Jeroen Boonstra
734a6d5b32
Enable bg updates
2018-06-08 11:46:17 +02:00
Khanh Ngo
ecdb9b9328
Merge pull request #275 from tmuncks/dont-revoke-your-own-rights
...
Fix user deletion
2018-06-08 09:16:49 +07:00
Thomas M Steenholdt
90f08ee92e
Fix user deletion
...
An improper check causes problems when trying to delete a user. This fixes that error.
(cherry picked from commit 3c838cc0e4a2d4904d0fc919fb88c58ebd4fe4bd)
2018-06-07 15:34:28 -02:00
Khanh Ngo
2958ae663c
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes
2018-06-07 09:28:14 +07:00
Khanh Ngo
6f54b1a9de
Merge remote-tracking branch 'tmuncks/dnssec-admin-only'
2018-06-07 08:53:01 +07:00
Khanh Ngo
2c5a98aca4
Merge pull request #273 from tmuncks/dont-revoke-your-own-rights
...
Restrict certain admin changes on the current user
2018-06-07 08:48:44 +07:00
Thomas M Steenholdt
5d40c42bbf
Fix OTP validation
...
The result from the form is never an int but rather a string of digits, so that's what we should be checking for.
This fixes OTP validation
(cherry picked from commit 5fe3c8b9f92665db54d74dc6b2334666c318bf0c)
2018-06-06 09:19:30 -02:00
Thomas M Steenholdt
ccec6c37b4
Restrict certain admin changes on the current user
...
Disable the admin toggle and delete operations from the current user, to avoid accidents.
(cherry picked from commit b0f5ac6df5d31f612dc833a88cfca8936c4137d7)
2018-06-06 09:15:25 -02:00
Thomas M Steenholdt
10f47039ec
Add config option to allow DNSSEC changes only for admins
...
DNSSEC requires changes to the parent domain, which in many cases requires special access to a registry or the like.
For that reason, especially the option to disable DNSSEC can be dangerous - if DNSSEC is disabled in PowerDNS but not in the registry, the domain stops working.
For this reason, adding an option to disable DNSSEC changes for non-admins seems reasonable.
(cherry picked from commit 5cdfc0263b07f4658d51cf7c038fea9a8911152a)
2018-06-06 08:53:44 -02:00
Thomas M Steenholdt
a4af4ad4b3
Implement per account domain access
...
Added the possibility for assigning users to an account, providing access to all domains associated with that account automatically.
This makes management easier, especially in installations with lots of domains and lots of managing entities.
The old style per-domain permissions are still there and working as usual. The two methods work perfectly side-by-side and are analogous to "user" (per-domain) and "group" (account) permissions as we know them from Active Directory and such places.
(cherry picked from commit 34fbc634d2848a7f76dc89a03dd8c0604068cc17)
2018-06-05 16:42:44 -02:00
Thomas M Steenholdt
a3a58f16a5
Initial support for Accounts
...
This adds initial support for accounts a concept meant to signify a customer, a department or any other entity that somehow owns or manages one or more domains.
The purpose is to be able to assign an account to any number of domains, making it easy to track who owns or manages a domain, significantly improving manageability in setups with a large number of domains.
An account consists of a mandatory, unique `name` and optional `description`, `contact` name and `mail` address. The account `name` is stripped of spaces and symbols, and lower cased before getting stored in the database and in PowerDNS, to help ensure some type of predictability and uniqueness in the database.
The term *account* is actually taken from the PowerDNS database, where the `domains.account` column is used to store the account relationship, in in the form of the account `name`.
The link to a domain in PowerDNS-Admin is done through the `domain.account_id` FOREIGN KEY, that is linked to the `account.id` PRIMARY KEY.
(cherry picked from commits 4e95f33dfb0676d1c401a033c28bca3be7d6ec26, da0d596bd019a339549e2c59630a8fdee65d0e22, 7f06e6aaf4fd8011c784f24b7bbbba5f52aef319, 1c624dad8749024033d1d15dd6242ca52b39f135)
2018-06-04 13:10:02 -02:00
Khanh Ngo
4daf6f72a7
Merge pull request #256 from rene-dekkers/nonint_error
...
Fail when non-numeric otp token was inserted
2018-05-18 10:43:26 +07:00
René Dekkers
08335cdedc
Fail when non-numeric otp token was inserted
2018-05-07 15:32:15 +02:00
Ian Bobbitt
73d5215d3a
Improve SAML support
...
Accept IdP EntityID to use when metadata contains more than one IdP.
Allow specifying attribute names to get given name, surname, and email address.
Allow specifying NameIDFormat to request.
Allow specifying whether to get username from a named attribute, or NameID.
Allow getting administrator state from attribute.
2018-05-02 22:56:22 +00:00
Khanh Ngo
3d8d94f280
Validate registration process. Change copyright year.
2018-04-18 13:16:02 +07:00
Khanh Ngo
01a5528c4a
Merge remote-tracking branch 'mind04/template-relative'
2018-04-13 09:25:23 +07:00
Kees Monshouwer
df9e392e26
domain stripping was not limited to the end of a name
2018-04-12 12:01:59 +02:00
Khanh Ngo
52b6966c83
Check zone serial before allowing user to submit their change. #183
2018-04-12 11:18:44 +07:00
Kees Monshouwer
fc737cf61f
strip domain part from names while cloning a zone to a template
2018-04-11 18:14:42 +02:00
Khanh Ngo
84d4bfaed0
Mark LDAP authentication as external_auth. Fix OTP secret update. #237
2018-04-10 08:59:28 +07:00
Khanh Ngo
fdf849744b
Fix #238
2018-04-10 07:08:22 +07:00
Khanh Ngo
5354d27f88
Fix #234
2018-04-08 09:09:08 +07:00
Khanh Ngo
0826702537
Update config template
2018-04-06 13:22:09 +07:00
Khanh Ngo
17a892b18d
Resolve the conflicts for #228
2018-04-02 13:38:53 +07:00
Khanh Ngo
3efafecb30
Fix #194
2018-04-01 15:51:56 +07:00
Khanh Ngo
bfb54e8bda
Add LDAP_ENABLE in config file
2018-04-01 15:08:55 +07:00
Khanh Ngo
1c54f008f4
Change string to new format
2018-04-01 07:57:41 +07:00
Khanh Ngo
29d1cf4117
Adjustment in domain template feature to work with python3
2018-03-31 08:21:02 +07:00
Khanh Ngo
aa2b29dac3
Adjustment to give user access to granted domain only
2018-03-31 07:32:46 +07:00
Khanh Ngo
51cdba8228
User path: instead of string: in routes
2018-03-31 06:52:14 +07:00
Khanh Ngo
c668c21fc9
Adjustment to prevent exception in Google/Github authentication when local user cannot be created
2018-03-30 17:43:34 +07:00
Khanh Ngo
896abdbdbc
Merge remote-tracking branch 'dkeightley/ns-record-support' into development
2018-03-30 15:49:35 +07:00
Khanh Ngo
63e7d89df1
Adjustment to be able to show ALL domain in dashboard table
2018-03-30 15:40:43 +07:00
Khanh Ngo
f318c437c1
Merge remote-tracking branch 'hackedd/feature/server-side-domain-list' into development
2018-03-30 15:34:07 +07:00
Khanh Ngo
b5b3b77acb
Adjustment to work with Python3
2018-03-30 13:49:35 +07:00
thomasDOTde
88c6d6ee33
missed to change one import for issue #19
2018-03-28 11:43:54 +02:00
thomasDOTde
f014798374
fixed ngoduykhanh/PowerDNS-Admin issue 194
2018-03-28 02:06:09 +02:00
thomasDOTde
5ed8a33c7e
added feature requested in issue #28
2018-03-28 01:41:33 +02:00
Jeroen Boonstra
c8d9f4bf22
changes response
2018-03-05 15:11:42 +01:00
Jeroen Boonstra
5ea70023ff
remove dnssec keys
2018-03-05 15:06:40 +01:00
Jeroen Boonstra
a829509324
enable dnssec endpoint added
2018-03-01 08:27:10 +01:00
Jeroen Boonstra
d5d0948ab8
Export PDNS version to frontend
2018-02-28 13:39:05 +01:00
unknown
b832fc1768
Reverse zone PTR type entries not shown bug fix. Added NS, LOC and TXT types in reverse zones. Added LOC type in forward zone.
2018-02-16 21:02:16 +02:00
Vadim Aleksandrov
cff534890f
Deny to delete 'SOA' record
2018-02-07 22:47:52 +03:00
Vadim Aleksandrov
12cfc4dbc1
Added the ability to create a template based on the zone records
2018-02-07 22:44:46 +03:00
Vadim Aleksandrov
52a5789c85
Add first working draft of domain templating functionality
2018-02-07 22:30:29 +03:00
thomasDOTde
92d7ca3870
added application certificate handling for signed SAML messages
2018-01-20 17:17:02 +01:00
thomasDOTde
050b822636
cleaup after merged pr
2017-12-05 12:59:08 +01:00
NomenNescio
d5b2dedd7f
small fixes for return url after saml logout
2017-12-05 12:28:54 +01:00
thomasDOTde
85c07210db
fixed name-id formating and name-id
2017-12-05 03:48:18 +01:00
thomasDOTde
e535ce0822
fixed session check
2017-12-05 00:23:10 +01:00
thomasDOTde
60086d5d15
added standard SAML logout method using metadata
2017-12-05 00:14:31 +01:00
NomenNescio
47cf1aff4a
added configurable logout redirect URL
2017-12-04 14:43:58 +01:00
thomasDOTde
d65efe477a
ensure authentication isn't possible without password
2017-11-06 23:36:11 +01:00
thomasDOTde
5a1a4b0161
Merge remote-tracking branch 'origin/master'
2017-11-03 12:24:54 +01:00
thomasDOTde
54e61bf072
added custom error page for SAML authentication errors
2017-11-03 12:24:25 +01:00
Thomas
4a4b03a7d0
Merge pull request #11 from ssendev/patch-1
...
Allow to change root domain record via dyndns
2017-11-03 00:36:06 +01:00
thomasDOTde
37fee207a5
marked google oauth users as external
2017-11-01 22:30:08 +01:00
Thomas
83a0396350
Merge branch 'master' into feature-google-oauth
2017-11-01 22:18:43 +01:00
Thomas
ff9a6fcfba
Merge pull request #2 from thomasDOTde/upstream-access-control
...
Add access control for non-admin users from hackedd
2017-11-01 21:47:14 +01:00
Paul Hooijenga
9a4021d5e5
Add access control for non-admin users
...
(cherry picked from commit 6e5b704)
2017-11-01 21:40:15 +01:00
thomasDOTde
cd3b41553d
fixed link for alternative login methods
2017-11-01 13:55:57 +01:00
thomasDOTde
baa960aad6
raised password length to 30 for external accounts.
...
fixed error_checking for saml-authentication
2017-11-01 13:31:41 +01:00
thomasDOTde
12c957bf5f
disabled profile usage when authenticated externally
2017-11-01 01:34:29 +01:00
thomasDOTde
31eaee8e0b
added saml authentication
2017-10-31 22:38:26 +01:00
thomasDOTde
933d678e83
added SAML auth basics and metadata
2017-10-31 19:21:22 +01:00
patito
a4b9722d47
Google OAuth
2017-09-22 15:28:09 +01:00
Paul Hooijenga
5d09daf8eb
Fix dashboard domain query for non-admin users
2017-09-15 15:14:04 +02:00
dkeightley
8cdfab1c7c
Added NS record for forward and reverse domains
2017-07-03 15:53:26 +12:00
Paul Hooijenga
bcb2b06124
Do filtering and pagination of domains server-side.
2017-06-30 18:18:06 +02:00
SIPOS, Peter
1538cf0239
Limit record selection in reverse lookup domain to PTR
...
And also fix the default type selection of a new record
2016-11-21 15:52:07 +01:00
SIPOS, Peter
2d61c56e7b
Add auto-ptr setting injection
2016-11-21 13:42:00 +01:00
Felix Kaechele
b8e38b4d2f
Replace PyQRCode with qrcode
...
qrcode is more common and better maintained
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 06:41:22 -07:00
Joachim Tingvold
671a319e93
Pretty IPv6 PTR. Use the actual IPv6 address when editing PTR.
...
Rather than dealing with ip6.arpa-dotted-strings from hell, you can
now edit IPv6 PTR-records using the IPv6 address.
2016-08-19 23:04:20 +00:00
ssendev
03e0f50795
Allow to change root domain record via dyndns
2016-08-18 22:05:15 +02:00
timfeirg
683f633d7d
minor code style change
2016-08-13 00:49:53 +08:00
CMGS
186aedcfc7
github oauth login
2016-08-13 00:49:46 +08:00
Tamás Dévai
01dd8fd893
Fix route when the zone name containing slash character.
2016-08-02 10:59:31 +02:00
Khanh Ngo
e7a4fb5e6a
Force loading gravatar over https
2016-07-14 00:05:55 +07:00
Khanh Ngo
ee033f2198
Add Gravatar to display user's avatar
2016-07-13 21:33:21 +07:00
Khanh Ngo
ff842f66e2
Merge pull request #77 from jallakim/default-settings
...
Settings: Default domain table size + LDAP first/selected if both LDAP+Basic
2016-07-06 09:30:56 +07:00
Ivan Filippov
273a63db12
Validate ondemand_creation if the setting does not exist for a domain.
2016-07-05 19:22:57 -06:00
Ivan Filippov
58c19894a1
Convert value returned from UI to string before storing it in DB.
...
This should allow for differences in how database engine store booleans.
2016-07-05 19:22:57 -06:00
Ivan Filippov
856b5ec84f
Records added via DynDNS are now active. Fixes #61 .
2016-07-05 19:22:57 -06:00
Ivan Filippov
d093c1976d
Add per-domain settings. Allows ondemand dyndns A records. Fixes #61 .
...
This commit adds a new table to store per-domain settings, so a database
migrate/upgrade will be required. The first use-case is to allow dyndns
updates to create a record if one doesn't yet exist but only if the
per-domain setting is set.
2016-07-05 19:22:57 -06:00
Joachim Tingvold
9dc3c3ff98
Set LDAP as source if both LDAP and Basic is enabled.
2016-07-05 15:28:02 +00:00
Joachim Tingvold
ea42c78b9a
default_domain_table_size setting.
2016-07-05 15:14:41 +00:00
Khanh Ngo
1b052f7fc0
Merge pull request #60 from CaptainQwark/master
...
fix for pdns 4.0.0-rc2+ apply changes problems
2016-07-02 17:35:58 +07:00
Ivan Filippov
372dd52977
Fix checkip.html route not working when not behind a proxy. Fixes #62
2016-07-01 16:03:19 -06:00
CaptainQwark
9db71eaef5
fix for updates on pdns 4.0.0-rc2+ and remove flask.ext deprecation warnings
2016-07-01 21:46:13 +02:00
CaptainQwark
e32186409a
fixed order_by syntax on history view
2016-06-30 22:04:59 +02:00
Khanh Ngo
7f5a57f80c
Bug fix
2016-06-26 20:53:29 +07:00
Khanh Ngo
2bc2f60721
Adjustment to show latest histories in the dashboard
2016-06-20 16:50:00 +07:00
Khanh Ngo
981c38cacb
Add dyndns feature
2016-06-20 16:32:14 +07:00
Khanh Ngo
f4e2c3b3df
Add OTP authentication feature
2016-06-16 15:36:05 +07:00
Khanh Ngo
a14ccec39e
Fix SignUp config feature
2016-06-13 11:48:48 +07:00
Ivan Filippov
39564f9c6e
Add 'default_record_table_size' setting to allow changing table size.
...
Fixes #36 .
2016-06-08 19:23:08 -06:00
Khanh Ngo
b0e863863c
Adjustment to add multiple records which have same name and type. Add trailing dot in the record's content
2016-06-08 11:00:55 +07:00
Ivan Filippov
3a79fe66c8
Re-organized error templates. Enabled default error handling.
2016-05-15 16:01:57 -06:00
Ivan Filippov
7f8b69765a
Add 'create user' template and functionality. Fixes #39
2016-05-15 14:29:43 -06:00