mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-25 17:10:28 +00:00
unhide public keys
hiding public keys give no security improvement
This commit is contained in:
parent
fb8ccfe824
commit
bb0338870a
5 changed files with 4 additions and 10 deletions
|
@ -275,9 +275,6 @@ func checkUser(expected dataprovider.User, actual dataprovider.User) error {
|
|||
if len(actual.Password) > 0 {
|
||||
return errors.New("User password must not be visible")
|
||||
}
|
||||
if len(actual.PublicKeys) > 0 {
|
||||
return errors.New("User public keys must not be visible")
|
||||
}
|
||||
if expected.ID <= 0 {
|
||||
if actual.ID <= 0 {
|
||||
return errors.New("actual user ID must be > 0")
|
||||
|
|
|
@ -184,7 +184,7 @@ paths:
|
|||
tags:
|
||||
- users
|
||||
summary: Returns an array with one or more users
|
||||
description: For security reasons password and public key are empty in the response
|
||||
description: For security reasons passwords are empty in the response
|
||||
operationId: get_users
|
||||
parameters:
|
||||
- in: query
|
||||
|
@ -311,7 +311,7 @@ paths:
|
|||
tags:
|
||||
- users
|
||||
summary: Find user by ID
|
||||
description: For security reasons password and public key are empty in the response
|
||||
description: For security reasons passwords are empty in the response
|
||||
operationId: get_user_by_id
|
||||
parameters:
|
||||
- name: userID
|
||||
|
@ -545,7 +545,7 @@ components:
|
|||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
description: a password or at least one public key are mandatory. For security reasons this field is omitted when you search/get users.
|
||||
description: a password or at least one public key are mandatory.
|
||||
home_dir:
|
||||
type: string
|
||||
description: path to the user home directory. The user cannot upload or download files outside this directory. SFTPGo tries to automatically create this folder if missing. Must be an absolute path
|
||||
|
|
|
@ -64,7 +64,6 @@ func getUserByID(w http.ResponseWriter, r *http.Request) {
|
|||
user, err := dataprovider.GetUserByID(dataProvider, userID)
|
||||
if err == nil {
|
||||
user.Password = ""
|
||||
user.PublicKeys = []string{}
|
||||
render.JSON(w, r, user)
|
||||
} else if _, ok := err.(*dataprovider.RecordNotFoundError); ok {
|
||||
sendAPIResponse(w, r, err, "", http.StatusNotFound)
|
||||
|
|
|
@ -303,7 +303,6 @@ func (p BoltProvider) close() error {
|
|||
|
||||
func getUserNoCredentials(user *User) User {
|
||||
user.Password = ""
|
||||
user.PublicKeys = []string{}
|
||||
return *user
|
||||
}
|
||||
|
||||
|
|
|
@ -202,10 +202,9 @@ func sqlCommonGetUsers(limit int, offset int, order string, username string, dbH
|
|||
defer rows.Close()
|
||||
for rows.Next() {
|
||||
u, err := getUserFromDbRow(nil, rows)
|
||||
// hide password and public key
|
||||
// hide password
|
||||
if err == nil {
|
||||
u.Password = ""
|
||||
u.PublicKeys = []string{}
|
||||
users = append(users, u)
|
||||
} else {
|
||||
break
|
||||
|
|
Loading…
Reference in a new issue