Commit graph

486 commits

Author SHA1 Message Date
Khanh Ngo 62e89bcb7b
Merge pull request #284 from tmuncks/add-vscode-to-gitignore
Add Visual Studio Code settings folder to .gitignore
2018-06-24 08:20:50 +07:00
Khanh Ngo d2a5adc027 Create DB default values during the first migration 2018-06-22 18:02:01 +07:00
Khanh Ngo dc8b6b2351 Add migration directory from flask-migrate 2018-06-22 16:47:45 +07:00
Khanh Ngo 6cbd2686fd Remove migrations directory from gitignore 2018-06-22 16:26:40 +07:00
Thomas M Steenholdt ac2b100869 Add Visual Studio Code settings folder to .gitignore 2018-06-15 11:17:36 -02:00
Khanh Ngo b3e04a0569
Merge pull request #283 from ngoduykhanh/flask_migrate
Switching current db migration scripts to Flask-Migrate
2018-06-13 11:14:44 +07:00
Khanh Ngo 585985e4f0
Merge changes from master, PR #280 and resolve conflicts 2018-06-13 11:05:53 +07:00
Khanh Ngo 521ad446db
Add apt-transport-https to powerdns-admin Dockerfile 2018-06-13 10:47:35 +07:00
Khanh Ngo c2df132040 Merge remote-tracking branch 'kaechele/use-webassets' 2018-06-13 09:58:15 +07:00
Khanh Ngo 646166bbd7
Update sqlite db file path in config template 2018-06-13 09:55:57 +07:00
Khanh Ngo 8a22e030cd
Merge and resolve the conflicts from master 2018-06-13 09:35:19 +07:00
Khanh Ngo e763ce7501 Merge remote-tracking branch 'tmuncks/db-handle-disconnects' 2018-06-13 09:00:25 +07:00
Thomas M Steenholdt daba67611b Enable pool_pre_ping in DB connection
To avoid problems with inactive DB connections, SQLAlchemy provides a `pool_pre_ping` option, that described in more detail here:

http://docs.sqlalchemy.org/en/latest/core/pooling.html#disconnect-handling-pessimistic

In flask environments, it's enabled by subclassing SQLAlchemy, which is what I've done here.

Fixes errors like:
sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (2006, 'MySQL server has gone away') which results in an Error 500 in the UI.
2018-06-12 14:01:25 -02:00
Khanh Ngo aa6909065d Merge remote-tracking branch 'tmuncks/initial-accounts' 2018-06-12 16:17:55 +07:00
Felix Kaechele 1bf869f508 Add webassets support
Also updates AdminLTE to latest stable version.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 21:16:28 +02:00
Felix Kaechele 396075efda Add yarn support
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 12:57:09 +02:00
Felix Kaechele 17fb6b0ddd Delete bundled libraries
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2018-06-11 12:57:09 +02:00
Khanh Ngo fb234e3592
Add .gitattributes 2018-06-11 17:12:52 +07:00
Khanh Ngo 003310665c Merge branch 'master' into flask_migrate 2018-06-11 17:05:01 +07:00
Khanh Ngo f85f814d9f
Add BG_DOMAIN_UPDATES config for docker development env 2018-06-11 17:02:01 +07:00
Khanh Ngo b7dac8a565 Merge remote-tracking branch 'ProviderNL/feature/bg_domain_updates' 2018-06-11 16:52:03 +07:00
Khanh Ngo 00b7aa17b5 Merge remote-tracking branch 'tmuncks/fix-dnssec-rectification' 2018-06-11 16:38:15 +07:00
Khanh Ngo 232d39cca0 Adjustment in Docker stuff to work with new migration. Add init_data.py script to initialize table data 2018-06-11 14:12:04 +07:00
Khanh Ngo ab0124b3e2 Update requirements.txt 2018-06-11 11:11:43 +07:00
Khanh Ngo a6f0bf26d4
Use Flask-Migrate for db migration 2018-06-11 10:58:47 +07:00
Thomas M Steenholdt 0a670845fa Automatically rectify DNSSEC enabled zones
For DNSSEC enabled zones to function correctly, they need to be rectified on update.

This changes the DNSSEC enable/disable code to set API-RECTIFY:

To `true` when activating DNSSEC on a domain
To `false` when deactivating DNSSEC on a domain

With this, PowerDNS promises to handle the needed rectifications.

(cherry picked from commit 5d15d8899cc03a4a7d433d33c2c4b1da09b5eb2d)
2018-06-10 21:47:19 -02:00
Jeroen Boonstra 18133ab19c Add ajax call for refresh 2018-06-08 13:26:06 +02:00
Jeroen Boonstra 689b25817c Add action to dialog 2018-06-08 13:25:43 +02:00
Jeroen Boonstra e334749382 Add dialog for refresh status 2018-06-08 13:25:21 +02:00
Jeroen Boonstra 9732961854 Add refesh button 2018-06-08 13:23:04 +02:00
Jeroen Boonstra 39d3a4d6ac add bg settings for button 2018-06-08 13:22:03 +02:00
Jeroen Boonstra 8b2083be77 Add domain refresh endpoint 2018-06-08 13:21:17 +02:00
Jeroen Boonstra 734a6d5b32 Enable bg updates 2018-06-08 11:46:17 +02:00
Khanh Ngo ecdb9b9328
Merge pull request #275 from tmuncks/dont-revoke-your-own-rights
Fix user deletion
2018-06-08 09:16:49 +07:00
Thomas M Steenholdt 90f08ee92e Fix user deletion
An improper check causes problems when trying to delete a user. This fixes that error.

(cherry picked from commit 3c838cc0e4a2d4904d0fc919fb88c58ebd4fe4bd)
2018-06-07 15:34:28 -02:00
Khanh Ngo 2958ae663c
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 09:28:14 +07:00
Khanh Ngo 6f54b1a9de Merge remote-tracking branch 'tmuncks/dnssec-admin-only' 2018-06-07 08:53:01 +07:00
Khanh Ngo 70b3060f5d
Merge pull request #271 from sinzee/patch-1
Update models.py
2018-06-07 08:50:48 +07:00
Khanh Ngo 2c5a98aca4
Merge pull request #273 from tmuncks/dont-revoke-your-own-rights
Restrict certain admin changes on the current user
2018-06-07 08:48:44 +07:00
Khanh Ngo 36bf492cb6
Merge pull request #272 from tmuncks/fix-otp-validation
Fix OTP validation
2018-06-07 08:46:26 +07:00
Thomas M Steenholdt 2b3b67a3af Fix foreign key constraint error on MySQL
(cherry picked from commit 2a9108f90482a6be86d0b8af4dfcc30f6651ff28)
2018-06-06 13:57:36 -02:00
Thomas M Steenholdt 5d40c42bbf Fix OTP validation
The result from the form is never an int but rather a string of digits, so that's what we should be checking for.

This fixes OTP validation

(cherry picked from commit 5fe3c8b9f92665db54d74dc6b2334666c318bf0c)
2018-06-06 09:19:30 -02:00
Thomas M Steenholdt ccec6c37b4 Restrict certain admin changes on the current user
Disable the admin toggle and delete operations from the current user, to avoid accidents.

(cherry picked from commit b0f5ac6df5d31f612dc833a88cfca8936c4137d7)
2018-06-06 09:15:25 -02:00
Thomas M Steenholdt 10f47039ec Add config option to allow DNSSEC changes only for admins
DNSSEC requires changes to the parent domain, which in many cases requires special access to a registry or the like.
For that reason, especially the option to disable DNSSEC can be dangerous - if DNSSEC is disabled in PowerDNS but not in the registry, the domain stops working.

For this reason, adding an option to disable DNSSEC changes for non-admins seems reasonable.

(cherry picked from commit 5cdfc0263b07f4658d51cf7c038fea9a8911152a)
2018-06-06 08:53:44 -02:00
Thomas M Steenholdt a4af4ad4b3 Implement per account domain access
Added the possibility for assigning users to an account, providing access to all domains associated with that account automatically.

This makes management easier, especially in installations with lots of domains and lots of managing entities.

The old style per-domain permissions are still there and working as usual. The two methods work perfectly side-by-side and are analogous to "user" (per-domain) and "group" (account) permissions as we know them from Active Directory and such places.

(cherry picked from commit 34fbc634d2848a7f76dc89a03dd8c0604068cc17)
2018-06-05 16:42:44 -02:00
Thomas M Steenholdt a3a58f16a5 Initial support for Accounts
This adds initial support for accounts a concept meant to signify a customer, a department or any other entity that somehow owns or manages one or more domains.

The purpose is to be able to assign an account to any number of domains, making it easy to track who owns or manages a domain, significantly improving manageability in setups with a large number of domains.

An account consists of a mandatory, unique `name` and optional `description`, `contact` name and `mail` address. The account `name` is stripped of spaces and symbols, and lower cased before getting stored in the database and in PowerDNS, to help ensure some type of predictability and uniqueness in the database.

The term *account* is actually taken from the PowerDNS database, where the `domains.account` column is used to store the account relationship, in in the form of the account `name`.

The link to a domain in PowerDNS-Admin is done through the `domain.account_id` FOREIGN KEY, that is linked to the `account.id` PRIMARY KEY.

(cherry picked from commits 4e95f33dfb0676d1c401a033c28bca3be7d6ec26, da0d596bd019a339549e2c59630a8fdee65d0e22, 7f06e6aaf4fd8011c784f24b7bbbba5f52aef319, 1c624dad8749024033d1d15dd6242ca52b39f135)
2018-06-04 13:10:02 -02:00
Khanh Ngo 0fb6e10cf5 Merge remote-tracking branch 'tmuncks/soa-edit-api-changes' 2018-05-29 15:32:52 +07:00
sinzee 4daef97666
Update models.py
Fix update_from_master
2018-05-28 00:28:40 +09:00
Thomas M Steenholdt a7e91b6f40 Fix SOA-EDIT-API options
The options for SOA-EDIT-API included was actually the options used for SOA-EDIT, which is a very different beast.
Those options have been swapped out for the options allowed in SOA-EDIT-API and SOA-EDIT-DNSUPDATE.
2018-05-24 16:12:12 -02:00
Khanh Ngo 4daf6f72a7
Merge pull request #256 from rene-dekkers/nonint_error
Fail when non-numeric otp token was inserted
2018-05-18 10:43:26 +07:00