Commit Graph

1227 Commits

Author SHA1 Message Date
corubba
ae2ad6527a Set csrf cookie to httponly
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
2022-06-18 18:51:42 +02:00
corubba
3e462dab17 Fix csrf configuration
CSRF has been initialized *before* the app config was fully read. That
made it impossible to configure CSRF properly. Moved the CSRF init into
the routes module, and switched from programmatic to decorated
exemptions. GET routes don't need to be exempted because they are by
default.
2022-06-18 18:51:40 +02:00
jbe-dw
2c0225e961
feat: Allow underscores and hyphens in account name (#1047) 2022-06-18 15:14:37 +02:00
Jérôme BECOT
a87b931520
feat: Move the account parse calls to a method 2022-06-18 14:30:56 +02:00
Jérôme BECOT
eb13b37e09
feat: Add the extra chars as an option 2022-06-18 14:30:56 +02:00
Jérôme BECOT
a3c50828a6
feat: Allow underscores and hyphens in account name 2022-06-18 14:28:32 +02:00
AdvanticGmbH
beed738d02
enh: Improve performance of domain update (#1218)
author: @AdvanticGmbH
2022-06-18 14:23:05 +02:00
RGanor
81f158d9bc
enh: Enforce Record Restrictions in API (#1089)
Co-authored-by: Tom <tom@tom.com>
2022-06-18 14:20:49 +02:00
Vasileios Markopoulos
83d2f3c791
Merge pull request #1205 from joshsol1/master
Modification to SAML groups and group management
2022-06-18 13:39:01 +03:00
gadall
bf83e68a4b
Fix DynDNS2 using X-Forwarded-For (#1214)
utils.validate_ipaddress() takes a string, not a list
2022-06-18 13:11:22 +03:00
TomSebty
1926b862b8
feat: Option to forbid the creation of domain if it exists as a record (#1127)
When enabled, forbids the creation of a domain if it exists as a record in one of its parent domains (administrators and operators are not limited though).
2022-06-17 17:50:51 +02:00
jbe-dw
1112105683
feat: Add /api endpoint (#1206) 2022-06-17 16:48:23 +02:00
jbe-dw
2a75013de4
Merge pull request #1163 from AdvanticGmbH/idna_decode
fix: use idna module to support extended character set
2022-06-17 15:47:55 +02:00
Vasileios Markopoulos
9d7d701cd9
Merge pull request #1203 from pixelrebel/saml-fixes
Small fixes to SAML service
2022-06-15 15:56:28 +03:00
RGanor
3aba0693c4
Update README.md for k8s deployment (#1217)
* Update deploy/kubernetes /README.md
2022-06-07 16:28:54 +03:00
RGanor
88c0aaea27
Updated k8s (#1216) 2022-06-07 16:22:38 +03:00
Artem Silenkov
bcc8441779
Add yml to deploy on kubernetes (#286) 2022-06-07 16:13:31 +03:00
Vasileios Markopoulos
41343fd598
Merge pull request #1199 from corubba/bugfix/rrest-typo
Fix rrest typo in history detail
2022-05-25 10:45:50 +03:00
corubba
f98326ea90 Fix remaining typo occurrence 2022-05-24 23:45:14 +02:00
jbe-dw
0f1102a07b
Merge pull request #1209 from jbe-dw/fixADFilter
fix: Active directory filter is broken
2022-05-24 14:19:37 +02:00
Jérôme BECOT
88df88f30b
fix: Active directory filter is broken 2022-05-24 13:58:45 +02:00
jbe-dw
259bd0a906
Merge pull request #1200 from corubba/feature/modal-consolidation
enh: Consolidate generic modal code
2022-05-23 22:50:48 +02:00
jbe-dw
06c12cc3ac
Merge pull request #1172 from RGanor/master
Added health check
2022-05-23 20:18:17 +02:00
RGanor
1bee833326 Updated the unknown state 2022-05-23 16:46:11 +00:00
jbe-dw
e81453c5e3
Merge pull request #1188 from corubba/bugfix/pyOpenSSL
Small bugfixes
2022-05-23 13:59:18 +02:00
Josh Matthews
2020055ab2 added code to pull the operator and admin groups from SAML auth requests 2022-05-23 14:39:29 +10:00
Josh Matthews
715c6b76cd added code to raise user to operator on SAML auth if in the right group 2022-05-23 14:38:16 +10:00
RGanor
83ed5cfb28
Create codeql-analysis.yml (#1204) 2022-05-21 11:26:40 +03:00
pixelrebel
8c85e80c2b Add SAML_ATTRIBUTE_GROUP and SAML_GROUP_ADMIN_NAME to the development config, with instructions for use 2022-05-19 20:36:28 -07:00
pixelrebel
e4c8c3892f Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs 2022-05-19 19:00:38 -07:00
pixelrebel
9221d58a1b Allow SAML AttributeStatements to be optional 2022-05-19 14:52:51 -07:00
pixelrebel
5b36ad034d Rename incorrect SAML cert/key config variables 2022-05-19 14:02:04 -07:00
corubba
0dfcdb6c3e Fix rrest typo in history detail
There is a misspelling of rrset throughout the history logic, which also
effects the json payload in the database. Code-wise this is a simple
search-and-replace, and the migration will fix the payloads.
2022-05-19 00:53:35 +02:00
corubba
70450315ba Add general modal functions
The two generic modals are defined in the base template, and are used
in various templates. So provide functions and remove duplicate code.
2022-05-19 00:53:20 +02:00
jbe-dw
1961581527
Merge pull request #1195 from Metrax/git-ignore
Adding venv and yarn-error.log to gitignore
2022-05-17 23:45:16 +02:00
Metrax
8b105d8aff
Adding venv and yarn-error.log to gitignore
venv: in the wiki, the installation is described with creating the venv into "venv", but only ".venv" is in gitignore
yarn-error.log: file is created if yarn fails, it should not be commited to the repo accidentally
2022-05-17 16:31:05 +02:00
RGanor
3d2ad1abc0 LGTM fix - unused variable 2022-05-15 13:57:13 +00:00
Cloud User
b3271e84d6 Using domain model and added authentication 2022-05-15 12:19:04 +00:00
jbe-dw
6579c9e830
Merge pull request #1182 from jbe-dw/revertCorruptedHistoryFix
fix: Insert valid JSON in history.detail and replace single quotes in the database
2022-05-12 21:30:20 +02:00
corubba
564ec6086d Replace pyOpenSSL with cryptography
This is literally the example from the docs [0]. The only thing I
adapted are the parameters for the keys and certificate, so they
stay the same.

Fixes #1086

[0] https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate
2022-05-07 21:32:19 +02:00
corubba
fec649b747 Header for fixed order column
Semantically and syntactically it is better to have the same number of
`<th>` as `<td>`. Not that anyone will ever see that new header, since
that column is always invisible (except if the user disables javascript).

Plus remove a unmatched closing html element.
2022-05-07 21:14:57 +02:00
corubba
0e2cd063c5 Remove python v2 remnant
As vermin [0] confirms, the codebase has long moved beyond supporting
python v2 (which is not a bad thing). This removes the last explicit py2
piece of code.

And in case anyone wonders, vermin currently reports the minium version
to be v3.6.

[0] https://pypi.org/project/vermin/
2022-05-07 21:14:48 +02:00
corubba
68045cc60c Fix revision in migration filename
This has no functional impact, flask-migrate aka alembic was and will
continue to work as expected. It is just a cosmetic change for
consistency.
2022-05-07 21:14:29 +02:00
jbe-dw
fa9bdcfde0
Merge pull request #1134 from jbe-dw/fixAPIDeleteAccount
Fix API Account deletion
2022-05-06 23:35:24 +02:00
Jérôme BECOT
64f7968af9
fix: Use json.dumps instead of str 2022-05-06 17:04:39 +02:00
Jérôme BECOT
06ffee18a0
fix: Provide an Alembic update script to fixe quotes 2022-05-06 17:04:35 +02:00
Vasileios Markopoulos
9e999e7202
Merge pull request #1180 from gunet/dependency-fix
cryptography-dependency-addition
2022-04-27 16:35:24 +03:00
KostasMparmparousis
c8d14d91fe cryptography-dependency-addition 2022-04-27 16:11:09 +03:00
jbe-dw
82f03a4de2
Merge pull request #1160 from AdvanticGmbH/json_load_error
Json load error
2022-04-26 17:54:08 +02:00
AdvanticGmbH
26c60f175d Remove unnecessary call to str()
* json.dumps() already returns a str
2022-04-26 09:11:05 +02:00