Commit Graph

29 Commits

Author SHA1 Message Date
c842d09195 Overhauled app settings implementation to remove redundancy of definitions. Additionally, re-factored settings initialization code to allow for every setting to be defined by environment variable for both bare metal and Docker container deployments. 2023-04-14 07:12:02 -04:00
8cfc62e9d0 Corrected issue with SERVER_EXTERNAL_SSL setting not being extracted from the app's environment. 2023-04-13 13:40:06 -04:00
003ee07596 Updated the default value of the SERVER_EXTERNAL_SSL environment setting. 2023-04-12 08:07:40 -04:00
ab4495dc46 Completed the implementation of the SERVER_EXTERNAL_SSL environment setting into the app config files.
Completed the implementation of the aforementioned environment setting into the OAuth workflows.

Documented the aforementioned setting in the Environment-variables.md wiki document.
2023-04-08 17:05:27 -04:00
356667f989 Tweaked PR to include the latest asset build changes for CSS minimizer. Also updated the default session storage to use SQLAlchemy instead of the file system. 2023-03-10 16:34:55 -05:00
c707f1e1c5 Added support for dict/json environment variables for docker image 2023-03-10 15:20:18 +02:00
aa70951964 Read flask session type from environment variable and create sessions table if not exist. 2023-03-08 17:05:32 +02:00
68d9fb3755 Support multiple Flask session types, not just filesystem. Set via generic SESSION_TYPE environment variable 2023-03-08 12:08:07 +02:00
63db17ec21 Add missing OIDC env vars
Set SAML_ENABLED default to false
2023-02-23 22:13:19 +01:00
5ad384bfe9 Add support for oidc_oauth_metadata_url configuration option
This commit adds support for the `oidc_oauth_metadata_url` configuration
option. This option specifies the URL of the OIDC server's
metadata endpoint, which contains information about the OIDC server's
endpoints, supported scopes, and other configuration details. By using this
option, we can ensure compatibility with different OIDC servers and reduce
the risk of errors due to manual endpoint configuration.
2023-02-23 09:21:01 +01:00
25dcc81e03 fix: configurable CAPTCHA_ENABLE env when docker use 2023-02-21 00:17:22 +09:00
e82759cbc4 Updated Docker file to include npm as a new requirement for the admin-lte npm module.
Also added session persistence setting to default and docker configuration files.

Changed the default persistence configuration of the default config file to use SQLite instead of MySQL.
2023-02-17 19:00:09 -05:00
948973ac83 Merge branch 'feature/privacy-first' 2023-01-24 05:32:38 -05:00
3a8ad7c444 Remove OFFLINE_MODE config option 2022-06-18 19:11:16 +02:00
52b704baeb Set SameSite on cookies
Setting this attribute on a cookie marks it as non-cross-site, so it
is only send in requests to our own server. It is reasonable that no
one else should need our session or csrf data. Setting it explicitly
also prevents any issues from the ongoing change in browser behaviour [0]
when it is unset.

Seasurf supports the SameSite attribute starting with v0.3. As nothing
obviously broke, I used the opportunity and updated all the way to the
most recent version.

The SeaSurf default for SameSite is already `Lax`, so it only needs to
be set for the session cookie.

[0] https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
2022-06-18 18:51:42 +02:00
1a77524447 Allow secure cookies in docker
Setting these two options to True is recommended if (and only if) you
serve PDA via TLS. It will break things on plain-HTTP deployments.
For plain deployments these can be set in the flask config file, for
docker they have to be whitelisted to be set via env vars.
2022-06-18 18:51:42 +02:00
ae2ad6527a Set csrf cookie to httponly
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.

The Sesson-cookie is already httponly by default [0].

[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
2022-06-18 18:51:42 +02:00
3081036c2c Env oauth url (#1030)
Overriding settings in DB using environment variable in docker
2021-11-05 18:22:38 +02:00
39cddd3b34 SAML improvements for Docker (#929)
* Fix typo in managing user account membership with SAML assertion

* Support more config options from Docker env.

* Improve support for SAML key and cert from Docker secrets

Co-authored-by: Ian Bobbitt <ibobbitt@globalnoc.iu.edu>
2021-05-07 23:36:55 +02:00
7f86730909 allow-server-side-sessions (#855) 2021-01-24 09:09:53 +01:00
eb730be8f9 Add remote user config settings 2020-05-25 14:12:32 +01:00
483c767d26 Offline installation and searchable inputs 2020-04-30 17:20:37 +00:00
06266846ec Use sqlite by default in docker
This allows for easy setup with no extra configuration.
Also update docs to reflect the new and easy way to run PowerDNS-Admin.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2020-04-20 18:32:36 -04:00
452c4a02d8 Merge pull request #690 from Atisom/master
SAML debug attributes
2020-04-06 09:40:03 +07:00
b2d72d6603 Fix docker bool config value 2020-04-02 09:41:26 +07:00
7e97bec07f Add docker secrets support 2020-03-27 00:59:28 +01:00
a581aa3cf2 add SAML_ASSERTION_ENCRYPTED envrionment 2020-03-25 21:35:20 +00:00
7739bf7cfc Add user email verification 2019-12-21 21:43:03 +07:00
840e2a4750 Update docker stuff and bug fixes 2019-12-04 11:50:46 +07:00