Commit Graph

1535 Commits

Author SHA1 Message Date
Matt Scott
4a6d31cfa4
Merge pull request #1457 from nkukard/nkupdates-password-policy
Implement password strength & complexity checking
2023-03-17 15:35:10 -04:00
Matt Scott
78f0332a2d
Merge branch 'dev' into nkupdates-password-policy 2023-03-17 15:31:10 -04:00
Matt Scott
4fa8bf2556
Merge pull request #1454 from nkukard/nkupdates-fix-basic-auth-exception2
fix(auth:basic): Basic auth exception handling improvement
2023-03-17 15:28:20 -04:00
Matt Scott
b23523db4b
Merge pull request #1441 from subbink/1412-rename-domain-to-zone
Finish Updating Zone Nomenclature From Domain
2023-03-17 15:24:26 -04:00
Matt Scott
92be9567de
Merge pull request #1434 from subbink/improve-psql-docs
PostgreSQL Support Improvement
2023-03-17 15:17:41 -04:00
Nigel Kukard
64017195da feat(authentication): check password policy during user profile password change 2023-03-17 03:45:37 +00:00
Nigel Kukard
fc14e9189d feat(authentication): check password policy during registration of new users 2023-03-17 03:45:09 +00:00
Nigel Kukard
1cea4b7ce3 feat(authentication): added password policy checker function 2023-03-17 03:44:08 +00:00
Nigel Kukard
bb6d2d0497 feat(authentication): added admin settings for password policies 2023-03-17 03:42:45 +00:00
Stefan Ubbink
7489e2c9a2 Merge branch '1412-rename-domain-to-zone' of subbink/PowerDNS-Admin into 1412-rename-domain-to-zone 2023-03-16 18:41:19 +01:00
Stefan Ubbink
a9e18ec594 Make sure old history items will also be shown 2023-03-16 18:36:47 +01:00
Stefan Ubbink
a2d1179fd2 Change domain(s) to zone(s) in the python code and docs 2023-03-16 17:02:23 +01:00
Stefan Ubbink
34902f6cf9 Change domain(s) to zone(s) in the templates 2023-03-16 17:02:23 +01:00
Nigel Kukard
17e3a8f942 fix(auth:basic): Basic auth exception handling improvement
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an exception being raised due to a username, password = auth_header.split().

Similary passing a `Digest` authentication type would result in an exception as there is no :.

Thirdly passing invalid base64 encoded UTF-8 code sequences would result in exceptions as this issue (#1424).

I added code to check explicitly that we are doing basic authentication then by checking the number of entries returned by the split.

I also added exception handling for invalid UTF-8 code sequence exceptions.

Tested with a fuzzer.

Tested with valid and invalid credentials.

This fixes #1424.
2023-03-15 01:09:46 +00:00
Matt Scott
73447d396a
Merge pull request #1453 from nkukard/nkupdates-fix-basic-auth-exception
Basic Auth Exception Handling Improvement
2023-03-14 19:37:37 -04:00
Nigel Kukard
24f94abc32 fix(auth:basic): improved API basic auth handling to avoid exceptions
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an
exception being raised due to a `username, password = auth_header.split()`.

I refactored the code in this decorator by checking explicitly that we are doing basic authentication
then by checking the number of entries returned by the split.

I also added exception handling for invalid UTF-8 code sequences.

Tested with a fuzzer.

Tested with valid and invalid credentials.

This fixes #1447.
2023-03-14 23:19:40 +00:00
Matt Scott
57b4457add
Merge pull request #1452 from nkukard/nkupdates-migrations-fix
Fix user confirmed column migration issue
2023-03-14 17:22:34 -04:00
Nigel Kukard
61e607fb3f fix(db:migrate): fix migration user 'confirmed' column migration
This change fixes the migration on the `user` table, `confirmed` column to be compatible with PostgreSQL and MySQL databases.

Fixes #635 which introduced a breaking change for MySQL databases and resolves #1446.

```
Tested on:
- PostgreSQL:14 - WORKING
- PostgreSQL:15 - WORKING
- MariaDB:10.11 - WORKING
- MariaDB:10.10 - WORKING
- MariaDB:10.9  - WORKING
- MariaDB:10.8  - WORKING
- MariaDB:10.7  - WORKING
- MariaDB:10.6  - WORKING
- MariaDB:10.5  - WORKING
- MariaDB:10.3  - WORKING
```
2023-03-14 21:16:50 +00:00
Matt Scott
4751ebed3e
Merge pull request #1451 from nkukard/nkupdates-lxml-fix
Upgrade lxml & python3-saml dependencies with workaround
2023-03-14 17:16:30 -04:00
Nigel Kukard
7e2fa1bfaa fix: fixes Python 3.11 incompatibility using ancient lxml binary PyPI
Fixes Python 3.11 incompatibility using ancient lxml binary PyPI built against old libxml2.

This fixes #1442 and closes #1433.

The issue with python3-saml not working is because the binary lxml wheel is built against a different version of libxml2.

``--no-binary lxml`` can be used to fix this and python3-saml will work.

for references check these:
- https://github.com/onelogin/python3-saml/issues/292
- https://bugs.launchpad.net/lxml/+bug/1960668
- https://github.com/open-formulieren/open-forms/pull/2247

```
Tested on:
 - ubuntu:23.04 - WORKING
 - ubuntu:22.10 - WORKING
 - ubuntu:22.04 - WORKING
 - ubuntu:20.04 - WORKING
 - ubuntu:18.04 - NOT WORKING - pip usage error with -r requirements.txt
 - debian:10    - WORKING
 - debian:11    - WORKING
 - alpine:edge  - WORKING
 - alpine:3.17  - WORKING
 - alpine:3.16  - WORKING
 - alpine:3.15  - WORKING
 - alpine:3.14  - WORKING
 - rockylinux:9 - WORKING
 - rockylinux:8 - NOT WORKING - pip usage error with -r requirements.txt
 - almalinux:9  - WORKING
 - almalinux:8  - NOT WORKING - pip usage error with -r requirements.txt
 - fedora:36    - WORKING
 - fedora:37    - WORKING
 - fedora:38    - WORKING
 - fedora:39    - WORKING
```
2023-03-14 21:12:06 +00:00
Matt Scott
4420621cfe
Merge pull request #1444 from subbink/1237-otp-with-site-name
Make the OTP label the same as the site_name #1237
2023-03-13 19:19:28 -04:00
Stefan Ubbink
6eef5eb59c Make the OTP label the same as the site_name #1237 2023-03-13 18:54:49 +01:00
Stefan Ubbink
a2ef456ad7 Change domain(s) to zone(s) in the python code and docs 2023-03-12 20:44:56 +01:00
Stefan Ubbink
3e9e73fb3a Change domain(s) to zone(s) in the templates 2023-03-12 20:44:56 +01:00
Matt Scott
6a5bc8adeb
Merge pull request #1440 from benshalev849/custom_current_user
Added custom header to be used in the created_by column.
2023-03-12 11:39:33 -04:00
Your Name
6a402969ec Merge branch 'custom_current_user' of https://github.com/benshalev849/PowerDNS-Admin into custom_current_user 2023-03-12 15:33:15 +00:00
Your Name
695d746295 Changed basic_settings.md path 2023-03-12 15:32:32 +00:00
benshalev849
bd30c73ca4
Merge branch 'dev' into custom_current_user 2023-03-12 17:23:44 +02:00
Your Name
0ac7a5a453 Added some explanation about some of the 'basic' settings in the admin 2023-03-12 15:00:32 +00:00
Matt Scott
84cfd165b4 Re-arranged side navigation to include the "Global Search" feature regardless of user role as the global search feature is now accessible to all users.
Also moved the "Activity" feature link higher in the menu to remove duplicate code from the navigation code base.
2023-03-12 10:27:04 -04:00
Your Name
ee68b18e27 Added custom header in created_by segment option 2023-03-12 13:36:30 +00:00
Matt Scott
f09d37ae42
Merge pull request #1436 from PowerDNS-Admin/1435-feature-add-oauth-setting-for-server-metadata-url
Feature: Add OAuth Setting for Server Metadata URL
2023-03-12 09:20:47 -04:00
Matt Scott
1afe9b4908 Finished adding new OAuth Server Metadata URL setting to Google, GitHub, and Microsoft OAuth service configuration features. 2023-03-12 09:13:54 -04:00
Stefan Ubbink
c61489adfc Improve things for using PostgreSQL 2023-03-12 13:11:20 +01:00
Matt Scott
7ce1f09522
Merge pull request #1432 from PowerDNS-Admin/1431-feature-add-oauth-setting-for-jwks-url
Feature: Added new JWKS URL setting for each OAuth provider
2023-03-11 14:50:23 -05:00
Matt Scott
369188e80e Disabled MegaLinter workflow for all branches currently. 2023-03-11 14:50:02 -05:00
Matt Scott
fd30e3ff49 Added new JWKS URL setting for each OAuth provider and updated the associated authorization service to use the setting during the initialization of the authlib. 2023-03-11 14:46:58 -05:00
Matt Scott
b8ab0d3478 Updated the project README with a refreshed screenshot of the dashboard. 2023-03-11 10:21:36 -05:00
Matt Scott
16de70008c Updated project README.md file to include contributing guidelines reference. 2023-03-11 09:32:55 -05:00
Matt Scott
22370d0a57 Added a CONTRIBUTING.md documentation file to the project's documentation. 2023-03-11 09:30:51 -05:00
Matt Scott
5ed8d0c2f0 Added a resolutions entry to the project's package.json file to deal with the Font Awesome icon issue created by AdminLTE's dependency on the older 5.x Font Awesome release. 2023-03-11 09:08:12 -05:00
Matt Scott
87891a3eb9 Re-formatted the assets.py file to current PEP8 standards.
Modified the yarn.lock file to remove what appears to be a dependency overwrite for Font Awesome icons which results in an older 5.x release overwriting the newer 6.x release.
2023-03-11 08:48:19 -05:00
Matt Scott
4c24fbaec6 Revert "Removed Docker image build line that updates the CSS asset build filters."
This reverts commit 05e2f13701.
2023-03-10 18:58:30 -05:00
Matt Scott
05e2f13701 Removed Docker image build line that updates the CSS asset build filters. 2023-03-10 18:53:07 -05:00
Matt Scott
dd867eb4e8 Added application version to base template footer, starting with the next planned production release of 0.4.0. 2023-03-10 18:43:20 -05:00
Matt Scott
7ef6ee4422 Tweaked the Docker image build workflow to properly tag the image based on the repository branch name. 2023-03-10 18:26:39 -05:00
Matt Scott
c0f1698a9a Tweaked the Docker image build workflow to properly tag the image based on the repository branch name. 2023-03-10 18:22:42 -05:00
Matt Scott
cb929c3265 Tweaked the assets.py build script to switch to rcssmin for the login CSS build process. 2023-03-10 18:16:55 -05:00
Matt Scott
2e61a1d44a Tweaked the Docker image build workflow to not be exclusive to only the master branch. 2023-03-10 18:13:54 -05:00
Matt Scott
913528d08f Updated the CodeQL workflow to include the new "dev" branch. 2023-03-10 18:10:10 -05:00