diff --git a/common/common_test.go b/common/common_test.go index 620aad25..824441f6 100644 --- a/common/common_test.go +++ b/common/common_test.go @@ -754,6 +754,25 @@ func TestParseAllowedIPAndRanges(t *testing.T) { assert.False(t, allow[1](net.ParseIP("172.16.1.1"))) } +func TestHideConfidentialData(t *testing.T) { + for _, provider := range sdk.ListProviders() { + u := dataprovider.User{ + FsConfig: vfs.Filesystem{ + Provider: provider, + }, + } + u.PrepareForRendering() + f := vfs.BaseVirtualFolder{ + FsConfig: vfs.Filesystem{ + Provider: provider, + }, + } + f.PrepareForRendering() + } + a := dataprovider.Admin{} + a.HideConfidentialData() +} + func BenchmarkBcryptHashing(b *testing.B) { bcryptPassword := "bcryptpassword" for i := 0; i < b.N; i++ { diff --git a/dataprovider/admin.go b/dataprovider/admin.go index 15e47560..05d09f88 100644 --- a/dataprovider/admin.go +++ b/dataprovider/admin.go @@ -293,6 +293,11 @@ func (a *Admin) HideConfidentialData() { if a.Filters.TOTPConfig.Secret != nil { a.Filters.TOTPConfig.Secret.Hide() } + for _, code := range a.Filters.RecoveryCodes { + if code.Secret != nil { + code.Secret.Hide() + } + } a.SetNilSecretsIfEmpty() } diff --git a/dataprovider/user.go b/dataprovider/user.go index 53bea869..819653a7 100644 --- a/dataprovider/user.go +++ b/dataprovider/user.go @@ -196,7 +196,14 @@ func (u *User) CheckLoginConditions() error { func (u *User) hideConfidentialData() { u.Password = "" u.FsConfig.HideConfidentialData() - u.Filters.TOTPConfig.Secret.Hide() + if u.Filters.TOTPConfig.Secret != nil { + u.Filters.TOTPConfig.Secret.Hide() + } + for _, code := range u.Filters.RecoveryCodes { + if code.Secret != nil { + code.Secret.Hide() + } + } } // GetSubDirPermissions returns permissions for sub directories diff --git a/docker/README.md b/docker/README.md index 62f2cda9..8cca43ed 100644 --- a/docker/README.md +++ b/docker/README.md @@ -4,10 +4,10 @@ SFTPGo provides an official Docker image, it is available on both [Docker Hub](h ## Supported tags and respective Dockerfile links -- [v2.1.0, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile) -- [v2.1.0-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile.alpine) -- [v2.1.0-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile) -- [v2.1.0-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile.alpine) +- [v2.1.2, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile) +- [v2.1.2-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine) +- [v2.1.2-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile) +- [v2.1.2-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine) - [edge](../Dockerfile) - [edge-alpine](../Dockerfile.alpine) - [edge-slim](../Dockerfile) diff --git a/go.mod b/go.mod index 4189b943..cc861bb2 100644 --- a/go.mod +++ b/go.mod @@ -7,11 +7,11 @@ require ( github.com/Azure/azure-storage-blob-go v0.14.0 github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 github.com/alexedwards/argon2id v0.0.0-20210511081203-7d35d68092b8 - github.com/aws/aws-sdk-go v1.40.38 + github.com/aws/aws-sdk-go v1.40.41 github.com/cockroachdb/cockroach-go/v2 v2.1.1 github.com/eikenb/pipeat v0.0.0-20210603033007-44fc3ffce52b github.com/fatih/color v1.12.0 // indirect - github.com/fclairamb/ftpserverlib v0.15.0 + github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016 github.com/fclairamb/go-log v0.1.0 github.com/go-chi/chi/v5 v5.0.4 github.com/go-chi/jwtauth/v5 v5.0.1 @@ -46,7 +46,7 @@ require ( github.com/prometheus/common v0.30.0 // indirect github.com/rs/cors v1.8.0 github.com/rs/xid v1.3.0 - github.com/rs/zerolog v1.24.0 + github.com/rs/zerolog v1.25.0 github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/shirou/gopsutil/v3 v3.21.8 github.com/spf13/afero v1.6.0 @@ -61,10 +61,10 @@ require ( gocloud.dev v0.24.0 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 golang.org/x/net v0.0.0-20210907225631-ff17edfbf26d - golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 + golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac google.golang.org/api v0.56.0 - google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83 // indirect + google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af // indirect google.golang.org/grpc v1.40.0 google.golang.org/protobuf v1.27.1 gopkg.in/natefinch/lumberjack.v2 v2.0.0 @@ -81,7 +81,7 @@ require ( github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6 // indirect + github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60 // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-ole/go-ole v1.2.5 // indirect github.com/goccy/go-json v0.7.8 // indirect @@ -128,7 +128,6 @@ require ( replace ( github.com/eikenb/pipeat => github.com/drakkan/pipeat v0.0.0-20210805162858-70e57fa8a639 - github.com/fclairamb/ftpserverlib => github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15 github.com/jlaffaye/ftp => github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9 golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240 golang.org/x/net => github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b diff --git a/go.sum b/go.sum index 600e485e..b50c10a5 100644 --- a/go.sum +++ b/go.sum @@ -134,8 +134,8 @@ github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.38.68/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.40.34/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.40.38 h1:kl3iIW0h/JEBFjSBcAxDsiRbKMPz4aI5FJIHMCAQ+J0= -github.com/aws/aws-sdk-go v1.40.38/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= +github.com/aws/aws-sdk-go v1.40.41 h1:v/Y4bB8+wHCONtKV+fuHTzLiqC08lk8e9HqYhRB9PBQ= +github.com/aws/aws-sdk-go v1.40.41/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go-v2 v1.7.0/go.mod h1:tb9wi5s61kTDA5qCkcDbt3KRVV74GGslQkl/DRdX/P4= github.com/aws/aws-sdk-go-v2 v1.9.0/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= github.com/aws/aws-sdk-go-v2/config v1.7.0/go.mod h1:w9+nMZ7soXCe5nT46Ri354SNhXDQ6v+V5wqDjnZE+GY= @@ -202,8 +202,8 @@ github.com/decred/dcrd/chaincfg/chainhash v1.0.2/go.mod h1:BpbrGgrPTr3YJYRN3Bm+D github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0/go.mod h1:J70FGZSbzsjecRTiTzER+3f1KZLNaXkuv+yeFTKoxM8= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6 h1:NGfHjPYOoViXf0fOrOajdu8/SQNuu8WzjV9XTgLt/BQ= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60 h1:FM4bliQ50GxrUtiwP6hUuzASr1FkC/Kw6UiWsS87sCc= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= @@ -213,8 +213,6 @@ github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240 h1:Qp4ss1w/ImKeKkCP github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240/go.mod h1:0hNoheD1tVu/m8WMkw/chBXf5VpwzL5fHQU25k79NKo= github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9 h1:LPH1dEblAOO/LoG7yHPMtBLXhQmjaga91/DDjWk9jWA= github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9/go.mod h1:2lmrmq866uF2tnje75wQHzmPXhmSWUt7Gyx2vgK1RCU= -github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15 h1:J7FZPDILyOMYtShuM5hH3GLTL1cCDtoJ1InsxEyl798= -github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15/go.mod h1:+Doq95UijHTIaJcWREhyu9dyQOqyoULbVU3OXgs8wEI= github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b h1:SRHk644lQIZwMvULlkVGEWMg6FlB+gj1ZHIOYSnHkIg= github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= github.com/drakkan/pipeat v0.0.0-20210805162858-70e57fa8a639 h1:8tfGdb4kg/YCvAbIrsMazgoNtnqdOqQVDKW12uUCuuU= @@ -236,6 +234,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc= github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= +github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016 h1:AERjGdm3i6M/d3DAFFSWFMVRmva6+ecCOkucBcNC0Pk= +github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016/go.mod h1:+Doq95UijHTIaJcWREhyu9dyQOqyoULbVU3OXgs8wEI= github.com/fclairamb/go-log v0.1.0 h1:fNoqk8w62i4EDEuRzDgHdDVTqMYSyr3DS981R7F2x/Y= github.com/fclairamb/go-log v0.1.0/go.mod h1:iqmym8aI6xBbZXnZSPjElrmQrlEwjwEemOmIzKaTBM8= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -698,8 +698,8 @@ github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4= github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= -github.com/rs/zerolog v1.24.0 h1:76ivFxmVSRs1u2wUwJVg5VZDYQgeH1JpoS6ndgr9Wy8= -github.com/rs/zerolog v1.24.0/go.mod h1:7KHcEGe0QZPOm2IE4Kpb5rTh6n1h2hIgS5OOnu1rUaI= +github.com/rs/zerolog v1.25.0 h1:Rj7XygbUHKUlDPcVdoLyR91fJBsduXj5fRxyqIQj/II= +github.com/rs/zerolog v1.25.0/go.mod h1:7KHcEGe0QZPOm2IE4Kpb5rTh6n1h2hIgS5OOnu1rUaI= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -950,8 +950,8 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 h1:GkvMjFtXUmahfDtashnc1mnrCtuBVcwse5QV2lUk/tI= -golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0 h1:xrCZDmdtoloIiooiA9q0OQb9r8HejIHYoHGhGCe1pGg= +golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1145,8 +1145,8 @@ google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210825212027-de86158e7fda/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83 h1:3V2dxSZpz4zozWWUq36vUxXEKnSYitEH2LdsAx+RUmg= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af h1:aLMMXFYqw01RA6XJim5uaN+afqNNjc9P8HPAbnpnc5s= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= diff --git a/httpd/httpd_test.go b/httpd/httpd_test.go index f3ee2d15..488df9c8 100644 --- a/httpd/httpd_test.go +++ b/httpd/httpd_test.go @@ -4535,6 +4535,16 @@ func TestAdminTwoFactorLogin(t *testing.T) { assert.NoError(t, err) assert.Len(t, recCodes, 12) + admin, _, err = httpdtest.GetAdminByUsername(altAdminUsername, http.StatusOK) + assert.NoError(t, err) + assert.Len(t, admin.Filters.RecoveryCodes, 12) + for _, c := range admin.Filters.RecoveryCodes { + assert.Empty(t, c.Secret.GetAdditionalData()) + assert.Empty(t, c.Secret.GetKey()) + assert.Equal(t, kms.SecretStatusSecretBox, c.Secret.GetStatus()) + assert.NotEmpty(t, c.Secret.GetPayload()) + } + webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass) assert.NoError(t, err) req, err = http.NewRequest(http.MethodGet, webAdminTwoFactorPath, nil) @@ -5058,6 +5068,16 @@ func TestWebUserTwoFactorLogin(t *testing.T) { assert.NoError(t, err) assert.Len(t, recCodes, 12) + user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) + assert.NoError(t, err) + assert.Len(t, user.Filters.RecoveryCodes, 12) + for _, c := range user.Filters.RecoveryCodes { + assert.Empty(t, c.Secret.GetAdditionalData()) + assert.Empty(t, c.Secret.GetKey()) + assert.Equal(t, kms.SecretStatusSecretBox, c.Secret.GetStatus()) + assert.NotEmpty(t, c.Secret.GetPayload()) + } + req, err = http.NewRequest(http.MethodGet, webClientTwoFactorPath, nil) assert.NoError(t, err) setJWTCookieForReq(req, webToken) diff --git a/httpd/schema/openapi.yaml b/httpd/schema/openapi.yaml index 020aa3dd..a761fba6 100644 --- a/httpd/schema/openapi.yaml +++ b/httpd/schema/openapi.yaml @@ -18,7 +18,7 @@ info: Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one. SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one. Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user. - version: 2.1.0-dev + version: 2.1.2-dev contact: name: API support url: 'https://github.com/drakkan/sftpgo' diff --git a/pkgs/debian/changelog b/pkgs/debian/changelog index 16076551..04aed189 100644 --- a/pkgs/debian/changelog +++ b/pkgs/debian/changelog @@ -1,3 +1,15 @@ +sftpgo (2.1.2-1ppa1) bionic; urgency=medium + + * New upstream release. + + -- Nicola Murino Sat, 11 Sep 2021 13:35:21 +0200 + +sftpgo (2.1.1-1ppa1) bionic; urgency=medium + + * New upstream release. + + -- Nicola Murino Sat, 11 Sep 2021 07:12:40 +0200 + sftpgo (2.1.0-1ppa1) bionic; urgency=medium * New upstream release. diff --git a/version/version.go b/version/version.go index 676211d6..a3496886 100644 --- a/version/version.go +++ b/version/version.go @@ -2,7 +2,7 @@ package version import "strings" -const version = "2.1.0-dev" +const version = "2.1.2-dev" var ( commit = "" diff --git a/vfs/filesystem.go b/vfs/filesystem.go index a0b7d2ef..d7de19ee 100644 --- a/vfs/filesystem.go +++ b/vfs/filesystem.go @@ -207,17 +207,15 @@ func (f *Filesystem) HasRedactedSecret() bool { func (f *Filesystem) HideConfidentialData() { switch f.Provider { case sdk.S3FilesystemProvider: - f.S3Config.AccessSecret.Hide() + f.S3Config.HideConfidentialData() case sdk.GCSFilesystemProvider: - f.GCSConfig.Credentials.Hide() + f.GCSConfig.HideConfidentialData() case sdk.AzureBlobFilesystemProvider: - f.AzBlobConfig.AccountKey.Hide() - f.AzBlobConfig.SASURL.Hide() + f.AzBlobConfig.HideConfidentialData() case sdk.CryptedFilesystemProvider: - f.CryptConfig.Passphrase.Hide() + f.CryptConfig.HideConfidentialData() case sdk.SFTPFilesystemProvider: - f.SFTPConfig.Password.Hide() - f.SFTPConfig.PrivateKey.Hide() + f.SFTPConfig.HideConfidentialData() } } diff --git a/vfs/folder.go b/vfs/folder.go index e579066a..b62cf088 100644 --- a/vfs/folder.go +++ b/vfs/folder.go @@ -104,17 +104,15 @@ func (v *BaseVirtualFolder) IsLocalOrLocalCrypted() bool { func (v *BaseVirtualFolder) hideConfidentialData() { switch v.FsConfig.Provider { case sdk.S3FilesystemProvider: - v.FsConfig.S3Config.AccessSecret.Hide() + v.FsConfig.S3Config.HideConfidentialData() case sdk.GCSFilesystemProvider: - v.FsConfig.GCSConfig.Credentials.Hide() + v.FsConfig.GCSConfig.HideConfidentialData() case sdk.AzureBlobFilesystemProvider: - v.FsConfig.AzBlobConfig.AccountKey.Hide() - v.FsConfig.AzBlobConfig.SASURL.Hide() + v.FsConfig.AzBlobConfig.HideConfidentialData() case sdk.CryptedFilesystemProvider: - v.FsConfig.CryptConfig.Passphrase.Hide() + v.FsConfig.CryptConfig.HideConfidentialData() case sdk.SFTPFilesystemProvider: - v.FsConfig.SFTPConfig.Password.Hide() - v.FsConfig.SFTPConfig.PrivateKey.Hide() + v.FsConfig.SFTPConfig.HideConfidentialData() } } diff --git a/vfs/sftpfs.go b/vfs/sftpfs.go index 2b58bccb..5d2952a0 100644 --- a/vfs/sftpfs.go +++ b/vfs/sftpfs.go @@ -40,6 +40,16 @@ type SFTPFsConfig struct { forbiddenSelfUsernames []string `json:"-"` } +// HideConfidentialData hides confidential data +func (c *SFTPFsConfig) HideConfidentialData() { + if c.Password != nil { + c.Password.Hide() + } + if c.PrivateKey != nil { + c.PrivateKey.Hide() + } +} + func (c *SFTPFsConfig) isEqual(other *SFTPFsConfig) bool { if c.Endpoint != other.Endpoint { return false diff --git a/vfs/vfs.go b/vfs/vfs.go index 39d45c45..34027c0c 100644 --- a/vfs/vfs.go +++ b/vfs/vfs.go @@ -143,6 +143,13 @@ type S3FsConfig struct { sdk.S3FsConfig } +// HideConfidentialData hides confidential data +func (c *S3FsConfig) HideConfidentialData() { + if c.AccessSecret != nil { + c.AccessSecret.Hide() + } +} + func (c *S3FsConfig) isEqual(other *S3FsConfig) bool { if c.Bucket != other.Bucket { return false @@ -264,6 +271,13 @@ type GCSFsConfig struct { sdk.GCSFsConfig } +// HideConfidentialData hides confidential data +func (c *GCSFsConfig) HideConfidentialData() { + if c.Credentials != nil { + c.Credentials.Hide() + } +} + func (c *GCSFsConfig) isEqual(other *GCSFsConfig) bool { if c.Bucket != other.Bucket { return false @@ -323,6 +337,16 @@ type AzBlobFsConfig struct { sdk.AzBlobFsConfig } +// HideConfidentialData hides confidential data +func (c *AzBlobFsConfig) HideConfidentialData() { + if c.AccountKey != nil { + c.AccountKey.Hide() + } + if c.SASURL != nil { + c.SASURL.Hide() + } +} + func (c *AzBlobFsConfig) isEqual(other *AzBlobFsConfig) bool { if c.Container != other.Container { return false @@ -444,6 +468,13 @@ type CryptFsConfig struct { sdk.CryptFsConfig } +// HideConfidentialData hides confidential data +func (c *CryptFsConfig) HideConfidentialData() { + if c.Passphrase != nil { + c.Passphrase.Hide() + } +} + func (c *CryptFsConfig) isEqual(other *CryptFsConfig) bool { if c.Passphrase == nil { c.Passphrase = kms.NewEmptySecret()