hoeflingsoftware / dnn.keymaster Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Add a provider that supports machineKey, specially:
<machineKey validationKey="****" decryptionKey="***" decryption="***" validation="***" />
please delete. thx.
Describe the bug
The DNN application being used to apply Dnn.KeyMaster to contained some additional app settings which had an _ in the name Ie. "Portal_1". When Dnn.KeyMaster was applied these app settings were not transferred to Azure Key Vault and no warning was given.
To Reproduce
Steps to reproduce the behavior:
See description above
Expected Behavior
Vaues should be transferred to Azure Key Vault (if this is allowed) otherwise a warning should be given.
Actual Behavior
Values are lost with no warning given.
Version:
Additional context
Add any other context about the problem here.
Describe the bug
Unable to test or save secrets on first load
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Expected the secrets to validate
Version:
Describe the bug
Unable to Save when installing Key Master for the First Time
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Credentials saved correctly to secrets.json.resources
Actual Behavior
The save hangs and doesn't properly save to file
Version:
Describe the bug
If using a DNN database with an object qualifier Eg. DNN_{TableName}, the object qualifier is lost when KeyMaster is applied.
To Reproduce
Steps to reproduce the behavior:
Expected Behavior
App should reload with values in Azure Key Vault
Actual Behavior
App tries to redirect to /InstallWizard as it cannot connect to the database.
To fix issue objectQualifier="DNN" needs to be set in the web.config in the SqlDataProvider.
Version:
If the key vault denies the app from downloading the secrets there should be a useful exception message
The alpha build allows anyone to update the configuration and it needs to be locked down to host only
Is your feature request related to a problem? Please describe.
The secrets.json.resources file is stored in plain text and should be encrypted. This will add another layer of security to the Key Master
Describe the bug
The key master is currently incompatible with 2sxc structured content
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The 2sxc Content or App should be created and start the standard behavior of 2sxc
Version:
Additional context
Stack Trace:
Error: App is currently unavailable. DotNetNuke.Services.Exceptions.ModuleLoadException: A suitable constructor for type 'ToSic.Eav.Apps.Interfaces.IEnvironmentFactory' could not be located. Ensure the type is concrete and services are registered for all parameters of a public constructor. ---> System.InvalidOperationException: A suitable constructor for type 'ToSic.Eav.Apps.Interfaces.IEnvironmentFactory' could not be located. Ensure the type is concrete and services are registered for all parameters of a public constructor. at Microsoft.Extensions.Internal.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters) at Microsoft.Extensions.Internal.ActivatorUtilities.CreateInstance[T](IServiceProvider provider, Object[] parameters) at ToSic.Eav.Factory.Resolvet in C:\Projects\eav-server\ToSic.Eav.Core\Factory.cs:line 79 at ToSic.SexyContent.ContentBlocks.ModuleContentBlock..ctor(IInstanceInfo instanceInfo, Log parentLog, ITenant tenant, IEnumerable`1 overrideParams) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\ToSic.Sxc\SexyContent\ContentBlocks\ModuleContentBlock.cs:line 43 at ToSic.SexyContent.View.get_SxcInstance() in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\View.ascx.cs:line 24 at ToSic.SexyContent.View.Page_PreRender(Object sender, EventArgs e) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\View.ascx.cs:line 54 --- End of inner exception stack trace ---
When using Environment Variables configuration such as Azure App Settings there should be a configuration setting to allow updating the variables from the DNN UI. This was discussed in RFC #54
Add getting started guide into persona bar menu
There should be some kind of configuration wizard so the user doesn't have to create the key vault and app registration manually
This can be a 2.0 feature
Given the website is hosted by Azure you can specify app secrets in the App Settings feature. This will remove any hard coded secrets on disk.
For background if you are not using Azure Env Vars the secrets are stored in a file that contain the following important Vars
If the website is configured as stated above should we allow the host user ability to override from the DNN Website?
If the user chooses to manage their secrets from the Azure Env Vars I think they should be locked out from managing their secrets. It should only be managed from the Azure interface. This will increase the website security significantly as there will be no way to get the secrets without azure portal access.
In the scenario of a module installing and automatically adding new AppSettings these keys should automatically be updated.
We need to verify that the AppSettings providers and proxies properly update the AppSettings in memory and then update the appropriate vault
When the Key Master is toggled on/off the entire page needs to be reloaded. Currently this automatically happens but the User Experience is kind of clunky since the page load takes a long time. We should add an alert/modal that notifies the user that the process is complete and the website will be reloaded.
The current release is built targeting Dnn 9.2 but there are no 9.2 NuGets. When this gets resolved we can remove the lib folder
This is generated out of the question about testing different versions of 9.x.x and upgrade scenarios.
#27
Create a build pipeline that accomplishes the following:
If the user enters empty strings for any of the input fields, it is not communicating correctly to the user
Currently the Key Master installs as a Persona Bar Extension but it is more than just that
Currently the extension installs as 1 Persona Bar extension. Would this be better marked under another category such as:
This could be after initial 1.0.0 release
This will prevent people from downloading the file
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.