1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-22 09:24:21 +01:00
Commit Graph

624 Commits

Author SHA1 Message Date
kakwa
2df56d2de2 fix template over-escaping + python 3 support
The templates were html escaping the generated js code for the
autofill and the role management. This was breaking these features.
It's okay to not escape these as they are coming from a trusted source
(configuration file).

Also make the templates python3 compatible (not need to import Set in
python 3)
2019-02-06 21:38:11 +01:00
Carpentier Pierre-Francois
5b0c72a572
Merge pull request #17 from jthiltges/escfix
Escape form values with markupsafe
2019-01-03 23:39:53 +01:00
John Thiltges
c6cce54d5f Escape form values with markupsafe
- Use markupsafe to format escaped HTML fragments
- Correct the formatting problems introduced with the XSS fixes
2019-01-03 13:12:53 -06:00
Carpentier Pierre-Francois
1f79648d57
Update ChangeLog.rst 2019-01-02 23:59:03 +01:00
Carpentier Pierre-Francois
636400b75f
Merge pull request #16 from jthiltges/escape
Protect against XSS vulnerabilities in URL redirection
2019-01-02 23:54:42 +01:00
John Thiltges
6f98076281 Protect against XSS vulnerabilities in URL redirection
- Switch from base64 to URL encoding for the passing the URL, using the built-in Mako filtering
- Apply HTML filtering to Mako output by default
- Disable HTML filtering for nested templates in adduser, modify, and selfmodify
2019-01-02 14:31:10 -06:00
Carpentier Pierre-Francois
1ed654c91b
Update README.rst 2018-02-07 19:54:23 +01:00
Carpentier Pierre-Francois
c329e53811
Update README.rst 2018-02-07 19:52:29 +01:00
Carpentier Pierre-Francois
05e3a0d665 Update README.rst 2017-10-26 10:08:16 +02:00
kakwa
4bd6314b3b remove useless tests 2017-06-12 19:50:42 +02:00
kakwa
c5dae7039a remove duplicated import in docs conf.py 2017-06-12 19:47:43 +02:00
kakwa
ca1f78173f better documenation 2017-06-09 23:40:23 +02:00
kakwa
9ed6007b02 including fastcgi configuration example in the documentation 2017-06-09 23:25:58 +02:00
kakwa
4d696a29ef adding example for unix socket in defautl conf 2017-06-09 23:24:20 +02:00
kakwa
45d64120ae adding an nginx configuration exmaple for fastcgi 2017-06-09 23:09:11 +02:00
kakwa
00a4d22dd9 remove pip install method 2017-04-06 21:53:58 +02:00
kakwa
32c513f96e change install method (pip install just doesn't work) 2017-04-06 21:37:02 +02:00
kakwa
7019cc2348 fix setup.py 2017-04-06 20:58:20 +02:00
kakwa
a404cf0b39 add auto message for tagging script 2017-04-06 20:57:42 +02:00
kakwa
9649803dd6 changelog 2017-04-06 20:52:55 +02:00
kakwa
eecccac106 fix import of version in docs/conf.py and setup.py 2017-04-06 20:46:58 +02:00
kakwa
f357adcd9a put version in standalone file
this way, it avoids error due to missing imports
2017-04-06 20:34:32 +02:00
kakwa
e7998ced78 adding a simple tagging script 2017-04-06 20:28:44 +02:00
kakwa
8270988ed4 changelog + version bump + factorize version 2017-04-06 20:21:31 +02:00
kakwa
2e2453f309 fix camelcase 2017-04-06 01:26:54 +02:00
kakwa
bbb13454bf more warning removal 2017-04-06 01:21:57 +02:00
kakwa
3378822d2e fix some warnings 2017-04-06 01:20:51 +02:00
kakwa
6e526b6f15 hack to have a cleaner resize 2017-04-06 00:32:24 +02:00
kakwa
5b1803cb05 changelog + version bump 2017-04-05 23:48:08 +02:00
kakwa
de5f760c37 removing duplicate option in form select fields 2017-04-05 23:37:41 +02:00
kakwa
a33a46e8b8 add dynamic resizing to align input-group-addon
* add class to identify the 2 form columns
* add a js that calculate max width and resize all input-group-addon
spans
* load the js in the base template
2017-04-05 23:24:19 +02:00
kakwa
eb36830845 fixes 2017-03-16 03:03:59 +01:00
kakwa
3fd6dcee82 fix issue related to python-ldap returning lists
Before, no particular treatment was done on the user attributes.
This caused some issues because python-ldap systematically returns
the attribute value as a list (even if it's mono-valuated).

Now we recover the attributes used in the group attr templates,
and we "normalize" the user attributes before using it in add_to_groups
and del_from_groups.

By normalize, we mean, transforming the list to it's unique value.
In case the attribute doesn't exist or is multi-valuated, it raises an
error.
2017-03-16 02:45:23 +01:00
kakwa
55ce2bec5e small cleaning 2017-03-16 02:40:23 +01:00
kakwa
e02a1a7f28 adding posixGroups in test ldap 2017-03-16 02:39:41 +01:00
kakwa
f9a3051328 Merge branch 'master' of https://github.com/kakwa/ldapcherry 2017-03-12 17:46:49 +01:00
kakwa
e4effc64ec fixing log errors in auth "none" mode
replacing None by unknown as a default value in order to avoid
error in generating log msg because None is not a string
2017-03-12 17:45:01 +01:00
Carpentier Pierre-Francois
b3a361afee remove broken download stats badge 2017-03-10 00:43:51 +01:00
kakwa
a802ce772a adding documention of textfielf and better documenation for other types 2017-03-07 23:21:27 +01:00
kakwa
3a1966324d adding more try catch for template debugging 2017-03-07 22:34:05 +01:00
kakwa
819e575a28 pep8ification 2017-03-07 22:23:11 +01:00
Carpentier Pierre-Francois
12bb597903 Merge pull request #6 from rooty0/feat/template-parse-error
adding support for display template parse error
2017-03-07 22:19:15 +01:00
Carpentier Pierre-Francois
7afe6c0ca7 Merge pull request #5 from rooty0/feat/add-textarea
adding textarea
2017-03-07 22:14:18 +01:00
Stan Rudenko
e1a27aa0a7 adding support for display template parse error 2017-03-02 19:06:54 -08:00
Stan Rudenko
f7f72c7e11 adding textarea 2017-03-02 18:47:49 -08:00
kakwa
e37b88dbda fix some errors in unused code 2017-01-31 20:59:49 +01:00
kakwa
d7303da85f fix test configuration 2017-01-24 03:06:48 +01:00
kakwa
44024dbd02 trying to add test on AD/DC for travis 2017-01-24 02:52:16 +01:00
kakwa
5a45a24055 proper exception in ldap backend
adding proper management of none existant user in group function
if user doesn't exist.
2016-08-01 19:57:51 +02:00
kakwa
0a4db74f1f version bump 2016-07-31 13:14:31 +02:00