Marti Raudsepp
dafed86179
Improve certificate name normalization: remove Unicode characters, etc. ( #906 )
...
* Accented characters are replaced with non-accented version (ä -> a)
* Spaces are replaced with '-' (previously they were removed)
* Multiple non-alphanumeric characters are collapsed into one '-'
2017-09-08 10:52:22 -07:00
Doppins
e72efce071
Upgrade dependency acme to ==0.18.0 ( #902 )
2017-09-07 18:09:52 -07:00
Doppins
77b9658dba
Upgrade dependency pyldap to ==2.4.37 ( #903 )
2017-09-07 18:09:37 -07:00
Doppins
090c984ca3
Upgrade dependency pytest to ==3.2.2 ( #904 )
2017-09-07 18:09:15 -07:00
Doppins
2ff25b656f
Upgrade dependency moto to ==1.1.2 ( #905 )
2017-09-07 18:09:07 -07:00
Ian Stahnke
ff4d1edd63
remove duplicated ldap_bind_uri description ( #898 )
2017-09-04 10:12:40 -07:00
Ian Stahnke
79d12578c7
basic ldap support ( #842 )
2017-09-03 20:41:43 -07:00
Doppins
c0784b40e0
Upgrade dependency Flask-Migrate to ==2.1.1 ( #892 )
2017-08-29 20:20:39 -07:00
kevgliss
ff87c487c8
It's too expensive to attempt to load all certificates associated with a given notification. Some queries such as `default` are associated with a large number of certificates. We have little control over when these objects are loaded, but when marshalled they are lazyloaded via SQLAlachemy. If a user needs to get all the certificates associated with a certificate they should use the /notifications/<id>/certificates endpoints that support pagination. ( #891 )
2017-08-28 17:57:39 -07:00
Marti Raudsepp
82b43b5a9d
Create signal hooks and handler for dumping CSR and certificate details ( #882 )
2017-08-28 17:35:56 -07:00
Doppins
4b4e159a8e
[Doppins] Upgrade dependency moto to ==1.1.1 ( #888 )
...
* Upgrade dependency moto to ==1.1.0
* Upgrade dependency moto to ==1.1.1
2017-08-28 17:35:12 -07:00
Marti Raudsepp
bb1c339655
Fix ability to remove all roles from authority ( #880 )
2017-08-28 17:35:01 -07:00
kevgliss
aca6d6346f
Removing legacy requirement for nodejs. Closes #866 ( #887 )
2017-08-25 10:12:56 -07:00
Marti Raudsepp
e7efaf4365
Prevent creation of empty SubjAltNames extension in CSR ( #883 )
2017-08-18 09:10:56 -07:00
Marti Raudsepp
c6d76f580e
Disable unused Flask Principal sessions ( #881 )
...
Lemur uses its own auth token for authentication; logging out doesn't
properly dispose of the Flask Principal session.
2017-08-17 09:24:35 -07:00
Marti Raudsepp
941df0366d
Fix roles display on user screen and fix removing user roles ( #879 )
2017-08-17 09:24:10 -07:00
Marti Raudsepp
7762d6ed52
Reworked sensitive domain name and restriction logic ( #878 )
...
* This is a fix for a potential security issue; the old code had edge
cases with unexpected behavior.
* LEMUR_RESTRICTED_DOMAINS is no more, instead LEMUR_WHITELISTED_DOMAINS
is a list of *allowed* domain name patterns. Per discussion in PR #600
* Domain restrictions are now checked everywhere: in domain name-like
CN (common name) values and SAN DNSNames, including raw CSR requests.
* Common name values that contain a space are exempt, since they cannot
be valid domain names.
2017-08-16 19:24:49 -07:00
Doppins
466df367e6
Upgrade dependency boto3 to ==1.4.6 ( #874 )
2017-08-16 09:56:22 -07:00
Doppins
b0c8787cfa
Upgrade dependency marshmallow to ==2.13.6 ( #877 )
2017-08-16 09:56:08 -07:00
Marti Raudsepp
cf805f530f
Prevent unintended access to sensitive fields (passwords, private keys) ( #876 )
...
Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.
The filter() function allowed guessing the content of password hashes
one character at a time.
The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.
2017-08-16 09:38:42 -07:00
Doppins
b40c6a1c67
Upgrade dependency pem to ==17.1.0 ( #872 )
2017-08-10 15:08:11 -07:00
Doppins
3a62010445
Upgrade dependency pytest to ==3.2.1 ( #871 )
2017-08-09 15:00:15 -07:00
Andrew Murray
3b4e7d9169
Fixed typo ( #870 )
2017-08-09 08:40:22 -07:00
Doppins
4245ba0d15
Upgrade dependency acme to ==0.17.0 ( #866 )
2017-08-06 11:19:10 -07:00
Doppins
95e4c23db1
Upgrade dependency factory-boy to ==2.9.2 ( #868 )
2017-08-06 11:19:00 -07:00
Rick Breidenstein
f5e120ad2e
Update readme.txt ( #869 )
2017-08-04 12:42:27 -07:00
Doppins
fab146b328
[Doppins] Upgrade dependency factory-boy to ==2.9.1 ( #863 )
...
* Upgrade dependency factory-boy to ==2.9.0
* Upgrade dependency factory-boy to ==2.9.1
2017-08-02 09:17:25 -07:00
Doppins
5aeadf8f98
[Doppins] Upgrade dependency psycopg2 to ==2.7.3 ( #858 )
...
* Upgrade dependency psycopg2 to ==2.7.2
* Upgrade dependency psycopg2 to ==2.7.3
2017-08-02 09:16:38 -07:00
Doppins
5f9c655594
Upgrade dependency Flask-Migrate to ==2.1.0 ( #861 )
2017-08-02 09:16:21 -07:00
Doppins
dd18cac702
Upgrade dependency boto3 to ==1.4.5 ( #862 )
2017-08-02 09:16:01 -07:00
Doppins
b76ab902e5
Upgrade dependency pytest to ==3.2.0 ( #865 )
2017-08-02 09:15:42 -07:00
kevgliss
f5082e2d3a
Starting transition away from not_before and not_after. ( #854 )
2017-07-14 09:24:59 -07:00
kevgliss
61c493fc91
Adding additional failure conditions to sentry tracking. ( #853 )
...
* Adding additional failure conditions to sentry tracking.
* Removing sentry extension as a circular import.
2017-07-13 14:49:04 -07:00
kevgliss
6779e19ac9
Adding enum migration. ( #852 )
2017-07-13 13:12:53 -07:00
kevgliss
443eb43d1f
Adding the ability to specify a per-certificate rotation policy. ( #851 )
2017-07-12 16:46:11 -07:00
Doppins
560bd5a872
Upgrade dependency acme to ==0.16.0 ( #850 )
2017-07-12 15:53:32 -07:00
Doppins
8f35a64faf
Upgrade dependency pyjwt to ==1.5.2 ( #846 )
2017-07-12 15:52:50 -07:00
kevgliss
7507f6be50
Updating documentation ( #849 )
2017-07-05 20:17:19 -07:00
Doppins
ac3b441456
Upgrade dependency pytest to ==3.1.3 ( #847 )
2017-07-05 19:02:59 -07:00
Paul Van de Vreede
53113e5eeb
Add auditing for creating or updating a cert. ( #845 )
2017-07-04 06:39:16 -07:00
kevgliss
9d5db3ec12
This should not have been upgraded as it breaks mTLS ( #844 )
2017-06-29 16:29:26 -07:00
kevgliss
169dcb86e2
supporting the ability to push exceptions to sentry ( #843 )
2017-06-29 14:12:38 -07:00
Ian Stahnke
e4f5224f42
set ses email content type to utf-8 instead of string ( #841 )
2017-06-28 09:44:19 -07:00
kevgliss
98907e66e9
Minor fixes to S3.put signature ( #840 )
2017-06-27 16:18:34 -07:00
kevgliss
c05343d58e
Adds the ability for destination plugins to be sub-classed from Expor… ( #839 )
...
* Adds the ability for destination plugins to be sub-classed from ExportDestination. These plugins have the extra option of specifying an export plugin before the destination receives the data. Closes #807 .
* fixing tests
2017-06-26 12:03:24 -07:00
Paul Borg
541fbc9a6d
Use named kwargs rather than args when calling s3 put ( #830 )
2017-06-20 11:28:19 -07:00
Doppins
ef08e02333
[Doppins] Upgrade dependency paramiko to ==2.2.1 ( #833 )
...
* Upgrade dependency paramiko to ==2.1.3
* Upgrade dependency paramiko to ==2.2.0
* Upgrade dependency paramiko to ==2.2.1
2017-06-14 09:20:35 -07:00
Asbjørn Kjær
35cc7ef8d7
Adding support for private DigiCert certificates ( #835 )
2017-06-14 09:20:24 -07:00
Asbjørn Kjær
e77382864b
Fixing KeyError on error handling ( #834 )
2017-06-14 09:07:27 -07:00
Doppins
b5fd802005
Upgrade dependency acme to ==0.15.0 ( #831 )
2017-06-09 09:03:07 -07:00