gunet/auth_type_log_fix 
Fixed LDAP Authenticator Type logging
 2022-04-03 14:59:48 +02:00
jbe-dw
c6de972ed8
Merge pull request #1101 from decryptus/master 
[BUG] Fixed delete zone from API
 2022-04-03 00:29:47 +02:00
Jérôme BECOT
17b4269e1b
fix: Set Content-Type on backend API calls 2022-03-30 23:39:00 +02:00
ManosKoukoularis
fcb8287f14
Update login.html 2022-02-25 12:59:23 +02:00
Jérôme BECOT
84a183d913
fix: Disassociate domains from account before deletion 2022-02-24 11:24:19 +01:00
Jérôme BECOT
6ba1254759
feat: Make domain update optional in assoc_account 2022-02-24 11:24:12 +01:00
kkmanos
10603fbb36 fixed csrf expiration for login page 2022-02-17 18:10:06 +02:00
kkmanos
e21f53085d added DNSSEC enabling/disabling to history logs 2022-02-17 17:40:48 +02:00
vmarkop
36cee8cddc Fixed 'LOCAL' Authenticator Type showing for LDAP auth 2022-02-17 17:34:54 +02:00
kkmanos
b9cf7245a5 fixed csrf expiration for login page 2022-02-17 17:02:11 +02:00
Adrien Delle Cave
6982e0107c Typo in routes/api.py 2022-01-20 12:49:37 +01:00
Adrien Delle Cave
98bd9634a4 [BUG] Fixed delete zone from API 2022-01-19 13:50:12 +01:00
zoeller-freinet
0b2ad520b7 History table: relocate HTML for modal window (#1090) 
- Store HTML for modal window inside an invisible <div> element instead
  of inside the <button> element's value attribute
- Mark history.detailed_msg as safe as it is already manually run
  through the template engine beforehand and would be broken if escaped
  a second time
 2022-01-01 21:20:01 +01:00