sftpgo

mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 23:28:39 +03:00

Author	SHA1	Message	Date
Nicola Murino	d7d08c3d2f	oidc/oauth2: use an opaque state Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-11 19:44:39 +01:00
Nicola Murino	f07c9a7e01	EventManager: disable commands by default Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-10 12:09:25 +01:00
Nicola Murino	d0f348a46a	WebAdmin and REST API: remove too granular permissions Our permissions system for admin users is too granular and some permissions overlap. For example, you can define an administrator with the "manage_system" permission and not with the "manage_admins" or "manage_user" permission, but the "manage_system" permission allows you to restore a backup and then create users and administrators. The following permissions will be removed: "manage_admins", "manage_apikeys", "manage_system", "retention_checks", "manage_event_rules", "manage_roles", "manage_ip_lists". Now you need to add the "*" permission to replace the removed granular permissions because the removed permissions allow actions that should only be allowed to super administrators. There is no point in having separate, overlapping permissions. Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-10 10:51:27 +01:00
Nicola Murino	65e8e2c1d4	don't allow admins to change their own permissions Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-09 20:33:03 +01:00
Nicola Murino	5c163ed592	EventManager: allow to define the allowed system commands Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-09 19:14:45 +01:00
Nicola Murino	feaf3ac459	WebAdmin: check CSRF header when deleting blocked hosts Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-11-09 18:50:31 +01:00
Nicola Murino	7d24a4852c	WebAdmin SMTP: ensure current config is not nil Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-15 18:23:28 +02:00
Nicola Murino	87fdc1dec1	Web: add CheckRedirect to pages using baselogin.html Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-12 12:54:32 +02:00
Nicola Murino	472bfac5fe	EventManager: add datetime placeholder Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-08 19:15:07 +02:00
Nicola Murino	8325fbc7dd	kms: add support for Oracle Key Vault Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-10-03 06:59:54 +02:00
Nicola Murino	c74f391caf	EventManager: filter action execution based on event status Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-09-27 20:49:04 +02:00
Nicola Murino	6f8bc59756	httpd: allow to configure cache control header Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-08-12 21:52:59 +02:00
Nicola Murino	052ee04baa	lint: fix unused write warnings Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-07-22 19:26:40 +02:00
Nicola Murino	55169eb2d4	oidc refresh token: validate nonce only if set As clarified in OpenID core spec errata 2, section 12.2 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-07-01 19:06:44 +02:00
Nicola Murino	3462bba3f4	backport from main branch Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-06-15 12:05:28 +02:00
Nicola Murino	7756cf9b1e	reduce share token duration Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-06-08 13:13:17 +02:00
Nicola Murino	1f8ac8bfe1	REST API: fix token invalidation after password change Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-06-07 18:21:19 +02:00
Nicola Murino	98bdfad04d	WebUI branding: remove unused login_image_path from config Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-05-27 19:49:23 +02:00
Nicola Murino	e7f315659f	defender: allow to impose a delay between login attempts Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-05-24 18:57:54 +02:00
Nicola Murino	eb0c6549c4	micro optimization Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-05-12 18:10:03 +02:00
Nicola Murino	5d24d665bd	add an util method to convert []byte to string Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-05-08 19:01:58 +02:00
Nicola Murino	ea898ed104	silence lint warning Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-05-04 09:52:27 +02:00
Nicola Murino	a1af33c6aa	WebClient: allow to set TLS certificates Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-05-03 18:30:03 +02:00
Nicola Murino	d3f42e39db	move server version setting to common section Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-05-01 19:42:09 +02:00
Nicola Murino	0a8a0ee771	revert #450 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-04-27 10:50:25 +02:00
Nicola Murino	2bcf05ca45	refactor for secrets management in API and private key handling in SFTPFs Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-04-26 16:17:24 +02:00
Nicola Murino	e1fdc10ef8	remove robots.txt endpoint This reverts #833 because the contributor did not respond to our request to sign the CLA Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-04-26 11:00:55 +02:00
Nicola Murino	456517af87	notifier plugin: add support for login succeeded events Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-04-10 18:39:08 +02:00
Nicola Murino	1196727448	dataretention: remove ignore_user_permissions Required permissions are now automatically granted as for any other filesystem action Fixes #1564 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-04-01 15:07:03 +02:00
Nicola Murino	aaae191710	WebAPI: ensure to check rootfs before creating directories Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-04-01 12:40:35 +02:00
Nicola Murino	db577b154e	webclient: add more test cases for shares Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-04-01 11:42:22 +02:00
Nicola Murino	fc023748c1	WebClient: improve file uploads Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-03-31 20:42:28 +02:00
Nicola Murino	cb3bc3f604	update OpenAPI definition Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-03-18 19:32:01 +01:00
Nicola Murino	cc9a0d4dc2	add time-based access restrictions Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-03-17 11:30:03 +01:00
Nicola Murino	26d3105f54	groups: add role placeholder Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-03-12 18:21:50 +01:00
Nicola Murino	f38966c6ac	WebClient: refactor long-running tasks to improve browser compatibility Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-03-11 18:19:57 +01:00
Nicola Murino	4d357a6a57	EventManager: allow to check for inactive users Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-03-04 19:48:10 +01:00
Nicola Murino	8b2188fcb6	remove some useless nil checks Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-03-02 18:49:07 +01:00
Nicola Murino	799fdd7098	allow IPs in defender safe list to exceed max per-host connections Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-27 18:22:21 +01:00
Nicola Murino	12f599fd65	WebUI: skip checks for static resource Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-25 18:19:21 +01:00
Nicola Murino	92911bda2b	require at least 2048 bits for RSA certificates/keys Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-25 11:12:57 +01:00
Nicola Murino	f7d9e56cac	ssh: remove moduli, log negotiated algorithms Fixes #1324 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-24 20:35:09 +01:00
Nicola Murino	a577d8b3cd	WebAdmin: allow to disable 2FA Before it was only possible using REST API Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-23 18:24:07 +01:00
Nicola Murino	76ffa107dd	check admins' two-factor requirements in the disable API as well Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-22 19:05:16 +01:00
Nicola Murino	9a6a65931e	two-factor auth: fixed validation of conflicting settings Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-22 18:20:51 +01:00
Nicola Murino	de089e51fd	Web: allow to require password change and two-factor for admins Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-21 20:45:10 +01:00
Nicola Murino	51ae2d7301	add copy permission Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-20 18:19:09 +01:00
Nicola Murino	e61fb42cbc	remove metadata plugin Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-17 12:30:47 +01:00
Nicola Murino	ad75543172	fix some new lint warnings Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-15 21:13:45 +01:00
Nicola Murino	1ff55bbfa7	add DirLister interface Signed-off-by: Nicola Murino <nicola.murino@gmail.com>	2024-02-15 20:53:56 +01:00

1 2 3 4 5

243 Commits