Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 15:28:05 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,960 Commits 10 Branches 53 Tags
d0f348a46a85d6280b2d3328fb056f646f650c47
Commit Graph

131 Commits

Author SHA1 Message Date
Nicola Murino
d0f348a46a WebAdmin and REST API: remove too granular permissions 
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 10:51:27 +01:00
Nicola Murino
65e8e2c1d4 don't allow admins to change their own permissions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 20:33:03 +01:00
Nicola Murino
5c163ed592 EventManager: allow to define the allowed system commands 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 19:14:45 +01:00
Nicola Murino
8325fbc7dd kms: add support for Oracle Key Vault 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-03 06:59:54 +02:00
Nicola Murino
c74f391caf EventManager: filter action execution based on event status 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 20:49:04 +02:00
Nicola Murino
6f8bc59756 httpd: allow to configure cache control header 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-12 21:52:59 +02:00
Nicola Murino
052ee04baa lint: fix unused write warnings 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-07-22 19:26:40 +02:00
Nicola Murino
3462bba3f4 backport from main branch 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-15 12:05:28 +02:00
Nicola Murino
1f8ac8bfe1 REST API: fix token invalidation after password change 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-06-07 18:21:19 +02:00
Nicola Murino
a1af33c6aa WebClient: allow to set TLS certificates 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-05-03 18:30:03 +02:00
Nicola Murino
e1fdc10ef8 remove robots.txt endpoint 
This reverts #833 because the contributor did not respond to our
request to sign the CLA

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-04-26 11:00:55 +02:00
Nicola Murino
1196727448 dataretention: remove ignore_user_permissions 
Required permissions are now automatically granted as for any other
filesystem action

Fixes #1564

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-04-01 15:07:03 +02:00
Nicola Murino
db577b154e webclient: add more test cases for shares 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-04-01 11:42:22 +02:00
Nicola Murino
cb3bc3f604 update OpenAPI definition 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-03-18 19:32:01 +01:00
Nicola Murino
cc9a0d4dc2 add time-based access restrictions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-03-17 11:30:03 +01:00
Nicola Murino
26d3105f54 groups: add role placeholder 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-03-12 18:21:50 +01:00
Nicola Murino
f38966c6ac WebClient: refactor long-running tasks to improve browser compatibility 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-03-11 18:19:57 +01:00
Nicola Murino
4d357a6a57 EventManager: allow to check for inactive users 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-03-04 19:48:10 +01:00
Nicola Murino
12f599fd65 WebUI: skip checks for static resource 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-25 18:19:21 +01:00
Nicola Murino
92911bda2b require at least 2048 bits for RSA certificates/keys 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-25 11:12:57 +01:00
Nicola Murino
f7d9e56cac ssh: remove moduli, log negotiated algorithms 
Fixes #1324

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-24 20:35:09 +01:00
Nicola Murino
a577d8b3cd WebAdmin: allow to disable 2FA 
Before it was only possible using REST API

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-23 18:24:07 +01:00
Nicola Murino
76ffa107dd check admins' two-factor requirements in the disable API as well 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-22 19:05:16 +01:00
Nicola Murino
9a6a65931e two-factor auth: fixed validation of conflicting settings 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-22 18:20:51 +01:00
Nicola Murino
de089e51fd Web: allow to require password change and two-factor for admins 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-21 20:45:10 +01:00
Nicola Murino
51ae2d7301 add copy permission 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-20 18:19:09 +01:00
Nicola Murino
e61fb42cbc remove metadata plugin 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-17 12:30:47 +01:00
Nicola Murino
ad75543172 fix some new lint warnings 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-15 21:13:45 +01:00
Nicola Murino
1ff55bbfa7 add DirLister interface 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-15 20:53:56 +01:00
Nicola Murino
8385acd0e3 Redirect to two-factor auth page after creating the first admin 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-04 20:58:29 +01:00
Nicola Murino
e5836c8118 WebUI: add a JSON helper function 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-04 18:16:10 +01:00
Nicola Murino
c23d779280 WebClient: load shares using an async request 
instead of rendering them directly within the template

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-04 14:33:51 +01:00
Nicola Murino
3158190945 WebClient: respect second factor requirements enforced at group level 
Fixes #1506

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-04 12:09:47 +01:00
Nicola Murino
6074ed21f7 dataproviders: return an uniform error for foreign key violations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-03 14:24:50 +01:00
Nicola Murino
71e01ab26d new WebAdmin: add test cases 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-02-03 12:42:05 +01:00
Nicola Murino
69da5c10c6 WIP new WebAdmin: configs page 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-01-27 12:48:15 +01:00
Nicola Murino
87451560e3 normalize common database errors 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-01-17 17:36:35 +01:00
Nicola Murino
d939a82225 user: add TLS certificates 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-01-14 21:36:23 +01:00
Nicola Murino
784b7585c1 remove end year from Copyright notice in files 
so we don't have to update all the files every year

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-01-01 11:31:45 +01:00
Nicola Murino
3121c35437 WebClient: do not silently overwrite files/directories 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-12-28 18:43:07 +01:00
Nicola Murino
f721cf5c40 WebClient: fix test cases 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-12-12 19:04:32 +01:00
Nicola Murino
691133d7c8 WebClient: improve test coverage 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-12-10 18:34:09 +01:00
Nicola Murino
c71f0426ae WebClient WIP: add support for localizations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-12-10 16:40:13 +01:00
Nicola Murino
6175acb572 add support for reading more secrets from files 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-24 20:43:50 +01:00
Nicola Murino
ac309cf9a3 WebClient: remove data schema usage from mfa page 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-18 20:06:31 +01:00
Nicola Murino
1a765c7ff7 WebClient share: add a download page 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-17 19:10:03 +01:00
Nicola Murino
c5c5860012 ssh: allow to configure public key auth algorithms 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-09 20:03:04 +01:00
Nicola Murino
a1346aa071 httpd: fixed logging of refused requests due to rate limiting/blocklisting 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-08 19:11:00 +01:00
Nicola Murino
6295be786f WebClient: add a ping URL 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-06 19:58:39 +01:00
Nicola Murino
654ce2e349 s3: allow to skip TLS verification 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2023-11-05 19:27:11 +01:00