diff --git a/go.mod b/go.mod index 71809131..fb962f65 100644 --- a/go.mod +++ b/go.mod @@ -108,7 +108,7 @@ require ( github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-test/deep v1.0.8 // indirect - github.com/goccy/go-json v0.9.11 // indirect + github.com/goccy/go-json v0.10.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/go-cmp v0.5.9 // indirect diff --git a/go.sum b/go.sum index 2640cad7..faae9c77 100644 --- a/go.sum +++ b/go.sum @@ -712,8 +712,9 @@ github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY9 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= -github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk= github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA= +github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= diff --git a/internal/dataprovider/user.go b/internal/dataprovider/user.go index 1a12e0e0..4d56019f 100644 --- a/internal/dataprovider/user.go +++ b/internal/dataprovider/user.go @@ -945,6 +945,9 @@ func (u *User) IsPartialAuth(loginMethod string) bool { method == SSHLoginMethodPassword { continue } + if method == LoginMethodPassword && util.Contains(u.Filters.DeniedLoginMethods, SSHLoginMethodPassword) { + continue + } if !util.Contains(SSHMultiStepsLoginMethods, method) { return false } diff --git a/internal/sftpd/sftpd_test.go b/internal/sftpd/sftpd_test.go index 41695a8c..a51bccc4 100644 --- a/internal/sftpd/sftpd_test.go +++ b/internal/sftpd/sftpd_test.go @@ -8270,6 +8270,12 @@ func TestUserPartialAuth(t *testing.T) { dataprovider.SSHLoginMethodPublicKey, } assert.False(t, user.IsPartialAuth(dataprovider.SSHLoginMethodPublicKey)) + user.Filters.DeniedLoginMethods = []string{ + dataprovider.SSHLoginMethodPassword, + dataprovider.SSHLoginMethodPublicKey, + dataprovider.SSHLoginMethodKeyboardInteractive, + } + assert.True(t, user.IsPartialAuth(dataprovider.SSHLoginMethodPublicKey)) } func TestUserGetNextAuthMethods(t *testing.T) { diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index 42529acb..955efb9f 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -6415,7 +6415,7 @@ components: type: array items: type: string - description: 'Features for the current build. Available features are `portable`, `bolt`, `mysql`, `sqlite`, `pgsql`, `s3`, `gcs`, `metrics`. If a feature is available it has a `+` prefix, otherwise a `-` prefix' + description: 'Features for the current build. Available features are `portable`, `bolt`, `mysql`, `sqlite`, `pgsql`, `s3`, `gcs`, `azblob`, `metrics`. If a feature is available it has a `+` prefix, otherwise a `-` prefix' Token: type: object properties: