From 056daaddfcba0486df4f9f5f730b113cc9daba05 Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Thu, 3 Mar 2022 19:31:54 +0100
Subject: [PATCH] always execute fs checks for users not logged in after an
 update

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
---
 common/protocol_test.go      | 38 ++++++++++++++++++++++++++++++++++++
 dataprovider/dataprovider.go |  2 +-
 dataprovider/user.go         |  6 ++++--
 go.mod                       |  2 +-
 go.sum                       |  4 ++--
 sftpd/sftpd_test.go          |  4 +---
 6 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/common/protocol_test.go b/common/protocol_test.go
index 6478fc67..378a2f53 100644
--- a/common/protocol_test.go
+++ b/common/protocol_test.go
@@ -271,6 +271,44 @@ func TestBaseConnection(t *testing.T) {
 	assert.NoError(t, err)
 }
 
+func TestCheckFsAfterUpdate(t *testing.T) {
+	u := getTestUser()
+	user, _, err := httpdtest.AddUser(u, http.StatusCreated)
+	assert.NoError(t, err)
+	conn, client, err := getSftpClient(user)
+	if assert.NoError(t, err) {
+		defer conn.Close()
+		defer client.Close()
+		err = checkBasicSFTP(client)
+		assert.NoError(t, err)
+	}
+	// remove the home dir, it will not be re-created
+	err = os.RemoveAll(user.GetHomeDir())
+	assert.NoError(t, err)
+	conn, client, err = getSftpClient(user)
+	if assert.NoError(t, err) {
+		defer conn.Close()
+		defer client.Close()
+		err = checkBasicSFTP(client)
+		assert.Error(t, err)
+	}
+	// update the user and login again, this time the home dir will be created
+	_, _, err = httpdtest.UpdateUser(user, http.StatusOK, "")
+	assert.NoError(t, err)
+	conn, client, err = getSftpClient(user)
+	if assert.NoError(t, err) {
+		defer conn.Close()
+		defer client.Close()
+		err = checkBasicSFTP(client)
+		assert.NoError(t, err)
+	}
+
+	_, err = httpdtest.RemoveUser(user, http.StatusOK)
+	assert.NoError(t, err)
+	err = os.RemoveAll(user.GetHomeDir())
+	assert.NoError(t, err)
+}
+
 func TestSetStat(t *testing.T) {
 	u := getTestUser()
 	user, _, err := httpdtest.AddUser(u, http.StatusCreated)
diff --git a/dataprovider/dataprovider.go b/dataprovider/dataprovider.go
index 253be000..c252d1b7 100644
--- a/dataprovider/dataprovider.go
+++ b/dataprovider/dataprovider.go
@@ -1131,7 +1131,7 @@ func UpdateLastLogin(user *User) {
 	if user.Filters.ExternalAuthCacheTime > 0 {
 		delay = time.Duration(user.Filters.ExternalAuthCacheTime) * time.Second
 	}
-	if !isLastActivityRecent(user.LastLogin, delay) {
+	if user.LastLogin <= user.UpdatedAt || !isLastActivityRecent(user.LastLogin, delay) {
 		err := provider.updateLastLogin(user.Username)
 		if err == nil {
 			webDAVUsersCache.updateLastLogin(user.Username)
diff --git a/dataprovider/user.go b/dataprovider/user.go
index 1499f52b..0fc6ea41 100644
--- a/dataprovider/user.go
+++ b/dataprovider/user.go
@@ -211,7 +211,9 @@ func (u *User) CheckFsRoot(connectionID string) error {
 		}
 	}
 	if isLastActivityRecent(u.LastLogin, delay) {
-		return nil
+		if u.LastLogin > u.UpdatedAt {
+			return nil
+		}
 	}
 	fs, err := u.GetFilesystemForPath("/", connectionID)
 	if err != nil {
@@ -258,7 +260,7 @@ func (u *User) GetCleanedPath(rawVirtualPath string) string {
 	return util.CleanPath(rawVirtualPath)
 }
 
-// isFsEqual returns true if the fs has the same configuration
+// isFsEqual returns true if the filesystem configurations are the same
 func (u *User) isFsEqual(other *User) bool {
 	if u.FsConfig.Provider == sdk.LocalFilesystemProvider && u.GetHomeDir() != other.GetHomeDir() {
 		return false
diff --git a/go.mod b/go.mod
index fa7b0630..0eb46321 100644
--- a/go.mod
+++ b/go.mod
@@ -130,7 +130,7 @@ require (
 	golang.org/x/tools v0.1.9 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220302033224-9aa15565e42a // indirect
+	google.golang.org/genproto v0.0.0-20220303160752-862486edd9cc // indirect
 	google.golang.org/grpc v1.44.0 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/ini.v1 v1.66.4 // indirect
diff --git a/go.sum b/go.sum
index 629b1a6d..0dc6e818 100644
--- a/go.sum
+++ b/go.sum
@@ -1190,8 +1190,8 @@ google.golang.org/genproto v0.0.0-20220211171837-173942840c17/go.mod h1:kGP+zUP2
 google.golang.org/genproto v0.0.0-20220216160803-4663080d8bc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
 google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
 google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220302033224-9aa15565e42a h1:uqouglH745GoGeZ1YFZbPBiu961tgi/9Qm5jaorajjQ=
-google.golang.org/genproto v0.0.0-20220302033224-9aa15565e42a/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220303160752-862486edd9cc h1:fb/ViRpv3ln/LvbqZtTpoOd1YQDNH12gaGZreoSFovE=
+google.golang.org/genproto v0.0.0-20220303160752-862486edd9cc/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
diff --git a/sftpd/sftpd_test.go b/sftpd/sftpd_test.go
index df0c28de..10f662af 100644
--- a/sftpd/sftpd_test.go
+++ b/sftpd/sftpd_test.go
@@ -1477,11 +1477,9 @@ func TestSFTPFsLoginWrongFingerprint(t *testing.T) {
 	_, _, err = httpdtest.UpdateUser(sftpUser, http.StatusOK, "")
 	assert.NoError(t, err)
 	conn, client, err = getSftpClient(sftpUser, usePubKey)
-	if assert.NoError(t, err) {
+	if !assert.Error(t, err) {
 		defer conn.Close()
 		defer client.Close()
-		err = checkBasicSFTP(client)
-		assert.Error(t, err)
 	}
 
 	_, err = httpdtest.RemoveUser(sftpUser, http.StatusOK)