deblan/PowerDNS-Admin
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
608 commits 4 branches 6 tags 35 MiB
Commit graph

411 commits

Author SHA1 Message Date
Jeroen Boonstra 8b2083be77 Add domain refresh endpoint 2018-06-08 13:21:17 +02:00
Jeroen Boonstra 734a6d5b32 Enable bg updates 2018-06-08 11:46:17 +02:00
Khanh Ngo ecdb9b9328
Merge pull request #275 from tmuncks/dont-revoke-your-own-rights 
Fix user deletion
 2018-06-08 09:16:49 +07:00
Thomas M Steenholdt 90f08ee92e Fix user deletion 
An improper check causes problems when trying to delete a user. This fixes that error.

(cherry picked from commit 3c838cc0e4a2d4904d0fc919fb88c58ebd4fe4bd)
 2018-06-07 15:34:28 -02:00
Khanh Ngo 2958ae663c
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 09:28:14 +07:00
Khanh Ngo 6f54b1a9de Merge remote-tracking branch 'tmuncks/dnssec-admin-only' 2018-06-07 08:53:01 +07:00
Khanh Ngo 70b3060f5d
Merge pull request #271 from sinzee/patch-1 
Update models.py
 2018-06-07 08:50:48 +07:00
Khanh Ngo 2c5a98aca4
Merge pull request #273 from tmuncks/dont-revoke-your-own-rights 
Restrict certain admin changes on the current user
 2018-06-07 08:48:44 +07:00
Thomas M Steenholdt 2b3b67a3af Fix foreign key constraint error on MySQL 
(cherry picked from commit 2a9108f90482a6be86d0b8af4dfcc30f6651ff28)
 2018-06-06 13:57:36 -02:00
Thomas M Steenholdt 5d40c42bbf Fix OTP validation 
The result from the form is never an int but rather a string of digits, so that's what we should be checking for.

This fixes OTP validation

(cherry picked from commit 5fe3c8b9f92665db54d74dc6b2334666c318bf0c)
 2018-06-06 09:19:30 -02:00
Thomas M Steenholdt ccec6c37b4 Restrict certain admin changes on the current user 
Disable the admin toggle and delete operations from the current user, to avoid accidents.

(cherry picked from commit b0f5ac6df5d31f612dc833a88cfca8936c4137d7)
 2018-06-06 09:15:25 -02:00
Thomas M Steenholdt 10f47039ec Add config option to allow DNSSEC changes only for admins 
DNSSEC requires changes to the parent domain, which in many cases requires special access to a registry or the like.
For that reason, especially the option to disable DNSSEC can be dangerous - if DNSSEC is disabled in PowerDNS but not in the registry, the domain stops working.

For this reason, adding an option to disable DNSSEC changes for non-admins seems reasonable.

(cherry picked from commit 5cdfc0263b07f4658d51cf7c038fea9a8911152a)
 2018-06-06 08:53:44 -02:00
Thomas M Steenholdt a4af4ad4b3 Implement per account domain access 
Added the possibility for assigning users to an account, providing access to all domains associated with that account automatically.

This makes management easier, especially in installations with lots of domains and lots of managing entities.

The old style per-domain permissions are still there and working as usual. The two methods work perfectly side-by-side and are analogous to "user" (per-domain) and "group" (account) permissions as we know them from Active Directory and such places.

(cherry picked from commit 34fbc634d2848a7f76dc89a03dd8c0604068cc17)
 2018-06-05 16:42:44 -02:00
Thomas M Steenholdt a3a58f16a5 Initial support for Accounts 
This adds initial support for accounts a concept meant to signify a customer, a department or any other entity that somehow owns or manages one or more domains.

The purpose is to be able to assign an account to any number of domains, making it easy to track who owns or manages a domain, significantly improving manageability in setups with a large number of domains.

An account consists of a mandatory, unique `name` and optional `description`, `contact` name and `mail` address. The account `name` is stripped of spaces and symbols, and lower cased before getting stored in the database and in PowerDNS, to help ensure some type of predictability and uniqueness in the database.

The term *account* is actually taken from the PowerDNS database, where the `domains.account` column is used to store the account relationship, in in the form of the account `name`.

The link to a domain in PowerDNS-Admin is done through the `domain.account_id` FOREIGN KEY, that is linked to the `account.id` PRIMARY KEY.

(cherry picked from commits 4e95f33dfb0676d1c401a033c28bca3be7d6ec26, da0d596bd019a339549e2c59630a8fdee65d0e22, 7f06e6aaf4fd8011c784f24b7bbbba5f52aef319, 1c624dad8749024033d1d15dd6242ca52b39f135)
 2018-06-04 13:10:02 -02:00
sinzee 4daef97666
Update models.py 
Fix update_from_master
 2018-05-28 00:28:40 +09:00
Thomas M Steenholdt a7e91b6f40 Fix SOA-EDIT-API options 
The options for SOA-EDIT-API included was actually the options used for SOA-EDIT, which is a very different beast.
Those options have been swapped out for the options allowed in SOA-EDIT-API and SOA-EDIT-DNSUPDATE.
 2018-05-24 16:12:12 -02:00
Khanh Ngo 4daf6f72a7
Merge pull request #256 from rene-dekkers/nonint_error 
Fail when non-numeric otp token was inserted
 2018-05-18 10:43:26 +07:00
René Dekkers 08335cdedc Fail when non-numeric otp token was inserted 2018-05-07 15:32:15 +02:00
Ian Bobbitt 73d5215d3a Improve SAML support 
Accept IdP EntityID to use when metadata contains more than one IdP.
Allow specifying attribute names to get given name, surname, and email address.
Allow specifying NameIDFormat to request.
Allow specifying whether to get username from a named attribute, or NameID.
Allow getting administrator state from attribute.
 2018-05-02 22:56:22 +00:00
Khanh Ngo 77f0deade8 Fix #247 2018-04-18 13:29:29 +07:00
Khanh Ngo 3d8d94f280 Validate registration process. Change copyright year. 2018-04-18 13:16:02 +07:00
Khanh Ngo bd45c4ef87 Adjustment to have History sorts by oldest first. Fix #245 2018-04-18 12:11:00 +07:00
chinkung be7e012faf
Display history date/time using local timezone 2018-04-17 13:30:08 +07:00
chinkung 34d8e7392c
Display history date/time using local timezone 2018-04-17 13:28:54 +07:00
chinkung d466a5dd3e
Load moment.js in base.html 2018-04-17 13:26:18 +07:00
Khanh Ngo 01a5528c4a Merge remote-tracking branch 'mind04/template-relative' 2018-04-13 09:25:23 +07:00
Kees Monshouwer df9e392e26
domain stripping was not limited to the end of a name 2018-04-12 12:01:59 +02:00
Khanh Ngo 8b7653ad4a Change data column data type of DomainTemplateRecord to TEXT 2018-04-12 11:44:56 +07:00
Khanh Ngo 52b6966c83 Check zone serial before allowing user to submit their change. #183 2018-04-12 11:18:44 +07:00
Kees Monshouwer a12af5345d
fix clear history 2018-04-12 02:11:34 +02:00
Kees Monshouwer fc737cf61f
strip domain part from names while cloning a zone to a template 2018-04-11 18:14:42 +02:00
Khanh Ngo 84d4bfaed0 Mark LDAP authentication as external_auth. Fix OTP secret update. #237 2018-04-10 08:59:28 +07:00
Khanh Ngo fdf849744b Fix #238 2018-04-10 07:08:22 +07:00
Khanh Ngo 060e0917bc Fix #236 2018-04-09 18:50:55 +07:00
Khanh Ngo 5354d27f88 Fix #234 2018-04-08 09:09:08 +07:00
Khanh Ngo fc4e9dc9a0 #233. Make sure password hash is string before inserting to the db 2018-04-06 18:05:38 +07:00
Khanh Ngo 0826702537 Update config template 2018-04-06 13:22:09 +07:00
Khanh Ngo ca1290d1ac Change license information 2018-04-02 14:01:35 +07:00
Khanh Ngo 17a892b18d Resolve the conflicts for #228 2018-04-02 13:38:53 +07:00
Khanh Ngo 3efafecb30 Fix #194 2018-04-01 15:51:56 +07:00
Khanh Ngo 6fa8ae37f0 Fix #180. Adjustment in table style. 2018-04-01 15:48:08 +07:00
Khanh Ngo bfb54e8bda Add LDAP_ENABLE in config file 2018-04-01 15:08:55 +07:00
Khanh Ngo b7aefc57b2 Fix 169: enabling/disabling Two Factor Authentication doesn't work 2018-04-01 14:49:40 +07:00
Khanh Ngo f172a64ddd Remove DNSSEC modal. Adjustment in domain table css 2018-04-01 14:45:13 +07:00
Khanh Ngo 5df7fe445f Emphasis on zone name 2018-04-01 14:32:20 +07:00
Khanh Ngo 1c54f008f4 Change string to new format 2018-04-01 07:57:41 +07:00
Khanh Ngo 65da9a7a4f Adjustment in LDAP feature to work with python 3 2018-04-01 07:23:53 +07:00
Khanh Ngo 41d691e2db Merge remote-tracking branch 'maysara/master' into development 2018-04-01 07:01:00 +07:00
Khanh Ngo cecc0ac9df Merge branch 'hotfix-ldap' into development 2018-03-31 08:26:50 +07:00
Khanh Ngo 29d1cf4117 Adjustment in domain template feature to work with python3 2018-03-31 08:21:02 +07:00
Khanh Ngo aa2b29dac3 Adjustment to give user access to granted domain only 2018-03-31 07:32:46 +07:00
Khanh Ngo ce6c3c21f1 Show user email address in user management table 2018-03-31 06:53:57 +07:00
Khanh Ngo 51cdba8228 User path: instead of string: in routes 2018-03-31 06:52:14 +07:00
Khanh Ngo c668c21fc9 Adjustment to prevent exception in Google/Github authentication when local user cannot be created 2018-03-30 17:43:34 +07:00
Khanh Ngo 358510b4e5 Merge remote-tracking branch 'softcat/SRV' into development 2018-03-30 16:45:36 +07:00
Khanh Ngo 7a9474c3f3 Fix cancel button in domain adding page 2018-03-30 16:40:53 +07:00
Khanh Ngo 896abdbdbc Merge remote-tracking branch 'dkeightley/ns-record-support' into development 2018-03-30 15:49:35 +07:00
Khanh Ngo 63e7d89df1 Adjustment to be able to show ALL domain in dashboard table 2018-03-30 15:40:43 +07:00
Khanh Ngo f318c437c1 Merge remote-tracking branch 'hackedd/feature/server-side-domain-list' into development 2018-03-30 15:34:07 +07:00
Khanh Ngo 7419a5990c Merge remote-tracking branch 'toxicvengeance/master' into development 2018-03-30 14:23:40 +07:00
Khanh Ngo 5bd5dd8d18 Merge pull request #177 from Znuff/patch-1 
Fix for #176
 2018-03-30 14:11:15 +07:00
Khanh Ngo b5b3b77acb Adjustment to work with Python3 2018-03-30 13:49:35 +07:00
thomasDOTde f5a0052a06 fixed template for #28 2018-03-28 14:19:48 +02:00
thomasDOTde 88c6d6ee33 missed to change one import for issue #19 2018-03-28 11:43:54 +02:00
thomasDOTde f014798374 fixed ngoduykhanh/PowerDNS-Admin issue 194 2018-03-28 02:06:09 +02:00
thomasDOTde c30cffd91c fixed build issues. refactored PEP8 2018-03-28 01:52:48 +02:00
thomasDOTde 5ed8a33c7e added feature requested in issue #28 2018-03-28 01:41:33 +02:00
thomasDOTde c1d33a8354 fix issue #19 2018-03-28 00:03:51 +02:00
Jeroen Boonstra dcfa98ac59 Add disable button 2018-03-05 15:26:45 +01:00
Jeroen Boonstra c8d9f4bf22 changes response 2018-03-05 15:11:42 +01:00
Jeroen Boonstra 5ea70023ff remove dnssec keys 2018-03-05 15:06:40 +01:00
Jeroen Boonstra 197f555dfc Add disable dnssec function 2018-03-05 14:59:32 +01:00
Jeroen Boonstra 8c6a9346c0 Add domain to request 2018-03-05 14:50:33 +01:00
Jeroen Boonstra 747de090f9 enable dnssec ui functions 2018-03-05 11:18:29 +01:00
Jeroen Boonstra a829509324 enable dnssec endpoint added 2018-03-01 08:27:10 +01:00
Jeroen Boonstra 38be504d17 enable_dns_sec function added 2018-03-01 08:26:29 +01:00
Jeroen Boonstra 1b93803d6e Add enable dnssec button 2018-02-28 14:47:10 +01:00
Jeroen Boonstra d5d0948ab8 Export PDNS version to frontend 2018-02-28 13:39:05 +01:00
unknown b832fc1768 Reverse zone PTR type entries not shown bug fix. Added NS, LOC and TXT types in reverse zones. Added LOC type in forward zone. 2018-02-16 21:02:16 +02:00
thomasDOTde 534b9739c2 Merge branch 'hotfix-ldap' of https://github.com/verdel/PowerDNS-Admin into ldapfix-verdel 2018-02-10 13:01:04 +01:00
Vadim Aleksandrov 0436d69ea6 Adding the ability to use 'LDAP_USERNAMEFIELD' and 'LDAP_FILTER' in case of use with Active Directory for authorization 2018-02-09 15:41:19 +03:00
Vadim Aleksandrov b0caf0ca48 Fix issue with inserting into the database fields 'firstname' and 'lastname' containing non-ascii characters that can be retrieved from LDAP 2018-02-09 15:37:28 +03:00
Vadim Aleksandrov 6f4cc42805 Fix issue with LDAP search filter. It is necessary to bracket the expression with additional filter conditions 2018-02-09 15:32:50 +03:00
Vadim Aleksandrov cff534890f Deny to delete 'SOA' record 2018-02-07 22:47:52 +03:00
Vadim Aleksandrov 0355fe4293 Join "Edit" and "Delete" button into th on templates page 2018-02-07 22:44:59 +03:00
Vadim Aleksandrov 12cfc4dbc1 Added the ability to create a template based on the zone records 2018-02-07 22:44:46 +03:00
Vadim Aleksandrov 52a5789c85 Add first working draft of domain templating functionality 2018-02-07 22:30:29 +03:00
thomasDOTde 92d7ca3870 added application certificate handling for signed SAML messages 2018-01-20 17:17:02 +01:00
thomasDOTde 050b822636 cleaup after merged pr 2017-12-05 12:59:08 +01:00
NomenNescio d5b2dedd7f small fixes for return url after saml logout 2017-12-05 12:28:54 +01:00
thomasDOTde 85c07210db fixed name-id formating and name-id 2017-12-05 03:48:18 +01:00
thomasDOTde e535ce0822 fixed session check 2017-12-05 00:23:10 +01:00
thomasDOTde 60086d5d15 added standard SAML logout method using metadata 2017-12-05 00:14:31 +01:00
thomasDOTde 049a8a4547 optimized domain permission check for normal users 2017-12-04 22:18:28 +01:00
NomenNescio 47cf1aff4a added configurable logout redirect URL 2017-12-04 14:43:58 +01:00
NomenNescio 620b0b55e8 replaced non-existent method with code that checks whether user has rights on the domain at hand 2017-12-04 14:00:30 +01:00
Radnik 9855bc70dc Fixed iCheck for multiple pages 2017-11-27 11:02:21 +01:00
thomasDOTde 971d6b2e28 fixed issue when not using LDAP 2017-11-10 12:28:42 +01:00
thomasDOTde d65efe477a ensure authentication isn't possible without password 2017-11-06 23:36:11 +01:00
thomasDOTde 5a1a4b0161 Merge remote-tracking branch 'origin/master' 2017-11-03 12:24:54 +01:00
thomasDOTde 54e61bf072 added custom error page for SAML authentication errors 2017-11-03 12:24:25 +01:00
Thomas 4a4b03a7d0 Merge pull request #11 from ssendev/patch-1 
Allow to change root domain record via dyndns
 2017-11-03 00:36:06 +01:00
Thomas cd6a58446d Merge pull request #9 from toxicvengeance/master 
Add CAA record helper implemented by toxicvengeance
 2017-11-03 00:32:12 +01:00
thomasDOTde 9e719a3a98 fixed merge 2017-11-03 00:00:04 +01:00
Thomas 2354eb69c3 Merge branch 'master' into ldap_group_security 2017-11-02 23:23:36 +01:00
thomasDOTde 37fee207a5 marked google oauth users as external 2017-11-01 22:30:08 +01:00
Thomas 83a0396350 Merge branch 'master' into feature-google-oauth 2017-11-01 22:18:43 +01:00
Thomas c7fbc0ecd7 Merge pull request #4 from thomasDOTde/fix-Issue#176 
Fix for #176
 2017-11-01 22:06:42 +01:00
Thomas e76063dbef Merge pull request #3 from thomasDOTde/fix-show-srvhelper 
Corrected SRV record helper not showing
 2017-11-01 21:59:48 +01:00
Thomas ff9a6fcfba Merge pull request #2 from thomasDOTde/upstream-access-control 
Add access control for non-admin users from hackedd
 2017-11-01 21:47:14 +01:00
Paul Hooijenga 9a4021d5e5 Add access control for non-admin users 
(cherry picked from commit 6e5b704)
 2017-11-01 21:40:15 +01:00
thomasDOTde 12cb6f28fb implemented dynamic metadata lookup 
removed saml json-templates
 2017-11-01 17:31:51 +01:00
thomasDOTde cd3b41553d fixed link for alternative login methods 2017-11-01 13:55:57 +01:00
thomasDOTde f92661c753 remove unnecessary controls from profile for ext. auth. 2017-11-01 13:40:26 +01:00
thomasDOTde baa960aad6 raised password length to 30 for external accounts. 
fixed error_checking for saml-authentication
 2017-11-01 13:31:41 +01:00
thomasDOTde 12c957bf5f disabled profile usage when authenticated externally 2017-11-01 01:34:29 +01:00
thomasDOTde 31eaee8e0b added saml authentication 2017-10-31 22:38:26 +01:00
thomasDOTde 805439e6ee updated preapre_flask_request to support frontend-ssl 2017-10-31 20:42:13 +01:00
thomasDOTde 933d678e83 added SAML auth basics and metadata 2017-10-31 19:21:22 +01:00
patito a4b9722d47 Google OAuth 2017-09-22 15:28:09 +01:00
Nils Sandmann 168f19950d Corrected SRV record helper not showing 
Signed-off-by: Nils Sandmann <git@softcat.org>
 2017-09-19 12:11:09 +02:00
Paul Hooijenga 5d09daf8eb Fix dashboard domain query for non-admin users 2017-09-15 15:14:04 +02:00
Paul Hooijenga a48417ac23 Add missing template 2017-09-04 15:34:01 +02:00
Maysara Abdulhaq 28c7a195e8 add LDAP direct binding and GROUP_SECURITY 2017-09-03 14:23:18 -04:00
Maysara A 501c5292ab binding with user credentials instead of preset LDAP user/pass 2017-07-24 21:08:25 -04:00
dkeightley 8cdfab1c7c Added NS record for forward and reverse domains 2017-07-03 15:53:26 +12:00
Paul Hooijenga bcb2b06124 Do filtering and pagination of domains server-side. 2017-06-30 18:18:06 +02:00
toxicvengeance 5c5beec2d6 added default values 2017-05-10 23:25:32 +02:00
toxicvengeance c9bfe00e59 added example caa values 2017-05-10 23:15:01 +02:00
toxicvengeance 300af22859 added caa record helper 2017-05-10 22:33:44 +02:00
Christopher Himmel 85694e4e93 added caa record helper 2017-05-10 22:30:06 +02:00
Znuff 8f31953b6d Fix for #176 
Fixes #176. Tested briefly with my data.
 2017-01-13 16:53:11 +02:00
Khanh Ngo b6ed658cbd Merge pull request #156 from petersipos/feature/automatic-reverse-domain-creation 
Feature/automatic reverse domain creation
 2016-12-10 12:38:44 +07:00
SIPOS, Peter 72e3a82e9e Change reverse domain creation order 
With refactoring the get_reverse_domain_name
function, we change the reverse domain checking to
a reverse order. In this way we check the lowest class
(more specific) reverse zone first. When an existing domain found we use it to create the reverse PTR records. If no one existing can be find, The most specific address will be used.
 2016-11-28 08:39:07 +01:00
SIPOS, Peter e6e3c39778 Add get_reverse_domain_name functionality 
In this way the reverse it is possible to create
auto-ptr records in higher ip classes (eg. class A in IPv4).
Only works with existing higher class domain.

If is isn't find higher class domain, create a lowest class domain, and add there the reverse PTRs.

Also works with IPv6!
 2016-11-21 19:44:10 +01:00
SIPOS, Peter b9f95da906 Implement of checking existing higher class ip reverse zones 
iteratively checking of existing domains with higher IP
classes. When this function find an existing higher class
domain return with that reverse address. eg. 192.in-addr.arpa

If it is not find  any existing higher class domain it returns with the lowest class domain reverse domain name. eg, 39.168.192.in-addr.arpa
 2016-11-21 19:40:43 +01:00
SIPOS, Peter d7db0d5e7a Fix create reverse domain function 
Using of wrong variable
 2016-11-21 19:36:43 +01:00
SIPOS, Peter c53d9ace89 Extend reverse domain regexp with classes 
With this modification it can be possible, to detect
custom IP classes for domains. It just need to 
modify the multipler in regexp {4} or {1}.

In the future it will works automaticly, but not now
 2016-11-21 16:55:03 +01:00
SIPOS, Peter 1538cf0239 Limit record selection in reverse lookup domain to PTR 
And also fix the default type selection of a new record
 2016-11-21 15:52:07 +01:00
SIPOS, Peter 4ec70f4143 Change serial displaying in dashboard 
When pdns not give us serial just notified serial, we need
to display that.
 2016-11-21 14:51:36 +01:00
SIPOS, Peter bbfbe3683e Make my record modal inputs more clear 
Add "eg." before the placeholder texts.
Some user missed to fill out the priority field, and
then they got errors.
 2016-11-21 14:50:22 +01:00
SIPOS, Peter cc1a3def5d Add setting read and extra check to adding an auto-ptr record 
It is using domain sepcific or global auto-ptr setting
to determine the using of auto-ptr creation.
 2016-11-21 13:46:54 +01:00
SIPOS, Peter 3911935e3b Add an extra check into reverse domain creation 
and also import strtobool
 2016-11-21 13:45:17 +01:00
SIPOS, Peter 2d61c56e7b Add auto-ptr setting injection 2016-11-21 13:42:00 +01:00
SIPOS, Peter 85eaa8dd69 Add domain specific auto-dns preference to domain_management.html 
It uses exactly the same method as the dyndns 
preferences. just copy-paste
 2016-11-21 13:38:45 +01:00
SIPOS, Peter 94b0d26142 Delete settings related to domain on domain deleting 
Because this bug domain deleting isn't possible when 
a domain specific attribute is set (eg. dyndns).

This modification delete domain settings before domain
deleting.
 2016-11-21 13:30:16 +01:00
SIPOS, Peter c81deb0044 Fix SOE-EDIT-API value in reverse-domain creation 2016-11-18 08:30:24 +01:00
SIPOS, Peter 7d72cf6088 Put a "." char in a safe way to the records name fields end 
First of all we cut all of dot char at the end of the rstring and than we put one there.
this way we make sure that our string contains just
one dot at its end.
 2016-11-17 15:04:07 +01:00
SIPOS, Peter 3dbbfc16ce Implement auto-ptr deleting functionality 
this way we safely remove the corresponding auto created reverse ptr
 2016-11-17 11:37:09 +01:00
SIPOS, Peter 58ef114f7f Move auto-ptr functionality into a new function 2016-11-17 11:35:09 +01:00