From 44c483ffd5286550fff6aa50005836b3307b1fc0 Mon Sep 17 00:00:00 2001
From: rodehoed <gerwinkrist@gmail.com>
Date: Tue, 12 Jun 2018 09:42:26 +0200
Subject: [PATCH 1/2] CLI script to update zone list

A CLI Script to update list of domains instead from the UI. Can be usefull for people who want to execute updates from a cronjob
---
 update_zones.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 update_zones.py

diff --git a/update_zones.py b/update_zones.py
new file mode 100644
index 0000000..599f0c4
--- /dev/null
+++ b/update_zones.py
@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+
+####################################################################################################################################
+# A CLI Script to update list of domains instead from the UI. Can be usefull for people who want to execute updates from a cronjob 
+# 
+# Tip:
+# When running from a cron, use flock (you might need to install it) to be sure only one process is running a time. eg:
+# */5 * * * * flock -xn "/tmp/pdns-update-zones.lock" python /var/www/html/apps/poweradmin/update_zones.py >/dev/null 2>&1
+#
+##############################################################
+
+### Imports
+from app import app
+from app.lib import log
+from app.models import Domain
+from config import BG_DOMAIN_UPDATES
+
+import sys
+import logging as logger
+
+### Define logging
+logging = logger.getLogger(__name__)
+
+### Check if BG_DOMAIN_UPDATES is set to true
+if not BG_DOMAIN_UPDATES:
+  logging.error('Set BG_DOMAIN_UPDATES to True in config.py')
+  sys.exit(1)
+
+### Start the update process
+logging.info('Update zones from nameserver API')
+
+d = Domain().update()

From 2e96b41725d64a02129c268e129d97abe1d437ab Mon Sep 17 00:00:00 2001
From: Ian Bobbitt <ian@icb.im>
Date: Sat, 11 Aug 2018 09:12:06 -0400
Subject: [PATCH 2/2] Allow specifying SAML2 SSO binding format.

---
 app/lib/utils.py   | 10 ++++++++--
 config_template.py |  4 ++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/app/lib/utils.py b/app/lib/utils.py
index 0d7d36a..5899acd 100644
--- a/app/lib/utils.py
+++ b/app/lib/utils.py
@@ -19,7 +19,10 @@ if app.config['SAML_ENABLED']:
     from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser
     idp_timestamp = datetime(1970, 1, 1)
     idp_data = None
-    idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'], entity_id=app.config.get('SAML_IDP_ENTITY_ID', None))
+    if 'SAML_IDP_ENTITY_ID' in app.config:
+        idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'], entity_id=app.config.get('SAML_IDP_ENTITY_ID', None), required_sso_binding=app.config['SAML_IDP_SSO_BINDING'])
+    else:
+        idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'], entity_id=app.config.get('SAML_IDP_ENTITY_ID', None))
     if idp_data is None:
         print('SAML: IDP Metadata initial load failed')
         exit(-1)
@@ -37,7 +40,10 @@ def get_idp_data():
 
 def retreive_idp_data():
     global idp_data, idp_timestamp
-    new_idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'], entity_id=app.config.get('SAML_IDP_ENTITY_ID', None))
+    if 'SAML_IDP_SSO_BINDING' in app.config:
+        new_idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'], entity_id=app.config.get('SAML_IDP_ENTITY_ID', None), required_sso_binding=app.config['SAML_IDP_SSO_BINDING'])
+    else:
+        new_idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'], entity_id=app.config.get('SAML_IDP_ENTITY_ID', None))
     if new_idp_data is not None:
         idp_data = new_idp_data
         idp_timestamp = datetime.now()
diff --git a/config_template.py b/config_template.py
index 5bb4006..1e0f01a 100644
--- a/config_template.py
+++ b/config_template.py
@@ -98,6 +98,10 @@ SAML_METADATA_URL = 'https://<hostname>/FederationMetadata/2007-06/FederationMet
 #Cache Lifetime in Seconds
 SAML_METADATA_CACHE_LIFETIME = 1
 
+# SAML SSO binding format to use
+## Default: library default (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
+#SAML_IDP_SSO_BINDING = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
+
 ## EntityID of the IdP to use. Only needed if more than one IdP is
 ##   in the SAML_METADATA_URL
 ### Default: First (only) IdP in the SAML_METADATA_URL