2019-09-14 18:36:23 -04:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< title > Buckler< / title >
2019-09-25 12:51:36 -04:00
< link rel = "stylesheet" type = "text/css" href = "/static/buckler.css" >
2019-09-20 19:24:12 -04:00
< script >
var users_perms = {{ users_json|safe }};
< / script >
< script type = "text/javascript" src = "/static/buckler.js" > < / script >
2019-09-25 12:51:36 -04:00
< script > window . onload = load ; < / script >
2019-09-25 15:12:58 -04:00
< meta name = "viewport" content = "width=device-width, initial-scale=0.8" >
< meta name = "description" content = "A small shield for web applications." >
2019-09-14 18:36:23 -04:00
< / head >
< body >
2019-09-20 19:24:12 -04:00
< header >
2019-09-25 15:12:58 -04:00
< object id = "logo" title = "Buckler logo" data = "/static/buckler_icon.svg" > < / object >
2019-09-20 19:24:12 -04:00
< h1 > Buckler< / h1 >
< / header >
< main >
2019-09-24 19:34:20 -04:00
< section >
2019-09-25 12:51:36 -04:00
< h2 > Available Sites< / h2 >
< article >
< hr >
< ul id = "avail_sites" >
{% for site in avail_sites %}
< li > < a href = "{{ site['url'] }}" > {{ site['name'] }}< / a > < / li >
{% endfor %}
< / ul >
< / article >
2019-09-24 19:34:20 -04:00
< / section >
2019-09-20 19:24:12 -04:00
{% if request['session']['admin'] %}
2019-09-24 19:34:20 -04:00
< section >
2019-09-25 12:51:36 -04:00
< h2 > User Permissions< / h2 >
2019-09-25 15:00:29 -04:00
< article style = "display: none;" >
2019-09-25 12:51:36 -04:00
< hr >
< table id = "users" >
< thead >
< tr >
< th > User< / th >
{% for app in apps %}
2019-09-26 13:33:06 -04:00
< th > {{ app['name'] }}< / th >
2019-09-25 12:51:36 -04:00
{% endfor %}
< th > < / th >
< / tr >
< / thead >
< tbody >
{% for username, values in users.items() %}
< tr >
< td > {{ username }}< / td >
2019-09-26 14:39:48 -04:00
{% for name, value in values.items() %}
< td > < input aria-label = "{{ username }}-{{ name }}" data-app-name = {{ name } } type = "checkbox" onchange = "perm_change(this.parentElement.parentElement)" { % if value % } checked { % endif % } > < / td >
2019-09-25 12:51:36 -04:00
{% endfor %}
< td > < input type = "submit" > < / td >
< / tr >
2019-09-24 19:34:20 -04:00
{% endfor %}
2019-09-25 12:51:36 -04:00
< / tbody >
< / table >
< / article >
2019-09-24 19:34:20 -04:00
< / section >
2019-09-20 19:24:12 -04:00
{% endif %}
2019-09-24 19:34:20 -04:00
< section >
2019-09-25 12:51:36 -04:00
< h2 > Change Password< / h2 >
2019-09-25 15:00:29 -04:00
< article style = "display: none;" >
2019-09-25 12:51:36 -04:00
< hr >
< form action = "{{ request.app.router['change_password'].url_for() }}" method = "post" enctype = "application/x-www-form-urlencoded" >
< label for = "current_password" > Current password< / label >
< input id = "current_password" name = "current_password" type = "password" > < br >
< label for = "new_password" > New password< / label >
< input id = "new_password" name = "new_password" type = "password" > < br >
< label for = "verify_password" > Verify password< / label >
< input id = "verify_password" name = "verify_password" type = "password" > < br >
< input type = "submit" value = "Submit" >
< / form >
< / article >
2019-09-24 19:34:20 -04:00
< / section >
< section >
2019-09-25 12:51:36 -04:00
< h2 > Security Keys< / h2 >
2019-09-25 15:00:29 -04:00
< article style = "display: none;" >
2019-09-25 12:51:36 -04:00
< hr >
{% if fido2_keys %}
2019-09-26 18:29:39 -04:00
< form action = "{{ request.app.router['delete_key'].url_for() }}" method = "POST" enctype = "application/x-www-form-urlencoded" >
< table id = "security_keys" >
< thead >
< tr >
< th > Nick< / th >
< th > Delete< / th >
< / tr >
< / thead >
< tbody >
{% for key in fido2_keys %}
< tr >
< td > {{ key['nick'] }}< / td >
< td > < input aria-label = "Delete {{ key['nick'] }}" id = "fido-{{ key['id'] }}" name = "fido-{{ key['id'] }}" type = "checkbox" > < / td >
< / tr >
{% endfor %}
< / tbody >
< / table >
< input type = "submit" value = "Delete" >
< / form >
2019-09-25 12:51:36 -04:00
{% else %}
< span > No registered keys.< / span >
{% endif %}
< br > < a href = "./add_key" > Add key< / a >
< / article >
2019-09-24 19:34:20 -04:00
< / section >
2019-09-25 15:00:29 -04:00
< section >
< h2 > Active Sessions< / h2 >
< article style = "display: none;" >
< hr >
2019-09-26 18:44:00 -04:00
< form action = "{{ request.app.router['delete_session'].url_for() }}" method = "POST" enctype = "application/x-www-form-urlencoded" >
< table id = "active_sessions" >
< thead >
< tr >
< th > Session ID< / th >
< th > IP Address< / th >
2019-09-26 19:15:46 -04:00
< th > Created< / th >
< th > Last Used< / th >
2019-09-26 18:44:00 -04:00
< th > Delete< / th >
< / tr >
< / thead >
< tbody >
{% for session in active_sessions %}
< tr >
< td > < code > {{ session['id'][:5] }}...{{ session['id'][-5:] }}< / code > < / td >
< td > {{ session['ip_address'] }}< / td >
2019-09-26 19:15:46 -04:00
< td > {{ session['date_created'].strftime('%Y-%m-%d %H:%M') }}< / td >
< td > {{ session['last_used'].strftime('%Y-%m-%d %H:%M') }}< / td >
2019-09-26 18:44:00 -04:00
< td > < input aria-label = "Delete {{ session['id'][:5] }}...{{ session['id'][-5:] }}" id = "session-{{ session['id'] }}" name = "session-{{ session['id'] }}" type = "checkbox" > < / td >
< / tr >
{% endfor %}
< / tbody >
< / table >
< input type = "submit" value = "Delete" >
< / form >
2019-09-25 15:00:29 -04:00
< / article >
< / section >
2019-09-20 19:24:12 -04:00
< / main >
2019-09-14 18:36:23 -04:00
< / body >
< / html >
