Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 22:30:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,151 Commits 9 Branches 53 Tags
06cd07d67a80fc6846cc4b87da9737f620a5d49e
Commit Graph

294 Commits

Author SHA1 Message Date
Nicola Murino
d95d773570 oidc: allow login if the password method is disabled 
isLoggedInWithOIDC returns false before login so we need to add
a specific check

Fixes #1879

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-29 20:28:49 +01:00
Nicola Murino
2255c5f000 upgrade golangci-lint to v2 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-29 11:36:19 +01:00
Nicola Murino
e590deebe0 db shared sessions: set key and type as primary key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-23 11:34:10 +01:00
Nicola Murino
f096675a2b fix log formatting 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-12 11:19:38 +01:00
Nicola Murino
002e819e54 defender: don't penalize redirects to the login page 
This is normal behavior

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-23 16:56:47 +01:00
Nicola Murino
38a6b5632a share login page: add CheckRedirect field 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-22 22:28:53 +01:00
Nicola Murino
5a01ce66f1 WebUIs: fix translations for some page titles 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-02-18 18:25:52 +01:00
Nicola Murino
69ef36b4d9 httpd: add a setting to disable login methods, deprecate the previous one 
the previous enabled login methods setting is hard to extend in
a backward compatible way

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-25 22:00:55 +01:00
Nicola Murino
70f8b4d495 WebAdmin: allow to create admins with an unusable password 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-25 18:53:54 +01:00
Nicola Murino
48258f6e67 httpd: add cross origin resource and embedder policy headers 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-24 19:34:57 +01:00
Nicola Murino
61aef41bee WebClient: make the keep alive interval configurable 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-22 19:41:31 +01:00
Nicola Murino
04fa242f57 azblobfs: add support for Azure Identity 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-13 20:58:17 +01:00
Nicola Murino
da68cf3e9d events search: remove trailing and leading space from received parameters 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-11 11:42:57 +01:00
Nicola Murino
5febcdca43 httpd: log csrf token duration 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-11 11:29:35 +01:00
Nicola Murino
1f4cb7077a bad host handler: return a generic error message 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-06 10:08:25 +01:00
Nicola Murino
ff13be4616 zip creation: avoid stat if not strictly required 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-03 11:43:09 +01:00
Nicola Murino
deea9ff038 do not return if client IP is not allowed in login API response 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-28 18:47:04 +01:00
Nicola Murino
843b8c38d3 SSH: add a test case for DSA keys 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-19 19:55:25 +01:00
Nicola Murino
70fc00d7eb Allow to choose enabled languages 
Fixes #1835

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-19 19:50:19 +01:00
Nicola Murino
b0061f570e WebClient: refactor preserving share password 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-18 19:54:39 +01:00
Nicola Murino
ec90b61bb4 allow to configure JWT tokens and cookies duration 
Fixes #1839

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-18 18:33:37 +01:00
Nicola Murino
e21c989038 logs: add a specific log structure for successful logins 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-07 10:29:33 +01:00
Nicola Murino
d3e76898cd WebAdmin: refactor template permissions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-26 20:39:36 +01:00
Nicola Murino
ebc085da77 EventManager: always close the connection filesystem 
closing the user filesystem is not enough here

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-21 07:52:49 +01:00
Nicola Murino
4a414f0fa4 test cases: fix some random failures 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-21 07:52:45 +01:00
Nicola Murino
f30a9a2095 OIDC cookie: use a cryptographically secure random string 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-21 07:52:36 +01:00
Nicola Murino
618723c457 httpd: always use an opaque signing key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-12 19:27:34 +01:00
Nicola Murino
4cb6acefb2 oidc/oauth2: use an opaque state 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-11 19:43:57 +01:00
Nicola Murino
b524da11e9 EventManager: disable commands by default 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 12:08:17 +01:00
Nicola Murino
3dd412f6e3 WebAdmin and REST API: remove too granular permissions 
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 10:46:28 +01:00
Nicola Murino
ef98ee7d11 don't allow admins to change their own permissions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 20:24:35 +01:00
Nicola Murino
7aac64531f WebAdmin: check CSRF header when deleting blocked hosts 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 18:44:31 +01:00
Nicola Murino
88b1850b58 EventManager: allow to define the allowed system commands 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-01 11:37:33 +01:00
Nicola Murino
ae1487d733 fix connection limits 
an SFTP client can start multiple transfers on a single connection

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-26 21:18:19 +02:00
Nicola Murino
8d697bcc94 WebClient: enforce 2fa and password requirements also with OIDC 
password and 2fa can be used with other protocols

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-21 20:40:44 +02:00
Nicola Murino
d8691d1e1a update translations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-13 17:00:17 +02:00
Nicola Murino
5cb1b9c1e9 Web: add CheckRedirect to pages using baselogin.html 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-12 12:54:21 +02:00
Nicola Murino
eba4c93efd user: add additional emails 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-11 19:20:51 +02:00
Nicola Murino
4103344989 EventManager: add datetime placeholder 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-08 18:39:00 +02:00
Nicola Murino
424999dacd kms: add support for Oracle Key Vault 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-02 18:14:05 +02:00
Nicola Murino
27e98b85ce WebAdmin: hide certs if they cannot be used 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 15:53:12 +02:00
Nicola Murino
126cb1ee0d remove some useless hooks 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 15:52:51 +02:00
Nicola Murino
eeef23139d EventManager: filter action execution based on event status 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-23 19:55:03 +02:00
Nicola Murino
433d45ed87 WebUI: add a token validation mode that allows checking the signature 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-21 14:06:25 +02:00
Nicola Murino
5162c5de87 WebUIs: add a nil check for token in refresh cookie method 
token should never be null here because we have an authenticated user
however add the same check as elsewhere

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-16 20:11:02 +02:00
Nicola Murino
6896d2bfb1 httpd: validate reference also for CSRF token in headers 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-14 21:45:25 +02:00
Nicola Murino
14cabda5c2 update shortuid to v4 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-08 18:01:14 +02:00
Nicola Murino
b9b370fbb8 add some pre-validation hooks 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-17 09:11:42 +02:00
Nicola Murino
2fbf608895 S3: add SSE customer key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-15 10:09:06 +02:00
Nicola Murino
fa710b36c2 httpd: allow to configure cache control header 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-12 21:19:44 +02:00