diff --git a/go.mod b/go.mod index 6212bd7f..6943fccd 100644 --- a/go.mod +++ b/go.mod @@ -106,7 +106,7 @@ require ( github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-test/deep v1.0.8 // indirect - github.com/goccy/go-json v0.9.11 // indirect + github.com/goccy/go-json v0.10.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/go-cmp v0.5.9 // indirect diff --git a/go.sum b/go.sum index 6ecdc04e..af5a3778 100644 --- a/go.sum +++ b/go.sum @@ -711,8 +711,9 @@ github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY9 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= -github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk= github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA= +github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= diff --git a/internal/dataprovider/user.go b/internal/dataprovider/user.go index 118337d5..8f5edded 100644 --- a/internal/dataprovider/user.go +++ b/internal/dataprovider/user.go @@ -949,6 +949,9 @@ func (u *User) IsPartialAuth(loginMethod string) bool { method == SSHLoginMethodPassword { continue } + if method == LoginMethodPassword && util.Contains(u.Filters.DeniedLoginMethods, SSHLoginMethodPassword) { + continue + } if !util.Contains(SSHMultiStepsLoginMethods, method) { return false } diff --git a/internal/sftpd/sftpd_test.go b/internal/sftpd/sftpd_test.go index ca5aff29..98fe4f96 100644 --- a/internal/sftpd/sftpd_test.go +++ b/internal/sftpd/sftpd_test.go @@ -8296,6 +8296,12 @@ func TestUserPartialAuth(t *testing.T) { dataprovider.SSHLoginMethodPublicKey, } assert.False(t, user.IsPartialAuth(dataprovider.SSHLoginMethodPublicKey)) + user.Filters.DeniedLoginMethods = []string{ + dataprovider.SSHLoginMethodPassword, + dataprovider.SSHLoginMethodPublicKey, + dataprovider.SSHLoginMethodKeyboardInteractive, + } + assert.True(t, user.IsPartialAuth(dataprovider.SSHLoginMethodPublicKey)) } func TestUserGetNextAuthMethods(t *testing.T) { diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index 22dc2db5..bfe01f8e 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -6631,7 +6631,7 @@ components: type: array items: type: string - description: 'Features for the current build. Available features are `portable`, `bolt`, `mysql`, `sqlite`, `pgsql`, `s3`, `gcs`, `metrics`. If a feature is available it has a `+` prefix, otherwise a `-` prefix' + description: 'Features for the current build. Available features are `portable`, `bolt`, `mysql`, `sqlite`, `pgsql`, `s3`, `gcs`, `azblob`, `metrics`. If a feature is available it has a `+` prefix, otherwise a `-` prefix' Token: type: object properties: