security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-11 12:08:51 +01:00
Code Releases Activity
625 Commits 3 Branches 22 Tags 1.6 MiB
921a0820f4
Commit Graph

104 Commits

Author SHA1 Message Date
kakwa
921a0820f4 switch to using lists in templates 
Sets are not available in mako templates when using python3.
Reverting to using lists with 'if not in' checks to avoid duplication.
 2019-02-06 22:26:46 +01:00
kakwa
2df56d2de2 fix template over-escaping + python 3 support 
The templates were html escaping the generated js code for the
autofill and the role management. This was breaking these features.
It's okay to not escape these as they are coming from a trusted source
(configuration file).

Also make the templates python3 compatible (not need to import Set in
python 3)
 2019-02-06 21:38:11 +01:00
John Thiltges
c6cce54d5f Escape form values with markupsafe 
- Use markupsafe to format escaped HTML fragments
- Correct the formatting problems introduced with the XSS fixes
 2019-01-03 13:12:53 -06:00
John Thiltges
6f98076281 Protect against XSS vulnerabilities in URL redirection 
- Switch from base64 to URL encoding for the passing the URL, using the built-in Mako filtering
- Apply HTML filtering to Mako output by default
- Disable HTML filtering for nested templates in adduser, modify, and selfmodify
 2019-01-02 14:31:10 -06:00
kakwa
2e2453f309 fix camelcase 2017-04-06 01:26:54 +02:00
kakwa
bbb13454bf more warning removal 2017-04-06 01:21:57 +02:00
kakwa
3378822d2e fix some warnings 2017-04-06 01:20:51 +02:00
kakwa
6e526b6f15 hack to have a cleaner resize 2017-04-06 00:32:24 +02:00
kakwa
de5f760c37 removing duplicate option in form select fields 2017-04-05 23:37:41 +02:00
kakwa
a33a46e8b8 add dynamic resizing to align input-group-addon 
* add class to identify the 2 form columns
* add a js that calculate max width and resize all input-group-addon
spans
* load the js in the base template
 2017-04-05 23:24:19 +02:00
Stan Rudenko
f7f72c7e11 adding textarea 2017-03-02 18:47:49 -08:00
kakwa
07a60823ad Merge branch 'master' of https://github.com/kakwa/ldapcherry 2016-07-29 23:06:09 +02:00
kakwa
5ff62f0a8c fix ppolicy client side javascript checker 
Due to a missing encodeURIComponent, the post arguments of the
http query on /checkppolicy could be interpreted as several argument if
caracters like & or = were present.
This commit also adds error handling on http return codes in the
checker.
 2016-07-29 23:00:16 +02:00
pcarpent
37925b196b admin search if admin in navbar 
Now LdapCherry Administrator are displayed the searchadmin page
(the one displaying the modify and remove buttons) when they use
the navbar search.
 2016-07-29 11:12:30 +02:00
kakwa
408f75c449 add ldapcherry icon in navbar linked to / 2016-07-10 08:58:16 +02:00
kakwa
abf3d5dea9 focus on first field for all forms 
previously, only the add form had focus on first field. Now every form
(add, modifify, selfmodify) have focus on first field.
 2016-07-10 08:54:59 +02:00
kakwa
f3fabe502e disable min search lenght for admin search 2016-07-10 08:10:19 +02:00
kakwa
0beac119f9 fix many error with html unescaped attributes 2016-07-08 21:46:00 +02:00
kakwa
685031ef15 bolding the user's attributes 2016-07-07 08:15:50 +02:00
kakwa
80fa310f37 change the display form of the user's attributes 2016-07-07 08:11:50 +02:00
kakwa
ebc5b69374 implement the display of users attributes on index page 2016-07-07 08:01:57 +02:00
kakwa
c64bb11504 add a default handler for 404 requests 2016-07-06 22:50:59 +02:00
kakwa
655ccabd79 force focus on the first input of forms 2016-07-06 21:22:48 +02:00
kakwa
baee15c40f properly implementing minimum lenght limit in search 2016-07-06 20:47:33 +02:00
kakwa
3b6cf61b93 grotesque hacks to disable firefox autofilling of the forms 2016-07-06 20:37:24 +02:00
kakwa
9edc7e545a increment version + changelog + copyright to 2016 2016-07-05 20:33:06 +02:00
kakwa
28479f7202 Merge branch 'master' of https://github.com/kakwa/ldapcherry 2016-07-05 20:28:04 +02:00
kakwa
9a5aa03de6 adding a little js for min lenght search 
* impose a min lenght of 3 chars on searches, at least on the client
side...
 2016-07-05 20:26:29 +02:00
kakwa
43e4231be8 using POST instead of default GET... oups... sorry 2016-07-05 20:02:58 +02:00
kakwa
e45c0e862e reindent javascript 2016-07-05 19:57:35 +02:00
Yuusuke KOUNOIKE
268c8f935b maxuid is not 'max'. 2016-06-19 01:48:50 +09:00
kakwa
921eef4b04 implementing default value in form 2016-06-16 22:11:48 +02:00
kakwa
55cd8529c3 adding special treatment if field is not required for ppolicy 2015-11-02 23:43:51 +01:00
kakwa
7a1fb0dc8c modifying the templates to include custom ppolicy error message 2015-11-02 23:25:01 +01:00
kakwa
27e05ac7f2 adding piece of javascript to display custom ppolicy messages 2015-11-02 23:24:35 +01:00
kakwa
8833fe6df6 update validator.js 2015-11-02 23:12:12 +01:00
kakwa
2451b2efdd adding notification after an action is performed 2015-10-28 23:11:23 +01:00
kakwa
61df2094c4 implementing custom js 2015-08-09 10:35:28 +02:00
kakwa
efcaad54fc multiple modification/fix 
* add display_name parameter for backend
* handle display_name in modify template (lonely groups) and error
  message
* fix bug in modify when user is in only one backend
* remove redondant exception in ad/ldap backend
* fix unit test accordingly
* fix License in AD backend (GPLv3 -> MIT, previously tought of using
  samba4 python library which is GPL, but this module finaly uses
  python-ldap which is MIT compatible)
 2015-07-31 20:08:21 +02:00
kakwa
1703dc9a33 adding global exception handler 2015-07-14 23:37:20 +02:00
kakwa
04c294e038 disable autofill for modify forms 2015-07-10 20:11:07 +02:00
kakwa
6dd81f5a91 implementing various autofill javascript functions 2015-07-08 01:55:31 +02:00
kakwa
d9e33364ca implementing lcDisplayName 2015-07-08 00:59:23 +02:00
kakwa
3cbdfe62ec using onchange instead on onkeyup 2015-07-08 00:57:03 +02:00
kakwa
5dc8011749 implement hooks to call autofill functions 2015-07-08 00:43:58 +02:00
kakwa
665195fef4 adding autofill js file in base templates 2015-07-08 00:43:26 +02:00
kakwa
2d06e14d63 adding skeleton of autofill functions 2015-07-08 00:42:53 +02:00
kakwa
af4e24218e adding js to replace diacritic char in js 2015-07-06 10:18:51 +02:00
kakwa
1f0cc50d58 adding a redirected to the originaly requested page on login 
user not authenticated and requesting an url are redirected to
the signin page with the requested page url as the query string (in
base64). It permits to redirect them to the requested page once they
've log in.
 2015-07-06 07:58:27 +02:00
kakwa
56eeea61f7 fix html in error template 2015-07-05 23:07:24 +02:00