I'm not entirely sure why, but it seems that the 'groupList' table class is causing the table on the "Manage Requests" page to not render on my build. If I comment out that particular class, everything is rendered just fine. This doesn't seem specific to my browser, it seems lots of people in my shop have experienced this issue. But just in case, here is a list of the browsers I've used and have gotten this result:

Firefox 40.0, OS X 10.10.4
Safari 8.0.7, OS X 10.10.4
Chrome 44.0.2403.155, Windows 8.1 x64

I was very tempted to combine this with the other manage_requests issue, but the bureaucrat in me wouldn't let me combine issues in a single container. Currently, the manage_requests code references the_request.computer.serial and the_request.computer.computername to display a the serial and name of a machine related to a request. However, since the split which caused secrets to be there own model, the correct references are the_request.serial.computer.serial and the_request.secret.computer.computername.

At the very least requests to access secrets should trigger a notification email, would be great to tie into #4 API request, as the text could contain an approval trigger. On the fence about if emails could also optionally be generated on every new escrow/secret storage event.

Currently, the Docker container is failing with the following error:

SystemCheckError: System check identified some issues:
ERRORS:
?: (translation.E001) You have provided an invalid value for the LANGUAGE_CODE setting.

If you use LANG=en it works fine.

If you set it to en-US, it doesn't recognize it (as en-us appears to be what django is klooking for).
Full trace:

Traceback (most recent call last):
  File "manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/local/lib/python3.7/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
    utility.execute()
  File "/usr/local/lib/python3.7/site-packages/django/core/management/__init__.py", line 375, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/local/lib/python3.7/site-packages/django/core/management/base.py", line 323, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/local/lib/python3.7/site-packages/django/core/management/base.py", line 361, in execute
    self.check()
  File "/usr/local/lib/python3.7/site-packages/django/core/management/base.py", line 390, in check
    include_deployment_checks=include_deployment_checks,
  File "/usr/local/lib/python3.7/site-packages/django/core/management/commands/migrate.py", line 65, in _run_checks
    issues.extend(super()._run_checks(**kwargs))
  File "/usr/local/lib/python3.7/site-packages/django/core/management/base.py", line 377, in _run_checks
    return checks.run_checks(**kwargs)
  File "/usr/local/lib/python3.7/site-packages/django/core/checks/registry.py", line 72, in run_checks
    new_errors = check(app_configs=app_configs)
  File "/usr/local/lib/python3.7/site-packages/django/core/checks/urls.py", line 13, in check_url_config
    return check_resolver(resolver)
  File "/usr/local/lib/python3.7/site-packages/django/core/checks/urls.py", line 23, in check_resolver
    return check_method()
  File "/usr/local/lib/python3.7/site-packages/django/urls/resolvers.py", line 399, in check
    for pattern in self.url_patterns:
  File "/usr/local/lib/python3.7/site-packages/django/utils/functional.py", line 80, in __get__
    res = instance.__dict__[self.name] = self.func(instance)
  File "/usr/local/lib/python3.7/site-packages/django/urls/resolvers.py", line 584, in url_patterns
    patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
  File "/usr/local/lib/python3.7/site-packages/django/utils/functional.py", line 80, in __get__
    res = instance.__dict__[self.name] = self.func(instance)
  File "/usr/local/lib/python3.7/site-packages/django/urls/resolvers.py", line 577, in urlconf_module
    return import_module(self.urlconf_name)
  File "/usr/local/lib/python3.7/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
  File "<frozen importlib._bootstrap>", line 983, in _find_and_load
  File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 728, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/home/docker/crypt/fvserver/urls.py", line 3, in <module>
    from .origurls import *
  File "/home/docker/crypt/fvserver/origurls.py", line 8, in <module>
    import django.contrib.admindocs.urls as admindocs_urls
  File "/usr/local/lib/python3.7/site-packages/django/contrib/admindocs/urls.py", line 1, in <module>
    from django.contrib.admindocs import views
  File "/usr/local/lib/python3.7/site-packages/django/contrib/admindocs/views.py", line 9, in <module>
    from django.contrib.admindocs import utils
  File "/usr/local/lib/python3.7/site-packages/django/contrib/admindocs/utils.py", line 11, in <module>
    import docutils.core
  File "/usr/local/lib/python3.7/site-packages/docutils/core.py", line 20, in <module>
    from docutils import frontend, io, utils, readers, writers
  File "/usr/local/lib/python3.7/site-packages/docutils/frontend.py", line 41, in <module>
    import docutils.utils
  File "/usr/local/lib/python3.7/site-packages/docutils/utils/__init__.py", line 20, in <module>
    import docutils.io
  File "/usr/local/lib/python3.7/site-packages/docutils/io.py", line 18, in <module>
    from docutils.utils.error_reporting import locale_encoding, ErrorString, ErrorOutput
  File "/usr/local/lib/python3.7/site-packages/docutils/utils/error_reporting.py", line 47, in <module>
    locale_encoding = locale.getlocale()[1] or locale.getdefaultlocale()[1]
  File "/usr/local/lib/python3.7/locale.py", line 587, in getlocale
    return _parse_localename(localename)
  File "/usr/local/lib/python3.7/locale.py", line 495, in _parse_localename
    raise ValueError('unknown locale: %s' % localename)
ValueError: unknown locale: en-US

I am sorry for the brief, not too descriptive explanation - I have a deadline of tonight to have 3 Macs out, hopefully with this solution, but likely will have to be removed and back to Apple holding the keys :(

I set up Crypt-server as per the instructions on a Debian image (not docker) everything seemed to be working well (Nginx as webserver) - all pages functional - logs in fine etc.

I came to use Crypt2 on the Macs, distributed by Munki - post install script writing defaults write /Library/Preferences/com.grahamgilbert.crypt ServerURL "https://crypt.example.com" (with my domain obviously)

This seemed to work as the Macs started encrypting, however none of them show on the Admin panel of crypt-server, neither is there anything under "Approve Requests". Have a missed a stage and should have setup Groups/Users etc (I will be the only person viewing them as admin, no untrusted user access)

I will have probably 30 mins to fault find then have to bin the solution due to deadline unfortunately

Any pointers would be appreciated

Tried to run docker version Crypt-server - basic usage, the container keeps restarting, checked the log, it indicated there is Django incorrect padding exception.

Any clues to fix this error? thanks.

2019-08-13T03:12:51.285423650Z File "manage.py", line 10, in
2019-08-13T03:12:51.285426573Z execute_from_command_line(sys.argv)
2019-08-13T03:12:51.285428961Z File "/usr/local/lib/python3.7/site-packages/django/core/management/init.py", line 381, in execute_from_command_line
2019-08-13T03:12:51.285431611Z utility.execute()
2019-08-13T03:12:51.285433853Z File "/usr/local/lib/python3.7/site-packages/django/core/management/init.py", line 357, in execute
2019-08-13T03:12:51.285436254Z django.setup()
2019-08-13T03:12:51.285439077Z File "/usr/local/lib/python3.7/site-packages/django/init.py", line 24, in setup
2019-08-13T03:12:51.285441403Z apps.populate(settings.INSTALLED_APPS)
2019-08-13T03:12:51.285443523Z File "/usr/local/lib/python3.7/site-packages/django/apps/registry.py", line 112, in populate
2019-08-13T03:12:51.285445867Z app_config.import_models()
2019-08-13T03:12:51.285448151Z File "/usr/local/lib/python3.7/site-packages/django/apps/config.py", line 198, in import_models
2019-08-13T03:12:51.285450541Z self.models_module = import_module(models_module_name)
2019-08-13T03:12:51.285452650Z File "/usr/local/lib/python3.7/importlib/init.py", line 127, in import_module
2019-08-13T03:12:51.285455040Z return _bootstrap._gcd_import(name[level:], package, level)
2019-08-13T03:12:51.285457229Z File "", line 1006, in _gcd_import
2019-08-13T03:12:51.285459777Z File "", line 983, in _find_and_load
2019-08-13T03:12:51.285462241Z File "", line 967, in _find_and_load_unlocked
2019-08-13T03:12:51.285464589Z File "", line 677, in _load_unlocked
2019-08-13T03:12:51.285467579Z File "", line 728, in exec_module
2019-08-13T03:12:51.285470184Z File "", line 219, in _call_with_frames_removed
2019-08-13T03:12:51.285472510Z File "/home/docker/crypt/server/models.py", line 4, in
2019-08-13T03:12:51.285475031Z from encrypted_model_fields.fields import EncryptedCharField
2019-08-13T03:12:51.285477364Z File "/usr/local/lib/python3.7/site-packages/encrypted_model_fields/fields.py", line 45, in
2019-08-13T03:12:51.285479827Z CRYPTER = get_crypter()
2019-08-13T03:12:51.285481917Z File "/usr/local/lib/python3.7/site-packages/encrypted_model_fields/fields.py", line 37, in get_crypter
2019-08-13T03:12:51.285484250Z raise ImproperlyConfigured('FIELD_ENCRYPTION_KEY defined incorrectly: {}'.format(str(e)))
2019-08-13T03:12:51.285486627Z django.core.exceptions.ImproperlyConfigured: FIELD_ENCRYPTION_KEY defined incorrectly: Incorrect padding

Hi, Following the docs i have to get this setup, the
This is on Centos 7.4 but the first issue i ran into was during the pip install

Collecting django-extensions==1.6.8 (from -r crypt/setup/requirements.txt (line 4))
  Could not find a version that satisfies the requirement django-extensions==1.6.8 (from -r crypt/setup/requirements.txt (line 4)) (from versions: 0.4, 0.4.1, 0.5, 0.6, 0.7, 0.7.1, 0.8, 0.9, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.6.1, 1.6.2, 1.6.3, 1.6.5, 1.6.6, 1.6.7, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 1.9.3, 1.9.6, 1.9.7, 1.9.8, 1.9.9)
No matching distribution found for django-extensions==1.6.8 (from -r crypt/setup/requirements.txt (line 4))

So i change the requirements.txt to be django-extensions==1.6.7

I than the manage.py syncdb but got the error below

(crypt_env) [cryptuser@suttonvm2 crypt]$ python manage.py syncdb
Traceback (most recent call last):
  File "manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/local/crypt_env/lib/python2.7/site-packages/django/core/management/__init__.py", line 367, in execute_from_command_line
    utility.execute()
  File "/usr/local/crypt_env/lib/python2.7/site-packages/django/core/management/__init__.py", line 341, in execute
    django.setup()
  File "/usr/local/crypt_env/lib/python2.7/site-packages/django/__init__.py", line 27, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "/usr/local/crypt_env/lib/python2.7/site-packages/django/apps/registry.py", line 108, in populate
    app_config.import_models(all_models)
  File "/usr/local/crypt_env/lib/python2.7/site-packages/django/apps/config.py", line 199, in import_models
    self.models_module = import_module(models_module_name)
  File "/apps/Linux64/python2.7/lib/python2.7/importlib/__init__.py", line 37, in import_module
    __import__(name)
  File "/usr/local/crypt_env/crypt/server/models.py", line 4, in <module>
    from django_extensions.db.fields.encrypted import EncryptedCharField
  File "/usr/local/crypt_env/lib/python2.7/site-packages/django_extensions/db/fields/encrypted.py", line 112, in <module>
    class EncryptedTextField(six.with_metaclass(models.SubfieldBase,
AttributeError: 'module' object has no attribute 'SubfieldBase'

Any help would be great
Thanks

API access, more about validation than actually extracting data. I'd rather not ship keys out from the server, ever, no matter how much it could come in handy. More about validating it got escrowed/rolled

I've successfully run the client as root from command line, and can see the attempt to contact the crypt server. Unfortunately the escrow seems to fail quietly, and while the local HDD is successfully setup to use filevault, the crypt client hangs, and no client appears in the crypt server.

Suggestions on where I can look for logging would be appreciated.

Hi,
I tried to adjust the timezone of docker with the following methods, but both of them don't work

1. -v /etc/localtime:/etc/localtime:ro
2. install tzdate, and RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime.
3. ENV TZ=Asia/Shanghai

any suggestions?

Hi, I find your project very interesting and I am installing it.
I encountered the following problem:
When launching the command:
python3 manage.py syncdb
The following error appears:
Fernet key must be 32 url-safe base64-encoded bytes.
error

The key must be added in the file settings.py as a variable:
FIELD_ENCRYPTION_KEY = "blablablablablablablablabla"
or
the line in the system_settings.py file must be modified
FIELD_ENCRYPTION_KEY = os.environ.get ("FIELD_ENCRYPTION_KEY", "blablablablablablablablabla")
settings.py
system_settings.py

Thanks for the help.

I followed all the steps provided in the doc for Installation on Ubuntu 14.04 LTS, and at the end of the process I went to load the server and I receive the Apache Default page rather than the Crypt Server.

crypt.conf: https://gist.github.com/tempusthales/fadccba90474c497f237a67bbfe242d7#file-crypt-conf

other than that, the rest of the files are configured the way the doc says. When I point my browser to the server I receive the Apache2 Ubuntu Default Page rather then the crypt server.

Things that need to happen before or in a 3.0 release

• Move to Python 3
• Update to latest Django
• Switch to a maintained encrypted field implementation
• Version number in the footer (for @clburlison )
• Ajax backed data tables. Initial load can be sluggish when you get into the 10’s of thousands of records.
• Slim down docker container to just have the app and update instructions to use docker compose for a web server in front of the app.
• Move documentation to wiki
• Document upgrade process
• Document running in production with docker (caddy and or nginx) and external database (link to these docs up to step 4 for setting up a database)
• Document PoC setup w/ sqlite
• Update screenshots
• Highlight approve button when there are pending requests

Please chime in if there is anything that should also be considered.

Hi,
I tried following the instruction on how to get crypt-server running on 14.04 (because I can't use docker, due to proxy issues). After a bit of struggling, I got crypt-server to run, but when I access it via browser, I get this:

Unknown parameters: debug
Request Method:	GET
Request URL:	https://crypt.fpprod.corp/login/?next=/
Django Version:	1.10
Exception Type:	ImproperlyConfigured
Exception Value:	
Unknown parameters: debug
Exception Location:	/usr/local/crypt_env/local/lib/python2.7/site-packages/django/template/backends/base.py in __init__, line 29
Python Executable:	/usr/bin/python
Python Version:	2.7.6
Python Path:	
['/usr/local/crypt_env/lib/python2.7',
 '/usr/local/crypt_env/lib/python2.7/plat-x86_64-linux-gnu',
 '/usr/local/crypt_env/lib/python2.7/lib-tk',
 '/usr/local/crypt_env/lib/python2.7/lib-old',
 '/usr/local/crypt_env/lib/python2.7/lib-dynload',
 '/usr/lib/python2.7',
 '/usr/lib/python2.7/plat-x86_64-linux-gnu',
 '/usr/lib/python2.7/lib-tk',
 '/usr/local/crypt_env/local/lib/python2.7/site-packages',
 '/usr/local/crypt_env/lib/python2.7/site-packages',
 '/usr/local/crypt_env',
 '/usr/local/crypt_env/crypt']
Server time:	Thu, 2 Mar 2017 17:36:55 +0100

(this is with debug enabled).
Does anyone have any ideas?

Apart from this issue, I couldn't get pip install -r crypt/setup/requirements.txt step to work, as there is no 1.6.8 version of django-extensions. There is 1.6.7 and 1.7.1, so I followd the steps from Dockerfile to install django-extensions.

I'd like to encrypt with a static password(ideally laid down via the new DEP-delivered hidden admin profile?) and then roll it once we add the assigned AD user. We'd therefore be hoping to escrow a random new password to crypt, separating the computer into a separate table, perhaps based on serial?

Needed to install apache(should've done it before lib wsgi stuff, as well) and add Require all granted to the vhost conf as per this SO answer

Since I didn't have apache, I needed to run a2enmod wsgi, as per this other SO answer, shouldn't be necessary since postinstall of libapache2-mod-wsgi apache2_invoke enables it for you, should've been tipped off since I needed to make the enclosing folder, sites-available, for the vhost conf as well.
Will cook up PR soon, including CentOS docs.

See #107 for a fix

Hello,

I'm having some problems migrating my Crypt2 docker container to Crypt3. I know this is not an issue per se but I'm hoping I can find some advice here.
I'm able to run my new Crypt3 container using the provided documentation here (https://github.com/grahamgilbert/Crypt-Server/blob/master/docs/Docker.md).
If I provide my old keys and the new encryption key in the docker run command I can access my crypt content.
My question now is what needs to be done to migrate from Crypt2 to Crypt3. What has to be migrated and in which way do I have to handle my old keys?
Also what is the best way to handle not having the new encrypion key in the run command?

Sorry if this is a stupid questions, just having some problems understanding.

Thanks,
Patrick

Reporter: henningkessler via MacAdmins Slack

Summary: When clicking on the URLs from approval emails Crypt sends us to a 404.

Issue line 359 in server/views.py

reverse("server:secret_info", args=[new_request.id]),

Fix (verified by henningkessler)

reverse("server:secret_info", args=[new_request.secret.id]),

Henning is going to work on a PR but I wanted to get this issue documented in case something falls through.

Slack ref link

Notice that when i try to click "+ New Computer" within the web interface there is an error.

The following is what i get from debugging. Let me know what else you may need. Thanks!

Request Method: GET
Request URL: http://192.168.246.15:8000/new/computer/

Django Version: 1.10
Python Version: 2.7.6
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'django.contrib.admindocs',
 'server',
 'bootstrap3',
 'django_extensions')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')



Traceback:

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/exception.py" in inner
  39.             response = get_response(request)

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in _legacy_get_response
  249.             response = self._get_response(request)

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/usr/local/lib/python2.7/dist-packages/django/contrib/auth/decorators.py" in _wrapped_view
  23.                 return view_func(request, *args, **kwargs)

File "/home/docker/crypt/server/views.py" in new_computer
  225.     return redner(request, 'server/new_computer_form.html', c)

Exception Type: NameError at /new/computer/
Exception Value: global name 'redner' is not defined```

Hello,

where is the audit log in the docker? Is it possible to export audit logs to the 3rd party log mgmt. system, like SIEM? thanks.

Looks like it's set to base the order off of the first number in the day value not the whole number. so it thinks 9 > 14.

I think the most frequent case of visiting the site is to verify or retrieve the most recently escrowed secret so that should bubble to the top. I'd assume this could be sorted by changing the current Meta.ordering value to -last_checkin(which would require a DB migrate), and I'd assume you want a fallback of computername (to catch when computers are created without dates, since there's no auto-generation of timestamp on manual create - really, it sounds like the trigger would more accurately be on creation/modification of associated secrets... but I'm getting into the weeds a bit). Since we're dealing with relatively small DB sizes the cost may not be too heavy to sort by multiple schema, if this is really the best way to get this to display properly in the index.html template.

In my testing I tried a couple methods but couldn't get it to behave(at least with sqlite), so leaving this here for now.

Currently no encryption is performed on the entries in the DB to protect the contents from potential local/backup archive access. I'm looking at storing other secrets, and If postgresql is the current favorite database backend to integrate, I'm looking for at least setup instructions to encrypt it. We probably can leave out sqlite, but perhaps MySQL could get docs as well.

The request history table isn't being populated now.

While checking on the crypt-server build status on Docker Hub I noticed the most recent build was broken. Running it again gives the following error:

Double requirement given: django-bootstrap3==5.4.0 (from -r /home/docker/crypt/setup/requirements.txt (line 11)) (already in django-bootstrap3==5.4.0 (from -r /home/docker/crypt/setup/requirements.txt (line 3)), name='django-bootstrap3')

It appears that django-bootstrap3 is included twice - once on line 3 and once on line 11 - that's probably a typo I'm guessing which appears to have been part of 025b639. Wanted to bring it to your attention, can send PR if you prefer.

/cc @arubdesu

I am using the docker image macadmins/crypt-server. I am using Centos 7 and ubuntu as my docker host. I have tired this in multiple VMs and a local machine. When I visit localhost:8000 I get 502 Bad Gateway error. Is there anything I need to do to fix this? I am following the docker setup information.

AD user logins to start, further would be nice to specify groups allowed to approve access requests

This project has both a wiki and a docs directory, and they have stopped being consistent. It looks like the docs folder is the preferred place for docs, but having the wiki as well is confusing for new users. Can one of them be depreciated and pointed at the other one?

Crypt server doesn't get many updates since it's kind of feature complete. However someone (maybe me...maybe someone else) should consider adding a version.plist like we have in sal.

Bonus points for going all the way

• Add a version.plist file in the server subdirectory(?)

• Add the version number to the crypt dashboard in the footer IE - Crypt version X.X.X.XXXX

• Include a git pre-commit to bump the version if on the master branch

  ~/s/a/puppet_control ❯ cat ~/src/Mine/sal/.git/hooks/pre-commit                                                                                                   
  #!/bin/bash
  ~/src/Mine/sal/set_build_no.sh
  git add sal/version.plist

  https://github.com/salopensource/sal/blob/master/set_build_no.sh

When I access the /checkin endpoint, the server will give me a 500 error code:

HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=utf-8
Date: Wed, 24 Jun 2020 14:53:27 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Length: 0
Connection: Close

I don't know why this happens but other endpoints still working very well, no bugs!
Also, I found an unverified XSS since I can't test it with my server when my server has been taken down for some fixes!
The following snippet is taken from /server/views.py:

        serial_link = '<a href="%s">%s</a>' % (
            reverse("server:computer_info", args=[machine["id"]]),
            machine["serial"],
        )

        computername_link = '<a href="%s">%s</a>' % (
            reverse("server:computer_info", args=[machine["id"]]),
            machine["computername"],
        )

        info_button = '<a class="btn btn-info btn-xs" href="%s">Info</a>' % (
            reverse("server:computer_info", args=[machine["id"]])
        )

        list_data = [
            serial_link,
            computername_link,
            machine["username"],
            formatted_date,
            info_button,
        ]
        return_data["data"].append(list_data)

    return JsonResponse(return_data)

The following lines show that XSS is possible if the user sets his computername to <script>alert(1)</script>:

        computername_link = '<a href="%s">%s</a>' % (
            reverse("server:computer_info", args=[machine["id"]]),
            machine["computername"],

The output will become like this:

<a href="..."><script>alert(1)</script></a>

(Sorry if bad English)

there is no authentication on interface /checkin, which means anyone could submit any record to database, which might causes dirty key records issue

I've forked the client app and modified it so that if you want to keep the key locally on the machine as (root read only) you can. After doing so i've noticed every time "checkin" runs it adds the same key to the server. I would like to add a check on the server side so that when a checkin happens, if the information is the same as the information that is already present it doesn't add anything. I want to have a go at this but i'm completely new to Django. Could you point me in the right direction.. basically which file?

cc @keeleysam

When clicking 'approve requests' from toolbar, type of secret isn't in table view, also noticing type/reason for request isn't populated on admin approval view.