Matt Scott
ece9626212
Updated the OAuth login handlers to utilize uniform user naming variables.
...
Updated the GitHub login process to split the user's full name based on spaces so that first and last name are filled in on PDA profile.
2023-04-08 18:14:40 -04:00
Matt Scott
9168dd99e0
Updated the OAuth login handlers to utilize uniform user naming variables.
...
Updated the GitHub login process to split the user's full name based on spaces so that first and last name are filled in on PDA profile.
2023-04-08 18:11:55 -04:00
Matt Scott
a46ab760fd
Reorganized universal OAuth fields' order to a uniform standard. Also updated the Client ID
field prompts to a uniform standard.
2023-04-08 17:40:30 -04:00
Matt Scott
ee9012fa24
Completed OAuth change to make the use of the metadata URL setting exclusive to the authorization and token URL settings. If the former is defined, it will be used in preference to the latter.
2023-04-08 17:14:55 -04:00
Matt Scott
ab4495dc46
Completed the implementation of the SERVER_EXTERNAL_SSL
environment setting into the app config files.
...
Completed the implementation of the aforementioned environment setting into the OAuth workflows.
Documented the aforementioned setting in the Environment-variables.md wiki document.
2023-04-08 17:05:27 -04:00
Stefan Ubbink
a2429ad9d6
Make it possible again to use a different Zone Type than 'native', fixes #1501
2023-04-02 20:46:32 +02:00
Matt Scott
19335439bd
Completed the removal of the OAuth JWKS URL setting as well as the update of how the existing metadata URL settings are being used.
...
For additional information, reference GitHub issue #1499 .
2023-04-02 09:19:05 -04:00
Rauno Tuul
e0dffff325
Fix activity search form structure
2023-03-25 11:47:58 +02:00
Nigel Kukard
a954800869
fix(api): fixed internal server error being generated from invalid UTF-8 encoded X-API-KEY
2023-03-22 01:27:52 +00:00
Nigel Kukard
138532fb95
fix: allow the specification of any combination of groups in LDAP group security configuration
...
Previous behavior required the specification of all three group security groups before the
"Save Settings" button would be enabled.
This adds a check into users.py which checks that the group is set before searching and
removes the javascript preventing the specification of any combination of groups.
Tested:
- Tested all combinations on AD after MR 1238
- Tested all combinations on OpenLDAP
- Tested enabling the Group Security with no groups set which correctly prevents login
Resolves #1462
2023-03-18 20:30:52 +00:00
Matt Scott
c24b4b047d
Merge pull request #1461 from nkukard/nkupdates-fix-session-clear
...
fix: fixed session clearing and let logout_user take care of cleanup
2023-03-18 16:05:20 -04:00
Matt Scott
defb3e5a48
Merge pull request #1238 from melck/fix-ldap-ad-nested-member
...
Fix LDAP user group search for nested groups #1238
2023-03-18 16:03:48 -04:00
Nigel Kukard
f44ff7d261
fix: fixed session clearing and let logout_user take care of cleanup
...
It seems when logging in and logging out, then logging back in, setting
the session timeout to 5 minutes, then waiting for expiry can cause
a situation when using SQLA-based sessions which results in a NULL field
in the database and causes a persistent 500 Internal Server Error.
As per issue 1439 here is a fix found by @raunz.
Resolves #1439 .
Tested for about 8 hours and tons and tons of expired sessions, could not
reproduce with the fix applied.
2023-03-18 19:14:58 +00:00
Matt Scott
a25dda8ac1
Made some formatting tweaks to the authentication settings view to unify section header styling.
...
Corrected improper markup introduced by recent PR for password complexity requirements.
2023-03-17 15:50:08 -04:00
Matt Scott
78f0332a2d
Merge branch 'dev' into nkupdates-password-policy
2023-03-17 15:31:10 -04:00
Matt Scott
4fa8bf2556
Merge pull request #1454 from nkukard/nkupdates-fix-basic-auth-exception2
...
fix(auth:basic): Basic auth exception handling improvement
2023-03-17 15:28:20 -04:00
Nigel Kukard
64017195da
feat(authentication): check password policy during user profile password change
2023-03-17 03:45:37 +00:00
Nigel Kukard
fc14e9189d
feat(authentication): check password policy during registration of new users
2023-03-17 03:45:09 +00:00
Nigel Kukard
1cea4b7ce3
feat(authentication): added password policy checker function
2023-03-17 03:44:08 +00:00
Nigel Kukard
bb6d2d0497
feat(authentication): added admin settings for password policies
2023-03-17 03:42:45 +00:00
Stefan Ubbink
a9e18ec594
Make sure old history items will also be shown
2023-03-16 18:36:47 +01:00
Stefan Ubbink
a2d1179fd2
Change domain(s) to zone(s) in the python code and docs
2023-03-16 17:02:23 +01:00
Stefan Ubbink
34902f6cf9
Change domain(s) to zone(s) in the templates
2023-03-16 17:02:23 +01:00
Nigel Kukard
17e3a8f942
fix(auth:basic): Basic auth exception handling improvement
...
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an exception being raised due to a username, password = auth_header.split().
Similary passing a `Digest` authentication type would result in an exception as there is no :.
Thirdly passing invalid base64 encoded UTF-8 code sequences would result in exceptions as this issue (#1424 ).
I added code to check explicitly that we are doing basic authentication then by checking the number of entries returned by the split.
I also added exception handling for invalid UTF-8 code sequence exceptions.
Tested with a fuzzer.
Tested with valid and invalid credentials.
This fixes #1424 .
2023-03-15 01:09:46 +00:00
Nigel Kukard
24f94abc32
fix(auth:basic): improved API basic auth handling to avoid exceptions
...
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an
exception being raised due to a `username, password = auth_header.split()`.
I refactored the code in this decorator by checking explicitly that we are doing basic authentication
then by checking the number of entries returned by the split.
I also added exception handling for invalid UTF-8 code sequences.
Tested with a fuzzer.
Tested with valid and invalid credentials.
This fixes #1447 .
2023-03-14 23:19:40 +00:00
Stefan Ubbink
6eef5eb59c
Make the OTP label the same as the site_name #1237
2023-03-13 18:54:49 +01:00
benshalev849
bd30c73ca4
Merge branch 'dev' into custom_current_user
2023-03-12 17:23:44 +02:00
Matt Scott
84cfd165b4
Re-arranged side navigation to include the "Global Search" feature regardless of user role as the global search feature is now accessible to all users.
...
Also moved the "Activity" feature link higher in the menu to remove duplicate code from the navigation code base.
2023-03-12 10:27:04 -04:00
Your Name
ee68b18e27
Added custom header in created_by segment option
2023-03-12 13:36:30 +00:00
Matt Scott
1afe9b4908
Finished adding new OAuth Server Metadata URL setting to Google, GitHub, and Microsoft OAuth service configuration features.
2023-03-12 09:13:54 -04:00
Matt Scott
fd30e3ff49
Added new JWKS URL setting for each OAuth provider and updated the associated authorization service to use the setting during the initialization of the authlib.
2023-03-11 14:46:58 -05:00
Matt Scott
87891a3eb9
Re-formatted the assets.py file to current PEP8 standards.
...
Modified the yarn.lock file to remove what appears to be a dependency overwrite for Font Awesome icons which results in an older 5.x release overwriting the newer 6.x release.
2023-03-11 08:48:19 -05:00
Matt Scott
dd867eb4e8
Added application version to base template footer, starting with the next planned production release of 0.4.0.
2023-03-10 18:43:20 -05:00
Matt Scott
cb929c3265
Tweaked the assets.py build script to switch to rcssmin for the login CSS build process.
2023-03-10 18:16:55 -05:00
Matt Scott
c617aa1483
Merge branch 'raunz-session_type_sqlalchemy' into dev
2023-03-10 16:35:22 -05:00
Matt Scott
356667f989
Tweaked PR to include the latest asset build changes for CSS minimizer. Also updated the default session storage to use SQLAlchemy instead of the file system.
2023-03-10 16:34:55 -05:00
Matt Scott
1d6fdb1c23
Merge branch 'session_type_sqlalchemy' of github.com:raunz/PowerDNS-Admin into raunz-session_type_sqlalchemy
2023-03-10 16:27:06 -05:00
Matt Scott
26f3f79388
Corrected unauthorized side navigation change regarding the placement of the "Global Search" feature.
...
Removed the statistics and recent activity / history data display from the dashboard view.
2023-03-10 16:23:33 -05:00
Matt Scott
6be6f3d389
Updated core project to also use rcssmin filter.
2023-03-10 16:10:42 -05:00
Rauno Tuul
aa70951964
Read flask session type from environment variable and create sessions table if not exist.
2023-03-08 17:05:32 +02:00
Rauno Tuul
68d9fb3755
Support multiple Flask session types, not just filesystem. Set via generic SESSION_TYPE environment variable
2023-03-08 12:08:07 +02:00
Lukas
d055fd83c5
Documentation, Fix
2023-03-08 08:52:27 +01:00
Matt Scott
4933351ac1
Revert "Revert "Clean up dashboard zone tabs""
...
This reverts commit 5f2fc514df
.
2023-03-06 08:30:00 -05:00
Matt Scott
5f2fc514df
Revert "Clean up dashboard zone tabs"
...
This reverts commit fc39cc40ee
.
2023-03-04 11:27:44 -05:00
Matt Scott
9003b3f6c8
Merge pull request #1422 from corubba/feature/dashboard-tab-cleanup
...
Clean up dashboard zone tabs
2023-03-04 11:03:57 -05:00
Matt Scott
840076dae3
Merge pull request #1423 from corubba/feature/history-diff
...
Diff-ify changelog view for zone changes
2023-03-04 10:59:44 -05:00
Matt Scott
f5ddcc5809
Merge pull request #1421 from corubba/feature/sorting
...
Sort records label-wise right to left
2023-03-04 10:56:59 -05:00
Matt Scott
7f6924a966
Merge pull request #1420 from MDXDave/patch-1
...
Fixed scrolling on long content
2023-03-04 10:56:18 -05:00
Matt Scott
f4f1f31575
Merge pull request #1378 from raunz/global_search_for_all_users
...
Global Search available for all users
2023-03-04 10:54:49 -05:00
Matt Scott
062cb032c5
Merge pull request #1379 from raunz/dashboard_improvements
...
Fix dashboard MySQL performance with large history for standard users
2023-03-04 10:54:12 -05:00