bd92c5946c
Fix broken SAML login from 9c00e48f
2022-04-12 17:14:54 +02:00
098224eed1
Merge pull request #1123 from gunet/log-dnssec-enabling
...
Log DNSSEC status change for a domain
2022-04-11 15:21:59 +03:00
9e90dde144
Merge pull request #1158 from AdvanticGmbH/domain_xss
...
Render domain data table fields only as text
2022-04-11 13:05:43 +03:00
0ab2610064
Merge pull request #1165 from gunet/update_repo_url
...
Updated repository URL
2022-04-11 12:26:15 +03:00
9c62208c2e
Updated repository URL
2022-04-11 12:21:34 +03:00
8cf2985335
Merge pull request #979 from mirko/make-onelogin-pkg-optional
...
routes/index.py: Make package 'onelogin.saml2.utils' optional
2022-04-07 13:37:00 +02:00
33f1c6ad61
Merge pull request #1027 from mirko/add-WWW-Authenticate-header-for-dyndns
...
dyndns: Respond with HTTP header 'WWW-Authenticate' to unauthed requests
2022-04-07 13:31:03 +02:00
e596de37f4
Render Name, Type, Status, TTL, Data and Edit as text
2022-04-04 14:16:40 +02:00
930932d131
Render domain data table fields only as text
2022-04-04 14:06:31 +02:00
13ff4df9f9
Merge pull request #1122 from gunet/auth_type_log_fix
...
Fixed LDAP Authenticator Type logging
2022-04-03 14:59:48 +02:00
c6de972ed8
Merge pull request #1101 from decryptus/master
...
[BUG] Fixed delete zone from API
2022-04-03 00:29:47 +02:00
bff020443f
Merge pull request #1154 from jbe-dw/fixBackendContentType
...
fix: Set Content-Type on backend API calls
2022-04-02 21:36:56 +02:00
17b4269e1b
fix: Set Content-Type on backend API calls
2022-03-30 23:39:00 +02:00
be7b657437
Merge pull request #1124 from gunet/refresh-on-login
...
Refresh on csrf token expiration
2022-03-30 10:37:29 +03:00
74efcc7cf7
Merge pull request #1152 from gunet/werkzeug-import-fix
...
Fixed werkzeug dependency
2022-03-29 10:50:13 +03:00
c9d97642b3
Fixed werkzeug dependency
2022-03-29 10:30:19 +03:00
35f2fde0a8
Merge pull request #1148 from gunet/jinja-depedency-fix
...
jinja-dependency-fix
2022-03-27 15:26:22 +03:00
063d259af8
jinja-dependency-fix
2022-03-27 15:19:35 +03:00
60e58a3895
Merge pull request #1136 from gunet/itsdangerous
...
Pinned compatible itsdangerous version to requirements
2022-03-27 14:50:58 +03:00
5d8e277b3f
pinned compatible itsdangerous version
2022-02-28 11:35:24 +02:00
fcb8287f14
Update login.html
2022-02-25 12:59:23 +02:00
10603fbb36
fixed csrf expiration for login page
2022-02-17 18:10:06 +02:00
e21f53085d
added DNSSEC enabling/disabling to history logs
2022-02-17 17:40:48 +02:00
36cee8cddc
Fixed 'LOCAL' Authenticator Type showing for LDAP auth
2022-02-17 17:34:54 +02:00
b9cf7245a5
fixed csrf expiration for login page
2022-02-17 17:02:11 +02:00
6982e0107c
Typo in routes/api.py
2022-01-20 12:49:37 +01:00
e2fe84a7c5
Merge branch 'master' of https://github.com/PowerDNS-Admin/PowerDNS-Admin
2022-01-20 07:58:12 +01:00
cd94b5c0ac
Update API.md ( #1100 )
...
armless > harmless
2022-01-19 17:49:30 +02:00
98bd9634a4
[BUG] Fixed delete zone from API
2022-01-19 13:50:12 +01:00
0b2ad520b7
History table: relocate HTML for modal window ( #1090 )
...
- Store HTML for modal window inside an invisible <div> element instead
of inside the <button> element's value attribute
- Mark history.detailed_msg as safe as it is already manually run
through the template engine beforehand and would be broken if escaped
a second time
2022-01-01 21:20:01 +01:00
302e793665
Add button for admin page in single Domain view ( #1076 )
...
* Added button for admin page in domain overview
2021-12-31 00:55:59 +01:00
328780e2d4
Revert "Merge branch 'master' into master"
...
This reverts commit ca4c145a187808febad8
2021-12-25 16:17:54 +02:00
ca4c145a18
Merge branch 'master' into master
2021-12-25 16:10:18 +02:00
7808febad8
login.html: don't suggest previous OTP tokens
...
This change has been tested to work with:
- Chromium 96.0.4664.93
- Firefox 95.0
- Edge 96.0.1054.57
2021-12-17 12:48:11 +01:00
9ef0f2b8d6
Bump python-ldap from 3.3.1 to 3.4.0
...
Bumps [python-ldap](https://github.com/python-ldap/python-ldap ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/python-ldap/python-ldap/releases )
- [Commits](https://github.com/python-ldap/python-ldap/compare/python-ldap-3.3.1...python-ldap-3.4.0 )
---
updated-dependencies:
- dependency-name: python-ldap
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2021-12-17 12:08:19 +01:00
94a923a965
Add 'otp_force' basic setting ( #1051 )
...
If the 'otp_force' and 'otp_field_enabled' basic settings are both enabled, automatically enable 2FA for the user after login or signup, if needed, by setting a new OTP secret. Redirect the user to a welcome page for scanning the QR code.
Also show the secret key in ASCII form on the user profile page for easier copying into other applications.
2021-12-17 11:41:51 +01:00
0da9b2185e
fix: Error in the swagger AccountSummary definition
2021-12-08 23:11:13 +01:00
07f0d215a7
PDNS-API: factor in 'dnssec_admins_only' basic setting ( #1055 )
...
`GET cryptokeys/{cryptokey_id}` returns the private key, which justifies
that the setting is honored in this case.
2021-12-06 22:38:16 +01:00
fc8367535b
chore: remove funding and sponsor badges ( #1073 )
2021-12-08 17:44:44 +01:00
d2f35a4059
fix: Check user zone create/delete permission
...
Co-authored-by: zoeller-freinet <86965592+zoeller-freinet@users.noreply.github.com >
2021-12-05 14:16:45 +01:00
737e1fb93b
routes/admin.py: DetailedHistory: backward-compatibility
...
See https://github.com/ngoduykhanh/PowerDNS-Admin/pull/1066
2021-12-04 17:38:48 +01:00
f0008ce401
routes/admin.py: refactor DetailedHistory
...
- Run HTML through the template engine, preventing XSS from various
vectors
- Fix uncaught exception when a history entry about domain template
deletion is processed
- Adapt indentation to 4 space characters per level
2021-12-04 16:09:53 +01:00
6f12b783a8
models.user: get_accounts(): order by name
...
The order of account names returned by User.get_accounts() affects the
order account names are displyed in on /domain/add if the current user
neither has the Administrator role nor the Operator role and the
`allow_user_create_domain` setting is enabled at the same time.
If the current user does have the Administrator or Operator role,
routes.domain.add() already returns accounts ordered by name, so this
change makes it consistent.
2021-12-04 16:09:15 +01:00
51a7f636b0
Use secrets module for generating new API keys and passwords
...
The implementation of `random.choice()` uses the Mersenne Twister, the
output of which is predictable by observing previous output, and is as
such unsuitable for security-sensitive applications. A cryptographically
secure pseudorandom number generator - which the `secrets` module relies
on - should be used instead in those instances.
2021-12-04 16:08:07 +01:00
9f46188c7e
Quotes fix ( #1066 )
...
* minor fix in history
* made key access more generic
2021-12-03 20:14:14 +02:00
caa48b7fe5
Merge branch 'quotes-fix'
...
Conflicts:
powerdnsadmin/routes/admin.py
2021-12-03 14:17:39 +00:00
591055d4aa
Merge branch 'master' of https://github.com/ngoduykhanh/PowerDNS-Admin
2021-12-03 14:12:32 +00:00
940551e99e
feat: Associate an API Key with accounts ( #1044 )
2021-12-03 14:12:11 +00:00
f45ff2ce03
feat: Associate an API Key with accounts ( #1044 )
2021-12-03 15:35:15 +02:00
6c1dfd2408
Datepicker replace ( #1059 )
...
* replaced jquery-ui-datepicker with bootstrap-datepicker
* removed obsolete static files
2021-12-02 11:59:36 +01:00
