Mirko Vogt
282c630eb8
dyndns: Respond with HTTP header 'WWW-Authenticate' to unauthed requests
...
The common procedure for HTTP Basic Auth is that a client does /not/
immediately send out credentials via an 'Authorization'-header, but to
wait until the server tells the client to do so - which the server
indicates via the 'WWW-Authenticate'-header.
PowerDNS-Admin (and flask in general), though, abort the whole
communication if no Authorization header was found in the initial
request - resulting in '200 "badauth"'.
While this might work for /some/ HTTP clients - which right away add an
Authorization header crafted from provided credentials (via args or
extracted from given URL), this is /not/ standard and /not/ common.
Hence add the 'WWW-Authenticate'-header for every unauthenticated call
checking for dyndns authorisation.
Note, though, this changes the status code from 200 to 401 in this case,
which - given the explanation why 200 was chosen in the first place -
might cause side effects.
2021-10-20 15:12:17 +00:00
RoeiGanor
10dc2b0273
bg_domain button for operators and higher
2021-08-13 20:03:06 +03:00
steschuser
993e02b635
limit user to only create domains for the accounts he belongs to ( #970 )
2021-08-05 19:42:58 +02:00
steschuser
07c71fb0bf
setting account_user_ids to empty list on GET /account/edit ( #966 )
2021-08-05 19:41:28 +02:00
steschuser
c4a9498898
respect_bg_domain_updates in routes/api ( #962 )
2021-08-05 19:39:26 +02:00
Kostas Mparmparousis
6e04d0419b
Provision PDA user privileges based On LDAP Attributes ( #980 )
2021-08-05 19:37:48 +02:00
Mirko Vogt
9c00e48f0f
routes/index.py: Make package 'onelogin.saml2.utils' optional
...
The onelogin package is not part of all saml packages for whatever
reason (e.g. Debian) and not easily installable from pypi (requires
CC toolchain).
As the onelogin functionality is already guarded by whether
SAML_ENABLED is set in other places (services/saml.py), also do so
in routes/index.py.
2021-07-23 06:56:09 +00:00
Carsten Rosenberg
d6e64dce8e
fix some jinja typos
2021-06-04 15:24:49 +02:00
Steffen Schwebel
b069cea8d1
add css to base as well
2021-06-02 09:44:15 +02:00
Steffen Schwebel
fd933f8dbc
remove unrelated files and changes as best as possible
2021-06-02 09:41:08 +02:00
Steffen Schwebel
0505b934a1
remove unrelated files and changes as best as possible
2021-06-02 09:39:39 +02:00
Steffen Schwebel
083a023e57
fix include
2021-06-01 16:41:26 +02:00
Steffen Schwebel
054e0e6eba
add rule for 'custom_css' setting
2021-06-01 16:24:07 +02:00
Steffen Schwebel
c13dd2d835
add 'custom_css' setting to model; check for 'custom_css' in template; create custom css dir in dockerfile
2021-06-01 16:15:31 +02:00
steschuser
567f66fbde
Merge pull request #4 from uvensys/remove_otp_field
...
Remove otp field
2021-06-01 15:28:41 +02:00
steschuser
ff5270fbad
Merge pull request #3 from uvensys/add_background_jobs_to_docker
...
add environment to cron
2021-06-01 15:21:22 +02:00
Steffen Schwebel
92bad7b11c
add environment to cron
2021-06-01 14:02:01 +02:00
Steffen Schwebel
43a6e46e66
add setting to hide otp_token field on login page
2021-05-27 22:51:07 +02:00
Steffen Schwebel
ee72fdf9c2
Merge branch 'master' of github.com:uvensys/PowerDNS-Admin into remove_otp_field
2021-05-27 21:56:01 +02:00
steschuser
8f73512d2e
Merge pull request #2 from uvensys/add_background_jobs_to_docker
...
Add background jobs to docker
2021-05-27 21:33:27 +02:00
Steffen Schwebel
700fa0d9ce
add new dockerfile with s6 overlay and multiple proccesses to have background jobs updating accounts and zones
2021-05-27 21:32:00 +02:00
Steffen Schwebel
00dc23f21b
added new Dockerfile, to support more than one process running in docker, using s6 overlay
2021-05-27 16:39:51 +02:00
Steffen Schwebel
36fdb3733f
Merge remote-tracking branch 'origin/master' into remove_otp_field
2021-05-25 15:30:32 +02:00
steschuser
ce60ca0b9d
Merge pull request #1 from uvensys/bug_domain_parse
...
Bug domain parse
2021-05-25 12:53:57 +02:00
Steffen Schwebel
b197491a86
remove traceback
2021-05-25 12:44:07 +02:00
Steffen Schwebel
d23a57da50
handle decode error, output warning
2021-05-25 12:35:53 +02:00
Steffen Schwebel
4180882fb7
show traceback
2021-05-21 15:10:17 +02:00
root
bbbcf271fe
remove otp token from login page, depending on Setting
2021-05-20 15:21:56 +02:00
jyoung15
32983635c6
Delete blank comments. Fix for ngoduykhanh/PowerDNS-Admin#919 ( #920 )
2021-05-07 23:43:44 +02:00
Jay Linski
f3a98eb692
Emphasize importance of using a custom SECRET_KEY ( #931 )
...
This project provides a default SECRET_KEY for signing session-cookies:
https://flask.palletsprojects.com/en/1.1.x/config/#SECRET_KEY
By using the default SECRET_KEY, everyone will be able to create valid session-cookies.
So users should be aware that it is very important to set a custom SECRET_KEY.
2021-05-07 23:40:54 +02:00
Ian Bobbitt
39cddd3b34
SAML improvements for Docker ( #929 )
...
* Fix typo in managing user account membership with SAML assertion
* Support more config options from Docker env.
* Improve support for SAML key and cert from Docker secrets
Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
jodygilbert
b66b37ecfd
delete history records when a domain is deleted ( #916 )
...
Co-authored-by: Jody <jody.gilbert@edftrading.com>
2021-05-07 22:55:45 +02:00
dependabot[bot]
5f10f739ea
Bump pyyaml from 5.3.1 to 5.4 ( #912 )
2021-03-27 19:33:49 +01:00
jodygilbert
98db953820
Allow user role to view history ( #890 )
2021-03-27 19:33:11 +01:00
dependabot[bot]
44c4531f02
Bump elliptic from 6.5.3 to 6.5.4 ( #896 )
...
Bumps [elliptic](https://github.com/indutny/elliptic ) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases )
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-16 19:41:46 +01:00
jbe-dw
86700f8fd7
upd: improve user api ( #878 )
2021-03-16 19:39:53 +01:00
R. Daneel Olivaw
46993e08c0
Add punycode (IDN) support ( #879 )
2021-03-16 19:37:05 +01:00
jodygilbert
4c19f95928
Improve account creation/permission handling based on Azure oAuth group membership ( #877 )
2021-01-31 11:31:56 +01:00
jbe-dw
3a4efebf95
enh: display b64 encoded apikey on creation through the API ( #870 )
2021-01-24 09:43:51 +01:00
jodygilbert
7f86730909
allow-server-side-sessions ( #855 )
2021-01-24 09:09:53 +01:00
jbe-dw
8f6a800836
fix: account API output^ ( #874 )
2021-01-24 09:08:32 +01:00
jbe-dw
3cd98251b3
fix: API (apikeys) behaviour does not match swagger definition ( #868 )
2021-01-24 09:06:51 +01:00
jbe-dw
54b257768f
feat: Implement apikeys/<id> endpoint from swagger spec. ( #864 )
2021-01-16 20:49:41 +01:00
jbe-dw
718b41e3d1
feat: limit zone list for users on servers endpoint ( #862 )
2021-01-16 20:45:02 +01:00
jbe-dw
dd0a5f6326
feat: Allow sync domain with basic auth ( #861 )
2021-01-16 20:37:11 +01:00
jbe-dw
c3d438842f
fix: user jsonify to set response headers to json ( #863 )
2021-01-16 20:29:40 +01:00
jbe-dw
33e7ffb747
fix: Follow PDNS Api return format ( #858 )
2021-01-07 23:26:48 +01:00
jbe-dw
2c18e5c88f
fix: User role was not assigned upon creation ( #860 )
2021-01-07 23:07:20 +01:00
mrsrvman
2917c47fd1
Update entrypoint.sh ( #852 )
...
Fix typo
2020-12-23 17:23:32 +01:00
WhatshallIbreaktoday
c6e0293177
Tweaks to allow user apikey usage with powerdns terraform provider ( #845 )
2020-12-07 22:06:37 +01:00