automation/tlscerts.git
2 years agoguard against future XSS exploits master rjw57/fix-xss-vuln 1.6
Rich Wareham [Wed, 13 Dec 2017 15:02:50 +0000 (15:02 +0000)]
guard against future XSS exploits

In the spirit of the main XSS CSR fix, identify other likely places
where an XSS is likely and use jQuery's text() function to set text
explicitly.

2 years agofix XSS by templating HTML properly
Rich Wareham [Wed, 13 Dec 2017 14:37:49 +0000 (14:37 +0000)]
fix XSS by templating HTML properly

An XSS was reported by fanf2 who noted that the CSR at the bottom of
this message would result in un-escaped HTML from the decoded CSR being
added to the page.

Fix this by not trying to do our own templating and instead make use of
Handlebars.js (http://handlebarsjs.com) to do the templating for us.

Example CSR:

-----BEGIN CERTIFICATE REQUEST-----
MIIDJjCCAg4CAQAwgbExCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5DYW1icmlkZ2Vz
aGlyZTESMBAGA1UEBwwJQ0FNQlJJREdFMSAwHgYDVQQKDBdVbml2ZXJzaXR5IG9m
IENhbWJyaWRnZTE3MDUGA1UECwwuPGltZyBzcmM9J2h0dHA6Ly9kb3RhdC5hdC9n
cmFwaGljcy9kb3RhdC5naWYnPjEaMBgGA1UEAwwRZGV2LmRucy5jYW0uYWMudWsw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVQ7BYjOBMAKzx6iaQMrPh
8k5J1CvKHyToYK4prpUiCyFbl2nyvQVxdQFHEi+hxgcPrVbMyta7VC0GtP525eX3
3cIn+Gdw3NseKkC/LxXfxlTsI3jv5b1f/r6fRsZJ3F+2kwhgccL+xDcATDPdMRYY
bsHjVaLNyxwmWFgF59uTtw6547egrp7aNSXmvasq2+JQ5/i9/dlXLPdHLgCuoTNE
55IlptM7bgg3Hj5SMUHNGH53jO753Q24Wm+Xp3zFnG3lmwGVo/9/tHSrOKtphJZ/
rQYh0q3k64VQk5YTNCWajJwaliNYsvJJ2BCc28LRvqArYvf/BgXtPgBaRNmpiBaX
AgMBAAGgLzAtBgkqhkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCEWRldi5kbnMuY2Ft
LmFjLnVrMA0GCSqGSIb3DQEBCwUAA4IBAQBuvyIOrekYyMuwMkXyTomh2UnoKjxx
ORWvIoi3D9XsDHmWzkBFM76xcbK8T/IokoeR4qdxouv0pzczIlonLkVnMHmlj+mt
PRITZ7bsKtBqxjiIIu51ju5mX8JL68ThCuJWxGgz+p7dZjIDeDsxGvA7KweoQXad
+nBeIINOl1m/NnomaDB9/iUJyAKGGocV5WlrlYw6HY2825jTUZ5QuLMin+qV/4s0
KWZdRi2SBfS7XrriSYI7KnfaVa8oDWDVy1An/L5+xmYJtb6hdqYiEn6TltTyDF50
oLHQffmtWrcI2pU5JKqf03XHL6Ztxp0VH4pXQbILFn9DXHnaSBMtVcgz
-----END CERTIFICATE REQUEST-----

2 years agorequirements: fix version of Django at <1.8
Rich Wareham [Wed, 13 Dec 2017 14:15:30 +0000 (14:15 +0000)]
requirements: fix version of Django at <1.8

Django has moved on since 1.7 and this app, for the moment, has not.
Tests still pass with 1.8 but since Debian maintain support for 1.7, fix
the version of Django.

3 years agoUpdate email content that goes to the user origin/HEAD origin/master 1.5
Abraham Martin [Mon, 19 Jun 2017 16:23:10 +0000 (17:23 +0100)]
Update email content that goes to the user

3 years agoUpdate app with new certificates issued by JANET/QuoVadis
Abraham Martin [Mon, 19 Jun 2017 16:07:13 +0000 (17:07 +0100)]
Update app with new certificates issued by JANET/QuoVadis

4 years agoAdd missing 'import sys' to tls_api.py 1.4
Jon Warbrick [Sat, 10 Sep 2016 14:29:25 +0000 (15:29 +0100)]
Add missing 'import sys' to tls_api.py

4 years agoSwitch tls_api.py to read csr from stdin
Jon Warbrick [Sat, 10 Sep 2016 14:26:01 +0000 (15:26 +0100)]
Switch tls_api.py to read csr from stdin

Under the userv APIO, the CSR is from the outside, and so untrusted and
shouldn't appear on the command line. It could be sanitised, but it's
easier all round if its read from stdin.

4 years agoFix typo in contact_name 1.3
Jon Warbrick [Fri, 9 Sep 2016 12:38:56 +0000 (13:38 +0100)]
Fix typo in contact_name

4 years agoMerge branch 'master' of ssh://git.csx.cam.ac.uk/u/amc203/tlscerts
Jon Warbrick [Fri, 9 Sep 2016 12:36:40 +0000 (13:36 +0100)]
Merge branch 'master' of ssh://git.csx.cam.ac.uk/u/amc203/tlscerts

4 years agoRename falcon_cert_api as tls_api; pass request data in arguements
Jon Warbrick [Fri, 9 Sep 2016 12:23:32 +0000 (13:23 +0100)]
Rename falcon_cert_api as tls_api; pass request data in arguements

Update wat was falcon_cert_api to expect all request data, including
much that was previously hard-coded for Falcon, in a pair of command
line argumnts.

Rename it tls_api.py as a consequence.

4 years agoRename falcon_cert_api as tls_api; pass request data in arguements
Jon Warbrick [Fri, 9 Sep 2016 12:23:32 +0000 (13:23 +0100)]
Rename falcon_cert_api as tls_api; pass request data in arguements

Update wat was falcon_cert_api to expect all request data, including
much that was previously hard-coded for Falcon, in a pair of command
line argumnts.

Rename it tls_api.py as a consequence.

4 years agoFix unintended Perl-ism in falcon_cert_api.py
Jon Warbrick [Thu, 8 Sep 2016 17:02:48 +0000 (18:02 +0100)]
Fix unintended Perl-ism in falcon_cert_api.py

4 years agoSwitch falcon_cert_api to expect crsid and csr as args
Jon Warbrick [Thu, 8 Sep 2016 16:54:26 +0000 (17:54 +0100)]
Switch falcon_cert_api to expect crsid and csr as args

As part of making it easier to call falcon_cert_api, add a crsid to
to passed arguments and use that to identify the requester. At the same
time, change the 'Contact Name' to the generic 'Falcon Support'.

4 years agojenkins requirements changed 1.2
Abraham Martin [Tue, 5 Apr 2016 12:54:01 +0000 (13:54 +0100)]
jenkins requirements changed

4 years agoFix text
Abraham Martin [Tue, 5 Apr 2016 12:47:46 +0000 (13:47 +0100)]
Fix text

4 years agochange jenkins settings
Abraham Martin [Tue, 5 Apr 2016 12:47:39 +0000 (13:47 +0100)]
change jenkins settings

4 years agochange jenkins settings
Abraham Martin [Tue, 5 Apr 2016 12:33:25 +0000 (13:33 +0100)]
change jenkins settings

4 years agochange jenkins settings
Abraham Martin [Tue, 5 Apr 2016 12:28:17 +0000 (13:28 +0100)]
change jenkins settings

4 years agoNew wildcard rules for JISC Quovadis certificates
Abraham Martin [Tue, 5 Apr 2016 12:17:38 +0000 (13:17 +0100)]
New wildcard rules for JISC Quovadis certificates

4 years agoSearch box added 1.1
Abraham Martin [Thu, 19 Nov 2015 14:40:18 +0000 (14:40 +0000)]
Search box added

5 years agotypo fix 1.0
Abraham Martin [Tue, 15 Sep 2015 10:43:04 +0000 (11:43 +0100)]
typo fix

5 years agoAlso accept x-zip-compressed mime type
Abraham Martin [Fri, 28 Aug 2015 09:47:35 +0000 (10:47 +0100)]
Also accept x-zip-compressed mime type

5 years agoNew JANET rules: key length can only be 2048 or 4096
Abraham Martin [Thu, 13 Aug 2015 13:55:01 +0000 (14:55 +0100)]
New JANET rules: key length can only be 2048 or 4096

5 years agoConfigured TimeZone settings to support BST
Abraham Martin [Wed, 27 May 2015 13:23:13 +0000 (14:23 +0100)]
Configured TimeZone settings to support BST

5 years agotypos fix
Abraham Martin [Thu, 21 May 2015 16:40:45 +0000 (17:40 +0100)]
typos fix

5 years agostats added
Abraham Martin [Tue, 19 May 2015 17:29:14 +0000 (18:29 +0100)]
stats added

5 years agojs and css files for graphs
Abraham Martin [Tue, 19 May 2015 09:39:19 +0000 (10:39 +0100)]
js and css files for graphs

5 years agodynamic generation of stats
Abraham Martin [Tue, 19 May 2015 09:34:05 +0000 (10:34 +0100)]
dynamic generation of stats

5 years agodynamic generation of stats
Abraham Martin [Tue, 19 May 2015 09:32:07 +0000 (10:32 +0100)]
dynamic generation of stats

5 years agodynamic generation of stats
Abraham Martin [Tue, 19 May 2015 09:29:35 +0000 (10:29 +0100)]
dynamic generation of stats

5 years agodynamic generation of stats
Abraham Martin [Tue, 19 May 2015 09:21:14 +0000 (10:21 +0100)]
dynamic generation of stats

5 years agoMore tests
Abraham Martin [Mon, 18 May 2015 09:21:34 +0000 (10:21 +0100)]
More tests

5 years agoMore testing
Abraham Martin [Fri, 15 May 2015 16:41:15 +0000 (17:41 +0100)]
More testing

5 years agoMore testing
Abraham Martin [Fri, 15 May 2015 16:17:20 +0000 (17:17 +0100)]
More testing

5 years agoMore testing
Abraham Martin [Fri, 15 May 2015 15:50:57 +0000 (16:50 +0100)]
More testing

5 years agoChange format of the key when extracting it from the cert
Abraham Martin [Fri, 15 May 2015 11:12:40 +0000 (12:12 +0100)]
Change format of the key when extracting it from the cert

5 years agoadd thawte certificates (for importing old certificates)
Abraham Martin [Fri, 15 May 2015 11:09:59 +0000 (12:09 +0100)]
add thawte certificates (for importing old certificates)

5 years agoOld certificates
Abraham Martin [Fri, 15 May 2015 11:09:26 +0000 (12:09 +0100)]
Old certificates

5 years agopass exceptions and other types of errors in the compatibility function
Abraham Martin [Wed, 13 May 2015 15:06:54 +0000 (16:06 +0100)]
pass exceptions and other types of errors in the compatibility function

5 years agoAdd intermediate certificates to the zip file
Abraham Martin [Wed, 13 May 2015 12:08:22 +0000 (13:08 +0100)]
Add intermediate certificates to the zip file

5 years agobetter output of the string representation of the TLSCert object
Abraham Martin [Tue, 12 May 2015 16:47:49 +0000 (17:47 +0100)]
better output of the string representation of the TLSCert object

5 years agoBetter management of weird things inside a CRT
Abraham Martin [Tue, 12 May 2015 16:46:26 +0000 (17:46 +0100)]
Better management of weird things inside a CRT

5 years agoRevert "Better management of weird things inside a CRT"
Abraham Martin [Tue, 12 May 2015 16:46:13 +0000 (17:46 +0100)]
Revert "Better management of weird things inside a CRT"

This reverts commit 8ac10c5e04df2fefeca6b416b5b9b4e87e20d907.

5 years agoBetter management of weird things inside a CRT
Abraham Martin [Tue, 12 May 2015 16:45:57 +0000 (17:45 +0100)]
Better management of weird things inside a CRT

5 years agoDo not show download link for legacy certificate requests
Abraham Martin [Tue, 12 May 2015 16:45:01 +0000 (17:45 +0100)]
Do not show download link for legacy certificate requests

5 years agoBetter detection of intermediate/root certificates
Abraham Martin [Tue, 12 May 2015 16:44:36 +0000 (17:44 +0100)]
Better detection of intermediate/root certificates

5 years agoUpdated email text
Abraham Martin [Tue, 12 May 2015 08:48:49 +0000 (09:48 +0100)]
Updated email text

5 years agoChange order certificates are shown
Abraham Martin [Tue, 12 May 2015 08:45:43 +0000 (09:45 +0100)]
Change order certificates are shown

5 years agotypo fix
Abraham Martin [Mon, 11 May 2015 15:56:34 +0000 (16:56 +0100)]
typo fix

5 years agoReplace tlscerts@ucs for tlscerts@uis
Abraham Martin [Mon, 11 May 2015 10:23:32 +0000 (11:23 +0100)]
Replace tlscerts@ucs for tlscerts@uis

5 years agoReduced size of the test file
Abraham Martin [Mon, 11 May 2015 10:15:40 +0000 (11:15 +0100)]
Reduced size of the test file

5 years agoAdd coverage files to gitignore
Abraham Martin [Mon, 11 May 2015 09:45:35 +0000 (10:45 +0100)]
Add coverage files to gitignore

5 years agoPhone contact now mandatory
Abraham Martin [Mon, 11 May 2015 09:40:06 +0000 (10:40 +0100)]
Phone contact now mandatory

5 years agoShow actual cost in the warning text
Abraham Martin [Mon, 11 May 2015 09:25:54 +0000 (10:25 +0100)]
Show actual cost in the warning text

5 years agoAdded log options to the production server
Abraham Martin [Mon, 11 May 2015 08:59:21 +0000 (09:59 +0100)]
Added log options to the production server

5 years agoShow the reason only if there is a reason
Abraham Martin [Mon, 11 May 2015 08:56:27 +0000 (09:56 +0100)]
Show the reason only if there is a reason

5 years agoShow the reason why the certificate was approved/denied to the user
Abraham Martin [Fri, 8 May 2015 16:23:19 +0000 (17:23 +0100)]
Show the reason why the certificate was approved/denied to the user

5 years agofix jenkins
Abraham Martin [Fri, 8 May 2015 15:58:50 +0000 (16:58 +0100)]
fix jenkins

5 years agoChange TLSCERTS_EMAIL based on type of server
Abraham Martin [Fri, 8 May 2015 12:59:34 +0000 (13:59 +0100)]
Change TLSCERTS_EMAIL based on type of server

5 years agoTemporary rules for wildcard certificates, until Jisc fixes it
Abraham Martin [Thu, 7 May 2015 17:12:06 +0000 (18:12 +0100)]
Temporary rules for wildcard certificates, until Jisc fixes it

5 years agoPEP8
Abraham Martin [Thu, 7 May 2015 16:50:27 +0000 (17:50 +0100)]
PEP8

5 years agoAdmin pages tests
Abraham Martin [Thu, 7 May 2015 16:43:55 +0000 (17:43 +0100)]
Admin pages tests

5 years agoDropbox tests
Abraham Martin [Thu, 7 May 2015 11:52:47 +0000 (12:52 +0100)]
Dropbox tests

5 years agoUpdated email wording
Abraham Martin [Thu, 7 May 2015 09:20:06 +0000 (10:20 +0100)]
Updated email wording

5 years agoInitial falcon certificate creation API
Abraham Martin [Wed, 6 May 2015 16:35:26 +0000 (17:35 +0100)]
Initial falcon certificate creation API

python manage.py falcon_cert_api “`cat falconsite1.csr`”
--settings=tlscerts.production_settings

5 years agodefault certificate: quovadis OV
Abraham Martin [Wed, 6 May 2015 15:58:35 +0000 (16:58 +0100)]
default certificate: quovadis OV

5 years agoSend email to user-admin only when the user has upload the purchase order for a paid...
Abraham Martin [Wed, 6 May 2015 15:47:09 +0000 (16:47 +0100)]
Send email to user-admin only when the user has upload the purchase order for a paid certificate

5 years agoCheck intermediate and root certificates inside the zip file
Abraham Martin [Wed, 6 May 2015 15:42:11 +0000 (16:42 +0100)]
Check intermediate and root certificates inside the zip file

5 years agoDeleted old non-squashed migrations
Abraham Martin [Wed, 6 May 2015 15:16:18 +0000 (16:16 +0100)]
Deleted old non-squashed migrations

5 years agoadded lookup/ibis urls
Abraham Martin [Wed, 6 May 2015 14:53:51 +0000 (15:53 +0100)]
added lookup/ibis urls

5 years agoAdded privacy wording
Abraham Martin [Wed, 6 May 2015 14:28:05 +0000 (15:28 +0100)]
Added privacy wording

5 years agoUpdated index text
Abraham Martin [Wed, 6 May 2015 14:04:08 +0000 (15:04 +0100)]
Updated index text

5 years agoUpdated email text
Abraham Martin [Wed, 6 May 2015 14:03:34 +0000 (15:03 +0100)]
Updated email text

5 years agoTest export_as_csv
Abraham Martin [Wed, 6 May 2015 14:03:27 +0000 (15:03 +0100)]
Test export_as_csv

5 years agoShow PO in cert view
Abraham Martin [Wed, 6 May 2015 12:47:52 +0000 (13:47 +0100)]
Show PO in cert view

5 years agoAdded JS warning on wrong file type
Abraham Martin [Wed, 6 May 2015 12:43:28 +0000 (13:43 +0100)]
Added JS warning on wrong file type

5 years agosuper user creation script
Abraham Martin [Wed, 6 May 2015 11:20:06 +0000 (12:20 +0100)]
super user creation script

5 years agoNew squashed migrations, ready for production
Abraham Martin [Wed, 6 May 2015 10:42:59 +0000 (11:42 +0100)]
New squashed migrations, ready for production

5 years agoSquashed migrations
Abraham Martin [Wed, 6 May 2015 10:28:42 +0000 (11:28 +0100)]
Squashed migrations

5 years agoOnly show PO if you have uploaded one
Abraham Martin [Wed, 6 May 2015 10:22:42 +0000 (11:22 +0100)]
Only show PO if you have uploaded one

5 years agoAllow admin to edit purchase order
Abraham Martin [Wed, 6 May 2015 08:25:02 +0000 (09:25 +0100)]
Allow admin to edit purchase order

5 years agoViews and Templates for the PurchaseOrderForm
Abraham Martin [Tue, 5 May 2015 16:31:03 +0000 (17:31 +0100)]
Views and Templates for the PurchaseOrderForm

5 years agoModelForm to let the user upload a Purchase Order
Abraham Martin [Tue, 5 May 2015 16:29:16 +0000 (17:29 +0100)]
ModelForm to let the user upload a Purchase Order

5 years agoServe the purchase orders files only to admins
Abraham Martin [Tue, 5 May 2015 16:27:23 +0000 (17:27 +0100)]
Serve the purchase orders files only to admins

5 years agoCreate a new FileSystemStorage for purchase orders' PDFs
Abraham Martin [Tue, 5 May 2015 16:19:32 +0000 (17:19 +0100)]
Create a new FileSystemStorage for purchase orders' PDFs

5 years agoChange text
Abraham Martin [Tue, 5 May 2015 16:14:55 +0000 (17:14 +0100)]
Change text

5 years agochange CertificateTypeNotFoundException location
Abraham Martin [Tue, 5 May 2015 16:14:06 +0000 (17:14 +0100)]
change CertificateTypeNotFoundException location

5 years agoexport csv option in admin page
Abraham Martin [Tue, 5 May 2015 14:03:13 +0000 (15:03 +0100)]
export csv option in admin page

5 years agoExtract Jisc order id from the filename (only zip)
Abraham Martin [Tue, 5 May 2015 13:17:52 +0000 (14:17 +0100)]
Extract Jisc order id from the filename (only zip)

5 years agopagination in certificates table
Abraham Martin [Tue, 5 May 2015 11:31:47 +0000 (12:31 +0100)]
pagination in certificates table

5 years agoRejected certificates view for admins
Abraham Martin [Tue, 5 May 2015 11:10:05 +0000 (12:10 +0100)]
Rejected certificates view for admins

5 years agocoloured buttons
Abraham Martin [Tue, 5 May 2015 10:50:01 +0000 (11:50 +0100)]
coloured buttons

5 years agoredirect finance-pending to cert view
Abraham Martin [Tue, 5 May 2015 10:29:46 +0000 (11:29 +0100)]
redirect finance-pending to cert view

5 years agoPEP8
Abraham Martin [Tue, 5 May 2015 10:24:10 +0000 (11:24 +0100)]
PEP8

5 years agoreduce exceptions extend
Abraham Martin [Tue, 5 May 2015 10:19:23 +0000 (11:19 +0100)]
reduce exceptions extend

5 years agofinance-pending to Certificates table in admin
Abraham Martin [Tue, 5 May 2015 10:15:58 +0000 (11:15 +0100)]
finance-pending to Certificates table in admin

5 years agorequired message added
Abraham Martin [Tue, 5 May 2015 09:58:41 +0000 (10:58 +0100)]
required message added

5 years agoeaster egg
Abraham Martin [Tue, 5 May 2015 09:58:33 +0000 (10:58 +0100)]
easter egg

5 years agoMark more views as admin views
Abraham Martin [Tue, 5 May 2015 09:20:28 +0000 (10:20 +0100)]
Mark more views as admin views

5 years agoNew ordering of certificates
Abraham Martin [Tue, 5 May 2015 09:20:15 +0000 (10:20 +0100)]
New ordering of certificates