Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 07:10:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,032 Commits 9 Branches 53 Tags
618723c457c814b2a8c3b97bc4f38a79264d4fb6
Commit Graph

268 Commits

Author SHA1 Message Date
Nicola Murino
618723c457 httpd: always use an opaque signing key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-12 19:27:34 +01:00
Nicola Murino
4cb6acefb2 oidc/oauth2: use an opaque state 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-11 19:43:57 +01:00
Nicola Murino
b524da11e9 EventManager: disable commands by default 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 12:08:17 +01:00
Nicola Murino
3dd412f6e3 WebAdmin and REST API: remove too granular permissions 
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 10:46:28 +01:00
Nicola Murino
ef98ee7d11 don't allow admins to change their own permissions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 20:24:35 +01:00
Nicola Murino
7aac64531f WebAdmin: check CSRF header when deleting blocked hosts 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 18:44:31 +01:00
Nicola Murino
88b1850b58 EventManager: allow to define the allowed system commands 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-01 11:37:33 +01:00
Nicola Murino
ae1487d733 fix connection limits 
an SFTP client can start multiple transfers on a single connection

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-26 21:18:19 +02:00
Nicola Murino
8d697bcc94 WebClient: enforce 2fa and password requirements also with OIDC 
password and 2fa can be used with other protocols

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-21 20:40:44 +02:00
Nicola Murino
d8691d1e1a update translations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-13 17:00:17 +02:00
Nicola Murino
5cb1b9c1e9 Web: add CheckRedirect to pages using baselogin.html 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-12 12:54:21 +02:00
Nicola Murino
eba4c93efd user: add additional emails 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-11 19:20:51 +02:00
Nicola Murino
4103344989 EventManager: add datetime placeholder 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-08 18:39:00 +02:00
Nicola Murino
424999dacd kms: add support for Oracle Key Vault 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-02 18:14:05 +02:00
Nicola Murino
27e98b85ce WebAdmin: hide certs if they cannot be used 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 15:53:12 +02:00
Nicola Murino
126cb1ee0d remove some useless hooks 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 15:52:51 +02:00
Nicola Murino
eeef23139d EventManager: filter action execution based on event status 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-23 19:55:03 +02:00
Nicola Murino
433d45ed87 WebUI: add a token validation mode that allows checking the signature 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-21 14:06:25 +02:00
Nicola Murino
5162c5de87 WebUIs: add a nil check for token in refresh cookie method 
token should never be null here because we have an authenticated user
however add the same check as elsewhere

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-16 20:11:02 +02:00
Nicola Murino
6896d2bfb1 httpd: validate reference also for CSRF token in headers 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-14 21:45:25 +02:00
Nicola Murino
14cabda5c2 update shortuid to v4 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-08 18:01:14 +02:00
Nicola Murino
b9b370fbb8 add some pre-validation hooks 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-17 09:11:42 +02:00
Nicola Murino
2fbf608895 S3: add SSE customer key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-15 10:09:06 +02:00
Nicola Murino
fa710b36c2 httpd: allow to configure cache control header 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-12 21:19:44 +02:00
Nicola Murino
68e62d3d9b httpd: allow to use proxy protocol 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-10 21:02:38 +02:00
Nicola Murino
954c36c0a2 add fs providers hook 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-10 15:57:05 +02:00
Nicola Murino
81433e00d1 event action: add update modtime to fs rename 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-09 20:18:33 +02:00
Nicola Murino
d94f80c8da replace utils.Contains with slices.Contains 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-24 18:27:13 +02:00
Nicola Murino
b5c821795a allow to customize name and log from the WebUI 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-24 09:14:27 +02:00
Nicola Murino
b2926377b7 WebUI: switch favicon from ico to png 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-20 16:11:21 +02:00
Nicola Murino
fef388d8cb don't track quota for private virtual folders 
they are included within the user quota.
This is a backward incompatible change.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-13 21:02:40 +02:00
Nicola Murino
92849ca473 quota: move user and folder management to a common method 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-13 19:30:40 +02:00
Nicola Murino
58de410850 nt: fix unused write warnings 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-03 20:42:51 +02:00
Nicola Murino
54bc3ea87d restore: fix quota scan for users with folders associated via groups 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-03 20:35:12 +02:00
Nicola Murino
64a2f7aa4f oidc refresh token: validate nonce only if set 
As clarified in OpenID core spec errata 2, section 12.2

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-01 19:06:11 +02:00
Nicola Murino
363770ab84 WebClient shares: add a logout button 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-18 19:10:32 +02:00
Nicola Murino
d650defa08 remove duplicated jwt tokens validation 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-15 16:19:37 +02:00
Nicola Murino
bd5b32101f csrf: reuse the cookie in reset password 
no need to generate a new cookie each time.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-15 15:18:17 +02:00
Nicola Murino
01b666a78f WebUIs: check login conditions before allowing password reset 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-14 19:34:42 +02:00
Nicola Murino
8294952474 WebUIs: refactor CSRF 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-14 18:09:32 +02:00
Nicola Murino
7fb5b1b996 reduce share token duration 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-08 12:13:38 +02:00
Nicola Murino
08526da153 REST API: fix token invalidation after password change 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-07 18:19:05 +02:00
Nicola Murino
6c94173ca1 WebUI branding: remove unused login_image_path from config 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-27 18:43:44 +02:00
Nicola Murino
50a3c0d911 defender: allow to impose a delay between login attempts 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-18 10:35:54 +02:00
Nicola Murino
eb0c6549c4 micro optimization 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-12 18:10:03 +02:00
Nicola Murino
5d24d665bd add an util method to convert []byte to string 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-08 19:01:58 +02:00
Nicola Murino
ea898ed104 silence lint warning 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-04 09:52:27 +02:00
Nicola Murino
a1af33c6aa WebClient: allow to set TLS certificates 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-03 18:30:03 +02:00
Nicola Murino
d3f42e39db move server version setting to common section 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-01 19:42:09 +02:00
Nicola Murino
0a8a0ee771 revert #450 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-04-27 10:50:25 +02:00