Commit Graph

350 Commits

Author SHA1 Message Date
Khanh Ngo
f8f4ddcc85
Add validation for authentication setting form 2018-08-19 22:08:14 +07:00
Khanh Ngo
babf62bae0
Fix Github/Google oAuth 2018-08-19 15:29:50 +07:00
Khanh Ngo
ada6f844ff
Read LDAP config from DB instead of file. Adjustment in site titles 2018-08-18 22:42:18 +07:00
Khanh Ngo
4b9349c83e
Create DB config for pdns and authentication setting 2018-08-18 18:41:59 +07:00
Khanh Ngo
7b5c74cc7d
Merge pull request #330 from tmuncks/add-user-edit
Add option to edit users from the comfort of the UI
2018-08-14 08:52:20 +07:00
Khanh Ngo
3733cd750c
Merge pull request #329 from icb-/saml-binding
Allow specifying SAML2 SSO binding format.
2018-08-13 10:40:38 +07:00
Thomas M Steenholdt
fe4616d609 Do user.otp_secret check properly 2018-08-13 01:33:29 -02:00
Thomas M Steenholdt
539e6bc562 Fix double refresh when activating 2FA
When toggling Two Factor Authentication, it often takes a few tries to get it to work.
The toggle function ends up reloading the page in two different places, effectively creating a race condition.

This fixes that problem

(cherry picked from commit 6b9fc897bc02ff857a968e76ed49f1b0f2108bb5)
2018-08-12 07:48:34 -02:00
Thomas M Steenholdt
0ac33aa3c4 Add option to edit users from the comfort of the UI
Update user management feature to allow editing user details directly in the admin user interface.

Also added an option to reset the two factor authentication data of a user, for when that's needed (lost device, technical issues etc).

(cherry picked from commit 3139616282a18c11463c6ecf78888417b2ac1c35)
2018-08-12 07:47:37 -02:00
Ian Bobbitt
2e96b41725 Allow specifying SAML2 SSO binding format. 2018-08-11 09:14:16 -04:00
Khanh Ngo
9ed09e92fc
Fix ldap authentication 2018-08-09 16:21:42 +07:00
Dennis Schubert
20dcdbbb66
Decode passwords as UTF-8 on profile updates as well
Resolves #324
2018-08-08 04:23:20 +02:00
Khanh Ngo
47d5858fc6 Merge branch 'fix-saml' 2018-08-07 09:09:34 +07:00
Thomas M Steenholdt
0979d9fca0 Tolerate pdns 3.x API deficiencies
PowerDNS 3.x API does not support setting or getting account info.

This patch lets PowerDNS 3.x users use the rest of the interface without problems.
Account stuff still does not work.

A message is logged in debug mode, to help with troubleshooting on newer versions
of PowerDNS.
2018-07-30 09:15:55 -02:00
Khanh Ngo
96a9c12300 Log user's ip address when they login 2018-07-05 14:25:05 +07:00
Khanh Ngo
178e25f8f7
Fix domain table modal to prevent removing several record at the same time 2018-07-05 13:58:27 +07:00
Khanh Ngo
d9baaa4d60 Fix #302 2018-07-05 09:57:08 +07:00
Ian Bobbitt
480989e86a Manage Account memebership for SAML Users 2018-06-25 12:18:42 +00:00
Ian Bobbitt
765351c5e9 Emit audit history when SAML assertions promote or demote a user. 2018-06-24 23:54:29 +00:00
Ian Bobbitt
17a61d04b5 Merge remote-tracking branch 'upstream/master' into fix-saml
Cleaning up conflicts with upstream changes.
2018-06-24 22:31:54 +00:00
Thomas M Steenholdt
31305a3048 Add setting to allow/disallow quick editing of records
Adds an `allow_quick_edit` setting, using the improved setting handling logic from PR #287 to toggle whether records are editable by simply clicking the row or not.

Aims to fix #288
2018-06-24 00:25:33 -02:00
Thomas M Steenholdt
4597e55379 Fix typo in function set_maintenance
Fix a simple typo in the `set_maintenance` function in the `Setting` class.

The function does not seem to be actually used anywhere.
2018-06-21 22:10:50 -02:00
Thomas M Steenholdt
6c8a3ac36c Move setting definitions into code (rather than database).
For a setting to be useful, the code has to be able to make sense of it anyway. For this reason it makes sense, that the available settings are defined within the code, rather than in the database, where a missing row has previously caused problems. Instead, settings are now written to the database, when they are changed.

So instead of relying on the database initialization process to create all available settings for us in the database, the supported settings and their defaults are now in a `defaults` dict in the Setting class. With this in place, we can stop populating the `setting` table as a part of database initialization and it will be much easier to support new settings in the future (we no longer need to do anything to the database, to achieve that).

Another benefit is that any changes to default values will take effect automatically, unless the admin has already modified that setting to his/her liking.

To make it easier to get the value of a setting, falling back to defaults etc, a new function `get` has been added to the Setting class. Call it as `Setting().get('setting_name'), and it will take care of returning a setting from the database or return the default value for that setting, if nothing was found.

The `get` function returns `None`, if the setting passed to the function, does not exist in the `Setting.defaults` dict - Indicating that we don't know of a setting by that name.
2018-06-21 22:06:38 -02:00
Khanh Ngo
585985e4f0
Merge changes from master, PR #280 and resolve conflicts 2018-06-13 11:05:53 +07:00
Khanh Ngo
c2df132040 Merge remote-tracking branch 'kaechele/use-webassets' 2018-06-13 09:58:15 +07:00
Khanh Ngo
8a22e030cd
Merge and resolve the conflicts from master 2018-06-13 09:35:19 +07:00
Thomas M Steenholdt
daba67611b Enable pool_pre_ping in DB connection
To avoid problems with inactive DB connections, SQLAlchemy provides a `pool_pre_ping` option, that described in more detail here:

http://docs.sqlalchemy.org/en/latest/core/pooling.html#disconnect-handling-pessimistic

In flask environments, it's enabled by subclassing SQLAlchemy, which is what I've done here.

Fixes errors like:
sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (2006, 'MySQL server has gone away') which results in an Error 500 in the UI.
2018-06-12 14:01:25 -02:00
Khanh Ngo
aa6909065d Merge remote-tracking branch 'tmuncks/initial-accounts' 2018-06-12 16:17:55 +07:00
Felix Kaechele
1bf869f508 Add webassets support
Also updates AdminLTE to latest stable version.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 21:16:28 +02:00
Felix Kaechele
17fb6b0ddd Delete bundled libraries
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 12:57:09 +02:00
Khanh Ngo
003310665c Merge branch 'master' into flask_migrate 2018-06-11 17:05:01 +07:00
Khanh Ngo
b7dac8a565 Merge remote-tracking branch 'ProviderNL/feature/bg_domain_updates' 2018-06-11 16:52:03 +07:00
Khanh Ngo
a6f0bf26d4
Use Flask-Migrate for db migration 2018-06-11 10:58:47 +07:00
Thomas M Steenholdt
0a670845fa Automatically rectify DNSSEC enabled zones
For DNSSEC enabled zones to function correctly, they need to be rectified on update.

This changes the DNSSEC enable/disable code to set API-RECTIFY:

To `true` when activating DNSSEC on a domain
To `false` when deactivating DNSSEC on a domain

With this, PowerDNS promises to handle the needed rectifications.

(cherry picked from commit 5d15d8899cc03a4a7d433d33c2c4b1da09b5eb2d)
2018-06-10 21:47:19 -02:00
Jeroen Boonstra
18133ab19c Add ajax call for refresh 2018-06-08 13:26:06 +02:00
Jeroen Boonstra
689b25817c Add action to dialog 2018-06-08 13:25:43 +02:00
Jeroen Boonstra
e334749382 Add dialog for refresh status 2018-06-08 13:25:21 +02:00
Jeroen Boonstra
9732961854 Add refesh button 2018-06-08 13:23:04 +02:00
Jeroen Boonstra
39d3a4d6ac add bg settings for button 2018-06-08 13:22:03 +02:00
Jeroen Boonstra
8b2083be77 Add domain refresh endpoint 2018-06-08 13:21:17 +02:00
Jeroen Boonstra
734a6d5b32 Enable bg updates 2018-06-08 11:46:17 +02:00
Khanh Ngo
ecdb9b9328
Merge pull request #275 from tmuncks/dont-revoke-your-own-rights
Fix user deletion
2018-06-08 09:16:49 +07:00
Thomas M Steenholdt
90f08ee92e Fix user deletion
An improper check causes problems when trying to delete a user. This fixes that error.

(cherry picked from commit 3c838cc0e4a2d4904d0fc919fb88c58ebd4fe4bd)
2018-06-07 15:34:28 -02:00
Khanh Ngo
2958ae663c
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 09:28:14 +07:00
Khanh Ngo
6f54b1a9de Merge remote-tracking branch 'tmuncks/dnssec-admin-only' 2018-06-07 08:53:01 +07:00
Khanh Ngo
70b3060f5d
Merge pull request #271 from sinzee/patch-1
Update models.py
2018-06-07 08:50:48 +07:00
Khanh Ngo
2c5a98aca4
Merge pull request #273 from tmuncks/dont-revoke-your-own-rights
Restrict certain admin changes on the current user
2018-06-07 08:48:44 +07:00
Thomas M Steenholdt
2b3b67a3af Fix foreign key constraint error on MySQL
(cherry picked from commit 2a9108f90482a6be86d0b8af4dfcc30f6651ff28)
2018-06-06 13:57:36 -02:00
Thomas M Steenholdt
5d40c42bbf Fix OTP validation
The result from the form is never an int but rather a string of digits, so that's what we should be checking for.

This fixes OTP validation

(cherry picked from commit 5fe3c8b9f92665db54d74dc6b2334666c318bf0c)
2018-06-06 09:19:30 -02:00
Thomas M Steenholdt
ccec6c37b4 Restrict certain admin changes on the current user
Disable the admin toggle and delete operations from the current user, to avoid accidents.

(cherry picked from commit b0f5ac6df5d31f612dc833a88cfca8936c4137d7)
2018-06-06 09:15:25 -02:00