Commit Graph

144 Commits

Author SHA1 Message Date
Olivier DUMAS
4cd422ee54 Added a session_timeout setting to manage session lifetime 2018-10-01 19:15:09 +02:00
Khanh Ngo
ccd2d8c31a Code adjustment as LGTM.com 2018-09-06 11:35:54 +07:00
Khanh Ngo
c8d72f5bba
Merge pull request #345 from ngoduykhanh/user_role_adjustment
Adding Operator role and Code adjustment
2018-09-04 17:42:55 +07:00
Khanh Ngo
902e63a64e
Fixing typo 2018-09-04 13:10:55 +07:00
Khanh Ngo
0081adff36
Sort record list alphabetically if python version < 3.6 2018-09-04 08:57:41 +07:00
Khanh Ngo
26c2b5e169
Adjustment in setting handler to work without initial DB. Discussed in #350 2018-09-03 17:27:09 +07:00
Khanh Ngo
d3c6a9fdb7
Merge pull request #352 from tmuncks/cname-shortcut
Allow CNAMEs to point to '@'
2018-09-02 21:31:39 +07:00
Thomas M Steenholdt
3a5eaaeeb5 Allow CNAMEs to point to '@'
If a CNAME records is specified to point to '@' or '', replace record data with the base domain name.
2018-09-02 11:22:31 -02:00
Khanh Ngo
615413ae90
Add record_quick_edit config to DB 2018-09-02 08:03:01 +07:00
Khanh Ngo
3481af149b
Add option to allow user to create domain 2018-09-01 17:53:05 +07:00
Khanh Ngo
38d1d85a18
Fixing string format 2018-08-31 22:30:08 +07:00
Khanh Ngo
e6f82160c1
Fix python code as suggestion from LGTM 2018-08-31 18:00:41 +07:00
Khanh Ngo
3457d9214a Adding Operator role 2018-08-31 11:57:06 +07:00
Khanh Ngo
07e1bcdc47
Bug fixes. Adjustment in user input validation 2018-08-25 14:53:10 +07:00
Khanh Ngo
66e9be8c7a
Update .travis.yml to use mysql for db. Fix RECORDS_ALLOW_EDIT config key 2018-08-22 21:48:57 +07:00
Khanh Ngo
24aaf7d746
Fix AD group based authentication 2018-08-22 16:55:44 +07:00
Khanh Ngo
9506315a46 manage records_allow_to_edit setting in DB 2018-08-22 08:36:53 +07:00
Khanh Ngo
74a7b5a3b7 Migrate more config values to db 2018-08-21 13:26:27 +07:00
Khanh Ngo
0b7580c82f
Read powerdns api setting from DB 2018-08-20 09:59:19 +07:00
Khanh Ngo
babf62bae0
Fix Github/Google oAuth 2018-08-19 15:29:50 +07:00
Khanh Ngo
ada6f844ff
Read LDAP config from DB instead of file. Adjustment in site titles 2018-08-18 22:42:18 +07:00
Khanh Ngo
4b9349c83e
Create DB config for pdns and authentication setting 2018-08-18 18:41:59 +07:00
Thomas M Steenholdt
0ac33aa3c4 Add option to edit users from the comfort of the UI
Update user management feature to allow editing user details directly in the admin user interface.

Also added an option to reset the two factor authentication data of a user, for when that's needed (lost device, technical issues etc).

(cherry picked from commit 3139616282a18c11463c6ecf78888417b2ac1c35)
2018-08-12 07:47:37 -02:00
Khanh Ngo
9ed09e92fc
Fix ldap authentication 2018-08-09 16:21:42 +07:00
Dennis Schubert
20dcdbbb66
Decode passwords as UTF-8 on profile updates as well
Resolves #324
2018-08-08 04:23:20 +02:00
Khanh Ngo
47d5858fc6 Merge branch 'fix-saml' 2018-08-07 09:09:34 +07:00
Thomas M Steenholdt
0979d9fca0 Tolerate pdns 3.x API deficiencies
PowerDNS 3.x API does not support setting or getting account info.

This patch lets PowerDNS 3.x users use the rest of the interface without problems.
Account stuff still does not work.

A message is logged in debug mode, to help with troubleshooting on newer versions
of PowerDNS.
2018-07-30 09:15:55 -02:00
Khanh Ngo
96a9c12300 Log user's ip address when they login 2018-07-05 14:25:05 +07:00
Ian Bobbitt
480989e86a Manage Account memebership for SAML Users 2018-06-25 12:18:42 +00:00
Thomas M Steenholdt
31305a3048 Add setting to allow/disallow quick editing of records
Adds an `allow_quick_edit` setting, using the improved setting handling logic from PR #287 to toggle whether records are editable by simply clicking the row or not.

Aims to fix #288
2018-06-24 00:25:33 -02:00
Thomas M Steenholdt
4597e55379 Fix typo in function set_maintenance
Fix a simple typo in the `set_maintenance` function in the `Setting` class.

The function does not seem to be actually used anywhere.
2018-06-21 22:10:50 -02:00
Thomas M Steenholdt
6c8a3ac36c Move setting definitions into code (rather than database).
For a setting to be useful, the code has to be able to make sense of it anyway. For this reason it makes sense, that the available settings are defined within the code, rather than in the database, where a missing row has previously caused problems. Instead, settings are now written to the database, when they are changed.

So instead of relying on the database initialization process to create all available settings for us in the database, the supported settings and their defaults are now in a `defaults` dict in the Setting class. With this in place, we can stop populating the `setting` table as a part of database initialization and it will be much easier to support new settings in the future (we no longer need to do anything to the database, to achieve that).

Another benefit is that any changes to default values will take effect automatically, unless the admin has already modified that setting to his/her liking.

To make it easier to get the value of a setting, falling back to defaults etc, a new function `get` has been added to the Setting class. Call it as `Setting().get('setting_name'), and it will take care of returning a setting from the database or return the default value for that setting, if nothing was found.

The `get` function returns `None`, if the setting passed to the function, does not exist in the `Setting.defaults` dict - Indicating that we don't know of a setting by that name.
2018-06-21 22:06:38 -02:00
Khanh Ngo
8a22e030cd
Merge and resolve the conflicts from master 2018-06-13 09:35:19 +07:00
Khanh Ngo
aa6909065d Merge remote-tracking branch 'tmuncks/initial-accounts' 2018-06-12 16:17:55 +07:00
Khanh Ngo
003310665c Merge branch 'master' into flask_migrate 2018-06-11 17:05:01 +07:00
Khanh Ngo
a6f0bf26d4
Use Flask-Migrate for db migration 2018-06-11 10:58:47 +07:00
Thomas M Steenholdt
0a670845fa Automatically rectify DNSSEC enabled zones
For DNSSEC enabled zones to function correctly, they need to be rectified on update.

This changes the DNSSEC enable/disable code to set API-RECTIFY:

To `true` when activating DNSSEC on a domain
To `false` when deactivating DNSSEC on a domain

With this, PowerDNS promises to handle the needed rectifications.

(cherry picked from commit 5d15d8899cc03a4a7d433d33c2c4b1da09b5eb2d)
2018-06-10 21:47:19 -02:00
Khanh Ngo
2958ae663c
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 09:28:14 +07:00
Khanh Ngo
70b3060f5d
Merge pull request #271 from sinzee/patch-1
Update models.py
2018-06-07 08:50:48 +07:00
Thomas M Steenholdt
2b3b67a3af Fix foreign key constraint error on MySQL
(cherry picked from commit 2a9108f90482a6be86d0b8af4dfcc30f6651ff28)
2018-06-06 13:57:36 -02:00
Thomas M Steenholdt
a4af4ad4b3 Implement per account domain access
Added the possibility for assigning users to an account, providing access to all domains associated with that account automatically.

This makes management easier, especially in installations with lots of domains and lots of managing entities.

The old style per-domain permissions are still there and working as usual. The two methods work perfectly side-by-side and are analogous to "user" (per-domain) and "group" (account) permissions as we know them from Active Directory and such places.

(cherry picked from commit 34fbc634d2848a7f76dc89a03dd8c0604068cc17)
2018-06-05 16:42:44 -02:00
Thomas M Steenholdt
a3a58f16a5 Initial support for Accounts
This adds initial support for accounts a concept meant to signify a customer, a department or any other entity that somehow owns or manages one or more domains.

The purpose is to be able to assign an account to any number of domains, making it easy to track who owns or manages a domain, significantly improving manageability in setups with a large number of domains.

An account consists of a mandatory, unique `name` and optional `description`, `contact` name and `mail` address. The account `name` is stripped of spaces and symbols, and lower cased before getting stored in the database and in PowerDNS, to help ensure some type of predictability and uniqueness in the database.

The term *account* is actually taken from the PowerDNS database, where the `domains.account` column is used to store the account relationship, in in the form of the account `name`.

The link to a domain in PowerDNS-Admin is done through the `domain.account_id` FOREIGN KEY, that is linked to the `account.id` PRIMARY KEY.

(cherry picked from commits 4e95f33dfb0676d1c401a033c28bca3be7d6ec26, da0d596bd019a339549e2c59630a8fdee65d0e22, 7f06e6aaf4fd8011c784f24b7bbbba5f52aef319, 1c624dad8749024033d1d15dd6242ca52b39f135)
2018-06-04 13:10:02 -02:00
sinzee
4daef97666
Update models.py
Fix update_from_master
2018-05-28 00:28:40 +09:00
Thomas M Steenholdt
a7e91b6f40 Fix SOA-EDIT-API options
The options for SOA-EDIT-API included was actually the options used for SOA-EDIT, which is a very different beast.
Those options have been swapped out for the options allowed in SOA-EDIT-API and SOA-EDIT-DNSUPDATE.
2018-05-24 16:12:12 -02:00
Khanh Ngo
77f0deade8 Fix #247 2018-04-18 13:29:29 +07:00
Khanh Ngo
8b7653ad4a Change data column data type of DomainTemplateRecord to TEXT 2018-04-12 11:44:56 +07:00
Khanh Ngo
52b6966c83 Check zone serial before allowing user to submit their change. #183 2018-04-12 11:18:44 +07:00
Khanh Ngo
84d4bfaed0 Mark LDAP authentication as external_auth. Fix OTP secret update. #237 2018-04-10 08:59:28 +07:00
Khanh Ngo
fc4e9dc9a0 #233. Make sure password hash is string before inserting to the db 2018-04-06 18:05:38 +07:00
Khanh Ngo
17a892b18d Resolve the conflicts for #228 2018-04-02 13:38:53 +07:00