AdvanticGmbH
3c68b611c6
Update powerdnsadmin/routes/admin.py
...
Looks good to me
Co-authored-by: Corubba <97832352+corubba@users.noreply.github.com>
2022-06-29 08:56:01 +02:00
AdvanticGmbH
cfab13824d
Add history entries for association changes of domains
2022-06-28 11:19:00 +02:00
AdvanticGmbH
6a2ba1b1c3
Add list to manage with an account associated domains
2022-06-28 11:18:53 +02:00
jbe-dw
e6f6f9cea4
Update Javascript libraries ( #1213 )
...
This PR includes all dependabot patches and replace jsmin (abandoned) with rjsmin
2022-06-24 23:23:56 +02:00
dependabot[bot]
e7fbc7af37
Bump shell-quote from 1.6.1 to 1.7.3
...
Bumps [shell-quote](https://github.com/substack/node-shell-quote ) from 1.6.1 to 1.7.3.
- [Release notes](https://github.com/substack/node-shell-quote/releases )
- [Changelog](https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md )
- [Commits](https://github.com/substack/node-shell-quote/compare/1.6.1...1.7.3 )
---
updated-dependencies:
- dependency-name: shell-quote
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:03:12 +02:00
Jérôme BECOT
41642fcea4
fix: Update JS minifier library
2022-06-24 23:03:01 +02:00
dependabot[bot]
18150eea34
Bump moment from 2.22.2 to 2.29.2
...
Bumps [moment](https://github.com/moment/moment ) from 2.22.2 to 2.29.2.
- [Release notes](https://github.com/moment/moment/releases )
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/moment/moment/compare/2.22.2...2.29.2 )
---
updated-dependencies:
- dependency-name: moment
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:03:01 +02:00
dependabot[bot]
34be227381
Bump cached-path-relative from 1.0.2 to 1.1.0
...
Bumps [cached-path-relative](https://github.com/ashaffer/cached-path-relative ) from 1.0.2 to 1.1.0.
- [Release notes](https://github.com/ashaffer/cached-path-relative/releases )
- [Commits](https://github.com/ashaffer/cached-path-relative/commits )
---
updated-dependencies:
- dependency-name: cached-path-relative
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:03:00 +02:00
dependabot[bot]
289faa5019
Bump jquery-ui from 1.12.1 to 1.13.0
...
Bumps [jquery-ui](https://github.com/jquery/jquery-ui ) from 1.12.1 to 1.13.0.
- [Release notes](https://github.com/jquery/jquery-ui/releases )
- [Commits](https://github.com/jquery/jquery-ui/compare/1.12.1...1.13.0 )
---
updated-dependencies:
- dependency-name: jquery-ui
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:03:00 +02:00
dependabot[bot]
a88f4a66c6
Bump path-parse from 1.0.5 to 1.0.7
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.5 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 23:02:56 +02:00
jbe-dw
6908f1d209
Allow new domains to be absolute ( #1227 )
...
author: corubba
2022-06-24 23:00:33 +02:00
corubba
5036619a67
Allow new domains to be absolute
...
Allow the new domain name to be input absolute (with a dot at the end).
To keep the rest of the logic working as-is, remove it fairly early in
the function.
Would have loved to use `str.removesuffix()` but that's python v3.9+.
2022-06-23 22:31:00 +02:00
jbe-dw
dac232147e
enh: Cookies security ( #1211 )
...
author: corruba
2022-06-18 22:51:47 +02:00
jbe-dw
35cbc59016
enh: Update zone using a single api call ( #1201 )
...
author: corruba
2022-06-18 22:50:33 +02:00
corubba
af902f24a2
Update using only one api call
...
Starting with the very first commit, the update was always done with
two api calls: one for DELETE and one for REPLACE. It is however
perfectly valid and save to do both at once, which makes it atomic, so
no need for the rollback. Plus it only updates the serial once.
There is no point in sending the full RRset data when deleting it, the
key attributes to identify it are enough. This also make the behaviour
consistent with the api docs [0] where it says "MUST NOT be included
when changetype is set to DELETE."
[0] https://doc.powerdns.com/authoritative/http-api/zone.html#rrset
2022-06-18 18:58:39 +02:00
corubba
52b704baeb
Set SameSite on cookies
...
Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.
Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.
The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.
[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
2022-06-18 18:51:42 +02:00
corubba
1a77524447
Allow secure cookies in docker
...
Setting these two options to True is recommended if (and only if) you
serve PDA via TLS. It will break things on plain-HTTP deployments.
For plain deployments these can be set in the flask config file, for
docker they have to be whitelisted to be set via env vars.
2022-06-18 18:51:42 +02:00
corubba
ae2ad6527a
Set csrf cookie to httponly
...
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.
The Sesson-cookie is already httponly by default [0].
[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
2022-06-18 18:51:42 +02:00
corubba
3e462dab17
Fix csrf configuration
...
CSRF has been initialized *before* the app config was fully read. That
made it impossible to configure CSRF properly. Moved the CSRF init into
the routes module, and switched from programmatic to decorated
exemptions. GET routes don't need to be exempted because they are by
default.
2022-06-18 18:51:40 +02:00
jbe-dw
2c0225e961
feat: Allow underscores and hyphens in account name ( #1047 )
2022-06-18 15:14:37 +02:00
Jérôme BECOT
a87b931520
feat: Move the account parse calls to a method
2022-06-18 14:30:56 +02:00
Jérôme BECOT
eb13b37e09
feat: Add the extra chars as an option
2022-06-18 14:30:56 +02:00
Jérôme BECOT
a3c50828a6
feat: Allow underscores and hyphens in account name
2022-06-18 14:28:32 +02:00
AdvanticGmbH
beed738d02
enh: Improve performance of domain update ( #1218 )
...
author: @AdvanticGmbH
2022-06-18 14:23:05 +02:00
RGanor
81f158d9bc
enh: Enforce Record Restrictions in API ( #1089 )
...
Co-authored-by: Tom <tom@tom.com>
2022-06-18 14:20:49 +02:00
Vasileios Markopoulos
83d2f3c791
Merge pull request #1205 from joshsol1/master
...
Modification to SAML groups and group management
2022-06-18 13:39:01 +03:00
gadall
bf83e68a4b
Fix DynDNS2 using X-Forwarded-For ( #1214 )
...
utils.validate_ipaddress() takes a string, not a list
2022-06-18 13:11:22 +03:00
TomSebty
1926b862b8
feat: Option to forbid the creation of domain if it exists as a record ( #1127 )
...
When enabled, forbids the creation of a domain if it exists as a record in one of its parent domains (administrators and operators are not limited though).
2022-06-17 17:50:51 +02:00
jbe-dw
1112105683
feat: Add /api endpoint ( #1206 )
2022-06-17 16:48:23 +02:00
jbe-dw
2a75013de4
Merge pull request #1163 from AdvanticGmbH/idna_decode
...
fix: use idna module to support extended character set
2022-06-17 15:47:55 +02:00
Vasileios Markopoulos
9d7d701cd9
Merge pull request #1203 from pixelrebel/saml-fixes
...
Small fixes to SAML service
2022-06-15 15:56:28 +03:00
RGanor
3aba0693c4
Update README.md for k8s deployment ( #1217 )
...
* Update deploy/kubernetes /README.md
2022-06-07 16:28:54 +03:00
RGanor
88c0aaea27
Updated k8s ( #1216 )
2022-06-07 16:22:38 +03:00
Artem Silenkov
bcc8441779
Add yml to deploy on kubernetes ( #286 )
2022-06-07 16:13:31 +03:00
Vasileios Markopoulos
41343fd598
Merge pull request #1199 from corubba/bugfix/rrest-typo
...
Fix rrest typo in history detail
2022-05-25 10:45:50 +03:00
corubba
f98326ea90
Fix remaining typo occurrence
2022-05-24 23:45:14 +02:00
jbe-dw
0f1102a07b
Merge pull request #1209 from jbe-dw/fixADFilter
...
fix: Active directory filter is broken
2022-05-24 14:19:37 +02:00
Jérôme BECOT
88df88f30b
fix: Active directory filter is broken
2022-05-24 13:58:45 +02:00
jbe-dw
259bd0a906
Merge pull request #1200 from corubba/feature/modal-consolidation
...
enh: Consolidate generic modal code
2022-05-23 22:50:48 +02:00
jbe-dw
06c12cc3ac
Merge pull request #1172 from RGanor/master
...
Added health check
2022-05-23 20:18:17 +02:00
RGanor
1bee833326
Updated the unknown state
2022-05-23 16:46:11 +00:00
jbe-dw
e81453c5e3
Merge pull request #1188 from corubba/bugfix/pyOpenSSL
...
Small bugfixes
2022-05-23 13:59:18 +02:00
Josh Matthews
2020055ab2
added code to pull the operator and admin groups from SAML auth requests
2022-05-23 14:39:29 +10:00
Josh Matthews
715c6b76cd
added code to raise user to operator on SAML auth if in the right group
2022-05-23 14:38:16 +10:00
RGanor
83ed5cfb28
Create codeql-analysis.yml ( #1204 )
2022-05-21 11:26:40 +03:00
pixelrebel
8c85e80c2b
Add SAML_ATTRIBUTE_GROUP and SAML_GROUP_ADMIN_NAME to the development config, with instructions for use
2022-05-19 20:36:28 -07:00
pixelrebel
e4c8c3892f
Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs
2022-05-19 19:00:38 -07:00
pixelrebel
9221d58a1b
Allow SAML AttributeStatements to be optional
2022-05-19 14:52:51 -07:00
pixelrebel
5b36ad034d
Rename incorrect SAML cert/key config variables
2022-05-19 14:02:04 -07:00
corubba
0dfcdb6c3e
Fix rrest typo in history detail
...
There is a misspelling of rrset throughout the history logic, which also
effects the json payload in the database. Code-wise this is a simple
search-and-replace, and the migration will fix the payloads.
2022-05-19 00:53:35 +02:00