corubba
3e462dab17
Fix csrf configuration
...
CSRF has been initialized *before* the app config was fully read. That
made it impossible to configure CSRF properly. Moved the CSRF init into
the routes module, and switched from programmatic to decorated
exemptions. GET routes don't need to be exempted because they are by
default.
2022-06-18 18:51:40 +02:00
Jérôme BECOT
a87b931520
feat: Move the account parse calls to a method
2022-06-18 14:30:56 +02:00
Jérôme BECOT
eb13b37e09
feat: Add the extra chars as an option
2022-06-18 14:30:56 +02:00
Jérôme BECOT
a3c50828a6
feat: Allow underscores and hyphens in account name
2022-06-18 14:28:32 +02:00
RGanor
81f158d9bc
enh: Enforce Record Restrictions in API ( #1089 )
...
Co-authored-by: Tom <tom@tom.com>
2022-06-18 14:20:49 +02:00
Vasileios Markopoulos
83d2f3c791
Merge pull request #1205 from joshsol1/master
...
Modification to SAML groups and group management
2022-06-18 13:39:01 +03:00
gadall
bf83e68a4b
Fix DynDNS2 using X-Forwarded-For ( #1214 )
...
utils.validate_ipaddress() takes a string, not a list
2022-06-18 13:11:22 +03:00
TomSebty
1926b862b8
feat: Option to forbid the creation of domain if it exists as a record ( #1127 )
...
When enabled, forbids the creation of a domain if it exists as a record in one of its parent domains (administrators and operators are not limited though).
2022-06-17 17:50:51 +02:00
jbe-dw
1112105683
feat: Add /api endpoint ( #1206 )
2022-06-17 16:48:23 +02:00
jbe-dw
2a75013de4
Merge pull request #1163 from AdvanticGmbH/idna_decode
...
fix: use idna module to support extended character set
2022-06-17 15:47:55 +02:00
Vasileios Markopoulos
41343fd598
Merge pull request #1199 from corubba/bugfix/rrest-typo
...
Fix rrest typo in history detail
2022-05-25 10:45:50 +03:00
jbe-dw
06c12cc3ac
Merge pull request #1172 from RGanor/master
...
Added health check
2022-05-23 20:18:17 +02:00
RGanor
1bee833326
Updated the unknown state
2022-05-23 16:46:11 +00:00
Josh Matthews
715c6b76cd
added code to raise user to operator on SAML auth if in the right group
2022-05-23 14:38:16 +10:00
corubba
0dfcdb6c3e
Fix rrest typo in history detail
...
There is a misspelling of rrset throughout the history logic, which also
effects the json payload in the database. Code-wise this is a simple
search-and-replace, and the migration will fix the payloads.
2022-05-19 00:53:35 +02:00
RGanor
3d2ad1abc0
LGTM fix - unused variable
2022-05-15 13:57:13 +00:00
Cloud User
b3271e84d6
Using domain model and added authentication
2022-05-15 12:19:04 +00:00
jbe-dw
6579c9e830
Merge pull request #1182 from jbe-dw/revertCorruptedHistoryFix
...
fix: Insert valid JSON in history.detail and replace single quotes in the database
2022-05-12 21:30:20 +02:00
jbe-dw
fa9bdcfde0
Merge pull request #1134 from jbe-dw/fixAPIDeleteAccount
...
Fix API Account deletion
2022-05-06 23:35:24 +02:00
Jérôme BECOT
64f7968af9
fix: Use json.dumps instead of str
2022-05-06 17:04:39 +02:00
jbe-dw
82f03a4de2
Merge pull request #1160 from AdvanticGmbH/json_load_error
...
Json load error
2022-04-26 17:54:08 +02:00
AdvanticGmbH
26c60f175d
Remove unnecessary call to str()
...
* json.dumps() already returns a str
2022-04-26 09:11:05 +02:00
AdvanticGmbH
44c9aff5db
Use json.dumps for every detail in history
...
This works much better instead of just writing a str to the db and
expect it to be loaded just fine from json.loads
2022-04-25 10:43:46 +02:00
AdvanticGmbH
3df36adbf4
Add more detailed info to the history when a msg and status exists
2022-04-25 10:43:40 +02:00
AdvanticGmbH
191e919626
Allow IDNA in SOA
...
* Previously having characters like "ü" in the SOA wouldnt allow to push
updates to the domain
* Also use the new method to_idna to support characters like "ß"
2022-04-25 10:19:40 +02:00
KostasMparmparousis
4d6c6224b4
Login requirement removal for /ping endpoint
2022-04-20 13:31:23 +03:00
RGanor
4958423cc7
Update api.py
2022-04-18 22:11:31 +03:00
root
f41696c310
WIP - Added health check
2022-04-18 09:01:22 +00:00
Veovis
bd92c5946c
Fix broken SAML login from 9c00e48f
2022-04-12 17:14:54 +02:00
Vasileios Markopoulos
098224eed1
Merge pull request #1123 from gunet/log-dnssec-enabling
...
Log DNSSEC status change for a domain
2022-04-11 15:21:59 +03:00
jbe-dw
8cf2985335
Merge pull request #979 from mirko/make-onelogin-pkg-optional
...
routes/index.py: Make package 'onelogin.saml2.utils' optional
2022-04-07 13:37:00 +02:00
jbe-dw
13ff4df9f9
Merge pull request #1122 from gunet/auth_type_log_fix
...
Fixed LDAP Authenticator Type logging
2022-04-03 14:59:48 +02:00
jbe-dw
c6de972ed8
Merge pull request #1101 from decryptus/master
...
[BUG] Fixed delete zone from API
2022-04-03 00:29:47 +02:00
Jérôme BECOT
17b4269e1b
fix: Set Content-Type on backend API calls
2022-03-30 23:39:00 +02:00
Jérôme BECOT
84a183d913
fix: Disassociate domains from account before deletion
2022-02-24 11:24:19 +01:00
kkmanos
e21f53085d
added DNSSEC enabling/disabling to history logs
2022-02-17 17:40:48 +02:00
vmarkop
36cee8cddc
Fixed 'LOCAL' Authenticator Type showing for LDAP auth
2022-02-17 17:34:54 +02:00
Adrien Delle Cave
6982e0107c
Typo in routes/api.py
2022-01-20 12:49:37 +01:00
Adrien Delle Cave
98bd9634a4
[BUG] Fixed delete zone from API
2022-01-19 13:50:12 +01:00
RGanor
328780e2d4
Revert "Merge branch 'master' into master"
...
This reverts commit ca4c145a18
, reversing
changes made to 7808febad8
.
2021-12-25 16:17:54 +02:00
RGanor
ca4c145a18
Merge branch 'master' into master
2021-12-25 16:10:18 +02:00
Vasileios Markopoulos
94a923a965
Add 'otp_force' basic setting ( #1051 )
...
If the 'otp_force' and 'otp_field_enabled' basic settings are both enabled, automatically enable 2FA for the user after login or signup, if needed, by setting a new OTP secret. Redirect the user to a welcome page for scanning the QR code.
Also show the secret key in ASCII form on the user profile page for easier copying into other applications.
2021-12-17 11:41:51 +01:00
zoeller-freinet
07f0d215a7
PDNS-API: factor in 'dnssec_admins_only' basic setting ( #1055 )
...
`GET cryptokeys/{cryptokey_id}` returns the private key, which justifies
that the setting is honored in this case.
2021-12-06 22:38:16 +01:00
Jérôme BECOT
d2f35a4059
fix: Check user zone create/delete permission
...
Co-authored-by: zoeller-freinet <86965592+zoeller-freinet@users.noreply.github.com>
2021-12-05 14:16:45 +01:00
zoeller-freinet
737e1fb93b
routes/admin.py: DetailedHistory: backward-compatibility
...
See https://github.com/ngoduykhanh/PowerDNS-Admin/pull/1066
2021-12-04 17:38:48 +01:00
zoeller-freinet
f0008ce401
routes/admin.py: refactor DetailedHistory
...
- Run HTML through the template engine, preventing XSS from various
vectors
- Fix uncaught exception when a history entry about domain template
deletion is processed
- Adapt indentation to 4 space characters per level
2021-12-04 16:09:53 +01:00
Dominic Zöller
51a7f636b0
Use secrets module for generating new API keys and passwords
...
The implementation of `random.choice()` uses the Mersenne Twister, the
output of which is predictable by observing previous output, and is as
such unsuitable for security-sensitive applications. A cryptographically
secure pseudorandom number generator - which the `secrets` module relies
on - should be used instead in those instances.
2021-12-04 16:08:07 +01:00
ManosKoukoularis
9f46188c7e
Quotes fix ( #1066 )
...
* minor fix in history
* made key access more generic
2021-12-03 20:14:14 +02:00
root
caa48b7fe5
Merge branch 'quotes-fix'
...
Conflicts:
powerdnsadmin/routes/admin.py
2021-12-03 14:17:39 +00:00
root
940551e99e
feat: Associate an API Key with accounts ( #1044 )
2021-12-03 14:12:11 +00:00
ManosKoukoularis
1332c8d29d
History Tab Overhaul & Domain Record Modifications Changelog ( #1042 )
...
Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com>
Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com>
Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com>
Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 11:02:37 +02:00
benshalev849
b3f9b4a2b0
OIDC list accounts ( #994 )
...
Added the function to use lists instead of a single string in account autoprovision.
2021-11-19 17:53:17 +02:00
Daniel Molkentin
c7b4aa3434
fix: actually store OIDC logout URL ( #988 )
2021-11-05 17:28:21 +02:00
Vitali Quiering
e7d5a3aba0
feat: enable_api_rr_history setting ( #998 )
...
* feat: introduce enable_api_rr_history setting to disable api record
changes
2021-11-05 17:26:38 +02:00
zoeller-freinet
20b866a784
strip() whitespace from new local user master data ( #1019 )
...
When creating a new local user, there is a chance that, due to a copy &
paste or typing error, whitespace will be introduced at the start or end
of the username. This can lead to issues when trying to log in using the
affected username, as such a condition can easily be overlooked - no
user will be found in the database if entering the username without the
aforementioned whitespace. This commit therefore strip()s the username
string within routes/{admin,index}.py.
The firstname, lastname and email strings within
routes/{admin,index,user}.py are also strip()ped on this occasion.
2021-11-05 17:04:35 +02:00
RGanor
c246775ffe
bg_domain button for operators and higher ( #993 )
2021-10-30 21:26:46 +02:00
steschuser
bf83662108
allow users to remove domain ( #952 )
2021-10-30 21:21:45 +02:00
Khanh Ngo
ddf2d4788b
Reslove conflicts
...
Signed-off-by: Khanh Ngo <khanh.ngo@taxfix.de>
2021-10-30 21:15:04 +02:00
steschuser
1ec6b76f89
Remove otp field ( #942 )
2021-10-30 21:09:04 +02:00
RoeiGanor
10dc2b0273
bg_domain button for operators and higher
2021-08-13 20:03:06 +03:00
steschuser
993e02b635
limit user to only create domains for the accounts he belongs to ( #970 )
2021-08-05 19:42:58 +02:00
steschuser
07c71fb0bf
setting account_user_ids to empty list on GET /account/edit ( #966 )
2021-08-05 19:41:28 +02:00
steschuser
c4a9498898
respect_bg_domain_updates in routes/api ( #962 )
2021-08-05 19:39:26 +02:00
Kostas Mparmparousis
6e04d0419b
Provision PDA user privileges based On LDAP Attributes ( #980 )
2021-08-05 19:37:48 +02:00
Mirko Vogt
9c00e48f0f
routes/index.py: Make package 'onelogin.saml2.utils' optional
...
The onelogin package is not part of all saml packages for whatever
reason (e.g. Debian) and not easily installable from pypi (requires
CC toolchain).
As the onelogin functionality is already guarded by whether
SAML_ENABLED is set in other places (services/saml.py), also do so
in routes/index.py.
2021-07-23 06:56:09 +00:00
Steffen Schwebel
fd933f8dbc
remove unrelated files and changes as best as possible
2021-06-02 09:41:08 +02:00
Steffen Schwebel
054e0e6eba
add rule for 'custom_css' setting
2021-06-01 16:24:07 +02:00
Steffen Schwebel
43a6e46e66
add setting to hide otp_token field on login page
2021-05-27 22:51:07 +02:00
Ian Bobbitt
39cddd3b34
SAML improvements for Docker ( #929 )
...
* Fix typo in managing user account membership with SAML assertion
* Support more config options from Docker env.
* Improve support for SAML key and cert from Docker secrets
Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
jodygilbert
98db953820
Allow user role to view history ( #890 )
2021-03-27 19:33:11 +01:00
jbe-dw
86700f8fd7
upd: improve user api ( #878 )
2021-03-16 19:39:53 +01:00
R. Daneel Olivaw
46993e08c0
Add punycode (IDN) support ( #879 )
2021-03-16 19:37:05 +01:00
jodygilbert
4c19f95928
Improve account creation/permission handling based on Azure oAuth group membership ( #877 )
2021-01-31 11:31:56 +01:00
jbe-dw
3a4efebf95
enh: display b64 encoded apikey on creation through the API ( #870 )
2021-01-24 09:43:51 +01:00
jbe-dw
8f6a800836
fix: account API output^ ( #874 )
2021-01-24 09:08:32 +01:00
jbe-dw
3cd98251b3
fix: API (apikeys) behaviour does not match swagger definition ( #868 )
2021-01-24 09:06:51 +01:00
jbe-dw
54b257768f
feat: Implement apikeys/<id> endpoint from swagger spec. ( #864 )
2021-01-16 20:49:41 +01:00
jbe-dw
718b41e3d1
feat: limit zone list for users on servers endpoint ( #862 )
2021-01-16 20:45:02 +01:00
jbe-dw
dd0a5f6326
feat: Allow sync domain with basic auth ( #861 )
2021-01-16 20:37:11 +01:00
jbe-dw
c3d438842f
fix: user jsonify to set response headers to json ( #863 )
2021-01-16 20:29:40 +01:00
jbe-dw
33e7ffb747
fix: Follow PDNS Api return format ( #858 )
2021-01-07 23:26:48 +01:00
jbe-dw
2c18e5c88f
fix: User role was not assigned upon creation ( #860 )
2021-01-07 23:07:20 +01:00
WhatshallIbreaktoday
c6e0293177
Tweaks to allow user apikey usage with powerdns terraform provider ( #845 )
2020-12-07 22:06:37 +01:00
Khanh Ngo
3034630bc0
Merge pull request #761 from ngoduykhanh/record_rollback
...
Fix #752 - Rollback the removed record if apply operation failed
2020-10-11 13:01:26 +02:00
Khanh Ngo
55ad73d92e
Merge pull request #800 from cyso/pr/oidc-account
...
OIDC User and Account management during login
2020-10-10 14:32:14 +02:00
Khanh Ngo
a679073928
Merge pull request #773 from terbolous/azure-oauth
...
Add Account creation/permission handling based on Azure oAuth group membership
2020-10-10 14:20:26 +02:00
Khanh Ngo
b5fc9045f2
Merge pull request #766 from frei-style/sort_accounts
...
Sort accounts by name on 'New Domain' and domain 'Admin'
2020-10-10 14:18:02 +02:00
Khanh Ngo
b8ffb1dae9
Merge pull request #804 from RoeiGanor/api_key
...
Add API Key to the UI
2020-10-10 14:11:09 +02:00
Tom Hetmer
cf62658e19
do not fail with wildcard PTRs
2020-09-10 01:18:07 +07:00
root
74b89b1b7e
Add API Key to the UI
2020-08-08 13:41:18 +00:00
Nick Douma
f9f966df75
Allow for configuration of logout url
2020-08-06 15:29:02 +02:00
Nick Douma
27f5c89f70
Manage Account membership on oidc login
2020-08-06 15:28:54 +02:00
Nick Douma
ab6480a4b4
Update user with info from oidc during login
2020-08-06 15:28:27 +02:00
Erik Weber
22eabef06a
Use the correct matching group
2020-07-03 11:01:17 +02:00
Erik Weber
e993422106
Add regex matching for group/account description
2020-07-03 10:55:06 +02:00
Erik Weber
25db119d02
Add Account creation/permission handling based on Azure oAuth group membership
2020-07-03 08:55:31 +02:00
Manuel Frei
9946f72a85
Order accounts by name on 'New Domain' and domain admin
2020-06-28 01:59:12 +02:00
Khanh Ngo
1f4580a27a
Log failed domain apply operation
2020-06-20 09:51:30 +07:00
Khanh Ngo
a3fd856dd8
Code refactoring and bug fixes
2020-06-19 08:47:51 +07:00
Ymage
4e39d5a461
Fix session clearing
2020-05-29 17:41:20 +02:00