so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
if the virtual quota limit is greater than the filesystem available space,
we need to return the filesystem limits
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
before this patch we allow a rename in the following cases:
- the user has rename permission on both source and target path
- the user has delete permission on source path and create/upload on
target path
we now check only the rename/rename_files/rename_dirs permissions.
This is what SFTPGo users expect.
This is a backward incompatible change and it will not backported to
the 2.2.x branch
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
The check could be expensive with some backends and is generally
only required the first time that a user logs in
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.
Limits can be reset using the REST API
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
Disallowed files/dirs can be completly hidden. This may cause performance
issues for large directories
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
SFTPGo is now fully auditable, all fs and provider events that change
something are notified and can be collected using hooks/plugins.
There are some backward incompatible changes for command hooks
The builtin two-factor authentication is based on time-based one time
passwords (RFC 6238) which works with Authy, Google Authenticator and
other compatible apps.
you need to load initial data or set "create_default_admin" to true
and the appropriate env vars if you don't want to use the web admin
setup screen to create the default admin
These new APIs match the web client features.
I'm aware that some API do not follow REST best practises.
I want to avoid things likes "/user/folders/<path>"
where "path" must be encoded and making it optional create issues, so
I defined resources as query parameters instead of path parameters
If you prefer to auto-create the first admin you can enable the
"create_default_admin" configuration key and SFTPGo will work as before.
You can also create the first admin by loading initial data: now you can
set both username and password, before you could only change the password
The actions to run synchronously can be configured via the `execute_sync`
configuration key.
Executing an action synchronously means that SFTPGo will not return a result
code to the client until your hook have completed its execution.
Fixes#409
argon2id has a high memory cost and, if not properly tuned, it can lead to
resource starvation.
Advanced users can still configure and use argon2id.
Passwords stored as argon2id will continue to work
