Nicola Murino
7aac64531f
WebAdmin: check CSRF header when deleting blocked hosts
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-09 18:44:31 +01:00
Nicola Murino
88b1850b58
EventManager: allow to define the allowed system commands
...
CI / Test and deploy (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-01 11:37:33 +01:00
Nicola Murino
ae1487d733
fix connection limits
...
an SFTP client can start multiple transfers on a single connection
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-26 21:18:19 +02:00
Nicola Murino
8d697bcc94
WebClient: enforce 2fa and password requirements also with OIDC
...
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
password and 2fa can be used with other protocols
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-21 20:40:44 +02:00
Nicola Murino
d8691d1e1a
update translations
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-13 17:00:17 +02:00
Nicola Murino
5cb1b9c1e9
Web: add CheckRedirect to pages using baselogin.html
...
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-12 12:54:21 +02:00
Nicola Murino
eba4c93efd
user: add additional emails
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-11 19:20:51 +02:00
Nicola Murino
4103344989
EventManager: add datetime placeholder
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-08 18:39:00 +02:00
Nicola Murino
424999dacd
kms: add support for Oracle Key Vault
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-02 18:14:05 +02:00
Nicola Murino
27e98b85ce
WebAdmin: hide certs if they cannot be used
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-27 15:53:12 +02:00
Nicola Murino
126cb1ee0d
remove some useless hooks
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-27 15:52:51 +02:00
Nicola Murino
eeef23139d
EventManager: filter action execution based on event status
...
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.7, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.7, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.7, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.7, ppc64le) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-23 19:55:03 +02:00
Nicola Murino
433d45ed87
WebUI: add a token validation mode that allows checking the signature
...
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.7, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.7, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.7, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.7, ppc64le) (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-21 14:06:25 +02:00
Nicola Murino
5162c5de87
WebUIs: add a nil check for token in refresh cookie method
...
token should never be null here because we have an authenticated user
however add the same check as elsewhere
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-16 20:11:02 +02:00
Nicola Murino
6896d2bfb1
httpd: validate reference also for CSRF token in headers
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-14 21:45:25 +02:00
Nicola Murino
14cabda5c2
update shortuid to v4
...
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.6, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.6, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.6, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.6, ppc64le) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-08 18:01:14 +02:00
Nicola Murino
b9b370fbb8
add some pre-validation hooks
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-17 09:11:42 +02:00
Nicola Murino
2fbf608895
S3: add SSE customer key
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-15 10:09:06 +02:00
Nicola Murino
fa710b36c2
httpd: allow to configure cache control header
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-12 21:19:44 +02:00
Nicola Murino
68e62d3d9b
httpd: allow to use proxy protocol
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-10 21:02:38 +02:00
Nicola Murino
954c36c0a2
add fs providers hook
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-10 15:57:05 +02:00
Nicola Murino
81433e00d1
event action: add update modtime to fs rename
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-09 20:18:33 +02:00
Nicola Murino
d94f80c8da
replace utils.Contains with slices.Contains
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-24 18:27:13 +02:00
Nicola Murino
b5c821795a
allow to customize name and log from the WebUI
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-24 09:14:27 +02:00
Nicola Murino
b2926377b7
WebUI: switch favicon from ico to png
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-20 16:11:21 +02:00
Nicola Murino
fef388d8cb
don't track quota for private virtual folders
...
they are included within the user quota.
This is a backward incompatible change.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-13 21:02:40 +02:00
Nicola Murino
92849ca473
quota: move user and folder management to a common method
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-13 19:30:40 +02:00
Nicola Murino
58de410850
nt: fix unused write warnings
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-03 20:42:51 +02:00
Nicola Murino
54bc3ea87d
restore: fix quota scan for users with folders associated via groups
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-03 20:35:12 +02:00
Nicola Murino
64a2f7aa4f
oidc refresh token: validate nonce only if set
...
As clarified in OpenID core spec errata 2, section 12.2
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-07-01 19:06:11 +02:00
Nicola Murino
363770ab84
WebClient shares: add a logout button
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-18 19:10:32 +02:00
Nicola Murino
d650defa08
remove duplicated jwt tokens validation
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-15 16:19:37 +02:00
Nicola Murino
bd5b32101f
csrf: reuse the cookie in reset password
...
no need to generate a new cookie each time.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-15 15:18:17 +02:00
Nicola Murino
01b666a78f
WebUIs: check login conditions before allowing password reset
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-14 19:34:42 +02:00
Nicola Murino
8294952474
WebUIs: refactor CSRF
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-14 18:09:32 +02:00
Nicola Murino
7fb5b1b996
reduce share token duration
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-08 12:13:38 +02:00
Nicola Murino
08526da153
REST API: fix token invalidation after password change
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-06-07 18:19:05 +02:00
Nicola Murino
6c94173ca1
WebUI branding: remove unused login_image_path from config
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-27 18:43:44 +02:00
Nicola Murino
50a3c0d911
defender: allow to impose a delay between login attempts
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-18 10:35:54 +02:00
Nicola Murino
eb0c6549c4
micro optimization
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-12 18:10:03 +02:00
Nicola Murino
5d24d665bd
add an util method to convert []byte to string
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-08 19:01:58 +02:00
Nicola Murino
ea898ed104
silence lint warning
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-04 09:52:27 +02:00
Nicola Murino
a1af33c6aa
WebClient: allow to set TLS certificates
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-03 18:30:03 +02:00
Nicola Murino
d3f42e39db
move server version setting to common section
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-05-01 19:42:09 +02:00
Nicola Murino
0a8a0ee771
revert #450
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-27 10:50:25 +02:00
Nicola Murino
2bcf05ca45
refactor for secrets management in API and private key handling in SFTPFs
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-26 16:17:24 +02:00
Nicola Murino
e1fdc10ef8
remove robots.txt endpoint
...
This reverts #833 because the contributor did not respond to our
request to sign the CLA
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-26 11:00:55 +02:00
Nicola Murino
456517af87
notifier plugin: add support for login succeeded events
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-10 18:39:08 +02:00
Nicola Murino
1196727448
dataretention: remove ignore_user_permissions
...
Required permissions are now automatically granted as for any other
filesystem action
Fixes #1564
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-01 15:07:03 +02:00
Nicola Murino
aaae191710
WebAPI: ensure to check rootfs before creating directories
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-04-01 12:40:35 +02:00