Commit graph

345 commits

Author SHA1 Message Date
Nicola Murino
a2e73228d2
initprovider: don't execute actions
we are not running as service here

Fixes #932

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-23 19:38:15 +02:00
Nicola Murino
1470018054
web UI: allow to enable OIDC login and/or login forms
any combination is now supported

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-22 20:55:33 +02:00
Nicola Murino
e6bfbcd489
OIDC: allow to debug the received id_token
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-22 11:11:35 +02:00
Nicola Murino
d5946da1e2
OIDC: allow to enable only OIDC login for Web UIs
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-19 22:25:00 +02:00
Nicola Murino
55b47cf741
sftp realpath: resolve symlinks
Fixes #890

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-17 16:02:45 +02:00
Nicola Murino
e0ce2e2e8a
allow to customize the log level
The old log-verbose flag is not appropriate anymore.
You should now use the log-level flag to set your preferred log level.
The default level is "debug" as before, you can also set "info", "warn",
"error"

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-13 10:40:24 +02:00
Nicola Murino
20e8cb898a
always check root dir in multi node setups
Fixes #920

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-12 08:32:31 +02:00
Nicola Murino
b5894b257f
try to better highlight donations and sponsorships options ...
... and to better explain why they are required.

Please don't say "someone else will help the project, I'll just use it"

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-11 16:14:44 +02:00
Nicola Murino
1b8f94c08f
add event manager
auto backup removed from setting. You can now schedule backups with
the event manager

Fixes #762

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-07-11 08:17:36 +02:00
Nicola Murino
9a6b1a1315
Fix issues found in PR #887
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-25 10:42:17 +02:00
Andre Mainka
90009a649d
Allow OAuth Scope to be configured (#887)
Signed-off-by: BobSilent <andre_1@gmx.net>
2022-06-25 10:40:39 +02:00
Nicola Murino
729f30aebf
allow to refuse an upload from a sync upload hook
Fixes #880

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-16 18:42:17 +02:00
Nicola Murino
6f4475ff72
httpfs: add support for UNIX domain sockets
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-12 18:29:49 +02:00
Nicola Murino
0b9a96ec6b
restore fast path for recursive permissions check and update some docs
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-12 12:04:48 +02:00
Nicola Murino
7ab30099dd
add httpfs
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-11 10:41:34 +02:00
Nicola Murino
118744a860
parse IP proxy header also if listening on UNIX domain socket
Fixes #867

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-09 08:37:37 +02:00
Nicola Murino
75efaa9741
APT and YUM repo are now available
This is possible thanks to the Oregon State University's free
mirroring service

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-09 07:30:09 +02:00
Nicola Murino
b774289c6d
change default value for naming_rules to 1
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-03 16:09:02 +02:00
Nicola Murino
ecf715880f
update docs
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-03 14:36:38 +02:00
Nicola Murino
b2e28fe3a2
groups: apply placeholders to the fs config of virtual folders
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-06-02 09:45:01 +02:00
Nicola Murino
f6b11c2d01
httpd/webdav: allow to configure trusted proxy header and depth
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-28 19:47:23 +02:00
Nicola Murino
32da923dfe
httpd: add a setting to customize tokens validation
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-28 13:28:50 +02:00
Nicola Murino
91dfa501f8
improve some docs
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-27 10:09:53 +02:00
Nicola Murino
7c724e18fe
add support for ACME compliant certificate authorities
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-27 07:39:55 +02:00
Nicola Murino
90c21458b8
OIDC: add support for implicit roles
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-22 14:38:25 +02:00
Nicola Murino
1a33b5bb53
allow different TLS certificates for each binding
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-21 16:34:47 +02:00
Nicola Murino
0ecaa862bd
web UIs: allow to replace the default CSS
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-21 11:05:58 +02:00
Nicola Murino
751946f47a
allow to customize timeout and env vars for program based hooks
Fixes #847

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-20 19:30:54 +02:00
Nicola Murino
796ea1dde9
allow to store temporary sessions within the data provider
so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-19 19:49:51 +02:00
Nicola Murino
9abd186166
external auth http hook: properly serialize the user in the POST body
For historical reasons we send the json serialized user as a string field.
I Initially copied the code used in the script hook where it is appropriate
to convert the JSON user to string.

After some time I have noticed this error, I know that changing it now might
break existing external authentication hooks but we cannot continue with
this mistake, new users are surprised by this behavior, sorry

Fixes #836

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-15 18:26:07 +02:00
Nicola Murino
c9bd08cf9c
UI branding: use the short name on the login pages
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-15 07:30:36 +02:00
Nicola Murino
5d7f6960f3
web UIs: add branding support
Fixes #829

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-13 19:40:52 +02:00
Nicola Murino
4995cf1b02
defender: allow to load blocklist/safelist also from config/env vars
Fixes #831

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-13 14:46:07 +02:00
Dylan Legendre
4b099640de
Updating typos in openapi/swagger documentation as well as various markdown documentation files (#816)
Signed-off-by: Dylan Legendre <dylanlegendre09@gmail.com>
2022-05-05 18:26:22 +02:00
Nicola Murino
80da2dc722
try to automatically find shared data dirs in system-wide paths
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-05-05 11:27:19 +02:00
Nicola Murino
14fb6c4038
always check recently updated users
also fix the query to get users for quota check for sql based providers

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-30 11:59:36 +02:00
Nicola Murino
ecd488a840
data provider: remove prefer_database_credentials
Google Cloud Storage credentials are now always stored within the data
provider.

Added a migration to read credentials from disk and store them inside the
data provider.

After v2.3 we can also remove credentials_path

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-28 12:55:01 +02:00
Nicola Murino
4a44a7dfe1
improved readlink handling
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-27 18:38:46 +02:00
Nicola Murino
504cd3efda
add groups support
Using groups simplifies the administration of multiple accounts by
letting you assign settings once to a group, instead of multiple
times to each individual user.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-25 15:49:11 +02:00
zemsten
857b6cc10a
Update full-configuration.md (#799)
NGINX spelling

Signed-off-by: Samuel Zarn <samz@localhost.localdomain>
2022-04-22 09:22:36 +02:00
Nicola Murino
cacfffc5bf
OIDC: add support for custom fields
These fields can be used in the pre-login hook to implement custom
logics

Fixes #787

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-12 19:31:25 +02:00
Nicola Murino
f9d8b83c2a
sshd: disable by default ssh-rsa host key algo
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-04 18:52:19 +02:00
Nicola Murino
254b2ae87f
add support for AWS container
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-03 08:52:36 +02:00
Nicola Murino
5a40f998ae
check and update the password hashing algorithm on user login
also add ldap md5 variant as per-user request

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-02 22:20:21 +02:00
Nicola Murino
77f3400161
allow to mount virtual folders on root (/) path
Fixes #783

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-02 18:32:46 +02:00
Nicola Murino
55f8171dd1
sshd: add support for host key certificates
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-04-01 08:03:56 +02:00
Nicola Murino
a7b159aebb
ssh user certs: add a revoked list
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-31 21:49:06 +02:00
Nicola Murino
8fb256ac91
add link to an external Traefik tutorial
update deps

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-29 18:13:43 +02:00
Nicola Murino
ca32cd5e0e
allow placeholders for add/update users and folders
remove session token for S3, a temporary token is useless for our usage

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-27 16:32:21 +02:00
Nicola Murino
5cccb872bb
add support to redirect HTTP to HTTPS
Fixes #777

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2022-03-26 10:00:02 +01:00