so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
this is the minimal implementation to allow mget and similar commands with
wildcards.
We only support wildcard for the last path level, for example:
- mget *.xml is supported
- mget dir/*.xml is supported
- mget */*.xml is not supported
Removed . and .. from FTP directory listing
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Google Cloud Storage credentials are now always stored within the data
provider.
Added a migration to read credentials from disk and store them inside the
data provider.
After v2.3 we can also remove credentials_path
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
... and deprecate this setting.
In the future we'll remove prefer_database_credentials and
credentials_path and we will not allow the credentials to be saved on
the filesystem
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
The check could be expensive with some backends and is generally
only required the first time that a user logs in
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.
Limits can be reset using the REST API
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Disallowed files/dirs can be completly hidden. This may cause performance
issues for large directories
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
so enabling debug level is not required, for example only to understand
that a user exceeded the allowed sessions.
Also set the cache update frequency as documented
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.
There are some backward incompatible changes for command hooks
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
you need to load initial data or set "create_default_admin" to true
and the appropriate env vars if you don't want to use the web admin
setup screen to create the default admin
We now return 552 code for quota exceeded errors and 553 in the following
cases:
- filename denied by a filter
- no upload permission
- no overwrite permission
- pre upload hook error
Fixes#442
