Commit Graph

1323 Commits

Author SHA1 Message Date
Doppins
376b2b8051 Upgrade dependency moto to ==1.1.5 () 2017-09-12 16:01:24 -07:00
Doppins
e8d0af87e4 Upgrade dependency SQLAlchemy-Utils to ==0.32.16 () 2017-09-12 09:59:49 -07:00
Doppins
a4267320b0 Upgrade dependency Flask-Script to ==2.0.6 () 2017-09-12 09:59:23 -07:00
Doppins
52dd42701a Upgrade dependency moto to ==1.1.4 () 2017-09-12 09:58:38 -07:00
Rick Breidenstein
fc9b1e5b12 server_default from "False" to sa.false() () 2017-09-11 09:19:19 -07:00
Francisco Santos
2ecfaa41cf Add pyldap mock for readthedocs () 2017-09-11 09:18:03 -07:00
Francisco Santos
7106c4fdcf Sync docs requirements.txt () 2017-09-10 10:41:46 -07:00
Doppins
9420ca9949 Upgrade dependency acme to ==0.18.1 () 2017-09-08 16:59:49 -07:00
Doppins
956a1851a2 Upgrade dependency moto to ==1.1.3 () 2017-09-08 16:59:39 -07:00
Marti Raudsepp
dafed86179 Improve certificate name normalization: remove Unicode characters, etc. ()
* Accented characters are replaced with non-accented version (ä -> a)
* Spaces are replaced with '-' (previously they were removed)
* Multiple non-alphanumeric characters are collapsed into one '-'
2017-09-08 10:52:22 -07:00
Doppins
e72efce071 Upgrade dependency acme to ==0.18.0 () 2017-09-07 18:09:52 -07:00
Doppins
77b9658dba Upgrade dependency pyldap to ==2.4.37 () 2017-09-07 18:09:37 -07:00
Doppins
090c984ca3 Upgrade dependency pytest to ==3.2.2 () 2017-09-07 18:09:15 -07:00
Doppins
2ff25b656f Upgrade dependency moto to ==1.1.2 () 2017-09-07 18:09:07 -07:00
Ian Stahnke
ff4d1edd63 remove duplicated ldap_bind_uri description () 2017-09-04 10:12:40 -07:00
Ian Stahnke
79d12578c7 basic ldap support () 2017-09-03 20:41:43 -07:00
Doppins
c0784b40e0 Upgrade dependency Flask-Migrate to ==2.1.1 () 2017-08-29 20:20:39 -07:00
kevgliss
ff87c487c8 It's too expensive to attempt to load all certificates associated with a given notification. Some queries such as default are associated with a large number of certificates. We have little control over when these objects are loaded, but when marshalled they are lazyloaded via SQLAlachemy. If a user needs to get all the certificates associated with a certificate they should use the /notifications/<id>/certificates endpoints that support pagination. () 2017-08-28 17:57:39 -07:00
Marti Raudsepp
82b43b5a9d Create signal hooks and handler for dumping CSR and certificate details () 2017-08-28 17:35:56 -07:00
Doppins
4b4e159a8e [Doppins] Upgrade dependency moto to ==1.1.1 ()
* Upgrade dependency moto to ==1.1.0

* Upgrade dependency moto to ==1.1.1
2017-08-28 17:35:12 -07:00
Marti Raudsepp
bb1c339655 Fix ability to remove all roles from authority () 2017-08-28 17:35:01 -07:00
kevgliss
aca6d6346f Removing legacy requirement for nodejs. Closes () 2017-08-25 10:12:56 -07:00
Marti Raudsepp
e7efaf4365 Prevent creation of empty SubjAltNames extension in CSR () 2017-08-18 09:10:56 -07:00
Marti Raudsepp
c6d76f580e Disable unused Flask Principal sessions ()
Lemur uses its own auth token for authentication; logging out doesn't
properly dispose of the Flask Principal session.
2017-08-17 09:24:35 -07:00
Marti Raudsepp
941df0366d Fix roles display on user screen and fix removing user roles () 2017-08-17 09:24:10 -07:00
Marti Raudsepp
7762d6ed52 Reworked sensitive domain name and restriction logic ()
* This is a fix for a potential security issue; the old code had edge
  cases with unexpected behavior.
* LEMUR_RESTRICTED_DOMAINS is no more, instead LEMUR_WHITELISTED_DOMAINS
  is a list of *allowed* domain name patterns. Per discussion in PR 
* Domain restrictions are now checked everywhere: in domain name-like
  CN (common name) values and SAN DNSNames, including raw CSR requests.
* Common name values that contain a space are exempt, since they cannot
  be valid domain names.
2017-08-16 19:24:49 -07:00
Doppins
466df367e6 Upgrade dependency boto3 to ==1.4.6 () 2017-08-16 09:56:22 -07:00
Doppins
b0c8787cfa Upgrade dependency marshmallow to ==2.13.6 () 2017-08-16 09:56:08 -07:00
Marti Raudsepp
cf805f530f Prevent unintended access to sensitive fields (passwords, private keys) ()
Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.

The filter() function allowed guessing the content of password hashes
one character at a time.

The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.
2017-08-16 09:38:42 -07:00
Doppins
b40c6a1c67 Upgrade dependency pem to ==17.1.0 () 2017-08-10 15:08:11 -07:00
Doppins
3a62010445 Upgrade dependency pytest to ==3.2.1 () 2017-08-09 15:00:15 -07:00
Andrew Murray
3b4e7d9169 Fixed typo () 2017-08-09 08:40:22 -07:00
Doppins
4245ba0d15 Upgrade dependency acme to ==0.17.0 () 2017-08-06 11:19:10 -07:00
Doppins
95e4c23db1 Upgrade dependency factory-boy to ==2.9.2 () 2017-08-06 11:19:00 -07:00
Rick Breidenstein
f5e120ad2e Update readme.txt () 2017-08-04 12:42:27 -07:00
Doppins
fab146b328 [Doppins] Upgrade dependency factory-boy to ==2.9.1 ()
* Upgrade dependency factory-boy to ==2.9.0

* Upgrade dependency factory-boy to ==2.9.1
2017-08-02 09:17:25 -07:00
Doppins
5aeadf8f98 [Doppins] Upgrade dependency psycopg2 to ==2.7.3 ()
* Upgrade dependency psycopg2 to ==2.7.2

* Upgrade dependency psycopg2 to ==2.7.3
2017-08-02 09:16:38 -07:00
Doppins
5f9c655594 Upgrade dependency Flask-Migrate to ==2.1.0 () 2017-08-02 09:16:21 -07:00
Doppins
dd18cac702 Upgrade dependency boto3 to ==1.4.5 () 2017-08-02 09:16:01 -07:00
Doppins
b76ab902e5 Upgrade dependency pytest to ==3.2.0 () 2017-08-02 09:15:42 -07:00
kevgliss
f5082e2d3a Starting transition away from not_before and not_after. () 2017-07-14 09:24:59 -07:00
kevgliss
61c493fc91 Adding additional failure conditions to sentry tracking. ()
* Adding additional failure conditions to sentry tracking.

* Removing sentry extension as a circular import.
2017-07-13 14:49:04 -07:00
kevgliss
6779e19ac9 Adding enum migration. () 2017-07-13 13:12:53 -07:00
kevgliss
443eb43d1f Adding the ability to specify a per-certificate rotation policy. () 2017-07-12 16:46:11 -07:00
Doppins
560bd5a872 Upgrade dependency acme to ==0.16.0 () 2017-07-12 15:53:32 -07:00
Doppins
8f35a64faf Upgrade dependency pyjwt to ==1.5.2 () 2017-07-12 15:52:50 -07:00
kevgliss
7507f6be50 Updating documentation () 2017-07-05 20:17:19 -07:00
Doppins
ac3b441456 Upgrade dependency pytest to ==3.1.3 () 2017-07-05 19:02:59 -07:00
Paul Van de Vreede
53113e5eeb Add auditing for creating or updating a cert. () 2017-07-04 06:39:16 -07:00
kevgliss
9d5db3ec12 This should not have been upgraded as it breaks mTLS () 2017-06-29 16:29:26 -07:00