1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-11 03:58:51 +01:00
Commit Graph

90 Commits

Author SHA1 Message Date
Quentin Legrand
8be228f142 Add CSRF protection to all forms 2019-06-13 13:57:44 +02:00
kakwa
799ca2403f fix the urls for modify and delete
The id of the user is passed through the querystring in this page.
But the id was not properly escaped to be included as a querystring
parameter leading to weird issues like.
2019-02-12 21:24:24 +01:00
kakwa
a56c491ee1 cleanup in html template + tidylib
* few small cleanup in html template (avoid empty tbody, put id between
quotes)
* switch to tidylib to validate the html instead of the previous hack
calling an external service (https://html5.validator.nu/)
* remove the previous validator script
* add exception for tidylib on empty <span> (these are required by
bootstrap)
2019-02-09 18:31:37 +01:00
kakwa
921a0820f4 switch to using lists in templates
Sets are not available in mako templates when using python3.
Reverting to using lists with 'if not in' checks to avoid duplication.
2019-02-06 22:26:46 +01:00
kakwa
2df56d2de2 fix template over-escaping + python 3 support
The templates were html escaping the generated js code for the
autofill and the role management. This was breaking these features.
It's okay to not escape these as they are coming from a trusted source
(configuration file).

Also make the templates python3 compatible (not need to import Set in
python 3)
2019-02-06 21:38:11 +01:00
John Thiltges
c6cce54d5f Escape form values with markupsafe
- Use markupsafe to format escaped HTML fragments
- Correct the formatting problems introduced with the XSS fixes
2019-01-03 13:12:53 -06:00
John Thiltges
6f98076281 Protect against XSS vulnerabilities in URL redirection
- Switch from base64 to URL encoding for the passing the URL, using the built-in Mako filtering
- Apply HTML filtering to Mako output by default
- Disable HTML filtering for nested templates in adduser, modify, and selfmodify
2019-01-02 14:31:10 -06:00
kakwa
6e526b6f15 hack to have a cleaner resize 2017-04-06 00:32:24 +02:00
kakwa
de5f760c37 removing duplicate option in form select fields 2017-04-05 23:37:41 +02:00
kakwa
a33a46e8b8 add dynamic resizing to align input-group-addon
* add class to identify the 2 form columns
* add a js that calculate max width and resize all input-group-addon
spans
* load the js in the base template
2017-04-05 23:24:19 +02:00
Stan Rudenko
f7f72c7e11 adding textarea 2017-03-02 18:47:49 -08:00
pcarpent
37925b196b admin search if admin in navbar
Now LdapCherry Administrator are displayed the searchadmin page
(the one displaying the modify and remove buttons) when they use
the navbar search.
2016-07-29 11:12:30 +02:00
kakwa
408f75c449 add ldapcherry icon in navbar linked to / 2016-07-10 08:58:16 +02:00
kakwa
abf3d5dea9 focus on first field for all forms
previously, only the add form had focus on first field. Now every form
(add, modifify, selfmodify) have focus on first field.
2016-07-10 08:54:59 +02:00
kakwa
f3fabe502e disable min search lenght for admin search 2016-07-10 08:10:19 +02:00
kakwa
0beac119f9 fix many error with html unescaped attributes 2016-07-08 21:46:00 +02:00
kakwa
685031ef15 bolding the user's attributes 2016-07-07 08:15:50 +02:00
kakwa
80fa310f37 change the display form of the user's attributes 2016-07-07 08:11:50 +02:00
kakwa
ebc5b69374 implement the display of users attributes on index page 2016-07-07 08:01:57 +02:00
kakwa
c64bb11504 add a default handler for 404 requests 2016-07-06 22:50:59 +02:00
kakwa
655ccabd79 force focus on the first input of forms 2016-07-06 21:22:48 +02:00
kakwa
baee15c40f properly implementing minimum lenght limit in search 2016-07-06 20:47:33 +02:00
kakwa
3b6cf61b93 grotesque hacks to disable firefox autofilling of the forms 2016-07-06 20:37:24 +02:00
kakwa
9edc7e545a increment version + changelog + copyright to 2016 2016-07-05 20:33:06 +02:00
kakwa
9a5aa03de6 adding a little js for min lenght search
* impose a min lenght of 3 chars on searches, at least on the client
side...
2016-07-05 20:26:29 +02:00
kakwa
921eef4b04 implementing default value in form 2016-06-16 22:11:48 +02:00
kakwa
7a1fb0dc8c modifying the templates to include custom ppolicy error message 2015-11-02 23:25:01 +01:00
kakwa
2451b2efdd adding notification after an action is performed 2015-10-28 23:11:23 +01:00
kakwa
61df2094c4 implementing custom js 2015-08-09 10:35:28 +02:00
kakwa
efcaad54fc multiple modification/fix
* add display_name parameter for backend
* handle display_name in modify template (lonely groups) and error
  message
* fix bug in modify when user is in only one backend
* remove redondant exception in ad/ldap backend
* fix unit test accordingly
* fix License in AD backend (GPLv3 -> MIT, previously tought of using
  samba4 python library which is GPL, but this module finaly uses
  python-ldap which is MIT compatible)
2015-07-31 20:08:21 +02:00
kakwa
1703dc9a33 adding global exception handler 2015-07-14 23:37:20 +02:00
kakwa
04c294e038 disable autofill for modify forms 2015-07-10 20:11:07 +02:00
kakwa
6dd81f5a91 implementing various autofill javascript functions 2015-07-08 01:55:31 +02:00
kakwa
3cbdfe62ec using onchange instead on onkeyup 2015-07-08 00:57:03 +02:00
kakwa
5dc8011749 implement hooks to call autofill functions 2015-07-08 00:43:58 +02:00
kakwa
665195fef4 adding autofill js file in base templates 2015-07-08 00:43:26 +02:00
kakwa
af4e24218e adding js to replace diacritic char in js 2015-07-06 10:18:51 +02:00
kakwa
1f0cc50d58 adding a redirected to the originaly requested page on login
user not authenticated and requesting an url are redirected to
the signin page with the requested page url as the query string (in
base64). It permits to redirect them to the requested page once they
've log in.
2015-07-06 07:58:27 +02:00
kakwa
56eeea61f7 fix html in error template 2015-07-05 23:07:24 +02:00
kakwa
405367fd75 various fixes in html + unit tests on html 2015-07-05 17:50:42 +02:00
kakwa
d9031f0994 fix missing </span> in login form 2015-07-05 16:32:18 +02:00
kakwa
bf13f2a4f4 fix favicon 2015-07-05 14:30:53 +02:00
kakwa
ac7661731c implementing frontend password policy check 2015-07-01 08:50:50 +02:00
kakwa
04e28f10b1 enable error message for not valid/empty fields 2015-06-30 23:19:07 +02:00
kakwa
147cad3511 fix unicode 2015-06-27 22:35:34 +02:00
kakwa
45f32df72e make the key attribute not modifiable in modify form 2015-06-25 02:08:30 +02:00
kakwa
965ad84b7a using html fieldset 2015-06-24 00:58:32 +02:00
kakwa
117d18bc92 prefixing all form attributes to differenciate between types 2015-06-24 00:46:10 +02:00
kakwa
5f9758832f fix form input string list 2015-06-23 22:30:43 +02:00
kakwa
e367b38be3 fix confirmation 2015-06-23 10:45:12 +02:00