fix a possible nil pointer dereference

it can happen by upgrading from very old versions
This commit is contained in:
Nicola Murino 2021-09-11 14:19:17 +02:00
parent 0eca4f1866
commit 5c34d814d6
No known key found for this signature in database
GPG key ID: 2F1FB59433D5A8CB
14 changed files with 139 additions and 40 deletions

View file

@ -754,6 +754,25 @@ func TestParseAllowedIPAndRanges(t *testing.T) {
assert.False(t, allow[1](net.ParseIP("172.16.1.1"))) assert.False(t, allow[1](net.ParseIP("172.16.1.1")))
} }
func TestHideConfidentialData(t *testing.T) {
for _, provider := range sdk.ListProviders() {
u := dataprovider.User{
FsConfig: vfs.Filesystem{
Provider: provider,
},
}
u.PrepareForRendering()
f := vfs.BaseVirtualFolder{
FsConfig: vfs.Filesystem{
Provider: provider,
},
}
f.PrepareForRendering()
}
a := dataprovider.Admin{}
a.HideConfidentialData()
}
func BenchmarkBcryptHashing(b *testing.B) { func BenchmarkBcryptHashing(b *testing.B) {
bcryptPassword := "bcryptpassword" bcryptPassword := "bcryptpassword"
for i := 0; i < b.N; i++ { for i := 0; i < b.N; i++ {

View file

@ -293,6 +293,11 @@ func (a *Admin) HideConfidentialData() {
if a.Filters.TOTPConfig.Secret != nil { if a.Filters.TOTPConfig.Secret != nil {
a.Filters.TOTPConfig.Secret.Hide() a.Filters.TOTPConfig.Secret.Hide()
} }
for _, code := range a.Filters.RecoveryCodes {
if code.Secret != nil {
code.Secret.Hide()
}
}
a.SetNilSecretsIfEmpty() a.SetNilSecretsIfEmpty()
} }

View file

@ -196,7 +196,14 @@ func (u *User) CheckLoginConditions() error {
func (u *User) hideConfidentialData() { func (u *User) hideConfidentialData() {
u.Password = "" u.Password = ""
u.FsConfig.HideConfidentialData() u.FsConfig.HideConfidentialData()
u.Filters.TOTPConfig.Secret.Hide() if u.Filters.TOTPConfig.Secret != nil {
u.Filters.TOTPConfig.Secret.Hide()
}
for _, code := range u.Filters.RecoveryCodes {
if code.Secret != nil {
code.Secret.Hide()
}
}
} }
// GetSubDirPermissions returns permissions for sub directories // GetSubDirPermissions returns permissions for sub directories

View file

@ -4,10 +4,10 @@ SFTPGo provides an official Docker image, it is available on both [Docker Hub](h
## Supported tags and respective Dockerfile links ## Supported tags and respective Dockerfile links
- [v2.1.0, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile) - [v2.1.2, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile)
- [v2.1.0-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile.alpine) - [v2.1.2-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine)
- [v2.1.0-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile) - [v2.1.2-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile)
- [v2.1.0-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile.alpine) - [v2.1.2-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine)
- [edge](../Dockerfile) - [edge](../Dockerfile)
- [edge-alpine](../Dockerfile.alpine) - [edge-alpine](../Dockerfile.alpine)
- [edge-slim](../Dockerfile) - [edge-slim](../Dockerfile)

13
go.mod
View file

@ -7,11 +7,11 @@ require (
github.com/Azure/azure-storage-blob-go v0.14.0 github.com/Azure/azure-storage-blob-go v0.14.0
github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962
github.com/alexedwards/argon2id v0.0.0-20210511081203-7d35d68092b8 github.com/alexedwards/argon2id v0.0.0-20210511081203-7d35d68092b8
github.com/aws/aws-sdk-go v1.40.38 github.com/aws/aws-sdk-go v1.40.41
github.com/cockroachdb/cockroach-go/v2 v2.1.1 github.com/cockroachdb/cockroach-go/v2 v2.1.1
github.com/eikenb/pipeat v0.0.0-20210603033007-44fc3ffce52b github.com/eikenb/pipeat v0.0.0-20210603033007-44fc3ffce52b
github.com/fatih/color v1.12.0 // indirect github.com/fatih/color v1.12.0 // indirect
github.com/fclairamb/ftpserverlib v0.15.0 github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016
github.com/fclairamb/go-log v0.1.0 github.com/fclairamb/go-log v0.1.0
github.com/go-chi/chi/v5 v5.0.4 github.com/go-chi/chi/v5 v5.0.4
github.com/go-chi/jwtauth/v5 v5.0.1 github.com/go-chi/jwtauth/v5 v5.0.1
@ -46,7 +46,7 @@ require (
github.com/prometheus/common v0.30.0 // indirect github.com/prometheus/common v0.30.0 // indirect
github.com/rs/cors v1.8.0 github.com/rs/cors v1.8.0
github.com/rs/xid v1.3.0 github.com/rs/xid v1.3.0
github.com/rs/zerolog v1.24.0 github.com/rs/zerolog v1.25.0
github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/shirou/gopsutil/v3 v3.21.8 github.com/shirou/gopsutil/v3 v3.21.8
github.com/spf13/afero v1.6.0 github.com/spf13/afero v1.6.0
@ -61,10 +61,10 @@ require (
gocloud.dev v0.24.0 gocloud.dev v0.24.0
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
golang.org/x/net v0.0.0-20210907225631-ff17edfbf26d golang.org/x/net v0.0.0-20210907225631-ff17edfbf26d
golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
google.golang.org/api v0.56.0 google.golang.org/api v0.56.0
google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83 // indirect google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af // indirect
google.golang.org/grpc v1.40.0 google.golang.org/grpc v1.40.0
google.golang.org/protobuf v1.27.1 google.golang.org/protobuf v1.27.1
gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0
@ -81,7 +81,7 @@ require (
github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60 // indirect
github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect
github.com/go-ole/go-ole v1.2.5 // indirect github.com/go-ole/go-ole v1.2.5 // indirect
github.com/goccy/go-json v0.7.8 // indirect github.com/goccy/go-json v0.7.8 // indirect
@ -128,7 +128,6 @@ require (
replace ( replace (
github.com/eikenb/pipeat => github.com/drakkan/pipeat v0.0.0-20210805162858-70e57fa8a639 github.com/eikenb/pipeat => github.com/drakkan/pipeat v0.0.0-20210805162858-70e57fa8a639
github.com/fclairamb/ftpserverlib => github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15
github.com/jlaffaye/ftp => github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9 github.com/jlaffaye/ftp => github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9
golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240 golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240
golang.org/x/net => github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b golang.org/x/net => github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b

24
go.sum
View file

@ -134,8 +134,8 @@ github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo
github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
github.com/aws/aws-sdk-go v1.38.68/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.38.68/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
github.com/aws/aws-sdk-go v1.40.34/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.40.34/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
github.com/aws/aws-sdk-go v1.40.38 h1:kl3iIW0h/JEBFjSBcAxDsiRbKMPz4aI5FJIHMCAQ+J0= github.com/aws/aws-sdk-go v1.40.41 h1:v/Y4bB8+wHCONtKV+fuHTzLiqC08lk8e9HqYhRB9PBQ=
github.com/aws/aws-sdk-go v1.40.38/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.40.41/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
github.com/aws/aws-sdk-go-v2 v1.7.0/go.mod h1:tb9wi5s61kTDA5qCkcDbt3KRVV74GGslQkl/DRdX/P4= github.com/aws/aws-sdk-go-v2 v1.7.0/go.mod h1:tb9wi5s61kTDA5qCkcDbt3KRVV74GGslQkl/DRdX/P4=
github.com/aws/aws-sdk-go-v2 v1.9.0/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= github.com/aws/aws-sdk-go-v2 v1.9.0/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4=
github.com/aws/aws-sdk-go-v2/config v1.7.0/go.mod h1:w9+nMZ7soXCe5nT46Ri354SNhXDQ6v+V5wqDjnZE+GY= github.com/aws/aws-sdk-go-v2/config v1.7.0/go.mod h1:w9+nMZ7soXCe5nT46Ri354SNhXDQ6v+V5wqDjnZE+GY=
@ -202,8 +202,8 @@ github.com/decred/dcrd/chaincfg/chainhash v1.0.2/go.mod h1:BpbrGgrPTr3YJYRN3Bm+D
github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0/go.mod h1:J70FGZSbzsjecRTiTzER+3f1KZLNaXkuv+yeFTKoxM8= github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0/go.mod h1:J70FGZSbzsjecRTiTzER+3f1KZLNaXkuv+yeFTKoxM8=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6 h1:NGfHjPYOoViXf0fOrOajdu8/SQNuu8WzjV9XTgLt/BQ= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60 h1:FM4bliQ50GxrUtiwP6hUuzASr1FkC/Kw6UiWsS87sCc=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
@ -213,8 +213,6 @@ github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240 h1:Qp4ss1w/ImKeKkCP
github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240/go.mod h1:0hNoheD1tVu/m8WMkw/chBXf5VpwzL5fHQU25k79NKo= github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240/go.mod h1:0hNoheD1tVu/m8WMkw/chBXf5VpwzL5fHQU25k79NKo=
github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9 h1:LPH1dEblAOO/LoG7yHPMtBLXhQmjaga91/DDjWk9jWA= github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9 h1:LPH1dEblAOO/LoG7yHPMtBLXhQmjaga91/DDjWk9jWA=
github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9/go.mod h1:2lmrmq866uF2tnje75wQHzmPXhmSWUt7Gyx2vgK1RCU= github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9/go.mod h1:2lmrmq866uF2tnje75wQHzmPXhmSWUt7Gyx2vgK1RCU=
github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15 h1:J7FZPDILyOMYtShuM5hH3GLTL1cCDtoJ1InsxEyl798=
github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15/go.mod h1:+Doq95UijHTIaJcWREhyu9dyQOqyoULbVU3OXgs8wEI=
github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b h1:SRHk644lQIZwMvULlkVGEWMg6FlB+gj1ZHIOYSnHkIg= github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b h1:SRHk644lQIZwMvULlkVGEWMg6FlB+gj1ZHIOYSnHkIg=
github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
github.com/drakkan/pipeat v0.0.0-20210805162858-70e57fa8a639 h1:8tfGdb4kg/YCvAbIrsMazgoNtnqdOqQVDKW12uUCuuU= github.com/drakkan/pipeat v0.0.0-20210805162858-70e57fa8a639 h1:8tfGdb4kg/YCvAbIrsMazgoNtnqdOqQVDKW12uUCuuU=
@ -236,6 +234,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc= github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc=
github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016 h1:AERjGdm3i6M/d3DAFFSWFMVRmva6+ecCOkucBcNC0Pk=
github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016/go.mod h1:+Doq95UijHTIaJcWREhyu9dyQOqyoULbVU3OXgs8wEI=
github.com/fclairamb/go-log v0.1.0 h1:fNoqk8w62i4EDEuRzDgHdDVTqMYSyr3DS981R7F2x/Y= github.com/fclairamb/go-log v0.1.0 h1:fNoqk8w62i4EDEuRzDgHdDVTqMYSyr3DS981R7F2x/Y=
github.com/fclairamb/go-log v0.1.0/go.mod h1:iqmym8aI6xBbZXnZSPjElrmQrlEwjwEemOmIzKaTBM8= github.com/fclairamb/go-log v0.1.0/go.mod h1:iqmym8aI6xBbZXnZSPjElrmQrlEwjwEemOmIzKaTBM8=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@ -698,8 +698,8 @@ github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
github.com/rs/zerolog v1.24.0 h1:76ivFxmVSRs1u2wUwJVg5VZDYQgeH1JpoS6ndgr9Wy8= github.com/rs/zerolog v1.25.0 h1:Rj7XygbUHKUlDPcVdoLyR91fJBsduXj5fRxyqIQj/II=
github.com/rs/zerolog v1.24.0/go.mod h1:7KHcEGe0QZPOm2IE4Kpb5rTh6n1h2hIgS5OOnu1rUaI= github.com/rs/zerolog v1.25.0/go.mod h1:7KHcEGe0QZPOm2IE4Kpb5rTh6n1h2hIgS5OOnu1rUaI=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@ -950,8 +950,8 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 h1:GkvMjFtXUmahfDtashnc1mnrCtuBVcwse5QV2lUk/tI= golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0 h1:xrCZDmdtoloIiooiA9q0OQb9r8HejIHYoHGhGCe1pGg=
golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -1145,8 +1145,8 @@ google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEc
google.golang.org/genproto v0.0.0-20210825212027-de86158e7fda/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210825212027-de86158e7fda/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83 h1:3V2dxSZpz4zozWWUq36vUxXEKnSYitEH2LdsAx+RUmg= google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af h1:aLMMXFYqw01RA6XJim5uaN+afqNNjc9P8HPAbnpnc5s=
google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=

View file

@ -4535,6 +4535,16 @@ func TestAdminTwoFactorLogin(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
assert.Len(t, recCodes, 12) assert.Len(t, recCodes, 12)
admin, _, err = httpdtest.GetAdminByUsername(altAdminUsername, http.StatusOK)
assert.NoError(t, err)
assert.Len(t, admin.Filters.RecoveryCodes, 12)
for _, c := range admin.Filters.RecoveryCodes {
assert.Empty(t, c.Secret.GetAdditionalData())
assert.Empty(t, c.Secret.GetKey())
assert.Equal(t, kms.SecretStatusSecretBox, c.Secret.GetStatus())
assert.NotEmpty(t, c.Secret.GetPayload())
}
webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass) webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
assert.NoError(t, err) assert.NoError(t, err)
req, err = http.NewRequest(http.MethodGet, webAdminTwoFactorPath, nil) req, err = http.NewRequest(http.MethodGet, webAdminTwoFactorPath, nil)
@ -5058,6 +5068,16 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
assert.Len(t, recCodes, 12) assert.Len(t, recCodes, 12)
user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK)
assert.NoError(t, err)
assert.Len(t, user.Filters.RecoveryCodes, 12)
for _, c := range user.Filters.RecoveryCodes {
assert.Empty(t, c.Secret.GetAdditionalData())
assert.Empty(t, c.Secret.GetKey())
assert.Equal(t, kms.SecretStatusSecretBox, c.Secret.GetStatus())
assert.NotEmpty(t, c.Secret.GetPayload())
}
req, err = http.NewRequest(http.MethodGet, webClientTwoFactorPath, nil) req, err = http.NewRequest(http.MethodGet, webClientTwoFactorPath, nil)
assert.NoError(t, err) assert.NoError(t, err)
setJWTCookieForReq(req, webToken) setJWTCookieForReq(req, webToken)

View file

@ -18,7 +18,7 @@ info:
Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one. Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one.
SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one. SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one.
Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user. Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
version: 2.1.0-dev version: 2.1.2-dev
contact: contact:
name: API support name: API support
url: 'https://github.com/drakkan/sftpgo' url: 'https://github.com/drakkan/sftpgo'

View file

@ -1,3 +1,15 @@
sftpgo (2.1.2-1ppa1) bionic; urgency=medium
* New upstream release.
-- Nicola Murino <nicola.murino@gmail.com> Sat, 11 Sep 2021 13:35:21 +0200
sftpgo (2.1.1-1ppa1) bionic; urgency=medium
* New upstream release.
-- Nicola Murino <nicola.murino@gmail.com> Sat, 11 Sep 2021 07:12:40 +0200
sftpgo (2.1.0-1ppa1) bionic; urgency=medium sftpgo (2.1.0-1ppa1) bionic; urgency=medium
* New upstream release. * New upstream release.

View file

@ -2,7 +2,7 @@ package version
import "strings" import "strings"
const version = "2.1.0-dev" const version = "2.1.2-dev"
var ( var (
commit = "" commit = ""

View file

@ -207,17 +207,15 @@ func (f *Filesystem) HasRedactedSecret() bool {
func (f *Filesystem) HideConfidentialData() { func (f *Filesystem) HideConfidentialData() {
switch f.Provider { switch f.Provider {
case sdk.S3FilesystemProvider: case sdk.S3FilesystemProvider:
f.S3Config.AccessSecret.Hide() f.S3Config.HideConfidentialData()
case sdk.GCSFilesystemProvider: case sdk.GCSFilesystemProvider:
f.GCSConfig.Credentials.Hide() f.GCSConfig.HideConfidentialData()
case sdk.AzureBlobFilesystemProvider: case sdk.AzureBlobFilesystemProvider:
f.AzBlobConfig.AccountKey.Hide() f.AzBlobConfig.HideConfidentialData()
f.AzBlobConfig.SASURL.Hide()
case sdk.CryptedFilesystemProvider: case sdk.CryptedFilesystemProvider:
f.CryptConfig.Passphrase.Hide() f.CryptConfig.HideConfidentialData()
case sdk.SFTPFilesystemProvider: case sdk.SFTPFilesystemProvider:
f.SFTPConfig.Password.Hide() f.SFTPConfig.HideConfidentialData()
f.SFTPConfig.PrivateKey.Hide()
} }
} }

View file

@ -104,17 +104,15 @@ func (v *BaseVirtualFolder) IsLocalOrLocalCrypted() bool {
func (v *BaseVirtualFolder) hideConfidentialData() { func (v *BaseVirtualFolder) hideConfidentialData() {
switch v.FsConfig.Provider { switch v.FsConfig.Provider {
case sdk.S3FilesystemProvider: case sdk.S3FilesystemProvider:
v.FsConfig.S3Config.AccessSecret.Hide() v.FsConfig.S3Config.HideConfidentialData()
case sdk.GCSFilesystemProvider: case sdk.GCSFilesystemProvider:
v.FsConfig.GCSConfig.Credentials.Hide() v.FsConfig.GCSConfig.HideConfidentialData()
case sdk.AzureBlobFilesystemProvider: case sdk.AzureBlobFilesystemProvider:
v.FsConfig.AzBlobConfig.AccountKey.Hide() v.FsConfig.AzBlobConfig.HideConfidentialData()
v.FsConfig.AzBlobConfig.SASURL.Hide()
case sdk.CryptedFilesystemProvider: case sdk.CryptedFilesystemProvider:
v.FsConfig.CryptConfig.Passphrase.Hide() v.FsConfig.CryptConfig.HideConfidentialData()
case sdk.SFTPFilesystemProvider: case sdk.SFTPFilesystemProvider:
v.FsConfig.SFTPConfig.Password.Hide() v.FsConfig.SFTPConfig.HideConfidentialData()
v.FsConfig.SFTPConfig.PrivateKey.Hide()
} }
} }

View file

@ -40,6 +40,16 @@ type SFTPFsConfig struct {
forbiddenSelfUsernames []string `json:"-"` forbiddenSelfUsernames []string `json:"-"`
} }
// HideConfidentialData hides confidential data
func (c *SFTPFsConfig) HideConfidentialData() {
if c.Password != nil {
c.Password.Hide()
}
if c.PrivateKey != nil {
c.PrivateKey.Hide()
}
}
func (c *SFTPFsConfig) isEqual(other *SFTPFsConfig) bool { func (c *SFTPFsConfig) isEqual(other *SFTPFsConfig) bool {
if c.Endpoint != other.Endpoint { if c.Endpoint != other.Endpoint {
return false return false

View file

@ -143,6 +143,13 @@ type S3FsConfig struct {
sdk.S3FsConfig sdk.S3FsConfig
} }
// HideConfidentialData hides confidential data
func (c *S3FsConfig) HideConfidentialData() {
if c.AccessSecret != nil {
c.AccessSecret.Hide()
}
}
func (c *S3FsConfig) isEqual(other *S3FsConfig) bool { func (c *S3FsConfig) isEqual(other *S3FsConfig) bool {
if c.Bucket != other.Bucket { if c.Bucket != other.Bucket {
return false return false
@ -264,6 +271,13 @@ type GCSFsConfig struct {
sdk.GCSFsConfig sdk.GCSFsConfig
} }
// HideConfidentialData hides confidential data
func (c *GCSFsConfig) HideConfidentialData() {
if c.Credentials != nil {
c.Credentials.Hide()
}
}
func (c *GCSFsConfig) isEqual(other *GCSFsConfig) bool { func (c *GCSFsConfig) isEqual(other *GCSFsConfig) bool {
if c.Bucket != other.Bucket { if c.Bucket != other.Bucket {
return false return false
@ -323,6 +337,16 @@ type AzBlobFsConfig struct {
sdk.AzBlobFsConfig sdk.AzBlobFsConfig
} }
// HideConfidentialData hides confidential data
func (c *AzBlobFsConfig) HideConfidentialData() {
if c.AccountKey != nil {
c.AccountKey.Hide()
}
if c.SASURL != nil {
c.SASURL.Hide()
}
}
func (c *AzBlobFsConfig) isEqual(other *AzBlobFsConfig) bool { func (c *AzBlobFsConfig) isEqual(other *AzBlobFsConfig) bool {
if c.Container != other.Container { if c.Container != other.Container {
return false return false
@ -444,6 +468,13 @@ type CryptFsConfig struct {
sdk.CryptFsConfig sdk.CryptFsConfig
} }
// HideConfidentialData hides confidential data
func (c *CryptFsConfig) HideConfidentialData() {
if c.Passphrase != nil {
c.Passphrase.Hide()
}
}
func (c *CryptFsConfig) isEqual(other *CryptFsConfig) bool { func (c *CryptFsConfig) isEqual(other *CryptFsConfig) bool {
if c.Passphrase == nil { if c.Passphrase == nil {
c.Passphrase = kms.NewEmptySecret() c.Passphrase = kms.NewEmptySecret()