Commit Graph

41 Commits

Author SHA1 Message Date
5ad384bfe9 Add support for oidc_oauth_metadata_url configuration option
This commit adds support for the `oidc_oauth_metadata_url` configuration
option. This option specifies the URL of the OIDC server's
metadata endpoint, which contains information about the OIDC server's
endpoints, supported scopes, and other configuration details. By using this
option, we can ensure compatibility with different OIDC servers and reduce
the risk of errors due to manual endpoint configuration.
2023-02-23 09:21:01 +01:00
0418edddd9 Merge pull request #1078 from famedly/shine/config_table_key_uniqueness
fix: making the key name in the config database unique
2023-02-17 13:49:38 -05:00
7221271a7b Preserve domain records history after domain deletion. 2023-02-13 12:08:03 +02:00
c23e89bde3 Merge branch 'PowerDNS-Admin:master' into shine/config_table_key_uniqueness 2023-02-09 12:29:14 +00:00
607caa1a2d Rework user image handling
Moved all the logic out of the template into a separate endpoint. This
makes it easy to extend to also support images from different sources
like LDAP/SAML/OIDC. Session-based caching is hard to do, so to allow
time-based caching in the browser, the url needs to be unique for every
user by using a query parameter.

Replaced the default/fallback user image with a new one. It is based on
the old one, but does not need css to be visible. And removed said css.

Gravatar has now its own setting named `gravatar_enabled`, which is
disabled by default.
2022-06-18 19:11:13 +02:00
eb13b37e09 feat: Add the extra chars as an option 2022-06-18 14:30:56 +02:00
81f158d9bc enh: Enforce Record Restrictions in API (#1089)
Co-authored-by: Tom <tom@tom.com>
2022-06-18 14:20:49 +02:00
1926b862b8 feat: Option to forbid the creation of domain if it exists as a record (#1127)
When enabled, forbids the creation of a domain if it exists as a record in one of its parent domains (administrators and operators are not limited though).
2022-06-17 17:50:51 +02:00
94a923a965 Add 'otp_force' basic setting (#1051)
If the 'otp_force' and 'otp_field_enabled' basic settings are both enabled, automatically enable 2FA for the user after login or signup, if needed, by setting a new OTP secret. Redirect the user to a welcome page for scanning the QR code.

Also show the secret key in ASCII form on the user profile page for easier copying into other applications.
2021-12-17 11:41:51 +01:00
eb70f6a066 fix: making the key name in the config database unique 2021-12-12 20:32:14 +01:00
1332c8d29d History Tab Overhaul & Domain Record Modifications Changelog (#1042)
Co-authored-by: Konstantinos Kouris <85997752+konkourgr@users.noreply.github.com>
Co-authored-by: vmarkop <billy.mark.b.m.10@gmail.com>
Co-authored-by: KostasMparmparousis <mparmparousis.kostas@gmail.com>
Co-authored-by: dimpapac <demispapa@gmail.com>
2021-11-30 11:02:37 +02:00
b3f9b4a2b0 OIDC list accounts (#994)
Added the function to use lists instead of a single string in account autoprovision.
2021-11-19 17:53:17 +02:00
3081036c2c Env oauth url (#1030)
Overriding settings in DB using environment variable in docker
2021-11-05 18:22:38 +02:00
e7d5a3aba0 feat: enable_api_rr_history setting (#998)
* feat: introduce enable_api_rr_history setting to disable api record
changes
2021-11-05 17:26:38 +02:00
bf83662108 allow users to remove domain (#952) 2021-10-30 21:21:45 +02:00
ddf2d4788b Reslove conflicts
Signed-off-by: Khanh Ngo <khanh.ngo@taxfix.de>
2021-10-30 21:15:04 +02:00
1ec6b76f89 Remove otp field (#942) 2021-10-30 21:09:04 +02:00
6e04d0419b Provision PDA user privileges based On LDAP Attributes (#980) 2021-08-05 19:37:48 +02:00
fd933f8dbc remove unrelated files and changes as best as possible 2021-06-02 09:41:08 +02:00
c13dd2d835 add 'custom_css' setting to model; check for 'custom_css' in template; create custom css dir in dockerfile 2021-06-01 16:15:31 +02:00
43a6e46e66 add setting to hide otp_token field on login page 2021-05-27 22:51:07 +02:00
98db953820 Allow user role to view history (#890) 2021-03-27 19:33:11 +01:00
76562f8a46 Fix typo
Remove space from oidc_oauth_last_name default value
2020-10-10 21:03:34 +02:00
55ad73d92e Merge pull request #800 from cyso/pr/oidc-account
OIDC User and Account management during login
2020-10-10 14:32:14 +02:00
a679073928 Merge pull request #773 from terbolous/azure-oauth
Add Account creation/permission handling based on Azure oAuth group membership
2020-10-10 14:20:26 +02:00
f9f966df75 Allow for configuration of logout url 2020-08-06 15:29:02 +02:00
27f5c89f70 Manage Account membership on oidc login 2020-08-06 15:28:54 +02:00
25db119d02 Add Account creation/permission handling based on Azure oAuth group membership 2020-07-03 08:55:31 +02:00
a3fd856dd8 Code refactoring and bug fixes 2020-06-19 08:47:51 +07:00
2044ce4737 oidc custom claims 2020-05-04 07:12:48 +00:00
4cfb6ef81f Merge branch 'master' of github.com:ngoduykhanh/PowerDNS-Admin 2020-01-29 22:33:32 +07:00
31d19b19ab Merge remote-tracking branch 'eht16/add_ssl_verify_setting' 2020-01-29 22:33:24 +07:00
23c73f6c52 Fix logging in models 2020-01-29 22:18:15 +07:00
68843d9664 Add new setting to verify outgoing SSL connections
The new setting 'verify_ssl_connections' tells the requests library to
verify secured outgoing HTTP connections.
Usually verifying is desired and helps to reveal configuration
problems. It also disables an ugly warning when HTTPS connections
are made without verification.
2020-01-25 19:44:11 +01:00
b4b5673cf1 Merge branch 'master' of github.com:johnwarburton/PowerDNS-Admin into feat/groupofnames
Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>
2020-01-08 23:19:51 +01:00
765eab999a Azure OAuth - add Group mappings to Roles 2020-01-03 15:36:38 +13:00
7739bf7cfc Add user email verification 2019-12-21 21:43:03 +07:00
7205b4a01b User session improvement
- Add session handler on other blueprint's before request
- Adjustment in using jTimeout to close warning popup on
other tabs when we extend the session
2019-12-18 15:25:20 +07:00
6af94df00a LGTM fixes. Remove unused import and variables 2019-12-07 20:20:40 +07:00
80b6ca19ac Resolve the conflicts and add adjustment to #591 2019-12-06 14:27:35 +07:00
8ea00b9484 Refactoring the code
- Use Flask blueprint
- Split model and views into smaller parts
- Bug fixes
- API adjustment
2019-12-02 10:32:03 +07:00