Nicola Murino
47842ae614
script based hooks: don't propagate global env vars
...
env vars must be explicitly set
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-10-19 09:29:40 +02:00
Nicola Murino
bf76b0b158
docs external auth: clarify the meaning of the empty response from the hooks
...
Fixes #961
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-09-03 19:46:08 +02:00
Nicola Murino
9abd186166
external auth http hook: properly serialize the user in the POST body
...
For historical reasons we send the json serialized user as a string field.
I Initially copied the code used in the script hook where it is appropriate
to convert the JSON user to string.
After some time I have noticed this error, I know that changing it now might
break existing external authentication hooks but we cannot continue with
this mistake, new users are surprised by this behavior, sorry
Fixes #836
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-15 18:26:07 +02:00
Nicola Murino
4e9dae6fa4
allow to cache external authentications
...
Fixes #733
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-02-25 11:51:10 +01:00
Nicola Murino
9fb43b2c46
docs: clarify how multi-step auth works with external authentication
...
Fixes #617
2021-11-24 11:27:32 +01:00
Nicola Murino
3d6b09e949
REST API: expose OpenAPI schema and render it using Swagger UI
...
Fixes #609
2021-11-21 09:32:51 +01:00
Nicola Murino
23d9ebfc91
add a basic front-end web interface for end-users
...
Fixes #339 #321 #398
2021-05-06 21:35:43 +02:00
Nicola Murino
fdf3f23df5
allow to disable some hooks on a per-user basis
...
This way you can, for example, mix external and internal users
2021-04-04 22:32:25 +02:00
Nicola Murino
9ad750da54
WebDAV: try to preserve the lock fs as much as possible
2021-03-27 19:10:27 +01:00
Nicola Murino
5f49af1780
external auth: allow to inspect and preserve an existing user
2021-03-26 15:19:01 +01:00
Nicola Murino
3243181c5f
Add a link to the OpenAPI schema where relevant
...
Fixes #329
2021-03-01 22:22:05 +01:00
Nicola Murino
a6e36e7cad
FTP: improve TLS certificate authentication
...
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
2021-02-28 12:10:40 +01:00
Ilias Trichopoulos
c65dd86d5e
Fix typos ( #181 )
2020-10-05 11:29:18 +02:00
Nicola Murino
3925c7ff95
REST API/Web admin: add a parameter to disconnect a user after an update
...
This way you can force the user to login again and so to use the updated
configuration.
A deleted user will be automatically disconnected.
Fixes #163
Improved some docs too.
2020-09-01 16:10:26 +02:00
Nicola Murino
8b0a1817b3
add check password hook
...
its main use case is to allow to easily support things like password+OTP for
protocols without keyboard interactive support such as FTP and WebDAV
2020-08-19 19:36:12 +02:00
Nicola Murino
fe857dcb1b
CI: use go 1.15 by default now that it is released
2020-08-12 16:42:38 +02:00
Nicola Murino
aa0ed5dbd0
add post-login hook
...
a login scope is supported too so you can get notifications for failed logins,
successful logins or both
2020-08-12 16:15:12 +02:00
Nicola Murino
91dcc349de
Add client IP address to external auth, pre-login and keyboard interactive hooks
2020-08-04 18:03:28 +02:00
Nicola Murino
c491133aff
docs: fix markdown lint warnings
2020-06-15 23:46:11 +02:00
Nicola Murino
d377181b25
add a new configuration section for HTTP clients
...
HTTP clients are used for executing hooks such as the ones used for custom
actions, external authentication and pre-login user modifications.
This allows, for example, to use self-signed certificate without defeating the
purpose of using TLS
2020-04-26 23:29:09 +02:00
Nicola Murino
ebd6a11f3a
external auth: add example HTTP server to use as authentication hook
...
The server authenticate against an LDAP server.
2020-04-26 14:48:32 +02:00
Nicola Murino
b0ed190591
add an example auth program that allow to authenticate against LDAP
...
External authentication is the way to go to authenticate against LDAP,
at least for now.
Closes #99
2020-04-11 22:30:41 +02:00
Nicola Murino
9046acbe68
add HTTP hooks
...
external auth, pre-login user modification and keyboard interactive
authentication is now supported via HTTP requests too
2020-04-01 23:25:23 +02:00
Nicola Murino
0a9c4914aa
pre-login program: allow to create a new user too
...
clarify the difference between dynamic user creation/update and external
authentication
2020-03-27 23:26:22 +01:00
Jo Vandeginste
df02496145
Refactor docs
2020-03-04 23:10:58 +01:00