Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,259 Commits 9 Branches 53 Tags
317f14f86992ae6b096c9e25b5efffc35e877f9f
Commit Graph

25 Commits

Author SHA1 Message Date
Nicola Murino
a768dac29d jwt: increase leeway and add some tests 
also export a constant for the Cookie name

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-11 14:14:21 +02:00
Nicola Murino
0ae2354fed JWT: replace jwtauth/jwx with lightweight wrapper around go-jose 
We replaced the jwtauth and jwx libraries with a minimal custom wrapper
around go-jose because we don’t need the full feature set provided by jwx.
Implementing our own wrapper simplifies the codebase and improves
maintainability.

Moreover, go-jose depends only on the standard library, resulting in a
leaner dependency that still meets all our requirements.

This change also reduces the SFTPGo binary size by approximately 1MB

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 18:10:39 +02:00
Nicola Murino
0da8adb7ac EventManager: breaking change for placeholder names 
Placeholder names must now be in the format:

{{.VirtualPath}}

instead of:

{{.VirtualPath}}

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-14 09:11:44 +02:00
Nicola Murino
d95d773570 oidc: allow login if the password method is disabled 
isLoggedInWithOIDC returns false before login so we need to add
a specific check

Fixes #1879

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-29 20:28:49 +01:00
Nicola Murino
69ef36b4d9 httpd: add a setting to disable login methods, deprecate the previous one 
the previous enabled login methods setting is hard to extend in
a backward compatible way

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-01-25 22:00:55 +01:00
Nicola Murino
f30a9a2095 OIDC cookie: use a cryptographically secure random string 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-21 07:52:36 +01:00
Nicola Murino
433d45ed87 WebUI: add a token validation mode that allows checking the signature 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-21 14:06:25 +02:00
Nicola Murino
64a2f7aa4f oidc refresh token: validate nonce only if set 
As clarified in OpenID core spec errata 2, section 12.2

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-01 19:06:11 +02:00
Nicola Murino
8294952474 WebUIs: refactor CSRF 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-14 18:09:32 +02:00
Nicola Murino
784b7585c1 remove end year from Copyright notice in files 
so we don't have to update all the files every year

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-01-01 11:31:45 +01:00
Nicola Murino
c71f0426ae WebClient WIP: add support for localizations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-12-10 16:40:13 +01:00
Nicola Murino
6175acb572 add support for reading more secrets from files 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-24 20:43:50 +01:00
Nicola Murino
ba9df51b2e fix or suppress lint warnings detected by golangci-lint 1.55.0 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-10-20 20:31:17 +02:00
Nicola Murino
52ec36dbd6 update pwd reset template. Update deps and use new features from the OIDC library 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-05-17 18:10:57 +02:00
Nicola Murino
354fc9b3d6 OIDC: allow to extract custom fields from sub-structs 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-03-23 18:15:07 +01:00
Nicola Murino
e29f6857db EventManager: add IDP login trigger and check account action 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-03-22 19:02:54 +01:00
Nicola Murino
fad6af11e5 don't expose error messages from pre-actions and post connect hooks 
always return a generic error instead to avoid leaking internal info

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-02-28 18:01:09 +01:00
Nicola Murino
c0fe08b597 defender: allow to set a different score for "no auth tried" events 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-01-25 18:49:03 +01:00
Nicola Murino
0190d0b849 update Copyright year 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-01-03 10:18:30 +01:00
Nicola Murino
1f9cf194fe add role to events 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-12-03 11:45:27 +01:00
Nicola Murino
5a222807b7 add roles 
Fixes #837

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-11-16 19:04:50 +01:00
Nicola Murino
6c7b3ac5bb oidc: update user after token refresh 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-09-22 08:30:22 +02:00
Nicola Murino
a61211d32c OIDC: allow to get the role field from a sub-struct 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-08-10 21:42:58 +02:00
Nicola Murino
2a827544ef allow to edit profile to users logged in via OIDC 
Fixes #942

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-08-01 19:41:18 +02:00
Nicola Murino
c8158e14e0 move SFTPGo package to the internal folder 
SFTPGo is a daemon and command line tool, not a library.

The public API are provided by the SDK

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-07-24 16:18:54 +02:00