Kevin Glisson
af5c19cc52
Solving conflicts
2017-09-13 09:41:19 -07:00
Kevin Glisson
359fbd2d73
Pinning version of PyOpenSSL #873
2017-09-13 09:39:52 -07:00
Caige Nichols
e8b9853367
Fixes 873 by explicitly declaring pyopenssl version. ( #917 )
2017-09-13 09:30:20 -07:00
Doppins
376b2b8051
Upgrade dependency moto to ==1.1.5 ( #916 )
2017-09-12 16:01:24 -07:00
Doppins
e8d0af87e4
Upgrade dependency SQLAlchemy-Utils to ==0.32.16 ( #895 )
2017-09-12 09:59:49 -07:00
Doppins
a4267320b0
Upgrade dependency Flask-Script to ==2.0.6 ( #900 )
2017-09-12 09:59:23 -07:00
Doppins
52dd42701a
Upgrade dependency moto to ==1.1.4 ( #915 )
2017-09-12 09:58:38 -07:00
Rick Breidenstein
fc9b1e5b12
server_default from "False" to sa.false() ( #913 )
2017-09-11 09:19:19 -07:00
Francisco Santos
2ecfaa41cf
Add pyldap mock for readthedocs ( #912 )
2017-09-11 09:18:03 -07:00
Francisco Santos
7106c4fdcf
Sync docs requirements.txt ( #910 )
2017-09-10 10:41:46 -07:00
Doppins
9420ca9949
Upgrade dependency acme to ==0.18.1 ( #908 )
2017-09-08 16:59:49 -07:00
Doppins
956a1851a2
Upgrade dependency moto to ==1.1.3 ( #909 )
2017-09-08 16:59:39 -07:00
Marti Raudsepp
dafed86179
Improve certificate name normalization: remove Unicode characters, etc. ( #906 )
...
* Accented characters are replaced with non-accented version (ä -> a)
* Spaces are replaced with '-' (previously they were removed)
* Multiple non-alphanumeric characters are collapsed into one '-'
2017-09-08 10:52:22 -07:00
Doppins
e72efce071
Upgrade dependency acme to ==0.18.0 ( #902 )
2017-09-07 18:09:52 -07:00
Doppins
77b9658dba
Upgrade dependency pyldap to ==2.4.37 ( #903 )
2017-09-07 18:09:37 -07:00
Doppins
090c984ca3
Upgrade dependency pytest to ==3.2.2 ( #904 )
2017-09-07 18:09:15 -07:00
Doppins
2ff25b656f
Upgrade dependency moto to ==1.1.2 ( #905 )
2017-09-07 18:09:07 -07:00
Ian Stahnke
ff4d1edd63
remove duplicated ldap_bind_uri description ( #898 )
2017-09-04 10:12:40 -07:00
Ian Stahnke
79d12578c7
basic ldap support ( #842 )
2017-09-03 20:41:43 -07:00
Doppins
c0784b40e0
Upgrade dependency Flask-Migrate to ==2.1.1 ( #892 )
2017-08-29 20:20:39 -07:00
kevgliss
ff87c487c8
It's too expensive to attempt to load all certificates associated with a given notification. Some queries such as default
are associated with a large number of certificates. We have little control over when these objects are loaded, but when marshalled they are lazyloaded via SQLAlachemy. If a user needs to get all the certificates associated with a certificate they should use the /notifications/<id>/certificates endpoints that support pagination. ( #891 )
2017-08-28 17:57:39 -07:00
Marti Raudsepp
82b43b5a9d
Create signal hooks and handler for dumping CSR and certificate details ( #882 )
2017-08-28 17:35:56 -07:00
Doppins
4b4e159a8e
[Doppins] Upgrade dependency moto to ==1.1.1 ( #888 )
...
* Upgrade dependency moto to ==1.1.0
* Upgrade dependency moto to ==1.1.1
2017-08-28 17:35:12 -07:00
Marti Raudsepp
bb1c339655
Fix ability to remove all roles from authority ( #880 )
2017-08-28 17:35:01 -07:00
kevgliss
aca6d6346f
Removing legacy requirement for nodejs. Closes #866 ( #887 )
2017-08-25 10:12:56 -07:00
Marti Raudsepp
e7efaf4365
Prevent creation of empty SubjAltNames extension in CSR ( #883 )
2017-08-18 09:10:56 -07:00
Marti Raudsepp
c6d76f580e
Disable unused Flask Principal sessions ( #881 )
...
Lemur uses its own auth token for authentication; logging out doesn't
properly dispose of the Flask Principal session.
2017-08-17 09:24:35 -07:00
Marti Raudsepp
941df0366d
Fix roles display on user screen and fix removing user roles ( #879 )
2017-08-17 09:24:10 -07:00
Marti Raudsepp
7762d6ed52
Reworked sensitive domain name and restriction logic ( #878 )
...
* This is a fix for a potential security issue; the old code had edge
cases with unexpected behavior.
* LEMUR_RESTRICTED_DOMAINS is no more, instead LEMUR_WHITELISTED_DOMAINS
is a list of *allowed* domain name patterns. Per discussion in PR #600
* Domain restrictions are now checked everywhere: in domain name-like
CN (common name) values and SAN DNSNames, including raw CSR requests.
* Common name values that contain a space are exempt, since they cannot
be valid domain names.
2017-08-16 19:24:49 -07:00
Doppins
466df367e6
Upgrade dependency boto3 to ==1.4.6 ( #874 )
2017-08-16 09:56:22 -07:00
Doppins
b0c8787cfa
Upgrade dependency marshmallow to ==2.13.6 ( #877 )
2017-08-16 09:56:08 -07:00
Marti Raudsepp
cf805f530f
Prevent unintended access to sensitive fields (passwords, private keys) ( #876 )
...
Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.
The filter() function allowed guessing the content of password hashes
one character at a time.
The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.
2017-08-16 09:38:42 -07:00
Doppins
b40c6a1c67
Upgrade dependency pem to ==17.1.0 ( #872 )
2017-08-10 15:08:11 -07:00
Doppins
3a62010445
Upgrade dependency pytest to ==3.2.1 ( #871 )
2017-08-09 15:00:15 -07:00
Andrew Murray
3b4e7d9169
Fixed typo ( #870 )
2017-08-09 08:40:22 -07:00
Doppins
4245ba0d15
Upgrade dependency acme to ==0.17.0 ( #866 )
2017-08-06 11:19:10 -07:00
Doppins
95e4c23db1
Upgrade dependency factory-boy to ==2.9.2 ( #868 )
2017-08-06 11:19:00 -07:00
Rick Breidenstein
f5e120ad2e
Update readme.txt ( #869 )
2017-08-04 12:42:27 -07:00
Doppins
fab146b328
[Doppins] Upgrade dependency factory-boy to ==2.9.1 ( #863 )
...
* Upgrade dependency factory-boy to ==2.9.0
* Upgrade dependency factory-boy to ==2.9.1
2017-08-02 09:17:25 -07:00
Doppins
5aeadf8f98
[Doppins] Upgrade dependency psycopg2 to ==2.7.3 ( #858 )
...
* Upgrade dependency psycopg2 to ==2.7.2
* Upgrade dependency psycopg2 to ==2.7.3
2017-08-02 09:16:38 -07:00
Doppins
5f9c655594
Upgrade dependency Flask-Migrate to ==2.1.0 ( #861 )
2017-08-02 09:16:21 -07:00
Doppins
dd18cac702
Upgrade dependency boto3 to ==1.4.5 ( #862 )
2017-08-02 09:16:01 -07:00
Doppins
b76ab902e5
Upgrade dependency pytest to ==3.2.0 ( #865 )
2017-08-02 09:15:42 -07:00
kevgliss
f5082e2d3a
Starting transition away from not_before and not_after. ( #854 )
2017-07-14 09:24:59 -07:00
kevgliss
61c493fc91
Adding additional failure conditions to sentry tracking. ( #853 )
...
* Adding additional failure conditions to sentry tracking.
* Removing sentry extension as a circular import.
2017-07-13 14:49:04 -07:00
kevgliss
6779e19ac9
Adding enum migration. ( #852 )
2017-07-13 13:12:53 -07:00
kevgliss
443eb43d1f
Adding the ability to specify a per-certificate rotation policy. ( #851 )
2017-07-12 16:46:11 -07:00
Doppins
560bd5a872
Upgrade dependency acme to ==0.16.0 ( #850 )
2017-07-12 15:53:32 -07:00
Doppins
8f35a64faf
Upgrade dependency pyjwt to ==1.5.2 ( #846 )
2017-07-12 15:52:50 -07:00
kevgliss
7507f6be50
Updating documentation ( #849 )
2017-07-05 20:17:19 -07:00