Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

httpd: add a setting to customize tokens validation

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2022-05-28 13:28:50 +02:00
parent 91dfa501f8
commit 32da923dfe
13 changed files with 62 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
httpd/auth_utils.go
View File

@@ -27,6 +27,13 @@ const (
tokenAudienceCSRF tokenAudience = "CSRF"
)
type tokenValidation = int
const (
tokenValidationFull = iota
tokenValidationNoIPMatch tokenValidation = iota
)
const (
claimUsernameKey = "username"
claimPermissionsKey = "permissions"
@@ -43,6 +50,7 @@ var (
// with the login form
csrfTokenDuration = 6 * time.Hour
tokenRefreshThreshold = 10 * time.Minute
tokenValidationMode = tokenValidationFull
)
type jwtTokenClaims struct {
@@ -329,9 +337,11 @@ func verifyCSRFToken(tokenString, ip string) error {
return errors.New("the form token is not valid")
}
if !util.Contains(token.Audience(), ip) {
logger.Debug(logSender, "", "error validating CSRF token IP audience")
return errors.New("the form token is not valid")
if tokenValidationMode != tokenValidationNoIPMatch {
if !util.Contains(token.Audience(), ip) {
logger.Debug(logSender, "", "error validating CSRF token IP audience")
return errors.New("the form token is not valid")
}
}
return nil