Commit Graph

186 Commits

Author SHA1 Message Date
Khanh Ngo
babf62bae0
Fix Github/Google oAuth 2018-08-19 15:29:50 +07:00
Khanh Ngo
ada6f844ff
Read LDAP config from DB instead of file. Adjustment in site titles 2018-08-18 22:42:18 +07:00
Khanh Ngo
4b9349c83e
Create DB config for pdns and authentication setting 2018-08-18 18:41:59 +07:00
Thomas M Steenholdt
0ac33aa3c4 Add option to edit users from the comfort of the UI
Update user management feature to allow editing user details directly in the admin user interface.

Also added an option to reset the two factor authentication data of a user, for when that's needed (lost device, technical issues etc).

(cherry picked from commit 3139616282a18c11463c6ecf78888417b2ac1c35)
2018-08-12 07:47:37 -02:00
Khanh Ngo
47d5858fc6 Merge branch 'fix-saml' 2018-08-07 09:09:34 +07:00
Khanh Ngo
96a9c12300 Log user's ip address when they login 2018-07-05 14:25:05 +07:00
Ian Bobbitt
480989e86a Manage Account memebership for SAML Users 2018-06-25 12:18:42 +00:00
Ian Bobbitt
765351c5e9 Emit audit history when SAML assertions promote or demote a user. 2018-06-24 23:54:29 +00:00
Ian Bobbitt
17a61d04b5 Merge remote-tracking branch 'upstream/master' into fix-saml
Cleaning up conflicts with upstream changes.
2018-06-24 22:31:54 +00:00
Thomas M Steenholdt
31305a3048 Add setting to allow/disallow quick editing of records
Adds an `allow_quick_edit` setting, using the improved setting handling logic from PR #287 to toggle whether records are editable by simply clicking the row or not.

Aims to fix #288
2018-06-24 00:25:33 -02:00
Thomas M Steenholdt
6c8a3ac36c Move setting definitions into code (rather than database).
For a setting to be useful, the code has to be able to make sense of it anyway. For this reason it makes sense, that the available settings are defined within the code, rather than in the database, where a missing row has previously caused problems. Instead, settings are now written to the database, when they are changed.

So instead of relying on the database initialization process to create all available settings for us in the database, the supported settings and their defaults are now in a `defaults` dict in the Setting class. With this in place, we can stop populating the `setting` table as a part of database initialization and it will be much easier to support new settings in the future (we no longer need to do anything to the database, to achieve that).

Another benefit is that any changes to default values will take effect automatically, unless the admin has already modified that setting to his/her liking.

To make it easier to get the value of a setting, falling back to defaults etc, a new function `get` has been added to the Setting class. Call it as `Setting().get('setting_name'), and it will take care of returning a setting from the database or return the default value for that setting, if nothing was found.

The `get` function returns `None`, if the setting passed to the function, does not exist in the `Setting.defaults` dict - Indicating that we don't know of a setting by that name.
2018-06-21 22:06:38 -02:00
Khanh Ngo
585985e4f0
Merge changes from master, PR #280 and resolve conflicts 2018-06-13 11:05:53 +07:00
Khanh Ngo
c2df132040 Merge remote-tracking branch 'kaechele/use-webassets' 2018-06-13 09:58:15 +07:00
Khanh Ngo
8a22e030cd
Merge and resolve the conflicts from master 2018-06-13 09:35:19 +07:00
Khanh Ngo
aa6909065d Merge remote-tracking branch 'tmuncks/initial-accounts' 2018-06-12 16:17:55 +07:00
Felix Kaechele
1bf869f508 Add webassets support
Also updates AdminLTE to latest stable version.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 21:16:28 +02:00
Khanh Ngo
b7dac8a565 Merge remote-tracking branch 'ProviderNL/feature/bg_domain_updates' 2018-06-11 16:52:03 +07:00
Jeroen Boonstra
39d3a4d6ac add bg settings for button 2018-06-08 13:22:03 +02:00
Jeroen Boonstra
8b2083be77 Add domain refresh endpoint 2018-06-08 13:21:17 +02:00
Jeroen Boonstra
734a6d5b32 Enable bg updates 2018-06-08 11:46:17 +02:00
Khanh Ngo
ecdb9b9328
Merge pull request #275 from tmuncks/dont-revoke-your-own-rights
Fix user deletion
2018-06-08 09:16:49 +07:00
Thomas M Steenholdt
90f08ee92e Fix user deletion
An improper check causes problems when trying to delete a user. This fixes that error.

(cherry picked from commit 3c838cc0e4a2d4904d0fc919fb88c58ebd4fe4bd)
2018-06-07 15:34:28 -02:00
Khanh Ngo
2958ae663c
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 09:28:14 +07:00
Khanh Ngo
6f54b1a9de Merge remote-tracking branch 'tmuncks/dnssec-admin-only' 2018-06-07 08:53:01 +07:00
Khanh Ngo
2c5a98aca4
Merge pull request #273 from tmuncks/dont-revoke-your-own-rights
Restrict certain admin changes on the current user
2018-06-07 08:48:44 +07:00
Thomas M Steenholdt
5d40c42bbf Fix OTP validation
The result from the form is never an int but rather a string of digits, so that's what we should be checking for.

This fixes OTP validation

(cherry picked from commit 5fe3c8b9f92665db54d74dc6b2334666c318bf0c)
2018-06-06 09:19:30 -02:00
Thomas M Steenholdt
ccec6c37b4 Restrict certain admin changes on the current user
Disable the admin toggle and delete operations from the current user, to avoid accidents.

(cherry picked from commit b0f5ac6df5d31f612dc833a88cfca8936c4137d7)
2018-06-06 09:15:25 -02:00
Thomas M Steenholdt
10f47039ec Add config option to allow DNSSEC changes only for admins
DNSSEC requires changes to the parent domain, which in many cases requires special access to a registry or the like.
For that reason, especially the option to disable DNSSEC can be dangerous - if DNSSEC is disabled in PowerDNS but not in the registry, the domain stops working.

For this reason, adding an option to disable DNSSEC changes for non-admins seems reasonable.

(cherry picked from commit 5cdfc0263b07f4658d51cf7c038fea9a8911152a)
2018-06-06 08:53:44 -02:00
Thomas M Steenholdt
a4af4ad4b3 Implement per account domain access
Added the possibility for assigning users to an account, providing access to all domains associated with that account automatically.

This makes management easier, especially in installations with lots of domains and lots of managing entities.

The old style per-domain permissions are still there and working as usual. The two methods work perfectly side-by-side and are analogous to "user" (per-domain) and "group" (account) permissions as we know them from Active Directory and such places.

(cherry picked from commit 34fbc634d2848a7f76dc89a03dd8c0604068cc17)
2018-06-05 16:42:44 -02:00
Thomas M Steenholdt
a3a58f16a5 Initial support for Accounts
This adds initial support for accounts a concept meant to signify a customer, a department or any other entity that somehow owns or manages one or more domains.

The purpose is to be able to assign an account to any number of domains, making it easy to track who owns or manages a domain, significantly improving manageability in setups with a large number of domains.

An account consists of a mandatory, unique `name` and optional `description`, `contact` name and `mail` address. The account `name` is stripped of spaces and symbols, and lower cased before getting stored in the database and in PowerDNS, to help ensure some type of predictability and uniqueness in the database.

The term *account* is actually taken from the PowerDNS database, where the `domains.account` column is used to store the account relationship, in in the form of the account `name`.

The link to a domain in PowerDNS-Admin is done through the `domain.account_id` FOREIGN KEY, that is linked to the `account.id` PRIMARY KEY.

(cherry picked from commits 4e95f33dfb0676d1c401a033c28bca3be7d6ec26, da0d596bd019a339549e2c59630a8fdee65d0e22, 7f06e6aaf4fd8011c784f24b7bbbba5f52aef319, 1c624dad8749024033d1d15dd6242ca52b39f135)
2018-06-04 13:10:02 -02:00
Khanh Ngo
4daf6f72a7
Merge pull request #256 from rene-dekkers/nonint_error
Fail when non-numeric otp token was inserted
2018-05-18 10:43:26 +07:00
René Dekkers
08335cdedc Fail when non-numeric otp token was inserted 2018-05-07 15:32:15 +02:00
Ian Bobbitt
73d5215d3a Improve SAML support
Accept IdP EntityID to use when metadata contains more than one IdP.
Allow specifying attribute names to get given name, surname, and email address.
Allow specifying NameIDFormat to request.
Allow specifying whether to get username from a named attribute, or NameID.
Allow getting administrator state from attribute.
2018-05-02 22:56:22 +00:00
Khanh Ngo
3d8d94f280 Validate registration process. Change copyright year. 2018-04-18 13:16:02 +07:00
Khanh Ngo
01a5528c4a Merge remote-tracking branch 'mind04/template-relative' 2018-04-13 09:25:23 +07:00
Kees Monshouwer
df9e392e26
domain stripping was not limited to the end of a name 2018-04-12 12:01:59 +02:00
Khanh Ngo
52b6966c83 Check zone serial before allowing user to submit their change. #183 2018-04-12 11:18:44 +07:00
Kees Monshouwer
fc737cf61f
strip domain part from names while cloning a zone to a template 2018-04-11 18:14:42 +02:00
Khanh Ngo
84d4bfaed0 Mark LDAP authentication as external_auth. Fix OTP secret update. #237 2018-04-10 08:59:28 +07:00
Khanh Ngo
fdf849744b Fix #238 2018-04-10 07:08:22 +07:00
Khanh Ngo
5354d27f88 Fix #234 2018-04-08 09:09:08 +07:00
Khanh Ngo
0826702537 Update config template 2018-04-06 13:22:09 +07:00
Khanh Ngo
17a892b18d Resolve the conflicts for #228 2018-04-02 13:38:53 +07:00
Khanh Ngo
3efafecb30 Fix #194 2018-04-01 15:51:56 +07:00
Khanh Ngo
bfb54e8bda Add LDAP_ENABLE in config file 2018-04-01 15:08:55 +07:00
Khanh Ngo
1c54f008f4 Change string to new format 2018-04-01 07:57:41 +07:00
Khanh Ngo
29d1cf4117 Adjustment in domain template feature to work with python3 2018-03-31 08:21:02 +07:00
Khanh Ngo
aa2b29dac3 Adjustment to give user access to granted domain only 2018-03-31 07:32:46 +07:00
Khanh Ngo
51cdba8228 User path: instead of string: in routes 2018-03-31 06:52:14 +07:00
Khanh Ngo
c668c21fc9 Adjustment to prevent exception in Google/Github authentication when local user cannot be created 2018-03-30 17:43:34 +07:00
Khanh Ngo
896abdbdbc Merge remote-tracking branch 'dkeightley/ns-record-support' into development 2018-03-30 15:49:35 +07:00
Khanh Ngo
63e7d89df1 Adjustment to be able to show ALL domain in dashboard table 2018-03-30 15:40:43 +07:00
Khanh Ngo
f318c437c1 Merge remote-tracking branch 'hackedd/feature/server-side-domain-list' into development 2018-03-30 15:34:07 +07:00
Khanh Ngo
b5b3b77acb Adjustment to work with Python3 2018-03-30 13:49:35 +07:00
thomasDOTde
88c6d6ee33 missed to change one import for issue #19 2018-03-28 11:43:54 +02:00
thomasDOTde
f014798374 fixed ngoduykhanh/PowerDNS-Admin issue 194 2018-03-28 02:06:09 +02:00
thomasDOTde
5ed8a33c7e added feature requested in issue #28 2018-03-28 01:41:33 +02:00
Jeroen Boonstra
c8d9f4bf22 changes response 2018-03-05 15:11:42 +01:00
Jeroen Boonstra
5ea70023ff remove dnssec keys 2018-03-05 15:06:40 +01:00
Jeroen Boonstra
a829509324 enable dnssec endpoint added 2018-03-01 08:27:10 +01:00
Jeroen Boonstra
d5d0948ab8 Export PDNS version to frontend 2018-02-28 13:39:05 +01:00
unknown
b832fc1768 Reverse zone PTR type entries not shown bug fix. Added NS, LOC and TXT types in reverse zones. Added LOC type in forward zone. 2018-02-16 21:02:16 +02:00
Vadim Aleksandrov
cff534890f Deny to delete 'SOA' record 2018-02-07 22:47:52 +03:00
Vadim Aleksandrov
12cfc4dbc1 Added the ability to create a template based on the zone records 2018-02-07 22:44:46 +03:00
Vadim Aleksandrov
52a5789c85 Add first working draft of domain templating functionality 2018-02-07 22:30:29 +03:00
thomasDOTde
92d7ca3870 added application certificate handling for signed SAML messages 2018-01-20 17:17:02 +01:00
thomasDOTde
050b822636 cleaup after merged pr 2017-12-05 12:59:08 +01:00
NomenNescio
d5b2dedd7f small fixes for return url after saml logout 2017-12-05 12:28:54 +01:00
thomasDOTde
85c07210db fixed name-id formating and name-id 2017-12-05 03:48:18 +01:00
thomasDOTde
e535ce0822 fixed session check 2017-12-05 00:23:10 +01:00
thomasDOTde
60086d5d15 added standard SAML logout method using metadata 2017-12-05 00:14:31 +01:00
NomenNescio
47cf1aff4a added configurable logout redirect URL 2017-12-04 14:43:58 +01:00
thomasDOTde
d65efe477a ensure authentication isn't possible without password 2017-11-06 23:36:11 +01:00
thomasDOTde
5a1a4b0161 Merge remote-tracking branch 'origin/master' 2017-11-03 12:24:54 +01:00
thomasDOTde
54e61bf072 added custom error page for SAML authentication errors 2017-11-03 12:24:25 +01:00
Thomas
4a4b03a7d0 Merge pull request #11 from ssendev/patch-1
Allow to change root domain record via dyndns
2017-11-03 00:36:06 +01:00
thomasDOTde
37fee207a5 marked google oauth users as external 2017-11-01 22:30:08 +01:00
Thomas
83a0396350 Merge branch 'master' into feature-google-oauth 2017-11-01 22:18:43 +01:00
Thomas
ff9a6fcfba Merge pull request #2 from thomasDOTde/upstream-access-control
Add access control for non-admin users from hackedd
2017-11-01 21:47:14 +01:00
Paul Hooijenga
9a4021d5e5 Add access control for non-admin users
(cherry picked from commit 6e5b704)
2017-11-01 21:40:15 +01:00
thomasDOTde
cd3b41553d fixed link for alternative login methods 2017-11-01 13:55:57 +01:00
thomasDOTde
baa960aad6 raised password length to 30 for external accounts.
fixed error_checking for saml-authentication
2017-11-01 13:31:41 +01:00
thomasDOTde
12c957bf5f disabled profile usage when authenticated externally 2017-11-01 01:34:29 +01:00
thomasDOTde
31eaee8e0b added saml authentication 2017-10-31 22:38:26 +01:00
thomasDOTde
933d678e83 added SAML auth basics and metadata 2017-10-31 19:21:22 +01:00
patito
a4b9722d47 Google OAuth 2017-09-22 15:28:09 +01:00
Paul Hooijenga
5d09daf8eb Fix dashboard domain query for non-admin users 2017-09-15 15:14:04 +02:00
dkeightley
8cdfab1c7c Added NS record for forward and reverse domains 2017-07-03 15:53:26 +12:00
Paul Hooijenga
bcb2b06124 Do filtering and pagination of domains server-side. 2017-06-30 18:18:06 +02:00
SIPOS, Peter
1538cf0239 Limit record selection in reverse lookup domain to PTR
And also fix the default type selection of a new record
2016-11-21 15:52:07 +01:00
SIPOS, Peter
2d61c56e7b Add auto-ptr setting injection 2016-11-21 13:42:00 +01:00
Felix Kaechele
b8e38b4d2f Replace PyQRCode with qrcode
qrcode is more common and better maintained

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 06:41:22 -07:00
Joachim Tingvold
671a319e93 Pretty IPv6 PTR. Use the actual IPv6 address when editing PTR.
Rather than dealing with ip6.arpa-dotted-strings from hell, you can
now edit IPv6 PTR-records using the IPv6 address.
2016-08-19 23:04:20 +00:00
ssendev
03e0f50795 Allow to change root domain record via dyndns 2016-08-18 22:05:15 +02:00
timfeirg
683f633d7d minor code style change 2016-08-13 00:49:53 +08:00
CMGS
186aedcfc7 github oauth login 2016-08-13 00:49:46 +08:00
Tamás Dévai
01dd8fd893 Fix route when the zone name containing slash character. 2016-08-02 10:59:31 +02:00
Khanh Ngo
e7a4fb5e6a Force loading gravatar over https 2016-07-14 00:05:55 +07:00
Khanh Ngo
ee033f2198 Add Gravatar to display user's avatar 2016-07-13 21:33:21 +07:00
Khanh Ngo
ff842f66e2 Merge pull request #77 from jallakim/default-settings
Settings: Default domain table size + LDAP first/selected if both LDAP+Basic
2016-07-06 09:30:56 +07:00