allow WebClient login with multi-step auth enabled

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-22 07:30:25 +00:00 · 2022-11-29 18:43:48 +01:00 · 2022-11-29 18:43:48 +01:00 · dd98c06397
commit dd98c06397
parent b989cdabe5
5 changed files with 13 additions and 3 deletions
--- a/go.mod
+++ b/go.mod
@ -108,7 +108,7 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-test/deep v1.0.8 // indirect
-	github.com/goccy/go-json v0.9.11 // indirect
+	github.com/goccy/go-json v0.10.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
--- a/go.sum
+++ b/go.sum
@ -712,8 +712,9 @@ github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY9
 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
 github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
-github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
 github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA=
+github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
 github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
--- a/internal/dataprovider/user.go
+++ b/internal/dataprovider/user.go
@ -945,6 +945,9 @@ func (u *User) IsPartialAuth(loginMethod string) bool {
 			method == SSHLoginMethodPassword {
 			continue
 		}
+		if method == LoginMethodPassword && util.Contains(u.Filters.DeniedLoginMethods, SSHLoginMethodPassword) {
+			continue
+		}
 		if !util.Contains(SSHMultiStepsLoginMethods, method) {
 			return false
 		}
--- a/internal/sftpd/sftpd_test.go
+++ b/internal/sftpd/sftpd_test.go
@ -8270,6 +8270,12 @@ func TestUserPartialAuth(t *testing.T) {
 		dataprovider.SSHLoginMethodPublicKey,
 	}
 	assert.False(t, user.IsPartialAuth(dataprovider.SSHLoginMethodPublicKey))
+	user.Filters.DeniedLoginMethods = []string{
+		dataprovider.SSHLoginMethodPassword,
+		dataprovider.SSHLoginMethodPublicKey,
+		dataprovider.SSHLoginMethodKeyboardInteractive,
+	}
+	assert.True(t, user.IsPartialAuth(dataprovider.SSHLoginMethodPublicKey))
 }

 func TestUserGetNextAuthMethods(t *testing.T) {
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@ -6415,7 +6415,7 @@ components:
          type: array
          items:
            type: string
-          description: 'Features for the current build. Available features are `portable`, `bolt`, `mysql`, `sqlite`, `pgsql`, `s3`, `gcs`, `metrics`. If a feature is available it has a `+` prefix, otherwise a `-` prefix'
+          description: 'Features for the current build. Available features are `portable`, `bolt`, `mysql`, `sqlite`, `pgsql`, `s3`, `gcs`, `azblob`, `metrics`. If a feature is available it has a `+` prefix, otherwise a `-` prefix'
    Token:
      type: object
      properties: