sftpgo

mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00

Author	SHA1	Message	Date
Nicola Murino	a5dd529d88	node token: embed permissions directly in JWT Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-22 15:57:41 +02:00
Nicola Murino	a2d3613250	dataprovider: preserve initial sort order for related resources Folders and groups now retain their initial order, improving compatibility and predictability when used with Terraform Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-19 16:11:53 +02:00
Nicola Murino	75ad6346c3	removed some unused constants Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-02 19:00:15 +02:00
Nicola Murino	ddbe40cefa	HTTPD, WebDAV: use http.ResponseController backport from Enterprise edition Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-08-02 18:00:45 +02:00
Nicola Murino	0bac81816c	WebClient: add an id field to files list to simplify UI logic Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-22 18:59:20 +02:00
Nicola Murino	c2835bc19d	Enable setting password change requirements in user templates Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-17 19:35:17 +02:00
Nicola Murino	7317674b41	Remove legacy data retention API Data retention is now managed via the EventManager, introduced in v2.4.0. This allows scheduling retention checks and sending email or HTTP notifications, making the old API redundant. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-07-12 22:20:54 +02:00
Nicola Murino	b6873768b2	replace strings.Split with SplitSeq Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-05-31 19:03:41 +02:00
Nicola Murino	3f7533b86a	update deps ... ... and adapt the code to the new constants I added to golang.org/x/crypto/ssh Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-05-19 19:42:36 +02:00
Nicola Murino	9e2230cc33	Support leading and trailing spaces in user passwords This improves compatibility with external authentication providers that allow such characters in passwords. Passwords created via the WebAdmin UI are still sanitized to prevent user confusion. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-04-26 14:31:13 +02:00
Nicola Murino	11d8fffd1b	remove obsoletes build constraints Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-04-20 17:15:40 +02:00
Nicola Murino	0da8adb7ac	EventManager: breaking change for placeholder names Placeholder names must now be in the format: {{.VirtualPath}} instead of: {{.VirtualPath}} Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-04-14 09:11:44 +02:00
Nicola Murino	aea036715c	OIDC: ensure token username adheres to naming conventions Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-04-08 18:25:16 +02:00
Nicola Murino	f41f00fec2	httpd: allow to configure referrer policy header Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-04-07 18:48:48 +02:00
Nicola Murino	d95d773570	oidc: allow login if the password method is disabled isLoggedInWithOIDC returns false before login so we need to add a specific check Fixes #1879 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-03-29 20:28:49 +01:00
Nicola Murino	2255c5f000	upgrade golangci-lint to v2 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-03-29 11:36:19 +01:00
Nicola Murino	e590deebe0	db shared sessions: set key and type as primary key Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-03-23 11:34:10 +01:00
Nicola Murino	f096675a2b	fix log formatting Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-03-12 11:19:38 +01:00
Nicola Murino	002e819e54	defender: don't penalize redirects to the login page This is normal behavior Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-02-23 16:56:47 +01:00
Nicola Murino	38a6b5632a	share login page: add CheckRedirect field Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-02-22 22:28:53 +01:00
Nicola Murino	5a01ce66f1	WebUIs: fix translations for some page titles Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-02-18 18:25:52 +01:00
Nicola Murino	69ef36b4d9	httpd: add a setting to disable login methods, deprecate the previous one the previous enabled login methods setting is hard to extend in a backward compatible way Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-25 22:00:55 +01:00
Nicola Murino	70f8b4d495	WebAdmin: allow to create admins with an unusable password Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-25 18:53:54 +01:00
Nicola Murino	48258f6e67	httpd: add cross origin resource and embedder policy headers Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-24 19:34:57 +01:00
Nicola Murino	61aef41bee	WebClient: make the keep alive interval configurable Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-22 19:41:31 +01:00
Nicola Murino	04fa242f57	azblobfs: add support for Azure Identity Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-13 20:58:17 +01:00
Nicola Murino	da68cf3e9d	events search: remove trailing and leading space from received parameters Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-11 11:42:57 +01:00
Nicola Murino	5febcdca43	httpd: log csrf token duration Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-11 11:29:35 +01:00
Nicola Murino	1f4cb7077a	bad host handler: return a generic error message Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-06 10:08:25 +01:00
Nicola Murino	ff13be4616	zip creation: avoid stat if not strictly required Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2025-01-03 11:43:09 +01:00
Nicola Murino	deea9ff038	do not return if client IP is not allowed in login API response Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-28 18:47:04 +01:00
Nicola Murino	843b8c38d3	SSH: add a test case for DSA keys Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-19 19:55:25 +01:00
Nicola Murino	70fc00d7eb	Allow to choose enabled languages Fixes #1835 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-19 19:50:19 +01:00
Nicola Murino	b0061f570e	WebClient: refactor preserving share password Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-18 19:54:39 +01:00
Nicola Murino	ec90b61bb4	allow to configure JWT tokens and cookies duration Fixes #1839 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-18 18:33:37 +01:00
Nicola Murino	e21c989038	logs: add a specific log structure for successful logins Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-12-07 10:29:33 +01:00
Nicola Murino	d3e76898cd	WebAdmin: refactor template permissions Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-26 20:39:36 +01:00
Nicola Murino	ebc085da77	EventManager: always close the connection filesystem closing the user filesystem is not enough here Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-21 07:52:49 +01:00
Nicola Murino	4a414f0fa4	test cases: fix some random failures Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-21 07:52:45 +01:00
Nicola Murino	f30a9a2095	OIDC cookie: use a cryptographically secure random string Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-21 07:52:36 +01:00
Nicola Murino	618723c457	httpd: always use an opaque signing key Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-12 19:27:34 +01:00
Nicola Murino	4cb6acefb2	oidc/oauth2: use an opaque state Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-11 19:43:57 +01:00
Nicola Murino	b524da11e9	EventManager: disable commands by default Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-10 12:08:17 +01:00
Nicola Murino	3dd412f6e3	WebAdmin and REST API: remove too granular permissions Our permissions system for admin users is too granular and some permissions overlap. For example, you can define an administrator with the "manage_system" permission and not with the "manage_admins" or "manage_user" permission, but the "manage_system" permission allows you to restore a backup and then create users and administrators. The following permissions will be removed: "manage_admins", "manage_apikeys", "manage_system", "retention_checks", "manage_event_rules", "manage_roles", "manage_ip_lists". Now you need to add the "*" permission to replace the removed granular permissions because the removed permissions allow actions that should only be allowed to super administrators. There is no point in having separate, overlapping permissions. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-10 10:46:28 +01:00
Nicola Murino	ef98ee7d11	don't allow admins to change their own permissions Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-09 20:24:35 +01:00
Nicola Murino	7aac64531f	WebAdmin: check CSRF header when deleting blocked hosts Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-09 18:44:31 +01:00
Nicola Murino	88b1850b58	EventManager: allow to define the allowed system commands Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-01 11:37:33 +01:00
Nicola Murino	ae1487d733	fix connection limits an SFTP client can start multiple transfers on a single connection Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-26 21:18:19 +02:00
Nicola Murino	8d697bcc94	WebClient: enforce 2fa and password requirements also with OIDC password and 2fa can be used with other protocols Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-21 20:40:44 +02:00
Nicola Murino	d8691d1e1a	update translations Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-13 17:00:17 +02:00

1 2 3 4 5 ...

308 Commits