so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
For historical reasons we send the json serialized user as a string field.
I Initially copied the code used in the script hook where it is appropriate
to convert the JSON user to string.
After some time I have noticed this error, I know that changing it now might
break existing external authentication hooks but we cannot continue with
this mistake, new users are surprised by this behavior, sorry
Fixes#836
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
so migrations cannot be executed concurrently if you run them from multiple
SFTPGo instances at the same time.
CockroachDB doesn't support database-level locks
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Google Cloud Storage credentials are now always stored within the data
provider.
Added a migration to read credentials from disk and store them inside the
data provider.
After v2.3 we can also remove credentials_path
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
When an host is banned but the updated_time field is in the past the ui
didn't show the record.
Fixes#758
Signed-off-by: lucatiozzo91 <luca.tiozzo91@gmail.com>
Automatic backup are enabled by default, a new backup will be saved
each day at midnight.
The backups_path setting was moved from the httpd section to the
data_provider one, please adjust your configuration file and or your
env vars
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
The purpose of this code is to prevent anyone who can access to
the initial setup screen from creating an admin user
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
before this patch we allow a rename in the following cases:
- the user has rename permission on both source and target path
- the user has delete permission on source path and create/upload on
target path
we now check only the rename/rename_files/rename_dirs permissions.
This is what SFTPGo users expect.
This is a backward incompatible change and it will not backported to
the 2.2.x branch
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
The check could be expensive with some backends and is generally
only required the first time that a user logs in
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
if you share a single folder with read scope, you can now browse the share
and download single files
Fixes#674
See #677
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
naming rules allow to support case insensitive usernames, trim trailing
and leading white spaces, and accept any valid UTF-8 characters in
usernames.
If you were enabling `skip_natural_keys_validation` now you need to
set `naming_rules` to `1`
Fixes#687
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.
Limits can be reset using the REST API
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>