Commit Graph

1558 Commits

Author SHA1 Message Date
Nigel Kukard
e7547ff8d3 fix: fix for CVE-2023-0286 & CVE-2023-23931 - cryptography update to 39.0.2 2023-03-18 23:56:22 +00:00
Matt Scott
b71f9ae5b4
Merge pull request from GHSA-3pcw-h28g-9w3v
Upgrade setuptools to 65.5.1 (CVE-2022-40897 fix)
2023-03-18 19:53:41 -04:00
Nigel Kukard
78e8d9950d fix: upgrade setuptools to fix CVE-2022-40897 2023-03-18 23:38:48 +00:00
Matt Scott
1918f713e1 Merge remote-tracking branch 'origin/dev' into dev 2023-03-18 19:20:47 -04:00
Matt Scott
33614ae102 Updated invalid value in dependabot workflow. 2023-03-18 19:20:36 -04:00
Matt Scott
d3da1e43ed
Fix LDAP group restrictions by allowing the use of any combination of groups. (#1463) 2023-03-18 19:15:01 -04:00
Nigel Kukard
138532fb95 fix: allow the specification of any combination of groups in LDAP group security configuration
Previous behavior required the specification of all three group security groups before the
"Save Settings" button would be enabled.

This adds a check into users.py which checks that the group is set before searching and
removes the javascript preventing the specification of any combination of groups.

Tested:
- Tested all combinations on AD after MR 1238
- Tested all combinations on OpenLDAP
- Tested enabling the Group Security with no groups set which correctly prevents login

Resolves #1462
2023-03-18 20:30:52 +00:00
Matt Scott
c24b4b047d
Merge pull request #1461 from nkukard/nkupdates-fix-session-clear
fix: fixed session clearing and let logout_user take care of cleanup
2023-03-18 16:05:20 -04:00
Matt Scott
defb3e5a48
Merge pull request #1238 from melck/fix-ldap-ad-nested-member
Fix LDAP user group search for nested groups #1238
2023-03-18 16:03:48 -04:00
Nigel Kukard
f44ff7d261 fix: fixed session clearing and let logout_user take care of cleanup
It seems when logging in and logging out, then logging back in, setting
the session timeout to 5 minutes, then waiting for expiry can cause
a situation when using SQLA-based sessions which results in a NULL field
in the database and causes a persistent 500 Internal Server Error.

As per issue 1439 here is a fix found by @raunz.

Resolves #1439.

Tested for about 8 hours and tons and tons of expired sessions, could not
reproduce with the fix applied.
2023-03-18 19:14:58 +00:00
Matt Scott
340e84ab89 Updated MegaLinter workflow to include a manual dispatch option. 2023-03-18 08:52:39 -04:00
Matt Scott
d716f8cc88 Updated various yaml files to include proper opening lines.
Tweaked the name of the stale threads workflow.
2023-03-18 08:48:07 -04:00
Matt Scott
2ca712af49 Updated the stale issue / PR workflow to include better verbiage for the contribution guide.
Also updated the stale issue / PR workflow to exclude security vulnerabilities.
2023-03-17 18:25:05 -04:00
Matt Scott
763f06a830 Corrected URL mistake in stale issue / PR workflow. 2023-03-17 18:16:06 -04:00
Matt Scott
3294ed80f3 Updated labels for the issue templates. 2023-03-17 18:03:18 -04:00
Matt Scott
687571101f Updated stale issue / PR workflow to include proper exceptions. 2023-03-17 17:56:59 -04:00
Matt Scott
ae16e9868a Corrected project name reference mistake in contribution guide. 2023-03-17 17:48:07 -04:00
Matt Scott
fc6d8505b7 Corrected an input type mistake in the bug report and feature request templates.
Corrected URL mistake in the issue template config.yml file.

Updated project README policy reference URLs to use master branch.
2023-03-17 17:29:05 -04:00
Matt Scott
23d6dd1fde Updated project README to include reference to new security policy. 2023-03-17 16:48:11 -04:00
Matt Scott
4b3759d140 Relocated new security policy to the project root to meet GitHub feature expectations. 2023-03-17 16:46:34 -04:00
Matt Scott
5c6cf77996 Updated project README to include references to the new security policy.
Moved the project's code of conduct out of the contributions guide and into the appropriate policy file.

Updated the contribution guide to follow the NetBox project format.

Added various issue templates based on the NetBox project formats but updated for PDA.

Added additional GitHub workflows to handle stale and closed issue and PR management.

Removed legacy stale issue workflow that was not in use.
2023-03-17 16:42:05 -04:00
Matt Scott
a25dda8ac1 Made some formatting tweaks to the authentication settings view to unify section header styling.
Corrected improper markup introduced by recent PR for password complexity requirements.
2023-03-17 15:50:08 -04:00
Matt Scott
4a6d31cfa4
Merge pull request #1457 from nkukard/nkupdates-password-policy
Implement password strength & complexity checking
2023-03-17 15:35:10 -04:00
Matt Scott
78f0332a2d
Merge branch 'dev' into nkupdates-password-policy 2023-03-17 15:31:10 -04:00
Matt Scott
4fa8bf2556
Merge pull request #1454 from nkukard/nkupdates-fix-basic-auth-exception2
fix(auth:basic): Basic auth exception handling improvement
2023-03-17 15:28:20 -04:00
Matt Scott
b23523db4b
Merge pull request #1441 from subbink/1412-rename-domain-to-zone
Finish Updating Zone Nomenclature From Domain
2023-03-17 15:24:26 -04:00
Matt Scott
92be9567de
Merge pull request #1434 from subbink/improve-psql-docs
PostgreSQL Support Improvement
2023-03-17 15:17:41 -04:00
Nigel Kukard
64017195da feat(authentication): check password policy during user profile password change 2023-03-17 03:45:37 +00:00
Nigel Kukard
fc14e9189d feat(authentication): check password policy during registration of new users 2023-03-17 03:45:09 +00:00
Nigel Kukard
1cea4b7ce3 feat(authentication): added password policy checker function 2023-03-17 03:44:08 +00:00
Nigel Kukard
bb6d2d0497 feat(authentication): added admin settings for password policies 2023-03-17 03:42:45 +00:00
Stefan Ubbink
7489e2c9a2 Merge branch '1412-rename-domain-to-zone' of subbink/PowerDNS-Admin into 1412-rename-domain-to-zone 2023-03-16 18:41:19 +01:00
Stefan Ubbink
a9e18ec594 Make sure old history items will also be shown 2023-03-16 18:36:47 +01:00
Stefan Ubbink
a2d1179fd2 Change domain(s) to zone(s) in the python code and docs 2023-03-16 17:02:23 +01:00
Stefan Ubbink
34902f6cf9 Change domain(s) to zone(s) in the templates 2023-03-16 17:02:23 +01:00
Nigel Kukard
17e3a8f942 fix(auth:basic): Basic auth exception handling improvement
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an exception being raised due to a username, password = auth_header.split().

Similary passing a `Digest` authentication type would result in an exception as there is no :.

Thirdly passing invalid base64 encoded UTF-8 code sequences would result in exceptions as this issue (#1424).

I added code to check explicitly that we are doing basic authentication then by checking the number of entries returned by the split.

I also added exception handling for invalid UTF-8 code sequence exceptions.

Tested with a fuzzer.

Tested with valid and invalid credentials.

This fixes #1424.
2023-03-15 01:09:46 +00:00
Matt Scott
73447d396a
Merge pull request #1453 from nkukard/nkupdates-fix-basic-auth-exception
Basic Auth Exception Handling Improvement
2023-03-14 19:37:37 -04:00
Nigel Kukard
24f94abc32 fix(auth:basic): improved API basic auth handling to avoid exceptions
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an
exception being raised due to a `username, password = auth_header.split()`.

I refactored the code in this decorator by checking explicitly that we are doing basic authentication
then by checking the number of entries returned by the split.

I also added exception handling for invalid UTF-8 code sequences.

Tested with a fuzzer.

Tested with valid and invalid credentials.

This fixes #1447.
2023-03-14 23:19:40 +00:00
Matt Scott
57b4457add
Merge pull request #1452 from nkukard/nkupdates-migrations-fix
Fix user confirmed column migration issue
2023-03-14 17:22:34 -04:00
Nigel Kukard
61e607fb3f fix(db:migrate): fix migration user 'confirmed' column migration
This change fixes the migration on the `user` table, `confirmed` column to be compatible with PostgreSQL and MySQL databases.

Fixes #635 which introduced a breaking change for MySQL databases and resolves #1446.

```
Tested on:
- PostgreSQL:14 - WORKING
- PostgreSQL:15 - WORKING
- MariaDB:10.11 - WORKING
- MariaDB:10.10 - WORKING
- MariaDB:10.9  - WORKING
- MariaDB:10.8  - WORKING
- MariaDB:10.7  - WORKING
- MariaDB:10.6  - WORKING
- MariaDB:10.5  - WORKING
- MariaDB:10.3  - WORKING
```
2023-03-14 21:16:50 +00:00
Matt Scott
4751ebed3e
Merge pull request #1451 from nkukard/nkupdates-lxml-fix
Upgrade lxml & python3-saml dependencies with workaround
2023-03-14 17:16:30 -04:00
Nigel Kukard
7e2fa1bfaa fix: fixes Python 3.11 incompatibility using ancient lxml binary PyPI
Fixes Python 3.11 incompatibility using ancient lxml binary PyPI built against old libxml2.

This fixes #1442 and closes #1433.

The issue with python3-saml not working is because the binary lxml wheel is built against a different version of libxml2.

``--no-binary lxml`` can be used to fix this and python3-saml will work.

for references check these:
- https://github.com/onelogin/python3-saml/issues/292
- https://bugs.launchpad.net/lxml/+bug/1960668
- https://github.com/open-formulieren/open-forms/pull/2247

```
Tested on:
 - ubuntu:23.04 - WORKING
 - ubuntu:22.10 - WORKING
 - ubuntu:22.04 - WORKING
 - ubuntu:20.04 - WORKING
 - ubuntu:18.04 - NOT WORKING - pip usage error with -r requirements.txt
 - debian:10    - WORKING
 - debian:11    - WORKING
 - alpine:edge  - WORKING
 - alpine:3.17  - WORKING
 - alpine:3.16  - WORKING
 - alpine:3.15  - WORKING
 - alpine:3.14  - WORKING
 - rockylinux:9 - WORKING
 - rockylinux:8 - NOT WORKING - pip usage error with -r requirements.txt
 - almalinux:9  - WORKING
 - almalinux:8  - NOT WORKING - pip usage error with -r requirements.txt
 - fedora:36    - WORKING
 - fedora:37    - WORKING
 - fedora:38    - WORKING
 - fedora:39    - WORKING
```
2023-03-14 21:12:06 +00:00
Matt Scott
4420621cfe
Merge pull request #1444 from subbink/1237-otp-with-site-name
Make the OTP label the same as the site_name #1237
2023-03-13 19:19:28 -04:00
Stefan Ubbink
6eef5eb59c Make the OTP label the same as the site_name #1237 2023-03-13 18:54:49 +01:00
Stefan Ubbink
a2ef456ad7 Change domain(s) to zone(s) in the python code and docs 2023-03-12 20:44:56 +01:00
Stefan Ubbink
3e9e73fb3a Change domain(s) to zone(s) in the templates 2023-03-12 20:44:56 +01:00
Matt Scott
6a5bc8adeb
Merge pull request #1440 from benshalev849/custom_current_user
Added custom header to be used in the created_by column.
2023-03-12 11:39:33 -04:00
Your Name
6a402969ec Merge branch 'custom_current_user' of https://github.com/benshalev849/PowerDNS-Admin into custom_current_user 2023-03-12 15:33:15 +00:00
Your Name
695d746295 Changed basic_settings.md path 2023-03-12 15:32:32 +00:00
benshalev849
bd30c73ca4
Merge branch 'dev' into custom_current_user 2023-03-12 17:23:44 +02:00