Commit Graph

1043 Commits

Author SHA1 Message Date
Jérôme BECOT
17b4269e1b
fix: Set Content-Type on backend API calls 2022-03-30 23:39:00 +02:00
ManosKoukoularis
be7b657437
Merge pull request #1124 from gunet/refresh-on-login
Refresh on csrf token expiration
2022-03-30 10:37:29 +03:00
Vasileios Markopoulos
74efcc7cf7
Merge pull request #1152 from gunet/werkzeug-import-fix
Fixed werkzeug dependency
2022-03-29 10:50:13 +03:00
vmarkop
c9d97642b3 Fixed werkzeug dependency 2022-03-29 10:30:19 +03:00
Vasileios Markopoulos
35f2fde0a8
Merge pull request #1148 from gunet/jinja-depedency-fix
jinja-dependency-fix
2022-03-27 15:26:22 +03:00
KostasMparmparousis
063d259af8 jinja-dependency-fix 2022-03-27 15:19:35 +03:00
Vasileios Markopoulos
60e58a3895
Merge pull request #1136 from gunet/itsdangerous
Pinned compatible itsdangerous version to requirements
2022-03-27 14:50:58 +03:00
vmarkop
5d8e277b3f pinned compatible itsdangerous version 2022-02-28 11:35:24 +02:00
ManosKoukoularis
fcb8287f14
Update login.html 2022-02-25 12:59:23 +02:00
kkmanos
10603fbb36 fixed csrf expiration for login page 2022-02-17 18:10:06 +02:00
kkmanos
b9cf7245a5 fixed csrf expiration for login page 2022-02-17 17:02:11 +02:00
dapillc
cd94b5c0ac
Update API.md (#1100)
armless > harmless
2022-01-19 17:49:30 +02:00
zoeller-freinet
0b2ad520b7 History table: relocate HTML for modal window (#1090)
- Store HTML for modal window inside an invisible <div> element instead
  of inside the <button> element's value attribute
- Mark history.detailed_msg as safe as it is already manually run
  through the template engine beforehand and would be broken if escaped
  a second time
2022-01-01 21:20:01 +01:00
Christian
302e793665
Add button for admin page in single Domain view (#1076)
* Added button for admin page in domain overview
2021-12-31 00:55:59 +01:00
RGanor
328780e2d4 Revert "Merge branch 'master' into master"
This reverts commit ca4c145a18, reversing
changes made to 7808febad8.
2021-12-25 16:17:54 +02:00
RGanor
ca4c145a18
Merge branch 'master' into master 2021-12-25 16:10:18 +02:00
zoeller-freinet
7808febad8 login.html: don't suggest previous OTP tokens
This change has been tested to work with:
- Chromium 96.0.4664.93
- Firefox 95.0
- Edge 96.0.1054.57
2021-12-17 12:48:11 +01:00
dependabot[bot]
9ef0f2b8d6 Bump python-ldap from 3.3.1 to 3.4.0
Bumps [python-ldap](https://github.com/python-ldap/python-ldap) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/python-ldap/python-ldap/releases)
- [Commits](https://github.com/python-ldap/python-ldap/compare/python-ldap-3.3.1...python-ldap-3.4.0)

---
updated-dependencies:
- dependency-name: python-ldap
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-17 12:08:19 +01:00
Vasileios Markopoulos
94a923a965
Add 'otp_force' basic setting (#1051)
If the 'otp_force' and 'otp_field_enabled' basic settings are both enabled, automatically enable 2FA for the user after login or signup, if needed, by setting a new OTP secret. Redirect the user to a welcome page for scanning the QR code.

Also show the secret key in ASCII form on the user profile page for easier copying into other applications.
2021-12-17 11:41:51 +01:00
Jérôme BECOT
0da9b2185e fix: Error in the swagger AccountSummary definition 2021-12-08 23:11:13 +01:00
zoeller-freinet
07f0d215a7 PDNS-API: factor in 'dnssec_admins_only' basic setting (#1055)
`GET cryptokeys/{cryptokey_id}` returns the private key, which justifies
that the setting is honored in this case.
2021-12-06 22:38:16 +01:00
Khanh Ngo
fc8367535b
chore: remove funding and sponsor badges (#1073) 2021-12-08 17:44:44 +01:00
Jérôme BECOT
d2f35a4059 fix: Check user zone create/delete permission
Co-authored-by: zoeller-freinet <86965592+zoeller-freinet@users.noreply.github.com>
2021-12-05 14:16:45 +01:00
zoeller-freinet
737e1fb93b routes/admin.py: DetailedHistory: backward-compatibility
See https://github.com/ngoduykhanh/PowerDNS-Admin/pull/1066
2021-12-04 17:38:48 +01:00
zoeller-freinet
f0008ce401 routes/admin.py: refactor DetailedHistory
- Run HTML through the template engine, preventing XSS from various
  vectors
- Fix uncaught exception when a history entry about domain template
  deletion is processed
- Adapt indentation to 4 space characters per level
2021-12-04 16:09:53 +01:00
Dominic Zöller
6f12b783a8 models.user: get_accounts(): order by name
The order of account names returned by User.get_accounts() affects the
order account names are displyed in on /domain/add if the current user
neither has the Administrator role nor the Operator role and the
`allow_user_create_domain` setting is enabled at the same time.

If the current user does have the Administrator or Operator role,
routes.domain.add() already returns accounts ordered by name, so this
change makes it consistent.
2021-12-04 16:09:15 +01:00
Dominic Zöller
51a7f636b0 Use secrets module for generating new API keys and passwords
The implementation of `random.choice()` uses the Mersenne Twister, the
output of which is predictable by observing previous output, and is as
such unsuitable for security-sensitive applications. A cryptographically
secure pseudorandom number generator - which the `secrets` module relies
on - should be used instead in those instances.
2021-12-04 16:08:07 +01:00
ManosKoukoularis
9f46188c7e
Quotes fix (#1066)
* minor fix in history
* made key access more generic
2021-12-03 20:14:14 +02:00
root
caa48b7fe5 Merge branch 'quotes-fix'
Conflicts:
	powerdnsadmin/routes/admin.py
2021-12-03 14:17:39 +00:00
root
591055d4aa Merge branch 'master' of https://github.com/ngoduykhanh/PowerDNS-Admin 2021-12-03 14:12:32 +00:00
root
940551e99e feat: Associate an API Key with accounts (#1044) 2021-12-03 14:12:11 +00:00
jbe-dw
f45ff2ce03
feat: Associate an API Key with accounts (#1044) 2021-12-03 15:35:15 +02:00
ManosKoukoularis
6c1dfd2408
Datepicker replace (#1059)
* replaced jquery-ui-datepicker with bootstrap-datepicker

* removed obsolete static files
2021-12-02 11:59:36 +01:00
Dominic Zöller
701a442d12 default config: add exemplary URL encoding step for SQLA DB URL params
SQLAlchemy database URLs follow RFC-1738, so parameters like username
and password need to be encoded accordingly.

https://docs.sqlalchemy.org/en/13/core/engines.html#database-urls
2021-11-30 22:29:00 +01:00
Nick Bouwhuis
a3b70a8f47
Add Keycloak documentation (#1053) 2021-11-30 12:26:58 +02:00
ManosKoukoularis
1332c8d29d
History Tab Overhaul & Domain Record Modifications Changelog (#1042)
Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com>
Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com>
Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com>
Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 11:02:37 +02:00
benshalev849
b3f9b4a2b0
OIDC list accounts (#994)
Added the function to use lists instead of a single string in account autoprovision.
2021-11-19 17:53:17 +02:00
zoeller-freinet
bfaf5655ae
Clarify salt re-use for API keys (#1037) 2021-11-09 22:09:15 +02:00
Khanh Ngo
dd04a837bb
Update docker image build script 2021-11-06 15:44:20 +01:00
Khanh Ngo
5bb1a7ee29
Update docker image build script 2021-11-06 15:37:13 +01:00
Khanh Ngo
c85a5dac24
Update docker image build script 2021-11-06 15:25:20 +01:00
benshalev849
3081036c2c
Env oauth url (#1030)
Overriding settings in DB using environment variable in docker
2021-11-05 18:22:38 +02:00
Daniel Molkentin
c7b4aa3434
fix: actually store OIDC logout URL (#988) 2021-11-05 17:28:21 +02:00
Vitali Quiering
e7d5a3aba0
feat: enable_api_rr_history setting (#998)
* feat: introduce enable_api_rr_history setting to disable api record
changes
2021-11-05 17:26:38 +02:00
zoeller-freinet
20b866a784
strip() whitespace from new local user master data (#1019)
When creating a new local user, there is a chance that, due to a copy &
paste or typing error, whitespace will be introduced at the start or end
of the username. This can lead to issues when trying to log in using the
affected username, as such a condition can easily be overlooked - no
user will be found in the database if entering the username without the
aforementioned whitespace. This commit therefore strip()s the username
string within routes/{admin,index}.py.

The firstname, lastname and email strings within
routes/{admin,index,user}.py are also strip()ped on this occasion.
2021-11-05 17:04:35 +02:00
Khanh Ngo
1662a812ba Update CI
Signed-off-by: Khanh Ngo <khanh.ngo@taxfix.de>
2021-10-31 14:34:35 +01:00
Khanh Ngo
c49df09ac8 Update CI
Signed-off-by: Khanh Ngo <khanh.ngo@taxfix.de>
2021-10-31 14:31:14 +01:00
Khanh Ngo
924537b468 Update CI
Signed-off-by: Khanh Ngo <khanh.ngo@taxfix.de>
2021-10-31 14:25:22 +01:00
Khanh Ngo
4f8a547d47 Update CI
Signed-off-by: Khanh Ngo <khanh.ngo@taxfix.de>
2021-10-31 14:23:49 +01:00
Khanh Ngo
ee9f568a8d
Update README.md 2021-10-31 13:16:42 +01:00