Commit Graph

444 Commits

Author SHA1 Message Date
Matt Scott
ec28e76ff5 Moved global styles to base view template until permanently merged into global CSS file. 2023-02-19 11:39:56 -05:00
Matt Scott
b52b7d7e4f Wrapping up first-round changes to the dashboard view. 2023-02-19 11:38:19 -05:00
Matt Scott
b4a354b0f8 Updated icons for sidebar navigation as well as some labels.
Tweaked zone record list on dashboard to always include the account column, regardless of user role.
2023-02-19 11:31:24 -05:00
Matt Scott
c0799b95f8 Updated sidebar navigation to use updated terminology of zone instead of domain. 2023-02-19 11:04:45 -05:00
Matt Scott
abf1f4eca3 Moved user profile edit and user logout navigation items into sidebar info block for a more condensed UI. 2023-02-19 11:03:33 -05:00
Matt Scott
1cd5ce9ccc Working on dashboard zone list action controls and styling. 2023-02-19 10:45:19 -05:00
Matt Scott
4a5db674f4 Working on condensing the zones list on the dashboard.
Changed the terminology for zones on the dashboard from domains to zones.
2023-02-19 10:19:13 -05:00
Matt Scott
49bc8e948d Continuing work on re-design and clean-up of dashboard view. 2023-02-19 09:54:15 -05:00
Matt Scott
4f83879e95 Added Jinja filter for handle formatting of zone type labels to enforce modern social standards.
Removed text label of dashboard domain list action menu to reduce size.

Continuing work on re-design and clean-up of dashboard view.
2023-02-19 09:48:43 -05:00
Matt Scott
d70ded18c2 Added head_styles Jinja block to base view template head section to allow for page specific style injections.
Continuing work on the re-design and clean-up of the dashboard view.
2023-02-19 09:11:44 -05:00
Matt Scott
58aabacd91 Re-formatted base view template to be more in-line with PEP8 standards.
Working on dashboard clean-up and redesign.

Added custom Jinja date/time formatting function to utils.py.
2023-02-19 08:52:00 -05:00
Matt Scott
bad36b5e75 Added default CAPTCHA settings to default configuration.
Added flash_sessions directory pattern to git ignore file.
2023-02-18 19:18:59 -05:00
Tyler Todd
7a61c56c49 Fix reqs and Flask Migrate Order 2023-02-18 17:38:43 +00:00
Matt Scott
516bc52c2f Revert "Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade""
This reverts commit e2ad3e2001.
2023-02-18 11:04:14 -05:00
Matt Scott
839c1ecf17 Revert "Revert "Error pages updated for Font Awesome v6 - fa-solid""
This reverts commit 35493fc218.
2023-02-18 11:02:47 -05:00
Matt Scott
e2ad3e2001 Revert "Merge pull request #1371 from AgentTNT/AdminLTE-Upgrade"
This reverts commit 929cb6302d, reversing
changes made to 0418edddd9.
2023-02-18 09:04:37 -05:00
Matt Scott
35493fc218 Revert "Error pages updated for Font Awesome v6 - fa-solid"
This reverts commit e1bbe10fc3.
2023-02-18 08:53:46 -05:00
Matt Scott
47b50e5e1e Updated default app config to comment out MySQL default settings. 2023-02-17 19:35:36 -05:00
Matt Scott
d2f135cc6e Removed temporary style from login form that was used for recent development. 2023-02-17 19:07:05 -05:00
Matt Scott
e82759cbc4 Updated Docker file to include npm as a new requirement for the admin-lte npm module.
Also added session persistence setting to default and docker configuration files.

Changed the default persistence configuration of the default config file to use SQLite instead of MySQL.
2023-02-17 19:00:09 -05:00
Matt Scott
2ff01fbfe9
Merge branch 'master' into AdminLTE-Upgrade 2023-02-17 18:17:32 -05:00
Tyler Todd
9a7bd27fe3 Formatting changes 2023-02-17 23:07:36 +00:00
Tyler Todd
9b696a42a4 PR Conflict resolution 2023-02-17 22:53:08 +00:00
Tyler Todd
d0961ca5e7 Fix user auth history modal and provide more info 2023-02-17 22:47:23 +00:00
Tyler Todd
a368124040 Font Awesome v6 2023-02-17 22:35:46 +00:00
Tyler Todd
62d95e874a Final page edits for bootstrap v4 and Admin LTE v3.2 2023-02-17 22:25:11 +00:00
Tyler Todd
e1bbe10fc3 Error pages updated for Font Awesome v6 - fa-solid 2023-02-17 21:52:55 +00:00
Matt Scott
0418edddd9
Merge pull request #1078 from famedly/shine/config_table_key_uniqueness
fix: making the key name in the config database unique
2023-02-17 13:49:38 -05:00
Matt Scott
ef3880f76d
Merge pull request #1374 from VassilisAsteriou/auto_ptr_bugfix
Changed auto_ptr() logic to remove-then-add
2023-02-17 13:35:35 -05:00
Matt Scott
145358113d
Merge pull request #1380 from raunz/preserve_history
Preserve domain records history after domain deletion
2023-02-17 13:30:02 -05:00
Matt Scott
c27bf53445
Merge pull request #1381 from raunz/perf_tuning
Domain records list performance improvement - removing Setting.get query from loop
2023-02-17 13:28:35 -05:00
Matt Scott
2a3ffe8481
Merge pull request #1339 from ymage/bugfix_tests
Improve bugfix tests
2023-02-17 12:19:35 -05:00
Matt Scott
f1b6bef1ab
Merge pull request #1248 from unilogicbv/routes_index_otp_force_oauth
routes/index.py: otp_force shouldn't apply to OAuth
2023-02-17 12:14:15 -05:00
Matt Scott
ba14d52c8d
Merge pull request #1231 from AdvanticGmbH/assoc_domain_list
Allow to manage associated domains under account edit
2023-02-17 12:04:16 -05:00
Tyler Todd
f888bd79f8 domain -> Changed pull-* to float-* 2023-02-14 18:25:06 +00:00
Tyler Todd
e0f939813e Tabs on dashboard.html now fade effect when switching between
First pass at HTML conversion from Master/Slave to Primary/Secondary (TODO: Backend)
Start work on migrating admin_auth_settings to Bootstrap v4
admin_setting_basic -> Change plain text for On/Off to toggles in current state, and changed "Action" column to the opposite toggle of current setting
dashboard_domain -> Reduce deuplicate code for the new dropdown-menu for Actions
register -> Add exclamation icon in front of error text
template_add -> changed box-body to card-body
user_profile -> Fixed tab naviation for Bootstrap v4. Tabs also fade between changes
2023-02-14 02:11:13 +00:00
Tyler Todd
48f80b37ed potential regex code fix for email validation 2023-02-13 15:38:33 +00:00
Rauno Tuul
642fb1605d Move pretty_ipv6_ptr setting retrieval out of record list loop 2023-02-13 14:43:22 +02:00
Rauno Tuul
7221271a7b Preserve domain records history after domain deletion. 2023-02-13 12:08:03 +02:00
Rauno Tuul
187b55e23a Patch API record update/delete logging to match current logging format 2023-02-13 10:25:17 +02:00
Tyler Todd
16d7a4f71e Add shadow element to some cards 2023-02-13 04:43:06 +00:00
Tyler Todd
d6605790bd More navigation Header Changes
"container-fluid" aditions
More button changes from flat to round and icon placement changes
2023-02-13 04:38:54 +00:00
Tyler Todd
c00ddea2fc More page formatting
Added server-side logic for register.html validation
Keep form firelds on register.html in the event of wrong input fields to save users from retyping info
More button rounding
2023-02-13 03:57:21 +00:00
Kateřina Churanová
c23e89bde3
Merge branch 'PowerDNS-Admin:master' into shine/config_table_key_uniqueness 2023-02-09 12:29:14 +00:00
Vassilis Asteriou
0568a90ec1 Changed auto_ptr() logic to remove-then-add 2023-02-08 15:27:45 +02:00
Tyler Todd
ac786f45be Remove btn-flat to convert to round buttons (first pass)
Convert col-xs-* to just col-* as part of bootstrap v3 -> v4
Convert box-* -> card-* as part of bootstrap v3 -> v4
Moved domain actions on main dashboard to a dropdown menu to avoid clutter
Added "Log Out" to top header left
Hid OTP on admin edit user to only show the disable card & options if the user account has OTP enabled
2023-02-06 15:45:13 +00:00
Tyler Todd
7f25e3b555 Initial go at upgrading from Bootstap v3 to v4 and to AdminLTE v3.2.0 2023-02-02 21:19:15 +00:00
Tyler Todd
e411bc9f19 Enable CAPTCHA 2023-01-30 22:46:59 +00:00
Sshafi
91c1907486
Update login.html
Use SITE_NAME for login box title on login page (with default value).
This can be useful when using multiple powerdns admin in an organization.
2023-01-26 00:02:08 +01:00
Sshafi
b607c1b7ff
Update base.html
Use SITE_NAME for upper left title on base page.
This can be useful when using multiple powerdns admin in an organization.
2023-01-25 23:59:35 +01:00
Matt Scott
d50d57bc70
Merge pull request #1357 from pneb/patch-6
fix: Potential fix for a regex bug
2023-01-25 16:19:27 -05:00
Matt Scott
51249aecd3
Merge pull request #1212 from corubba/feature/privacy-first
Privacy first
2023-01-24 05:34:30 -05:00
Robert Walter
246ad7f7d2
Fixing Wrapping in History Details Modal in Dashboard
resolves #1358
2023-01-13 10:05:20 +01:00
Bernward Sanchez
18bc336d7a
Potential fix 2023-01-11 18:21:40 +08:00
Matt Scott
bb29c27430
Merge pull request #1354 from Metrax/support-pdns4.7
Support pdns4.7
2023-01-10 08:01:17 -05:00
Robert Walter
c02cb3b7fe
Model change: Changing domain model type variable to 8 chars
PowerDNS 4.7 is supporting 2 new zone types: "producer" & "consumer"
Due to the domain type variable is limited to 6 chars, PDA Zone update will fail if producer or cusomer zones exist.
To solve this problem, this commit increases the lenght of the domain model type variable to 8 chars.
2023-01-10 13:51:04 +01:00
Bernward Sanchez
c7eaec27d8
Update utils.py 2022-12-23 08:23:14 +08:00
Ymage
1d885278d4 Cosmetic 2022-12-22 22:55:05 +01:00
Ymage
7d153932b3 Fix back_populate relationships 2022-12-22 22:50:01 +01:00
corubba
e920bf5009 Fix broken code
PR #1089 is the culprit, as was already predicted in the review.
2022-12-19 09:37:01 +01:00
Matt Scott
89f3d4d01a
Revert "enhancement(routes/index.py): OIDC supports HTTP Scheme now" 2022-12-14 20:37:30 -05:00
Bernward Sanchez
f6c49c379d
Update index.py 2022-12-15 06:13:27 +08:00
Matt Scott
30ed68471e
Merge pull request #1322 from Metrax/master
Fixing Validation problem on LDAP form
2022-12-13 20:59:22 -05:00
Matt Scott
8373363c4d
Merge pull request #1323 from jbe-dw/fixLDAPDeprecatedOpt
Draft: Fix pyhton-ldap upgrade
2022-12-13 20:56:03 -05:00
Aaron Carson
ff671ebabe Fix 1329 2022-12-14 00:34:12 +00:00
Sshafi
d0290ac469
Update login.html
Use SITE_NAME for login box title on login page.
This can be useful when using multiple powerdns admin in an organization.
2022-12-13 09:10:21 +01:00
Dominik Fahr
97a79645b0 fix of issue #1261
split record by "."
idna.encode leads into full stop if the string starts with "_" or "-"
2022-12-12 17:31:32 +01:00
Dominik Fahr
52169f698c undo of commit a7f55de
did not fix issue #1261
leaded into issue #1321
2022-12-12 17:30:42 +01:00
Jérôme BECOT
8d5b92402d
fix: Remove deprecated option OPT_X_TLS 2022-12-12 15:57:11 +01:00
Robert Walter
23e0fdbedf Fixing Validation Problem at LDAP Form 2022-12-12 12:32:32 +01:00
Bernward Sanchez
dfdb0dca17
Update domain.py 2022-12-10 10:37:06 +08:00
Matt Scott
3c0b0a1b2d
Merge pull request #1246 from unilogicbv/admin_edit_key_user_role_default
admin_edit_key: default to User role for new api keys
2022-12-08 22:13:23 -05:00
Matt Scott
2cd8f60f8d
Merge pull request #1247 from unilogicbv/models_user_plain_text_password_guard
models/user.py: properly guard plain_text_password property
2022-12-08 22:10:21 -05:00
Matt Scott
7873e5f3f8
Merge pull request #1249 from unilogicbv/models_user_totp_valid_window
models/user.py: add non-zero valid_window to totp.verify
2022-12-08 22:05:34 -05:00
Matt Scott
e823f079b7
Merge pull request #1266 from WhatshallIbreaktoday/master
allow null/None JSON data (Used for pdns notifies via api and by LEGO-ACME v 4.9.0)
2022-12-08 21:57:18 -05:00
Bernward Sanchez
2656242b45
Update api_key.py
I added the parentheses to the `db.session.rollback` line to call the method, which will now properly roll back any changes made to the database if an error occurs.
2022-12-09 09:33:17 +08:00
Bernward Sanchez
3e68044420
Update utils.py
This should fix the error you were experiencing, as it will now only attempt to process the `data` argument if it is a tuple containing two elements. If the `data` argument is not in the expected format, the function will simply return an empty string instead of raising an exception.
2022-12-09 08:15:13 +08:00
WhatshallIbreaktoday
d25a22272e allow null/None JSON data
This change permits to proxy pdns zone notify api requests (which are expected to be with empty body)
2022-10-12 08:10:35 +02:00
corubba
cb835978df Fix order of operations in api payload
PDNS checks that when a `CNAME` rrset is created that no other rrset of
the same name but a different rtype exists. When changing a record type
to `CNAME`, PDA will send two operations in one api call to PDNS: A
deletion of the old rrset, and the addition of the new rrset. For the
check in PDNS to pass, the deletion needs to happen before the addition.
Before PR #1201 that was the case, the first api call did deletions and
the second handled additions and changes. Currently the api payload
contains additions first and deletions last. PDNS applies these in the
order they are passed in the payload to the api, so to restore the
original/correct/working behaviour the order of operations in the api
payload has to be reversed.

fixes #1251
2022-09-23 00:19:22 +02:00
Pascal de Bruijn
846c03f154 models/user.py: add non-zero valid_window to totp.verify
PyOTP's totp.verify defaults to the valid_window of zero, which means
it will reject valid codes, if submitted just past the 30 sec window.
It also means, users will run into authentication issues very quickly
if their phones time-sync isn't perfect.

Therefore valid_window should at the very least be 1 or more, settting
it higher trades security for robustness, especially with regard to
time desync issues.
2022-09-07 14:23:34 +02:00
Pascal de Bruijn
41a3995865 routes/index.py: otp_force shouldn't apply to OAuth
as 2FA policies are typically enforced on the OAuth proviers end

Relates to #1051
2022-09-06 16:28:45 +02:00
Pascal de Bruijn
4fd1b10018 models/user.py: properly guard plain_text_password property
Resolves the following issue, which occurs with force_otp enabled
and OAuth authentication sources:

File "/srv/powerdnsadmin/powerdnsadmin/models/user.py", line 481, in update_profile
  "utf-8") if self.plain_text_password else user.password
AttributeError: 'User' object has no attribute 'plain_text_password'
2022-09-06 15:31:43 +02:00
Pascal de Bruijn
9bf74a6baf admin_edit_key: default to User role for new api keys
hopefully this will prevent accidental administator api keys from being created
2022-09-06 15:25:28 +02:00
Vasileios Markopoulos
204c996c81
Merge pull request #1221 from corubba/bugfix/changelog-hyphen
Fix rrset changelog for names with hyphen
2022-07-01 15:52:44 +03:00
AdvanticGmbH
3c68b611c6
Update powerdnsadmin/routes/admin.py
Looks good to me

Co-authored-by: Corubba <97832352+corubba@users.noreply.github.com>
2022-06-29 08:56:01 +02:00
AdvanticGmbH
cfab13824d Add history entries for association changes of domains 2022-06-28 11:19:00 +02:00
AdvanticGmbH
6a2ba1b1c3 Add list to manage with an account associated domains 2022-06-28 11:18:53 +02:00
Jérôme BECOT
41642fcea4
fix: Update JS minifier library 2022-06-24 23:03:01 +02:00
corubba
5036619a67 Allow new domains to be absolute
Allow the new domain name to be input absolute (with a dot at the end).
To keep the rest of the logic working as-is, remove it fairly early in
the function.

Would have loved to use `str.removesuffix()` but that's python v3.9+.
2022-06-23 22:31:00 +02:00
corubba
9890ddfa64 Fix rrset changelog for names with hyphen
When clicking the changelog button for a record with the name
`foo-bar.example.org`, the url you get redirected to is
`/domain/example.org/changelog/foo-bar.example.org.-A`. Because of the
non-greedy behaviour of the path converter, the last part gets split at
the *first* hyphen, so the example above gets wrongly dissected into
`record_name=foo` and `record_type=bar.example.org.-A`. This results
for obvious reasons in an empty changelog.

As described in rfc5395 [0], types have to be alphanumerical, so its
converter is changed from path to string.

The hyphen is one of the few characters recommended by rfc1035 [1],
so it is a bad choice as separator. The separator is instead changed to
a slash.
Granted, this does not entirely solve the issue but at least makes it a
lot less likely to happen. Plus, a lot more and other things break in
pda with slashes in names.

[0] https://datatracker.ietf.org/doc/html/rfc5395#section-3.1
[1] https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.1
2022-06-19 12:16:40 +02:00
jbe-dw
dac232147e
enh: Cookies security (#1211)
author: corruba
2022-06-18 22:51:47 +02:00
corubba
3a8ad7c444 Remove OFFLINE_MODE config option 2022-06-18 19:11:16 +02:00
corubba
b809308d31 Add LDAP user images 2022-06-18 19:11:16 +02:00
corubba
607caa1a2d Rework user image handling
Moved all the logic out of the template into a separate endpoint. This
makes it easy to extend to also support images from different sources
like LDAP/SAML/OIDC. Session-based caching is hard to do, so to allow
time-based caching in the browser, the url needs to be unique for every
user by using a query parameter.

Replaced the default/fallback user image with a new one. It is based on
the old one, but does not need css to be visible. And removed said css.

Gravatar has now its own setting named `gravatar_enabled`, which is
disabled by default.
2022-06-18 19:11:13 +02:00
corubba
b795f1eadf Use the doc search directly 2022-06-18 19:07:23 +02:00
corubba
fee26b84ba Remove IE8 polyfills
These old browsers are EOL since 2016 [0], let them finally rest in
peace.

This effectively reverts/replaces commit b8dee5d17056788c2dc9940d14308648e32186d8.

[0] https://web.archive.org/web/20160115070611/https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
2022-06-18 19:07:23 +02:00
corubba
54b2c5918f Serve the IE8 polyfills from local 2022-06-18 19:07:23 +02:00
corubba
674704609b Always use local fonts 2022-06-18 19:07:23 +02:00
corubba
af902f24a2 Update using only one api call
Starting with the very first commit, the update was always done with
two api calls: one for DELETE and one for REPLACE. It is however
perfectly valid and save to do both at once, which makes it atomic, so
no need for the rollback. Plus it only updates the serial once.
There is no point in sending the full RRset data when deleting it, the
key attributes to identify it are enough. This also make the behaviour
consistent with the api docs [0] where it says "MUST NOT be included
when changetype is set to DELETE."

[0] https://doc.powerdns.com/authoritative/http-api/zone.html#rrset
2022-06-18 18:58:39 +02:00
corubba
52b704baeb Set SameSite on cookies
Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.

Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.

The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.

[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
2022-06-18 18:51:42 +02:00