so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Google Cloud Storage credentials are now always stored within the data
provider.
Added a migration to read credentials from disk and store them inside the
data provider.
After v2.3 we can also remove credentials_path
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.
Limits can be reset using the REST API
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore
Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0
Fixes#197
hooks
doing something like this:
err = provider.updateUser(u)
...
return provider.userExists(username)
could be racy if another update happen before
provider.userExists(username)
also pass a pointer to updateUser so if the user is modified inside
"validateUser" we can just return the modified user without do a new
query
also gcs credentials are now encrypted, both on disk and inside the
provider.
Data provider is automatically migrated and load data will accept
old format too but you should upgrade to the new format to avoid future
issues
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback
Fixes#201
