Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

user: add TLS certificates

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2024-01-14 21:36:23 +01:00
parent 0722c4369b
commit d939a82225
20 changed files with 203 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
internal/ftpd/ftpd_test.go
View File

@@ -3519,6 +3519,25 @@ func TestClientCertificateAuth(t *testing.T) {
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "does not match username")
}
// add the certs to the user
user2.Filters.TLSUsername = sdk.TLSUsernameNone
user2.Filters.TLSCerts = []string{client2Crt, client1Crt}
user2, _, err = httpdtest.UpdateUser(user2, http.StatusOK, "")
assert.NoError(t, err)
client, err = getFTPClient(user2, true, tlsConfig)
if assert.NoError(t, err) {
err = checkBasicFTP(client)
assert.NoError(t, err)
err = client.Quit()
assert.NoError(t, err)
}
user2.Filters.TLSCerts = []string{client2Crt}
user2, _, err = httpdtest.UpdateUser(user2, http.StatusOK, "")
assert.NoError(t, err)
_, err = getFTPClient(user2, true, tlsConfig)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "TLS certificate is not valid")
}
// now disable certificate authentication
user.Filters.DeniedLoginMethods = append(user.Filters.DeniedLoginMethods, dataprovider.LoginMethodTLSCertificate,