Khanh Ngo
c2df132040
Merge remote-tracking branch 'kaechele/use-webassets'
2018-06-13 09:58:15 +07:00
Khanh Ngo
8a22e030cd
Merge and resolve the conflicts from master
2018-06-13 09:35:19 +07:00
Thomas M Steenholdt
daba67611b
Enable pool_pre_ping in DB connection
...
To avoid problems with inactive DB connections, SQLAlchemy provides a `pool_pre_ping` option, that described in more detail here:
http://docs.sqlalchemy.org/en/latest/core/pooling.html#disconnect-handling-pessimistic
In flask environments, it's enabled by subclassing SQLAlchemy, which is what I've done here.
Fixes errors like:
sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (2006, 'MySQL server has gone away') which results in an Error 500 in the UI.
2018-06-12 14:01:25 -02:00
Khanh Ngo
aa6909065d
Merge remote-tracking branch 'tmuncks/initial-accounts'
2018-06-12 16:17:55 +07:00
Felix Kaechele
1bf869f508
Add webassets support
...
Also updates AdminLTE to latest stable version.
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 21:16:28 +02:00
Felix Kaechele
17fb6b0ddd
Delete bundled libraries
...
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 12:57:09 +02:00
Khanh Ngo
003310665c
Merge branch 'master' into flask_migrate
2018-06-11 17:05:01 +07:00
Khanh Ngo
b7dac8a565
Merge remote-tracking branch 'ProviderNL/feature/bg_domain_updates'
2018-06-11 16:52:03 +07:00
Khanh Ngo
a6f0bf26d4
Use Flask-Migrate for db migration
2018-06-11 10:58:47 +07:00
Thomas M Steenholdt
0a670845fa
Automatically rectify DNSSEC enabled zones
...
For DNSSEC enabled zones to function correctly, they need to be rectified on update.
This changes the DNSSEC enable/disable code to set API-RECTIFY:
To `true` when activating DNSSEC on a domain
To `false` when deactivating DNSSEC on a domain
With this, PowerDNS promises to handle the needed rectifications.
(cherry picked from commit 5d15d8899cc03a4a7d433d33c2c4b1da09b5eb2d)
2018-06-10 21:47:19 -02:00
Jeroen Boonstra
18133ab19c
Add ajax call for refresh
2018-06-08 13:26:06 +02:00
Jeroen Boonstra
689b25817c
Add action to dialog
2018-06-08 13:25:43 +02:00
Jeroen Boonstra
e334749382
Add dialog for refresh status
2018-06-08 13:25:21 +02:00
Jeroen Boonstra
9732961854
Add refesh button
2018-06-08 13:23:04 +02:00
Jeroen Boonstra
39d3a4d6ac
add bg settings for button
2018-06-08 13:22:03 +02:00
Jeroen Boonstra
8b2083be77
Add domain refresh endpoint
2018-06-08 13:21:17 +02:00
Jeroen Boonstra
734a6d5b32
Enable bg updates
2018-06-08 11:46:17 +02:00
Khanh Ngo
ecdb9b9328
Merge pull request #275 from tmuncks/dont-revoke-your-own-rights
...
Fix user deletion
2018-06-08 09:16:49 +07:00
Thomas M Steenholdt
90f08ee92e
Fix user deletion
...
An improper check causes problems when trying to delete a user. This fixes that error.
(cherry picked from commit 3c838cc0e4a2d4904d0fc919fb88c58ebd4fe4bd)
2018-06-07 15:34:28 -02:00
Khanh Ngo
2958ae663c
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes
2018-06-07 09:28:14 +07:00
Khanh Ngo
6f54b1a9de
Merge remote-tracking branch 'tmuncks/dnssec-admin-only'
2018-06-07 08:53:01 +07:00
Khanh Ngo
70b3060f5d
Merge pull request #271 from sinzee/patch-1
...
Update models.py
2018-06-07 08:50:48 +07:00
Khanh Ngo
2c5a98aca4
Merge pull request #273 from tmuncks/dont-revoke-your-own-rights
...
Restrict certain admin changes on the current user
2018-06-07 08:48:44 +07:00
Thomas M Steenholdt
2b3b67a3af
Fix foreign key constraint error on MySQL
...
(cherry picked from commit 2a9108f90482a6be86d0b8af4dfcc30f6651ff28)
2018-06-06 13:57:36 -02:00
Thomas M Steenholdt
5d40c42bbf
Fix OTP validation
...
The result from the form is never an int but rather a string of digits, so that's what we should be checking for.
This fixes OTP validation
(cherry picked from commit 5fe3c8b9f92665db54d74dc6b2334666c318bf0c)
2018-06-06 09:19:30 -02:00
Thomas M Steenholdt
ccec6c37b4
Restrict certain admin changes on the current user
...
Disable the admin toggle and delete operations from the current user, to avoid accidents.
(cherry picked from commit b0f5ac6df5d31f612dc833a88cfca8936c4137d7)
2018-06-06 09:15:25 -02:00
Thomas M Steenholdt
10f47039ec
Add config option to allow DNSSEC changes only for admins
...
DNSSEC requires changes to the parent domain, which in many cases requires special access to a registry or the like.
For that reason, especially the option to disable DNSSEC can be dangerous - if DNSSEC is disabled in PowerDNS but not in the registry, the domain stops working.
For this reason, adding an option to disable DNSSEC changes for non-admins seems reasonable.
(cherry picked from commit 5cdfc0263b07f4658d51cf7c038fea9a8911152a)
2018-06-06 08:53:44 -02:00
Thomas M Steenholdt
a4af4ad4b3
Implement per account domain access
...
Added the possibility for assigning users to an account, providing access to all domains associated with that account automatically.
This makes management easier, especially in installations with lots of domains and lots of managing entities.
The old style per-domain permissions are still there and working as usual. The two methods work perfectly side-by-side and are analogous to "user" (per-domain) and "group" (account) permissions as we know them from Active Directory and such places.
(cherry picked from commit 34fbc634d2848a7f76dc89a03dd8c0604068cc17)
2018-06-05 16:42:44 -02:00
Thomas M Steenholdt
a3a58f16a5
Initial support for Accounts
...
This adds initial support for accounts a concept meant to signify a customer, a department or any other entity that somehow owns or manages one or more domains.
The purpose is to be able to assign an account to any number of domains, making it easy to track who owns or manages a domain, significantly improving manageability in setups with a large number of domains.
An account consists of a mandatory, unique `name` and optional `description`, `contact` name and `mail` address. The account `name` is stripped of spaces and symbols, and lower cased before getting stored in the database and in PowerDNS, to help ensure some type of predictability and uniqueness in the database.
The term *account* is actually taken from the PowerDNS database, where the `domains.account` column is used to store the account relationship, in in the form of the account `name`.
The link to a domain in PowerDNS-Admin is done through the `domain.account_id` FOREIGN KEY, that is linked to the `account.id` PRIMARY KEY.
(cherry picked from commits 4e95f33dfb0676d1c401a033c28bca3be7d6ec26, da0d596bd019a339549e2c59630a8fdee65d0e22, 7f06e6aaf4fd8011c784f24b7bbbba5f52aef319, 1c624dad8749024033d1d15dd6242ca52b39f135)
2018-06-04 13:10:02 -02:00
sinzee
4daef97666
Update models.py
...
Fix update_from_master
2018-05-28 00:28:40 +09:00
Thomas M Steenholdt
a7e91b6f40
Fix SOA-EDIT-API options
...
The options for SOA-EDIT-API included was actually the options used for SOA-EDIT, which is a very different beast.
Those options have been swapped out for the options allowed in SOA-EDIT-API and SOA-EDIT-DNSUPDATE.
2018-05-24 16:12:12 -02:00
Khanh Ngo
4daf6f72a7
Merge pull request #256 from rene-dekkers/nonint_error
...
Fail when non-numeric otp token was inserted
2018-05-18 10:43:26 +07:00
René Dekkers
08335cdedc
Fail when non-numeric otp token was inserted
2018-05-07 15:32:15 +02:00
Ian Bobbitt
73d5215d3a
Improve SAML support
...
Accept IdP EntityID to use when metadata contains more than one IdP.
Allow specifying attribute names to get given name, surname, and email address.
Allow specifying NameIDFormat to request.
Allow specifying whether to get username from a named attribute, or NameID.
Allow getting administrator state from attribute.
2018-05-02 22:56:22 +00:00
Khanh Ngo
77f0deade8
Fix #247
2018-04-18 13:29:29 +07:00
Khanh Ngo
3d8d94f280
Validate registration process. Change copyright year.
2018-04-18 13:16:02 +07:00
Khanh Ngo
bd45c4ef87
Adjustment to have History sorts by oldest first. Fix #245
2018-04-18 12:11:00 +07:00
chinkung
be7e012faf
Display history date/time using local timezone
2018-04-17 13:30:08 +07:00
chinkung
34d8e7392c
Display history date/time using local timezone
2018-04-17 13:28:54 +07:00
chinkung
d466a5dd3e
Load moment.js in base.html
2018-04-17 13:26:18 +07:00
Khanh Ngo
01a5528c4a
Merge remote-tracking branch 'mind04/template-relative'
2018-04-13 09:25:23 +07:00
Kees Monshouwer
df9e392e26
domain stripping was not limited to the end of a name
2018-04-12 12:01:59 +02:00
Khanh Ngo
8b7653ad4a
Change data column data type of DomainTemplateRecord to TEXT
2018-04-12 11:44:56 +07:00
Khanh Ngo
52b6966c83
Check zone serial before allowing user to submit their change. #183
2018-04-12 11:18:44 +07:00
Kees Monshouwer
a12af5345d
fix clear history
2018-04-12 02:11:34 +02:00
Kees Monshouwer
fc737cf61f
strip domain part from names while cloning a zone to a template
2018-04-11 18:14:42 +02:00
Khanh Ngo
84d4bfaed0
Mark LDAP authentication as external_auth. Fix OTP secret update. #237
2018-04-10 08:59:28 +07:00
Khanh Ngo
fdf849744b
Fix #238
2018-04-10 07:08:22 +07:00
Khanh Ngo
060e0917bc
Fix #236
2018-04-09 18:50:55 +07:00
Khanh Ngo
5354d27f88
Fix #234
2018-04-08 09:09:08 +07:00
Khanh Ngo
fc4e9dc9a0
#233 . Make sure password hash is string before inserting to the db
2018-04-06 18:05:38 +07:00
Khanh Ngo
0826702537
Update config template
2018-04-06 13:22:09 +07:00
Khanh Ngo
ca1290d1ac
Change license information
2018-04-02 14:01:35 +07:00
Khanh Ngo
17a892b18d
Resolve the conflicts for #228
2018-04-02 13:38:53 +07:00
Khanh Ngo
3efafecb30
Fix #194
2018-04-01 15:51:56 +07:00
Khanh Ngo
6fa8ae37f0
Fix #180 . Adjustment in table style.
2018-04-01 15:48:08 +07:00
Khanh Ngo
bfb54e8bda
Add LDAP_ENABLE in config file
2018-04-01 15:08:55 +07:00
Khanh Ngo
b7aefc57b2
Fix 169: enabling/disabling Two Factor Authentication doesn't work
2018-04-01 14:49:40 +07:00
Khanh Ngo
f172a64ddd
Remove DNSSEC modal. Adjustment in domain table css
2018-04-01 14:45:13 +07:00
Khanh Ngo
5df7fe445f
Emphasis on zone name
2018-04-01 14:32:20 +07:00
Khanh Ngo
1c54f008f4
Change string to new format
2018-04-01 07:57:41 +07:00
Khanh Ngo
65da9a7a4f
Adjustment in LDAP feature to work with python 3
2018-04-01 07:23:53 +07:00
Khanh Ngo
41d691e2db
Merge remote-tracking branch 'maysara/master' into development
2018-04-01 07:01:00 +07:00
Khanh Ngo
cecc0ac9df
Merge branch 'hotfix-ldap' into development
2018-03-31 08:26:50 +07:00
Khanh Ngo
29d1cf4117
Adjustment in domain template feature to work with python3
2018-03-31 08:21:02 +07:00
Khanh Ngo
aa2b29dac3
Adjustment to give user access to granted domain only
2018-03-31 07:32:46 +07:00
Khanh Ngo
ce6c3c21f1
Show user email address in user management table
2018-03-31 06:53:57 +07:00
Khanh Ngo
51cdba8228
User path: instead of string: in routes
2018-03-31 06:52:14 +07:00
Khanh Ngo
c668c21fc9
Adjustment to prevent exception in Google/Github authentication when local user cannot be created
2018-03-30 17:43:34 +07:00
Khanh Ngo
358510b4e5
Merge remote-tracking branch 'softcat/SRV' into development
2018-03-30 16:45:36 +07:00
Khanh Ngo
7a9474c3f3
Fix cancel button in domain adding page
2018-03-30 16:40:53 +07:00
Khanh Ngo
896abdbdbc
Merge remote-tracking branch 'dkeightley/ns-record-support' into development
2018-03-30 15:49:35 +07:00
Khanh Ngo
63e7d89df1
Adjustment to be able to show ALL domain in dashboard table
2018-03-30 15:40:43 +07:00
Khanh Ngo
f318c437c1
Merge remote-tracking branch 'hackedd/feature/server-side-domain-list' into development
2018-03-30 15:34:07 +07:00
Khanh Ngo
7419a5990c
Merge remote-tracking branch 'toxicvengeance/master' into development
2018-03-30 14:23:40 +07:00
Khanh Ngo
5bd5dd8d18
Merge pull request #177 from Znuff/patch-1
...
Fix for #176
2018-03-30 14:11:15 +07:00
Khanh Ngo
b5b3b77acb
Adjustment to work with Python3
2018-03-30 13:49:35 +07:00
thomasDOTde
f5a0052a06
fixed template for #28
2018-03-28 14:19:48 +02:00
thomasDOTde
88c6d6ee33
missed to change one import for issue #19
2018-03-28 11:43:54 +02:00
thomasDOTde
f014798374
fixed ngoduykhanh/PowerDNS-Admin issue 194
2018-03-28 02:06:09 +02:00
thomasDOTde
c30cffd91c
fixed build issues. refactored PEP8
2018-03-28 01:52:48 +02:00
thomasDOTde
5ed8a33c7e
added feature requested in issue #28
2018-03-28 01:41:33 +02:00
thomasDOTde
c1d33a8354
fix issue #19
2018-03-28 00:03:51 +02:00
Jeroen Boonstra
dcfa98ac59
Add disable button
2018-03-05 15:26:45 +01:00
Jeroen Boonstra
c8d9f4bf22
changes response
2018-03-05 15:11:42 +01:00
Jeroen Boonstra
5ea70023ff
remove dnssec keys
2018-03-05 15:06:40 +01:00
Jeroen Boonstra
197f555dfc
Add disable dnssec function
2018-03-05 14:59:32 +01:00
Jeroen Boonstra
8c6a9346c0
Add domain to request
2018-03-05 14:50:33 +01:00
Jeroen Boonstra
747de090f9
enable dnssec ui functions
2018-03-05 11:18:29 +01:00
Jeroen Boonstra
a829509324
enable dnssec endpoint added
2018-03-01 08:27:10 +01:00
Jeroen Boonstra
38be504d17
enable_dns_sec function added
2018-03-01 08:26:29 +01:00
Jeroen Boonstra
1b93803d6e
Add enable dnssec button
2018-02-28 14:47:10 +01:00
Jeroen Boonstra
d5d0948ab8
Export PDNS version to frontend
2018-02-28 13:39:05 +01:00
unknown
b832fc1768
Reverse zone PTR type entries not shown bug fix. Added NS, LOC and TXT types in reverse zones. Added LOC type in forward zone.
2018-02-16 21:02:16 +02:00
thomasDOTde
534b9739c2
Merge branch 'hotfix-ldap' of https://github.com/verdel/PowerDNS-Admin into ldapfix-verdel
2018-02-10 13:01:04 +01:00
Vadim Aleksandrov
0436d69ea6
Adding the ability to use 'LDAP_USERNAMEFIELD' and 'LDAP_FILTER' in case of use with Active Directory for authorization
2018-02-09 15:41:19 +03:00
Vadim Aleksandrov
b0caf0ca48
Fix issue with inserting into the database fields 'firstname' and 'lastname' containing non-ascii characters that can be retrieved from LDAP
2018-02-09 15:37:28 +03:00
Vadim Aleksandrov
6f4cc42805
Fix issue with LDAP search filter. It is necessary to bracket the expression with additional filter conditions
2018-02-09 15:32:50 +03:00
Vadim Aleksandrov
cff534890f
Deny to delete 'SOA' record
2018-02-07 22:47:52 +03:00
Vadim Aleksandrov
0355fe4293
Join "Edit" and "Delete" button into th on templates page
2018-02-07 22:44:59 +03:00
Vadim Aleksandrov
12cfc4dbc1
Added the ability to create a template based on the zone records
2018-02-07 22:44:46 +03:00
Vadim Aleksandrov
52a5789c85
Add first working draft of domain templating functionality
2018-02-07 22:30:29 +03:00
thomasDOTde
92d7ca3870
added application certificate handling for signed SAML messages
2018-01-20 17:17:02 +01:00
thomasDOTde
050b822636
cleaup after merged pr
2017-12-05 12:59:08 +01:00
NomenNescio
d5b2dedd7f
small fixes for return url after saml logout
2017-12-05 12:28:54 +01:00
thomasDOTde
85c07210db
fixed name-id formating and name-id
2017-12-05 03:48:18 +01:00
thomasDOTde
e535ce0822
fixed session check
2017-12-05 00:23:10 +01:00
thomasDOTde
60086d5d15
added standard SAML logout method using metadata
2017-12-05 00:14:31 +01:00
thomasDOTde
049a8a4547
optimized domain permission check for normal users
2017-12-04 22:18:28 +01:00
NomenNescio
47cf1aff4a
added configurable logout redirect URL
2017-12-04 14:43:58 +01:00
NomenNescio
620b0b55e8
replaced non-existent method with code that checks whether user has rights on the domain at hand
2017-12-04 14:00:30 +01:00
Radnik
9855bc70dc
Fixed iCheck for multiple pages
2017-11-27 11:02:21 +01:00
thomasDOTde
971d6b2e28
fixed issue when not using LDAP
2017-11-10 12:28:42 +01:00
thomasDOTde
d65efe477a
ensure authentication isn't possible without password
2017-11-06 23:36:11 +01:00
thomasDOTde
5a1a4b0161
Merge remote-tracking branch 'origin/master'
2017-11-03 12:24:54 +01:00
thomasDOTde
54e61bf072
added custom error page for SAML authentication errors
2017-11-03 12:24:25 +01:00
Thomas
4a4b03a7d0
Merge pull request #11 from ssendev/patch-1
...
Allow to change root domain record via dyndns
2017-11-03 00:36:06 +01:00
Thomas
cd6a58446d
Merge pull request #9 from toxicvengeance/master
...
Add CAA record helper implemented by toxicvengeance
2017-11-03 00:32:12 +01:00
thomasDOTde
9e719a3a98
fixed merge
2017-11-03 00:00:04 +01:00
Thomas
2354eb69c3
Merge branch 'master' into ldap_group_security
2017-11-02 23:23:36 +01:00
thomasDOTde
37fee207a5
marked google oauth users as external
2017-11-01 22:30:08 +01:00
Thomas
83a0396350
Merge branch 'master' into feature-google-oauth
2017-11-01 22:18:43 +01:00
Thomas
c7fbc0ecd7
Merge pull request #4 from thomasDOTde/fix-Issue#176
...
Fix for #176
2017-11-01 22:06:42 +01:00
Thomas
e76063dbef
Merge pull request #3 from thomasDOTde/fix-show-srvhelper
...
Corrected SRV record helper not showing
2017-11-01 21:59:48 +01:00
Thomas
ff9a6fcfba
Merge pull request #2 from thomasDOTde/upstream-access-control
...
Add access control for non-admin users from hackedd
2017-11-01 21:47:14 +01:00
Paul Hooijenga
9a4021d5e5
Add access control for non-admin users
...
(cherry picked from commit 6e5b704)
2017-11-01 21:40:15 +01:00
thomasDOTde
12cb6f28fb
implemented dynamic metadata lookup
...
removed saml json-templates
2017-11-01 17:31:51 +01:00
thomasDOTde
cd3b41553d
fixed link for alternative login methods
2017-11-01 13:55:57 +01:00
thomasDOTde
f92661c753
remove unnecessary controls from profile for ext. auth.
2017-11-01 13:40:26 +01:00
thomasDOTde
baa960aad6
raised password length to 30 for external accounts.
...
fixed error_checking for saml-authentication
2017-11-01 13:31:41 +01:00
thomasDOTde
12c957bf5f
disabled profile usage when authenticated externally
2017-11-01 01:34:29 +01:00
thomasDOTde
31eaee8e0b
added saml authentication
2017-10-31 22:38:26 +01:00
thomasDOTde
805439e6ee
updated preapre_flask_request to support frontend-ssl
2017-10-31 20:42:13 +01:00
thomasDOTde
933d678e83
added SAML auth basics and metadata
2017-10-31 19:21:22 +01:00
patito
a4b9722d47
Google OAuth
2017-09-22 15:28:09 +01:00
Nils Sandmann
168f19950d
Corrected SRV record helper not showing
...
Signed-off-by: Nils Sandmann <git@softcat.org>
2017-09-19 12:11:09 +02:00
Paul Hooijenga
5d09daf8eb
Fix dashboard domain query for non-admin users
2017-09-15 15:14:04 +02:00
Paul Hooijenga
a48417ac23
Add missing template
2017-09-04 15:34:01 +02:00
Maysara Abdulhaq
28c7a195e8
add LDAP direct binding and GROUP_SECURITY
2017-09-03 14:23:18 -04:00
Maysara A
501c5292ab
binding with user credentials instead of preset LDAP user/pass
2017-07-24 21:08:25 -04:00
dkeightley
8cdfab1c7c
Added NS record for forward and reverse domains
2017-07-03 15:53:26 +12:00
Paul Hooijenga
bcb2b06124
Do filtering and pagination of domains server-side.
2017-06-30 18:18:06 +02:00
toxicvengeance
5c5beec2d6
added default values
2017-05-10 23:25:32 +02:00
toxicvengeance
c9bfe00e59
added example caa values
2017-05-10 23:15:01 +02:00
toxicvengeance
300af22859
added caa record helper
2017-05-10 22:33:44 +02:00
Christopher Himmel
85694e4e93
added caa record helper
2017-05-10 22:30:06 +02:00
Znuff
8f31953b6d
Fix for #176
...
Fixes #176 . Tested briefly with my data.
2017-01-13 16:53:11 +02:00
Khanh Ngo
b6ed658cbd
Merge pull request #156 from petersipos/feature/automatic-reverse-domain-creation
...
Feature/automatic reverse domain creation
2016-12-10 12:38:44 +07:00
SIPOS, Peter
72e3a82e9e
Change reverse domain creation order
...
With refactoring the get_reverse_domain_name
function, we change the reverse domain checking to
a reverse order. In this way we check the lowest class
(more specific) reverse zone first. When an existing domain found we use it to create the reverse PTR records. If no one existing can be find, The most specific address will be used.
2016-11-28 08:39:07 +01:00
SIPOS, Peter
e6e3c39778
Add get_reverse_domain_name functionality
...
In this way the reverse it is possible to create
auto-ptr records in higher ip classes (eg. class A in IPv4).
Only works with existing higher class domain.
If is isn't find higher class domain, create a lowest class domain, and add there the reverse PTRs.
Also works with IPv6!
2016-11-21 19:44:10 +01:00