Jérôme BECOT
41642fcea4
fix: Update JS minifier library
2022-06-24 23:03:01 +02:00
corubba
52b704baeb
Set SameSite on cookies
...
Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.
Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.
The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.
[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
2022-06-18 18:51:42 +02:00
corubba
564ec6086d
Replace pyOpenSSL with cryptography
...
This is literally the example from the docs [0]. The only thing I
adapted are the parameters for the keys and certificate, so they
stay the same.
Fixes #1086
[0] https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate
2022-05-07 21:32:19 +02:00
KostasMparmparousis
c8d14d91fe
cryptography-dependency-addition
2022-04-27 16:11:09 +03:00
vmarkop
c9d97642b3
Fixed werkzeug dependency
2022-03-29 10:30:19 +03:00
KostasMparmparousis
063d259af8
jinja-dependency-fix
2022-03-27 15:19:35 +03:00
vmarkop
5d8e277b3f
pinned compatible itsdangerous version
2022-02-28 11:35:24 +02:00
dependabot[bot]
9ef0f2b8d6
Bump python-ldap from 3.3.1 to 3.4.0
...
Bumps [python-ldap](https://github.com/python-ldap/python-ldap ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/python-ldap/python-ldap/releases )
- [Commits](https://github.com/python-ldap/python-ldap/compare/python-ldap-3.3.1...python-ldap-3.4.0 )
---
updated-dependencies:
- dependency-name: python-ldap
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-17 12:08:19 +01:00
jbe-dw
1c9ca60508
fix: jsmin 2.2.2 no longer available. Use 3.0.0 ( #1021 )
2021-10-30 21:30:53 +02:00
dependabot[bot]
5f10f739ea
Bump pyyaml from 5.3.1 to 5.4 ( #912 )
2021-03-27 19:33:49 +01:00
jodygilbert
7f86730909
allow-server-side-sessions ( #855 )
2021-01-24 09:09:53 +01:00
Khanh Ngo
94eeae0cad
Downgrade to dnspython>=1.16.0
2020-10-10 21:52:46 +02:00
Khanh Ngo
75a30f14fb
Dockerfile and requirements.txt update
...
- Fix bug in python requests module missing after delete py3-pip from build stage
- Downgrade the requirement of bcrypt to >=3.1.7 for older python3 version compatibility
2020-10-10 21:47:58 +02:00
Khanh Ngo
0dfced4968
Upgrade pip packages
2020-10-10 20:27:09 +02:00
Christian Burmeister
6381d87ec3
Update gunicorn 19.7.1 -> 20.0.4
2020-03-13 00:22:32 +01:00
Khanh Ngo
7739bf7cfc
Add user email verification
2019-12-21 21:43:03 +07:00
Khanh Ngo
53a7545ccc
Upgrade mysqlclient package to work with MySQL 8.x #571
2019-12-07 18:10:06 +07:00
Khanh Ngo
8de6df4d3b
Fix the tests
...
Fix the tests
Fix the tests
2019-12-06 10:59:19 +07:00
Khanh Ngo
8ea00b9484
Refactoring the code
...
- Use Flask blueprint
- Split model and views into smaller parts
- Bug fixes
- API adjustment
2019-12-02 10:32:03 +07:00
Khanh Ngo
dfce7eb537
Upgrade SQLAlchemy version to pass the security check. Set version for other libs in requirements.txt
2019-07-15 09:50:23 +07:00
Pavol Ipoth
1feb77e2f3
Add Api to PowerDNS-Admin
2019-03-01 23:50:04 +01:00
Robert Kerr
c456aa2e7a
Add ttl_options setting
...
Adds a new setting to define the options in the TTL dropdown when
editing a record. The setting is a comma separated string with the
valid options.
2018-11-24 12:45:14 +00:00
Khanh Ngo
5f049debe5
Adding Flask-SeaSurf module for CSRF protection.
2018-11-21 10:24:33 +07:00
Khanh Ngo
add5fd3e52
Upgrade requests module to 2.20.0 as CVE-2018-18074
2018-10-31 16:53:27 +07:00
Chris Pritchard
8a20d3f2d8
migrated to authlib
2018-10-22 02:33:46 +01:00
Chris Pritchard
396ce14b9f
OIDC ( #1 )
...
Implemented OIDC using authlib
2018-10-21 23:38:12 +01:00
Khanh Ngo
65b0c6e9b9
Remove Flask-WTF from requirements.txt
2018-09-10 10:15:38 +07:00
Khanh Ngo
866a6b49a1
Upgrade Flask modules
2018-08-25 15:02:05 +07:00
Khanh Ngo
585985e4f0
Merge changes from master, PR #280 and resolve conflicts
2018-06-13 11:05:53 +07:00
Felix Kaechele
1bf869f508
Add webassets support
...
Also updates AdminLTE to latest stable version.
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 21:16:28 +02:00
Khanh Ngo
ab0124b3e2
Update requirements.txt
2018-06-11 11:11:43 +07:00
Khanh Ngo
17a892b18d
Resolve the conflicts for #228
2018-04-02 13:38:53 +07:00
Khanh Ngo
b5b3b77acb
Adjustment to work with Python3
2018-03-30 13:49:35 +07:00
Jeroen Boonstra
e9aa2e6848
Fix typo
2018-02-01 08:59:54 +01:00
Jeroen Boonstra
efd0e976a2
Add pytz to requirements
2018-02-01 08:52:41 +01:00
thomasDOTde
9185d875c1
added missing dependencies
2018-01-22 23:01:45 +01:00
thomasDOTde
f067d0d5f0
fixed requirements. caused redirect loop
2017-10-31 18:14:38 +01:00
thomasDOTde
a9408a4bd9
updated requirement to support saml
2017-10-31 16:18:48 +01:00
Felix Kaechele
cae8f92c97
Replace py-bcrypt with bcrypt
...
bcrypt is more common and better maintained
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 07:32:33 -07:00
Felix Kaechele
b8e38b4d2f
Replace PyQRCode with qrcode
...
qrcode is more common and better maintained
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 06:41:22 -07:00
Felix Kaechele
9b8c85c5c1
Replace onetimepass with pyotp
...
pyotp is more common and better maintained
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 06:37:20 -07:00
Felix Kaechele
8118ed0a75
Fix noeol in requirements.txt
...
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 06:34:06 -07:00
Joachim Tingvold
9ec1ac3e46
Update requirements.
2016-08-19 23:25:53 +00:00
Khanh Ngo
7ef76484d0
Merge pull request #103 from timfeirg/master
...
support github oauth2 login
2016-08-14 09:28:15 +07:00
timfeirg
683f633d7d
minor code style change
2016-08-13 00:49:53 +08:00
Zhuoyun Wei
635cc8c3b3
Users could use SQLite instead of MySQL
2016-08-12 16:15:38 +08:00
Khanh Ngo
f4e2c3b3df
Add OTP authentication feature
2016-06-16 15:36:05 +07:00
Khanh Ngo
2dac8205f6
Initial commit
2015-12-13 16:34:12 +07:00