ae2ad6527a
Set csrf cookie to httponly
...
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.
The Sesson-cookie is already httponly by default [0].
[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
2022-06-18 18:51:42 +02:00
3e462dab17
Fix csrf configuration
...
CSRF has been initialized *before* the app config was fully read. That
made it impossible to configure CSRF properly. Moved the CSRF init into
the routes module, and switched from programmatic to decorated
exemptions. GET routes don't need to be exempted because they are by
default.
2022-06-18 18:51:40 +02:00
a87b931520
feat: Move the account parse calls to a method
2022-06-18 14:30:56 +02:00
eb13b37e09
feat: Add the extra chars as an option
2022-06-18 14:30:56 +02:00
a3c50828a6
feat: Allow underscores and hyphens in account name
2022-06-18 14:28:32 +02:00
beed738d02
enh: Improve performance of domain update ( #1218 )
...
author: @AdvanticGmbH
2022-06-18 14:23:05 +02:00
81f158d9bc
enh: Enforce Record Restrictions in API ( #1089 )
...
Co-authored-by: Tom <tom@tom.com >
2022-06-18 14:20:49 +02:00
83d2f3c791
Merge pull request #1205 from joshsol1/master
...
Modification to SAML groups and group management
2022-06-18 13:39:01 +03:00
bf83e68a4b
Fix DynDNS2 using X-Forwarded-For ( #1214 )
...
utils.validate_ipaddress() takes a string, not a list
2022-06-18 13:11:22 +03:00
1926b862b8
feat: Option to forbid the creation of domain if it exists as a record ( #1127 )
...
When enabled, forbids the creation of a domain if it exists as a record in one of its parent domains (administrators and operators are not limited though).
2022-06-17 17:50:51 +02:00
1112105683
feat: Add /api endpoint ( #1206 )
2022-06-17 16:48:23 +02:00
2a75013de4
Merge pull request #1163 from AdvanticGmbH/idna_decode
...
fix: use idna module to support extended character set
2022-06-17 15:47:55 +02:00
9d7d701cd9
Merge pull request #1203 from pixelrebel/saml-fixes
...
Small fixes to SAML service
2022-06-15 15:56:28 +03:00
41343fd598
Merge pull request #1199 from corubba/bugfix/rrest-typo
...
Fix rrest typo in history detail
2022-05-25 10:45:50 +03:00
f98326ea90
Fix remaining typo occurrence
2022-05-24 23:45:14 +02:00
88df88f30b
fix: Active directory filter is broken
2022-05-24 13:58:45 +02:00
259bd0a906
Merge pull request #1200 from corubba/feature/modal-consolidation
...
enh: Consolidate generic modal code
2022-05-23 22:50:48 +02:00
06c12cc3ac
Merge pull request #1172 from RGanor/master
...
Added health check
2022-05-23 20:18:17 +02:00
1bee833326
Updated the unknown state
2022-05-23 16:46:11 +00:00
e81453c5e3
Merge pull request #1188 from corubba/bugfix/pyOpenSSL
...
Small bugfixes
2022-05-23 13:59:18 +02:00
715c6b76cd
added code to raise user to operator on SAML auth if in the right group
2022-05-23 14:38:16 +10:00
e4c8c3892f
Use HTTP_X_FORWARDED_PROTO header from reverse proxy to rewrite https:// for SAML request URLs
2022-05-19 19:00:38 -07:00
9221d58a1b
Allow SAML AttributeStatements to be optional
2022-05-19 14:52:51 -07:00
0dfcdb6c3e
Fix rrest typo in history detail
...
There is a misspelling of rrset throughout the history logic, which also
effects the json payload in the database. Code-wise this is a simple
search-and-replace, and the migration will fix the payloads.
2022-05-19 00:53:35 +02:00
70450315ba
Add general modal functions
...
The two generic modals are defined in the base template, and are used
in various templates. So provide functions and remove duplicate code.
2022-05-19 00:53:20 +02:00
3d2ad1abc0
LGTM fix - unused variable
2022-05-15 13:57:13 +00:00
b3271e84d6
Using domain model and added authentication
2022-05-15 12:19:04 +00:00
6579c9e830
Merge pull request #1182 from jbe-dw/revertCorruptedHistoryFix
...
fix: Insert valid JSON in history.detail and replace single quotes in the database
2022-05-12 21:30:20 +02:00
564ec6086d
Replace pyOpenSSL with cryptography
...
This is literally the example from the docs [0]. The only thing I
adapted are the parameters for the keys and certificate, so they
stay the same.
Fixes #1086
[0] https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate
2022-05-07 21:32:19 +02:00
fec649b747
Header for fixed order column
...
Semantically and syntactically it is better to have the same number of
`<th>` as `<td>`. Not that anyone will ever see that new header, since
that column is always invisible (except if the user disables javascript).
Plus remove a unmatched closing html element.
2022-05-07 21:14:57 +02:00
0e2cd063c5
Remove python v2 remnant
...
As vermin [0] confirms, the codebase has long moved beyond supporting
python v2 (which is not a bad thing). This removes the last explicit py2
piece of code.
And in case anyone wonders, vermin currently reports the minium version
to be v3.6.
[0] https://pypi.org/project/vermin/
2022-05-07 21:14:48 +02:00
fa9bdcfde0
Merge pull request #1134 from jbe-dw/fixAPIDeleteAccount
...
Fix API Account deletion
2022-05-06 23:35:24 +02:00
64f7968af9
fix: Use json.dumps instead of str
2022-05-06 17:04:39 +02:00
82f03a4de2
Merge pull request #1160 from AdvanticGmbH/json_load_error
...
Json load error
2022-04-26 17:54:08 +02:00
26c60f175d
Remove unnecessary call to str()
...
* json.dumps() already returns a str
2022-04-26 09:11:05 +02:00
fc56a168c8
Merge pull request #1174 from gunet/ping-no-login-required
...
Login requirement removal for /ping endpoint
2022-04-25 16:22:21 +02:00
5040cf5282
Merge pull request #1159 from AdvanticGmbH/html_entity_domain_fix
...
Decode domain record data and comment from HTML entity to text
2022-04-25 12:49:10 +03:00
44c9aff5db
Use json.dumps for every detail in history
...
This works much better instead of just writing a str to the db and
expect it to be loaded just fine from json.loads
2022-04-25 10:43:46 +02:00
3df36adbf4
Add more detailed info to the history when a msg and status exists
2022-04-25 10:43:40 +02:00
191e919626
Allow IDNA in SOA
...
* Previously having characters like "ü" in the SOA wouldnt allow to push
updates to the domain
* Also use the new method to_idna to support characters like "ß"
2022-04-25 10:19:40 +02:00
40deb3c145
Create method to encode and decode idna
...
Previously strings with characters like "ß" would throw and exception
This seems to happen because the lib behind encode().decode('idna')
cant handle characters like this
2022-04-25 10:05:46 +02:00
4d6c6224b4
Login requirement removal for /ping endpoint
2022-04-20 13:31:23 +03:00
4958423cc7
Update api.py
2022-04-18 22:11:31 +03:00
f41696c310
WIP - Added health check
2022-04-18 09:01:22 +00:00
e891333971
Merge pull request #1166 from LordVeovis/fix/saml
...
Fix broken SAML login from 9c00e48f
2022-04-13 10:16:58 +03:00
c9c82d4244
Merge pull request #1118 from cropalato/master
...
Fixing AD login if there is a infinity loop in memberOf groups.
2022-04-13 10:15:54 +03:00
bd92c5946c
Fix broken SAML login from 9c00e48f
2022-04-12 17:14:54 +02:00
ee0511ff4c
[Fix] AD recursive problem
...
- Fixing #1011[https://github.com/PowerDNS-Admin/PowerDNS-Admin/issues/1011 ]
2022-04-11 08:49:38 -04:00
098224eed1
Merge pull request #1123 from gunet/log-dnssec-enabling
...
Log DNSSEC status change for a domain
2022-04-11 15:21:59 +03:00
9e90dde144
Merge pull request #1158 from AdvanticGmbH/domain_xss
...
Render domain data table fields only as text
2022-04-11 13:05:43 +03:00
