security-and-privacy/ldapcherry
security-and-privacy
/
ldapcherry
mirror of https://github.com/kakwa/ldapcherry
1
0
Fork 0
Code Releases Activity
619 Commits 3 Branches 22 Tags 1.6 MiB
Commit Graph

619 Commits

Author SHA1 Message Date
John Thiltges 6f98076281 Protect against XSS vulnerabilities in URL redirection 
- Switch from base64 to URL encoding for the passing the URL, using the built-in Mako filtering
- Apply HTML filtering to Mako output by default
- Disable HTML filtering for nested templates in adduser, modify, and selfmodify
 2019-01-02 14:31:10 -06:00
Carpentier Pierre-Francois 1ed654c91b
Update README.rst 2018-02-07 19:54:23 +01:00
Carpentier Pierre-Francois c329e53811
Update README.rst 2018-02-07 19:52:29 +01:00
Carpentier Pierre-Francois 05e3a0d665 Update README.rst 2017-10-26 10:08:16 +02:00
kakwa 4bd6314b3b remove useless tests 2017-06-12 19:50:42 +02:00
kakwa c5dae7039a remove duplicated import in docs conf.py 2017-06-12 19:47:43 +02:00
kakwa ca1f78173f better documenation 2017-06-09 23:40:23 +02:00
kakwa 9ed6007b02 including fastcgi configuration example in the documentation 2017-06-09 23:25:58 +02:00
kakwa 4d696a29ef adding example for unix socket in defautl conf 2017-06-09 23:24:20 +02:00
kakwa 45d64120ae adding an nginx configuration exmaple for fastcgi 2017-06-09 23:09:11 +02:00
kakwa 00a4d22dd9 remove pip install method 2017-04-06 21:53:58 +02:00
kakwa 32c513f96e change install method (pip install just doesn't work) 2017-04-06 21:37:02 +02:00
kakwa 7019cc2348 fix setup.py 2017-04-06 20:58:20 +02:00
kakwa a404cf0b39 add auto message for tagging script 2017-04-06 20:57:42 +02:00
kakwa 9649803dd6 changelog 2017-04-06 20:52:55 +02:00
kakwa eecccac106 fix import of version in docs/conf.py and setup.py 2017-04-06 20:46:58 +02:00
kakwa f357adcd9a put version in standalone file 
this way, it avoids error due to missing imports
 2017-04-06 20:34:32 +02:00
kakwa e7998ced78 adding a simple tagging script 2017-04-06 20:28:44 +02:00
kakwa 8270988ed4 changelog + version bump + factorize version 2017-04-06 20:21:31 +02:00
kakwa 2e2453f309 fix camelcase 2017-04-06 01:26:54 +02:00
kakwa bbb13454bf more warning removal 2017-04-06 01:21:57 +02:00
kakwa 3378822d2e fix some warnings 2017-04-06 01:20:51 +02:00
kakwa 6e526b6f15 hack to have a cleaner resize 2017-04-06 00:32:24 +02:00
kakwa 5b1803cb05 changelog + version bump 2017-04-05 23:48:08 +02:00
kakwa de5f760c37 removing duplicate option in form select fields 2017-04-05 23:37:41 +02:00
kakwa a33a46e8b8 add dynamic resizing to align input-group-addon 
* add class to identify the 2 form columns
* add a js that calculate max width and resize all input-group-addon
spans
* load the js in the base template
 2017-04-05 23:24:19 +02:00
kakwa eb36830845 fixes 2017-03-16 03:03:59 +01:00
kakwa 3fd6dcee82 fix issue related to python-ldap returning lists 
Before, no particular treatment was done on the user attributes.
This caused some issues because python-ldap systematically returns
the attribute value as a list (even if it's mono-valuated).

Now we recover the attributes used in the group attr templates,
and we "normalize" the user attributes before using it in add_to_groups
and del_from_groups.

By normalize, we mean, transforming the list to it's unique value.
In case the attribute doesn't exist or is multi-valuated, it raises an
error.
 2017-03-16 02:45:23 +01:00
kakwa 55ce2bec5e small cleaning 2017-03-16 02:40:23 +01:00
kakwa e02a1a7f28 adding posixGroups in test ldap 2017-03-16 02:39:41 +01:00
kakwa f9a3051328 Merge branch 'master' of https://github.com/kakwa/ldapcherry 2017-03-12 17:46:49 +01:00
kakwa e4effc64ec fixing log errors in auth "none" mode 
replacing None by unknown as a default value in order to avoid
error in generating log msg because None is not a string
 2017-03-12 17:45:01 +01:00
Carpentier Pierre-Francois b3a361afee remove broken download stats badge 2017-03-10 00:43:51 +01:00
kakwa a802ce772a adding documention of textfielf and better documenation for other types 2017-03-07 23:21:27 +01:00
kakwa 3a1966324d adding more try catch for template debugging 2017-03-07 22:34:05 +01:00
kakwa 819e575a28 pep8ification 2017-03-07 22:23:11 +01:00
Carpentier Pierre-Francois 12bb597903 Merge pull request #6 from rooty0/feat/template-parse-error 
adding support for display template parse error
 2017-03-07 22:19:15 +01:00
Carpentier Pierre-Francois 7afe6c0ca7 Merge pull request #5 from rooty0/feat/add-textarea 
adding textarea
 2017-03-07 22:14:18 +01:00
Stan Rudenko e1a27aa0a7 adding support for display template parse error 2017-03-02 19:06:54 -08:00
Stan Rudenko f7f72c7e11 adding textarea 2017-03-02 18:47:49 -08:00
kakwa e37b88dbda fix some errors in unused code 2017-01-31 20:59:49 +01:00
kakwa d7303da85f fix test configuration 2017-01-24 03:06:48 +01:00
kakwa 44024dbd02 trying to add test on AD/DC for travis 2017-01-24 02:52:16 +01:00
kakwa 5a45a24055 proper exception in ldap backend 
adding proper management of none existant user in group function
if user doesn't exist.
 2016-08-01 19:57:51 +02:00
kakwa 0a4db74f1f version bump 2016-07-31 13:14:31 +02:00
kakwa f747252585 add changelog 2016-07-31 12:30:54 +02:00
kakwa 7f00264e32 improve robustness if user dn attribute contains something like ,cn= 2016-07-31 12:21:26 +02:00
kakwa d820cceeb6 pep8 2016-07-31 11:41:42 +02:00
kakwa d4235bc33c better behavior if user doesn't exist in one backend 2016-07-31 11:39:28 +02:00
kakwa f21122b219 fix AD test configuration 2016-07-31 11:32:02 +02:00