Marti Raudsepp
97d83890e0
Various minor cleanups and fixes ( #938 )
...
* Documentation fixes
* Various docstring and help string fixes
* Minor code cleanups
* Removed redundant .gitignore entry, ignored package-lock.json.
* 'return' statement in certificates.service.render was redundant
* Split up too long line
* Non-matching tags in templates
2017-09-25 15:33:42 -07:00
Marti Raudsepp
ec5dec4a16
Add option to disable owner email address in CSR subject ( #939 )
2017-09-25 15:32:08 -07:00
Doppins
4cfb621423
Upgrade dependency moto to ==1.1.14 ( #940 )
2017-09-25 15:31:39 -07:00
Doppins
c381331c10
Upgrade dependency pyjwt to ==1.5.3 ( #901 )
2017-09-25 09:19:54 -07:00
Doppins
a7923f2a06
Upgrade dependency six to ==1.11.0 ( #926 )
2017-09-25 09:19:40 -07:00
Doppins
e5f7172c97
[Doppins] Upgrade dependency paramiko to ==2.3.1 ( #927 )
...
* Upgrade dependency paramiko to ==2.3.0
* Upgrade dependency paramiko to ==2.3.1
2017-09-25 09:19:24 -07:00
Doppins
43fff0450b
Upgrade dependency acme to ==0.18.2 ( #928 )
2017-09-25 09:19:08 -07:00
Doppins
107fd3fce1
[Doppins] Upgrade dependency raven to ==6.2.1 ( #933 )
...
* Upgrade dependency raven to ==6.2.0
* Upgrade dependency raven to ==6.2.1
2017-09-25 09:18:57 -07:00
Doppins
1a9b6dec26
[Doppins] Upgrade dependency moto to ==1.1.13 ( #931 )
...
* Upgrade dependency moto to ==1.1.12
* Upgrade dependency moto to ==1.1.13
2017-09-25 09:18:40 -07:00
Aaron Mell
444be5bb7f
Updated Quikstart ( #934 )
...
Got some failures doing a clean install on Ubuntu 17.04 Zesty Zapus (Final) from virtualboxes.org
2017-09-22 12:35:25 -07:00
Doppins
5ebfa018ee
[Doppins] Upgrade dependency moto to ==1.1.11 ( #922 )
...
* Upgrade dependency moto to ==1.1.7
* Upgrade dependency moto to ==1.1.8
* Upgrade dependency moto to ==1.1.9
* Upgrade dependency moto to ==1.1.10
* Upgrade dependency moto to ==1.1.11
2017-09-21 10:31:45 -07:00
Ian Stahnke
a6dab5e1ee
a bit more ldap documentaion ( #930 )
2017-09-21 06:00:26 -07:00
Horatiu Eugen Vlad
f766871824
Create default rotation policy with name ( #924 )
2017-09-18 09:09:59 -07:00
Doppins
ba29bbe3be
Upgrade dependency pyOpenSSL to ==17.2.0 ( #918 )
2017-09-13 20:54:54 -07:00
Doppins
d711031ce9
Upgrade dependency moto to ==1.1.6 ( #919 )
2017-09-13 20:54:43 -07:00
Kevin Glisson
af5c19cc52
Solving conflicts
2017-09-13 09:41:19 -07:00
Kevin Glisson
359fbd2d73
Pinning version of PyOpenSSL #873
2017-09-13 09:39:52 -07:00
Caige Nichols
e8b9853367
Fixes 873 by explicitly declaring pyopenssl version. ( #917 )
2017-09-13 09:30:20 -07:00
Doppins
376b2b8051
Upgrade dependency moto to ==1.1.5 ( #916 )
2017-09-12 16:01:24 -07:00
Doppins
e8d0af87e4
Upgrade dependency SQLAlchemy-Utils to ==0.32.16 ( #895 )
2017-09-12 09:59:49 -07:00
Doppins
a4267320b0
Upgrade dependency Flask-Script to ==2.0.6 ( #900 )
2017-09-12 09:59:23 -07:00
Doppins
52dd42701a
Upgrade dependency moto to ==1.1.4 ( #915 )
2017-09-12 09:58:38 -07:00
Rick Breidenstein
fc9b1e5b12
server_default from "False" to sa.false() ( #913 )
2017-09-11 09:19:19 -07:00
Francisco Santos
2ecfaa41cf
Add pyldap mock for readthedocs ( #912 )
2017-09-11 09:18:03 -07:00
Francisco Santos
7106c4fdcf
Sync docs requirements.txt ( #910 )
2017-09-10 10:41:46 -07:00
Doppins
9420ca9949
Upgrade dependency acme to ==0.18.1 ( #908 )
2017-09-08 16:59:49 -07:00
Doppins
956a1851a2
Upgrade dependency moto to ==1.1.3 ( #909 )
2017-09-08 16:59:39 -07:00
Marti Raudsepp
dafed86179
Improve certificate name normalization: remove Unicode characters, etc. ( #906 )
...
* Accented characters are replaced with non-accented version (ä -> a)
* Spaces are replaced with '-' (previously they were removed)
* Multiple non-alphanumeric characters are collapsed into one '-'
2017-09-08 10:52:22 -07:00
Doppins
e72efce071
Upgrade dependency acme to ==0.18.0 ( #902 )
2017-09-07 18:09:52 -07:00
Doppins
77b9658dba
Upgrade dependency pyldap to ==2.4.37 ( #903 )
2017-09-07 18:09:37 -07:00
Doppins
090c984ca3
Upgrade dependency pytest to ==3.2.2 ( #904 )
2017-09-07 18:09:15 -07:00
Doppins
2ff25b656f
Upgrade dependency moto to ==1.1.2 ( #905 )
2017-09-07 18:09:07 -07:00
Ian Stahnke
ff4d1edd63
remove duplicated ldap_bind_uri description ( #898 )
2017-09-04 10:12:40 -07:00
Ian Stahnke
79d12578c7
basic ldap support ( #842 )
2017-09-03 20:41:43 -07:00
Doppins
c0784b40e0
Upgrade dependency Flask-Migrate to ==2.1.1 ( #892 )
2017-08-29 20:20:39 -07:00
kevgliss
ff87c487c8
It's too expensive to attempt to load all certificates associated with a given notification. Some queries such as `default` are associated with a large number of certificates. We have little control over when these objects are loaded, but when marshalled they are lazyloaded via SQLAlachemy. If a user needs to get all the certificates associated with a certificate they should use the /notifications/<id>/certificates endpoints that support pagination. ( #891 )
2017-08-28 17:57:39 -07:00
Marti Raudsepp
82b43b5a9d
Create signal hooks and handler for dumping CSR and certificate details ( #882 )
2017-08-28 17:35:56 -07:00
Doppins
4b4e159a8e
[Doppins] Upgrade dependency moto to ==1.1.1 ( #888 )
...
* Upgrade dependency moto to ==1.1.0
* Upgrade dependency moto to ==1.1.1
2017-08-28 17:35:12 -07:00
Marti Raudsepp
bb1c339655
Fix ability to remove all roles from authority ( #880 )
2017-08-28 17:35:01 -07:00
kevgliss
aca6d6346f
Removing legacy requirement for nodejs. Closes #866 ( #887 )
2017-08-25 10:12:56 -07:00
Marti Raudsepp
e7efaf4365
Prevent creation of empty SubjAltNames extension in CSR ( #883 )
2017-08-18 09:10:56 -07:00
Marti Raudsepp
c6d76f580e
Disable unused Flask Principal sessions ( #881 )
...
Lemur uses its own auth token for authentication; logging out doesn't
properly dispose of the Flask Principal session.
2017-08-17 09:24:35 -07:00
Marti Raudsepp
941df0366d
Fix roles display on user screen and fix removing user roles ( #879 )
2017-08-17 09:24:10 -07:00
Marti Raudsepp
7762d6ed52
Reworked sensitive domain name and restriction logic ( #878 )
...
* This is a fix for a potential security issue; the old code had edge
cases with unexpected behavior.
* LEMUR_RESTRICTED_DOMAINS is no more, instead LEMUR_WHITELISTED_DOMAINS
is a list of *allowed* domain name patterns. Per discussion in PR #600
* Domain restrictions are now checked everywhere: in domain name-like
CN (common name) values and SAN DNSNames, including raw CSR requests.
* Common name values that contain a space are exempt, since they cannot
be valid domain names.
2017-08-16 19:24:49 -07:00
Doppins
466df367e6
Upgrade dependency boto3 to ==1.4.6 ( #874 )
2017-08-16 09:56:22 -07:00
Doppins
b0c8787cfa
Upgrade dependency marshmallow to ==2.13.6 ( #877 )
2017-08-16 09:56:08 -07:00
Marti Raudsepp
cf805f530f
Prevent unintended access to sensitive fields (passwords, private keys) ( #876 )
...
Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.
The filter() function allowed guessing the content of password hashes
one character at a time.
The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.
2017-08-16 09:38:42 -07:00
Doppins
b40c6a1c67
Upgrade dependency pem to ==17.1.0 ( #872 )
2017-08-10 15:08:11 -07:00
Doppins
3a62010445
Upgrade dependency pytest to ==3.2.1 ( #871 )
2017-08-09 15:00:15 -07:00
Andrew Murray
3b4e7d9169
Fixed typo ( #870 )
2017-08-09 08:40:22 -07:00