{"id":21548561,"url":"https://github.com/technion/p3","last_synced_at":"2025-03-18T02:15:48.798Z","repository":{"id":145344151,"uuid":"139567871","full_name":"technion/p3","owner":"technion","description":"Active Directory Password reset web interface","archived":false,"fork":false,"pushed_at":"2018-08-29T12:18:27.000Z","size":1904,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-24T09:29:17.341Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Erlang","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/technion.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-03T10:35:52.000Z","updated_at":"2022-09-12T07:44:53.000Z","dependencies_parsed_at":"2023-07-03T09:17:37.946Z","dependency_job_id":null,"html_url":"https://github.com/technion/p3","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fp3","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fp3/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fp3/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technion%2Fp3/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/technion","download_url":"https://codeload.github.com/technion/p3/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244141482,"owners_count":20404837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T06:19:01.090Z","updated_at":"2025-03-18T02:15:48.792Z","avatar_url":"https://github.com/technion.png","language":"Erlang","funding_links":[],"categories":[],"sub_categories":[],"readme":"p3\n=====\n\nWeb interface for remote reset of Active Directory passwords.\n\nWritten to address the mess of Microsoft licensing associated with remote users and password write-back, specifically Microsoft's P1 and P2 license.\n\nSecurity Features\n--------------\n- [x] Single endpoint design with absolutely minimal attack surface\n- [x] Custom nginx config with strict input rules per above\n- [x] No stored Active Directory credentials, authorises against current user password only\n- [x] Rate limiting on per username basis\n- [x] Rate limiting on per IP basis\n- [x] Critical AD accounts blacklisted from access\n- [x] Ban bots (Google Recaptcha)\n- [x] Whitelist validation of input fields\n- [x] IP reputational lookup, banning proxy and Tor endpoints\n- [x] Static code analysis (utilising PEST)\n- [x] Encryption forced in AD communication\n- [x] Passwords checked with Pwned Passwords API for compromised\n- [ ] API success and fail logged in\n\nNginx Sample\n------------\nExample configuration implements the following:\n- [x] Only single endpoint forwarded to backend\n- [x] Limits access to POST\n- [x] Limits access to correct content type\n- [x] Rate limits by IP address\n- [x] Customises errors for friendly parsing by frontend (no HTML)\n- [x] Standard security headers\n\nThird Party\n-----------\n\nThe following API keys are required to utilise this tool:\n- [Google Recaptcha](https://developers.google.com/recaptcha/intro)\n- [IPHub](https://iphub.info/)\n\nConfiguration\n-------------\nThe file private.config should follow this format:\n```\n[\n  {p3, [\n      {captcha_key, \u003c\u003c\"captcha\"\u003e\u003e},\n      {domain_list, [ \"domain1.lolware.net\", \"domain2.lolware.net\" ]},\n      {server_list, [\"127.0.0.1\"] },\n      {iphub_key, \u003c\u003c\"key\"\u003e\u003e }\n  ]}\n].\n\n```\n\nFrontend\n--------\nFrontend is a React based UI.\nThe use of Google recaptcha was regrettably required, but no other Javascript or third party resources are utilised. The landing page is entirely self hosted.\n\nBuild dev\n\n    npm run build\n\nBuild prod\n\n    npm run prod\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechnion%2Fp3","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechnion%2Fp3","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechnion%2Fp3/lists"}