Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,260 Commits 9 Branches 53 Tags
4e9132612482624d166caad608b29f06655143b5
Commit Graph

30 Commits

Author SHA1 Message Date
Nicola Murino
a768dac29d jwt: increase leeway and add some tests 
also export a constant for the Cookie name

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-11 14:14:21 +02:00
Nicola Murino
0ae2354fed JWT: replace jwtauth/jwx with lightweight wrapper around go-jose 
We replaced the jwtauth and jwx libraries with a minimal custom wrapper
around go-jose because we don’t need the full feature set provided by jwx.
Implementing our own wrapper simplifies the codebase and improves
maintainability.

Moreover, go-jose depends only on the standard library, resulting in a
leaner dependency that still meets all our requirements.

This change also reduces the SFTPGo binary size by approximately 1MB

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-10-08 18:10:39 +02:00
Nicola Murino
aea036715c OIDC: ensure token username adheres to naming conventions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-04-08 18:25:16 +02:00
Nicola Murino
d95d773570 oidc: allow login if the password method is disabled 
isLoggedInWithOIDC returns false before login so we need to add
a specific check

Fixes #1879

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2025-03-29 20:28:49 +01:00
Nicola Murino
e21c989038 logs: add a specific log structure for successful logins 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-12-07 10:29:33 +01:00
Nicola Murino
f30a9a2095 OIDC cookie: use a cryptographically secure random string 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-21 07:52:36 +01:00
Nicola Murino
4cb6acefb2 oidc/oauth2: use an opaque state 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-11 19:43:57 +01:00
Nicola Murino
8d697bcc94 WebClient: enforce 2fa and password requirements also with OIDC 
password and 2fa can be used with other protocols

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-21 20:40:44 +02:00
Nicola Murino
4103344989 EventManager: add datetime placeholder 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-08 18:39:00 +02:00
Nicola Murino
d94f80c8da replace utils.Contains with slices.Contains 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-24 18:27:13 +02:00
Nicola Murino
64a2f7aa4f oidc refresh token: validate nonce only if set 
As clarified in OpenID core spec errata 2, section 12.2

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-01 19:06:11 +02:00
Nicola Murino
8294952474 WebUIs: refactor CSRF 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-14 18:09:32 +02:00
Nicola Murino
50a3c0d911 defender: allow to impose a delay between login attempts 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-18 10:35:54 +02:00
Nicola Murino
784b7585c1 remove end year from Copyright notice in files 
so we don't have to update all the files every year

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-01-01 11:31:45 +01:00
Nicola Murino
61fe7c39a7 WebClient: allow to pass args for localized errors from the backend 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-12-12 18:04:14 +01:00
Nicola Murino
c71f0426ae WebClient WIP: add support for localizations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-12-10 16:40:13 +01:00
Nicola Murino
6175acb572 add support for reading more secrets from files 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-24 20:43:50 +01:00
Nicola Murino
52ec36dbd6 update pwd reset template. Update deps and use new features from the OIDC library 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-05-17 18:10:57 +02:00
Nicola Murino
354fc9b3d6 OIDC: allow to extract custom fields from sub-structs 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-03-23 18:15:07 +01:00
Nicola Murino
e29f6857db EventManager: add IDP login trigger and check account action 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-03-22 19:02:54 +01:00
Nicola Murino
fad6af11e5 don't expose error messages from pre-actions and post connect hooks 
always return a generic error instead to avoid leaking internal info

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-02-28 18:01:09 +01:00
Nicola Murino
dba088daed printf: replace %#v with the more explicit %q 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-02-27 19:19:57 +01:00
Nicola Murino
0190d0b849 update Copyright year 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-01-03 10:18:30 +01:00
Nicola Murino
1f9cf194fe add role to events 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-12-03 11:45:27 +01:00
Nicola Murino
5a222807b7 add roles 
Fixes #837

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-11-16 19:04:50 +01:00
Nicola Murino
54f1946aba OIDC: allow to skip JWT signature validation 
It's intended for special cases where providers,such as Azure,
use the "none" algorithm

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-10-19 18:38:09 +02:00
Nicola Murino
6c7b3ac5bb oidc: update user after token refresh 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-09-22 08:30:22 +02:00
Nicola Murino
bd294bb3cf WebAdmin: allow to simplify the user page 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-09-21 19:36:08 +02:00
Nicola Murino
a61211d32c OIDC: allow to get the role field from a sub-struct 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-08-10 21:42:58 +02:00
Nicola Murino
c8158e14e0 move SFTPGo package to the internal folder 
SFTPGo is a daemon and command line tool, not a library.

The public API are provided by the SDK

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-07-24 16:18:54 +02:00