Commit graph

265 commits

Author SHA1 Message Date
Nicola Murino
3dd412f6e3
WebAdmin and REST API: remove too granular permissions
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-10 10:46:28 +01:00
Nicola Murino
ef98ee7d11
don't allow admins to change their own permissions
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-09 20:24:35 +01:00
Nicola Murino
7aac64531f
WebAdmin: check CSRF header when deleting blocked hosts
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-09 18:44:31 +01:00
Nicola Murino
88b1850b58
EventManager: allow to define the allowed system commands
Some checks failed
CI / Test and deploy (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-01 11:37:33 +01:00
Nicola Murino
ae1487d733
fix connection limits
an SFTP client can start multiple transfers on a single connection

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-26 21:18:19 +02:00
Nicola Murino
8d697bcc94
WebClient: enforce 2fa and password requirements also with OIDC
Some checks failed
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
password and 2fa can be used with other protocols

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-21 20:40:44 +02:00
Nicola Murino
d8691d1e1a
update translations
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-13 17:00:17 +02:00
Nicola Murino
5cb1b9c1e9
Web: add CheckRedirect to pages using baselogin.html
Some checks failed
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-12 12:54:21 +02:00
Nicola Murino
eba4c93efd
user: add additional emails
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-11 19:20:51 +02:00
Nicola Murino
4103344989
EventManager: add datetime placeholder
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-08 18:39:00 +02:00
Nicola Murino
424999dacd
kms: add support for Oracle Key Vault
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-02 18:14:05 +02:00
Nicola Murino
27e98b85ce
WebAdmin: hide certs if they cannot be used
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-27 15:53:12 +02:00
Nicola Murino
126cb1ee0d
remove some useless hooks
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-27 15:52:51 +02:00
Nicola Murino
eeef23139d
EventManager: filter action execution based on event status
Some checks failed
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.7, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.7, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.7, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.7, ppc64le) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-23 19:55:03 +02:00
Nicola Murino
433d45ed87
WebUI: add a token validation mode that allows checking the signature
Some checks failed
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.7, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.7, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.7, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.7, ppc64le) (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-21 14:06:25 +02:00
Nicola Murino
5162c5de87
WebUIs: add a nil check for token in refresh cookie method
token should never be null here because we have an authenticated user
however add the same check as elsewhere

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-16 20:11:02 +02:00
Nicola Murino
6896d2bfb1
httpd: validate reference also for CSRF token in headers
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-14 21:45:25 +02:00
Nicola Murino
14cabda5c2
update shortuid to v4
Some checks failed
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.6, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.6, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.6, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.6, ppc64le) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-08 18:01:14 +02:00
Nicola Murino
b9b370fbb8
add some pre-validation hooks
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-17 09:11:42 +02:00
Nicola Murino
2fbf608895
S3: add SSE customer key
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-15 10:09:06 +02:00
Nicola Murino
fa710b36c2
httpd: allow to configure cache control header
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-12 21:19:44 +02:00
Nicola Murino
68e62d3d9b
httpd: allow to use proxy protocol
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-10 21:02:38 +02:00
Nicola Murino
954c36c0a2
add fs providers hook
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-10 15:57:05 +02:00
Nicola Murino
81433e00d1
event action: add update modtime to fs rename
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-09 20:18:33 +02:00
Nicola Murino
d94f80c8da
replace utils.Contains with slices.Contains
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-24 18:27:13 +02:00
Nicola Murino
b5c821795a
allow to customize name and log from the WebUI
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-24 09:14:27 +02:00
Nicola Murino
b2926377b7
WebUI: switch favicon from ico to png
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-20 16:11:21 +02:00
Nicola Murino
fef388d8cb
don't track quota for private virtual folders
they are included within the user quota.
This is a backward incompatible change.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-13 21:02:40 +02:00
Nicola Murino
92849ca473
quota: move user and folder management to a common method
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-13 19:30:40 +02:00
Nicola Murino
58de410850
nt: fix unused write warnings
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-03 20:42:51 +02:00
Nicola Murino
54bc3ea87d
restore: fix quota scan for users with folders associated via groups
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-03 20:35:12 +02:00
Nicola Murino
64a2f7aa4f
oidc refresh token: validate nonce only if set
As clarified in OpenID core spec errata 2, section 12.2

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-01 19:06:11 +02:00
Nicola Murino
363770ab84
WebClient shares: add a logout button
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-18 19:10:32 +02:00
Nicola Murino
d650defa08
remove duplicated jwt tokens validation
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-15 16:19:37 +02:00
Nicola Murino
bd5b32101f
csrf: reuse the cookie in reset password
no need to generate a new cookie each time.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-15 15:18:17 +02:00
Nicola Murino
01b666a78f
WebUIs: check login conditions before allowing password reset
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-14 19:34:42 +02:00
Nicola Murino
8294952474
WebUIs: refactor CSRF
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-14 18:09:32 +02:00
Nicola Murino
7fb5b1b996
reduce share token duration
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-08 12:13:38 +02:00
Nicola Murino
08526da153
REST API: fix token invalidation after password change
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-07 18:19:05 +02:00
Nicola Murino
6c94173ca1
WebUI branding: remove unused login_image_path from config
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-27 18:43:44 +02:00
Nicola Murino
50a3c0d911
defender: allow to impose a delay between login attempts
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-18 10:35:54 +02:00
Nicola Murino
eb0c6549c4
micro optimization
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-12 18:10:03 +02:00
Nicola Murino
5d24d665bd
add an util method to convert []byte to string
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-08 19:01:58 +02:00
Nicola Murino
ea898ed104
silence lint warning
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-04 09:52:27 +02:00
Nicola Murino
a1af33c6aa
WebClient: allow to set TLS certificates
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-03 18:30:03 +02:00
Nicola Murino
d3f42e39db
move server version setting to common section
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-01 19:42:09 +02:00
Nicola Murino
0a8a0ee771
revert #450
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-27 10:50:25 +02:00
Nicola Murino
2bcf05ca45
refactor for secrets management in API and private key handling in SFTPFs
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-26 16:17:24 +02:00
Nicola Murino
e1fdc10ef8
remove robots.txt endpoint
This reverts #833 because the contributor did not respond to our
request to sign the CLA

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-26 11:00:55 +02:00
Nicola Murino
456517af87
notifier plugin: add support for login succeeded events
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-10 18:39:08 +02:00