WebUI: remove leading and trailing spaces from user-submitted input
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
parent
9470cd6e69
commit
3499edd5c2
3 changed files with 93 additions and 79 deletions
|
@ -194,8 +194,7 @@ func (s *httpdServer) handleWebClientLogout(w http.ResponseWriter, r *http.Reque
|
||||||
|
|
||||||
func (s *httpdServer) handleWebClientChangePwdPost(w http.ResponseWriter, r *http.Request) {
|
func (s *httpdServer) handleWebClientChangePwdPost(w http.ResponseWriter, r *http.Request) {
|
||||||
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
|
||||||
err := r.ParseForm()
|
if err := r.ParseForm(); err != nil {
|
||||||
if err != nil {
|
|
||||||
s.renderClientChangePasswordPage(w, r, err.Error())
|
s.renderClientChangePasswordPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -203,8 +202,8 @@ func (s *httpdServer) handleWebClientChangePwdPost(w http.ResponseWriter, r *htt
|
||||||
s.renderClientForbiddenPage(w, r, err.Error())
|
s.renderClientForbiddenPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err = doChangeUserPassword(r, r.Form.Get("current_password"), r.Form.Get("new_password1"),
|
err := doChangeUserPassword(r, strings.TrimSpace(r.Form.Get("current_password")),
|
||||||
r.Form.Get("new_password2"))
|
strings.TrimSpace(r.Form.Get("new_password1")), strings.TrimSpace(r.Form.Get("new_password2")))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.renderClientChangePasswordPage(w, r, err.Error())
|
s.renderClientChangePasswordPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
|
@ -230,8 +229,8 @@ func (s *httpdServer) handleWebClientLoginPost(w http.ResponseWriter, r *http.Re
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
protocol := common.ProtocolHTTP
|
protocol := common.ProtocolHTTP
|
||||||
username := r.Form.Get("username")
|
username := strings.TrimSpace(r.Form.Get("username"))
|
||||||
password := r.Form.Get("password")
|
password := strings.TrimSpace(r.Form.Get("password"))
|
||||||
if username == "" || password == "" {
|
if username == "" || password == "" {
|
||||||
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
|
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
|
||||||
dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials)
|
dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials)
|
||||||
|
@ -289,7 +288,8 @@ func (s *httpdServer) handleWebClientPasswordResetPost(w http.ResponseWriter, r
|
||||||
s.renderClientForbiddenPage(w, r, err.Error())
|
s.renderClientForbiddenPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
_, user, err := handleResetPassword(r, r.Form.Get("code"), r.Form.Get("password"), false)
|
_, user, err := handleResetPassword(r, strings.TrimSpace(r.Form.Get("code")),
|
||||||
|
strings.TrimSpace(r.Form.Get("password")), false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.renderClientResetPwdPage(w, err.Error(), ipAddr)
|
s.renderClientResetPwdPage(w, err.Error(), ipAddr)
|
||||||
return
|
return
|
||||||
|
@ -323,7 +323,7 @@ func (s *httpdServer) handleWebClientTwoFactorRecoveryPost(w http.ResponseWriter
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
username := claims.Username
|
username := claims.Username
|
||||||
recoveryCode := r.Form.Get("recovery_code")
|
recoveryCode := strings.TrimSpace(r.Form.Get("recovery_code"))
|
||||||
if username == "" || recoveryCode == "" {
|
if username == "" || recoveryCode == "" {
|
||||||
s.renderClientTwoFactorRecoveryPage(w, "Invalid credentials", ipAddr)
|
s.renderClientTwoFactorRecoveryPage(w, "Invalid credentials", ipAddr)
|
||||||
return
|
return
|
||||||
|
@ -384,7 +384,7 @@ func (s *httpdServer) handleWebClientTwoFactorPost(w http.ResponseWriter, r *htt
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
username := claims.Username
|
username := claims.Username
|
||||||
passcode := r.Form.Get("passcode")
|
passcode := strings.TrimSpace(r.Form.Get("passcode"))
|
||||||
if username == "" || passcode == "" {
|
if username == "" || passcode == "" {
|
||||||
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
|
updateLoginMetrics(&dataprovider.User{BaseUser: sdk.BaseUser{Username: username}},
|
||||||
dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials)
|
dataprovider.LoginMethodPassword, ipAddr, common.ErrNoCredentials)
|
||||||
|
@ -440,7 +440,7 @@ func (s *httpdServer) handleWebAdminTwoFactorRecoveryPost(w http.ResponseWriter,
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
username := claims.Username
|
username := claims.Username
|
||||||
recoveryCode := r.Form.Get("recovery_code")
|
recoveryCode := strings.TrimSpace(r.Form.Get("recovery_code"))
|
||||||
if username == "" || recoveryCode == "" {
|
if username == "" || recoveryCode == "" {
|
||||||
s.renderTwoFactorRecoveryPage(w, "Invalid credentials", ipAddr)
|
s.renderTwoFactorRecoveryPage(w, "Invalid credentials", ipAddr)
|
||||||
return
|
return
|
||||||
|
@ -499,7 +499,7 @@ func (s *httpdServer) handleWebAdminTwoFactorPost(w http.ResponseWriter, r *http
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
username := claims.Username
|
username := claims.Username
|
||||||
passcode := r.Form.Get("passcode")
|
passcode := strings.TrimSpace(r.Form.Get("passcode"))
|
||||||
if username == "" || passcode == "" {
|
if username == "" || passcode == "" {
|
||||||
s.renderTwoFactorPage(w, "Invalid credentials", ipAddr)
|
s.renderTwoFactorPage(w, "Invalid credentials", ipAddr)
|
||||||
return
|
return
|
||||||
|
@ -544,8 +544,8 @@ func (s *httpdServer) handleWebAdminLoginPost(w http.ResponseWriter, r *http.Req
|
||||||
s.renderAdminLoginPage(w, err.Error(), ipAddr)
|
s.renderAdminLoginPage(w, err.Error(), ipAddr)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
username := r.Form.Get("username")
|
username := strings.TrimSpace(r.Form.Get("username"))
|
||||||
password := r.Form.Get("password")
|
password := strings.TrimSpace(r.Form.Get("password"))
|
||||||
if username == "" || password == "" {
|
if username == "" || password == "" {
|
||||||
s.renderAdminLoginPage(w, "Invalid credentials", ipAddr)
|
s.renderAdminLoginPage(w, "Invalid credentials", ipAddr)
|
||||||
return
|
return
|
||||||
|
@ -615,8 +615,8 @@ func (s *httpdServer) handleWebAdminChangePwdPost(w http.ResponseWriter, r *http
|
||||||
s.renderForbiddenPage(w, r, err.Error())
|
s.renderForbiddenPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err = doChangeAdminPassword(r, r.Form.Get("current_password"), r.Form.Get("new_password1"),
|
err = doChangeAdminPassword(r, strings.TrimSpace(r.Form.Get("current_password")),
|
||||||
r.Form.Get("new_password2"))
|
strings.TrimSpace(r.Form.Get("new_password1")), strings.TrimSpace(r.Form.Get("new_password2")))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.renderChangePasswordPage(w, r, err.Error())
|
s.renderChangePasswordPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
|
@ -637,7 +637,8 @@ func (s *httpdServer) handleWebAdminPasswordResetPost(w http.ResponseWriter, r *
|
||||||
s.renderForbiddenPage(w, r, err.Error())
|
s.renderForbiddenPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
admin, _, err := handleResetPassword(r, r.Form.Get("code"), r.Form.Get("password"), true)
|
admin, _, err := handleResetPassword(r, strings.TrimSpace(r.Form.Get("code")),
|
||||||
|
strings.TrimSpace(r.Form.Get("password")), true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if e, ok := err.(*util.ValidationError); ok {
|
if e, ok := err.(*util.ValidationError); ok {
|
||||||
s.renderResetPwdPage(w, e.GetErrorString(), ipAddr)
|
s.renderResetPwdPage(w, e.GetErrorString(), ipAddr)
|
||||||
|
@ -666,10 +667,10 @@ func (s *httpdServer) handleWebAdminSetupPost(w http.ResponseWriter, r *http.Req
|
||||||
s.renderForbiddenPage(w, r, err.Error())
|
s.renderForbiddenPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
username := r.Form.Get("username")
|
username := strings.TrimSpace(r.Form.Get("username"))
|
||||||
password := r.Form.Get("password")
|
password := strings.TrimSpace(r.Form.Get("password"))
|
||||||
confirmPassword := r.Form.Get("confirm_password")
|
confirmPassword := strings.TrimSpace(r.Form.Get("confirm_password"))
|
||||||
installCode := r.Form.Get("install_code")
|
installCode := strings.TrimSpace(r.Form.Get("install_code"))
|
||||||
if installationCode != "" && installCode != resolveInstallationCode() {
|
if installationCode != "" && installCode != resolveInstallationCode() {
|
||||||
s.renderAdminSetupPage(w, r, username, fmt.Sprintf("%v mismatch", installationCodeHint))
|
s.renderAdminSetupPage(w, r, username, fmt.Sprintf("%v mismatch", installationCodeHint))
|
||||||
return
|
return
|
||||||
|
|
|
@ -1504,7 +1504,7 @@ func getFilePatternsFromPostField(r *http.Request) []sdk.PatternsFilter {
|
||||||
func getGroupsFromUserPostFields(r *http.Request) []sdk.GroupMapping {
|
func getGroupsFromUserPostFields(r *http.Request) []sdk.GroupMapping {
|
||||||
var groups []sdk.GroupMapping
|
var groups []sdk.GroupMapping
|
||||||
|
|
||||||
primaryGroup := r.Form.Get("primary_group")
|
primaryGroup := strings.TrimSpace(r.Form.Get("primary_group"))
|
||||||
if primaryGroup != "" {
|
if primaryGroup != "" {
|
||||||
groups = append(groups, sdk.GroupMapping{
|
groups = append(groups, sdk.GroupMapping{
|
||||||
Name: primaryGroup,
|
Name: primaryGroup,
|
||||||
|
@ -1514,14 +1514,14 @@ func getGroupsFromUserPostFields(r *http.Request) []sdk.GroupMapping {
|
||||||
secondaryGroups := r.Form["secondary_groups"]
|
secondaryGroups := r.Form["secondary_groups"]
|
||||||
for _, name := range secondaryGroups {
|
for _, name := range secondaryGroups {
|
||||||
groups = append(groups, sdk.GroupMapping{
|
groups = append(groups, sdk.GroupMapping{
|
||||||
Name: name,
|
Name: strings.TrimSpace(name),
|
||||||
Type: sdk.GroupTypeSecondary,
|
Type: sdk.GroupTypeSecondary,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
membershipGroups := r.Form["membership_groups"]
|
membershipGroups := r.Form["membership_groups"]
|
||||||
for _, name := range membershipGroups {
|
for _, name := range membershipGroups {
|
||||||
groups = append(groups, sdk.GroupMapping{
|
groups = append(groups, sdk.GroupMapping{
|
||||||
Name: name,
|
Name: strings.TrimSpace(name),
|
||||||
Type: sdk.GroupTypeMembership,
|
Type: sdk.GroupTypeMembership,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -1565,7 +1565,7 @@ func getFiltersFromUserPostFields(r *http.Request) (sdk.BaseUserFilters, error)
|
||||||
filters.DeniedProtocols = r.Form["denied_protocols"]
|
filters.DeniedProtocols = r.Form["denied_protocols"]
|
||||||
filters.TwoFactorAuthProtocols = r.Form["required_two_factor_protocols"]
|
filters.TwoFactorAuthProtocols = r.Form["required_two_factor_protocols"]
|
||||||
filters.FilePatterns = getFilePatternsFromPostField(r)
|
filters.FilePatterns = getFilePatternsFromPostField(r)
|
||||||
filters.TLSUsername = sdk.TLSUsername(r.Form.Get("tls_username"))
|
filters.TLSUsername = sdk.TLSUsername(strings.TrimSpace(r.Form.Get("tls_username")))
|
||||||
filters.WebClient = r.Form["web_client_options"]
|
filters.WebClient = r.Form["web_client_options"]
|
||||||
filters.DefaultSharesExpiration = defaultSharesExpiration
|
filters.DefaultSharesExpiration = defaultSharesExpiration
|
||||||
filters.PasswordExpiration = passwordExpiration
|
filters.PasswordExpiration = passwordExpiration
|
||||||
|
@ -1583,7 +1583,7 @@ func getFiltersFromUserPostFields(r *http.Request) (sdk.BaseUserFilters, error)
|
||||||
filters.IsAnonymous = r.Form.Get("is_anonymous") != ""
|
filters.IsAnonymous = r.Form.Get("is_anonymous") != ""
|
||||||
filters.DisableFsChecks = r.Form.Get("disable_fs_checks") != ""
|
filters.DisableFsChecks = r.Form.Get("disable_fs_checks") != ""
|
||||||
filters.AllowAPIKeyAuth = r.Form.Get("allow_api_key_auth") != ""
|
filters.AllowAPIKeyAuth = r.Form.Get("allow_api_key_auth") != ""
|
||||||
filters.StartDirectory = r.Form.Get("start_directory")
|
filters.StartDirectory = strings.TrimSpace(r.Form.Get("start_directory"))
|
||||||
filters.MaxUploadFileSize = maxFileSize
|
filters.MaxUploadFileSize = maxFileSize
|
||||||
filters.ExternalAuthCacheTime, err = strconv.ParseInt(r.Form.Get("external_auth_cache_time"), 10, 64)
|
filters.ExternalAuthCacheTime, err = strconv.ParseInt(r.Form.Get("external_auth_cache_time"), 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1614,7 +1614,7 @@ func getS3Config(r *http.Request) (vfs.S3FsConfig, error) {
|
||||||
config.Endpoint = strings.TrimSpace(r.Form.Get("s3_endpoint"))
|
config.Endpoint = strings.TrimSpace(r.Form.Get("s3_endpoint"))
|
||||||
config.StorageClass = strings.TrimSpace(r.Form.Get("s3_storage_class"))
|
config.StorageClass = strings.TrimSpace(r.Form.Get("s3_storage_class"))
|
||||||
config.ACL = strings.TrimSpace(r.Form.Get("s3_acl"))
|
config.ACL = strings.TrimSpace(r.Form.Get("s3_acl"))
|
||||||
config.KeyPrefix = r.Form.Get("s3_key_prefix")
|
config.KeyPrefix = strings.TrimSpace(r.Form.Get("s3_key_prefix"))
|
||||||
config.UploadPartSize, err = strconv.ParseInt(r.Form.Get("s3_upload_part_size"), 10, 64)
|
config.UploadPartSize, err = strconv.ParseInt(r.Form.Get("s3_upload_part_size"), 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return config, fmt.Errorf("invalid s3 upload part size: %w", err)
|
return config, fmt.Errorf("invalid s3 upload part size: %w", err)
|
||||||
|
@ -1650,7 +1650,7 @@ func getGCSConfig(r *http.Request) (vfs.GCSFsConfig, error) {
|
||||||
config.Bucket = strings.TrimSpace(r.Form.Get("gcs_bucket"))
|
config.Bucket = strings.TrimSpace(r.Form.Get("gcs_bucket"))
|
||||||
config.StorageClass = strings.TrimSpace(r.Form.Get("gcs_storage_class"))
|
config.StorageClass = strings.TrimSpace(r.Form.Get("gcs_storage_class"))
|
||||||
config.ACL = strings.TrimSpace(r.Form.Get("gcs_acl"))
|
config.ACL = strings.TrimSpace(r.Form.Get("gcs_acl"))
|
||||||
config.KeyPrefix = r.Form.Get("gcs_key_prefix")
|
config.KeyPrefix = strings.TrimSpace(r.Form.Get("gcs_key_prefix"))
|
||||||
uploadPartSize, err := strconv.ParseInt(r.Form.Get("gcs_upload_part_size"), 10, 64)
|
uploadPartSize, err := strconv.ParseInt(r.Form.Get("gcs_upload_part_size"), 10, 64)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
config.UploadPartSize = uploadPartSize
|
config.UploadPartSize = uploadPartSize
|
||||||
|
@ -1689,13 +1689,13 @@ func getSFTPConfig(r *http.Request) (vfs.SFTPFsConfig, error) {
|
||||||
var err error
|
var err error
|
||||||
config := vfs.SFTPFsConfig{}
|
config := vfs.SFTPFsConfig{}
|
||||||
config.Endpoint = strings.TrimSpace(r.Form.Get("sftp_endpoint"))
|
config.Endpoint = strings.TrimSpace(r.Form.Get("sftp_endpoint"))
|
||||||
config.Username = r.Form.Get("sftp_username")
|
config.Username = strings.TrimSpace(r.Form.Get("sftp_username"))
|
||||||
config.Password = getSecretFromFormField(r, "sftp_password")
|
config.Password = getSecretFromFormField(r, "sftp_password")
|
||||||
config.PrivateKey = getSecretFromFormField(r, "sftp_private_key")
|
config.PrivateKey = getSecretFromFormField(r, "sftp_private_key")
|
||||||
config.KeyPassphrase = getSecretFromFormField(r, "sftp_key_passphrase")
|
config.KeyPassphrase = getSecretFromFormField(r, "sftp_key_passphrase")
|
||||||
fingerprintsFormValue := r.Form.Get("sftp_fingerprints")
|
fingerprintsFormValue := r.Form.Get("sftp_fingerprints")
|
||||||
config.Fingerprints = getSliceFromDelimitedValues(fingerprintsFormValue, "\n")
|
config.Fingerprints = getSliceFromDelimitedValues(fingerprintsFormValue, "\n")
|
||||||
config.Prefix = r.Form.Get("sftp_prefix")
|
config.Prefix = strings.TrimSpace(r.Form.Get("sftp_prefix"))
|
||||||
config.DisableCouncurrentReads = r.Form.Get("sftp_disable_concurrent_reads") != ""
|
config.DisableCouncurrentReads = r.Form.Get("sftp_disable_concurrent_reads") != ""
|
||||||
config.BufferSize, err = strconv.ParseInt(r.Form.Get("sftp_buffer_size"), 10, 64)
|
config.BufferSize, err = strconv.ParseInt(r.Form.Get("sftp_buffer_size"), 10, 64)
|
||||||
if r.Form.Get("sftp_equality_check_mode") != "" {
|
if r.Form.Get("sftp_equality_check_mode") != "" {
|
||||||
|
@ -1712,7 +1712,7 @@ func getSFTPConfig(r *http.Request) (vfs.SFTPFsConfig, error) {
|
||||||
func getHTTPFsConfig(r *http.Request) vfs.HTTPFsConfig {
|
func getHTTPFsConfig(r *http.Request) vfs.HTTPFsConfig {
|
||||||
config := vfs.HTTPFsConfig{}
|
config := vfs.HTTPFsConfig{}
|
||||||
config.Endpoint = strings.TrimSpace(r.Form.Get("http_endpoint"))
|
config.Endpoint = strings.TrimSpace(r.Form.Get("http_endpoint"))
|
||||||
config.Username = r.Form.Get("http_username")
|
config.Username = strings.TrimSpace(r.Form.Get("http_username"))
|
||||||
config.SkipTLSVerify = r.Form.Get("http_skip_tls_verify") != ""
|
config.SkipTLSVerify = r.Form.Get("http_skip_tls_verify") != ""
|
||||||
config.Password = getSecretFromFormField(r, "http_password")
|
config.Password = getSecretFromFormField(r, "http_password")
|
||||||
config.APIKey = getSecretFromFormField(r, "http_api_key")
|
config.APIKey = getSecretFromFormField(r, "http_api_key")
|
||||||
|
@ -1732,7 +1732,7 @@ func getAzureConfig(r *http.Request) (vfs.AzBlobFsConfig, error) {
|
||||||
config.AccountKey = getSecretFromFormField(r, "az_account_key")
|
config.AccountKey = getSecretFromFormField(r, "az_account_key")
|
||||||
config.SASURL = getSecretFromFormField(r, "az_sas_url")
|
config.SASURL = getSecretFromFormField(r, "az_sas_url")
|
||||||
config.Endpoint = strings.TrimSpace(r.Form.Get("az_endpoint"))
|
config.Endpoint = strings.TrimSpace(r.Form.Get("az_endpoint"))
|
||||||
config.KeyPrefix = r.Form.Get("az_key_prefix")
|
config.KeyPrefix = strings.TrimSpace(r.Form.Get("az_key_prefix"))
|
||||||
config.AccessTier = strings.TrimSpace(r.Form.Get("az_access_tier"))
|
config.AccessTier = strings.TrimSpace(r.Form.Get("az_access_tier"))
|
||||||
config.UseEmulator = r.Form.Get("az_use_emulator") != ""
|
config.UseEmulator = r.Form.Get("az_use_emulator") != ""
|
||||||
config.UploadPartSize, err = strconv.ParseInt(r.Form.Get("az_upload_part_size"), 10, 64)
|
config.UploadPartSize, err = strconv.ParseInt(r.Form.Get("az_upload_part_size"), 10, 64)
|
||||||
|
@ -1841,12 +1841,12 @@ func getAdminFromPostFields(r *http.Request) (dataprovider.Admin, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return admin, fmt.Errorf("invalid status: %w", err)
|
return admin, fmt.Errorf("invalid status: %w", err)
|
||||||
}
|
}
|
||||||
admin.Username = r.Form.Get("username")
|
admin.Username = strings.TrimSpace(r.Form.Get("username"))
|
||||||
admin.Password = r.Form.Get("password")
|
admin.Password = strings.TrimSpace(r.Form.Get("password"))
|
||||||
admin.Permissions = r.Form["permissions"]
|
admin.Permissions = r.Form["permissions"]
|
||||||
admin.Email = r.Form.Get("email")
|
admin.Email = strings.TrimSpace(r.Form.Get("email"))
|
||||||
admin.Status = status
|
admin.Status = status
|
||||||
admin.Role = r.Form.Get("role")
|
admin.Role = strings.TrimSpace(r.Form.Get("role"))
|
||||||
admin.Filters.AllowList = getSliceFromDelimitedValues(r.Form.Get("allowed_ip"), ",")
|
admin.Filters.AllowList = getSliceFromDelimitedValues(r.Form.Get("allowed_ip"), ",")
|
||||||
admin.Filters.AllowAPIKeyAuth = r.Form.Get("allow_api_key_auth") != ""
|
admin.Filters.AllowAPIKeyAuth = r.Form.Get("allow_api_key_auth") != ""
|
||||||
admin.AdditionalInfo = r.Form.Get("additional_info")
|
admin.AdditionalInfo = r.Form.Get("additional_info")
|
||||||
|
@ -2093,11 +2093,11 @@ func getUserFromPostFields(r *http.Request) (dataprovider.User, error) {
|
||||||
}
|
}
|
||||||
user = dataprovider.User{
|
user = dataprovider.User{
|
||||||
BaseUser: sdk.BaseUser{
|
BaseUser: sdk.BaseUser{
|
||||||
Username: r.Form.Get("username"),
|
Username: strings.TrimSpace(r.Form.Get("username")),
|
||||||
Email: r.Form.Get("email"),
|
Email: strings.TrimSpace(r.Form.Get("email")),
|
||||||
Password: r.Form.Get("password"),
|
Password: strings.TrimSpace(r.Form.Get("password")),
|
||||||
PublicKeys: r.Form["public_keys"],
|
PublicKeys: r.Form["public_keys"],
|
||||||
HomeDir: r.Form.Get("home_dir"),
|
HomeDir: strings.TrimSpace(r.Form.Get("home_dir")),
|
||||||
UID: uid,
|
UID: uid,
|
||||||
GID: gid,
|
GID: gid,
|
||||||
Permissions: getUserPermissionsFromPostFields(r),
|
Permissions: getUserPermissionsFromPostFields(r),
|
||||||
|
@ -2113,7 +2113,7 @@ func getUserFromPostFields(r *http.Request) (dataprovider.User, error) {
|
||||||
ExpirationDate: expirationDateMillis,
|
ExpirationDate: expirationDateMillis,
|
||||||
AdditionalInfo: r.Form.Get("additional_info"),
|
AdditionalInfo: r.Form.Get("additional_info"),
|
||||||
Description: r.Form.Get("description"),
|
Description: r.Form.Get("description"),
|
||||||
Role: r.Form.Get("role"),
|
Role: strings.TrimSpace(r.Form.Get("role")),
|
||||||
},
|
},
|
||||||
Filters: dataprovider.UserFilters{
|
Filters: dataprovider.UserFilters{
|
||||||
BaseUserFilters: filters,
|
BaseUserFilters: filters,
|
||||||
|
@ -2168,12 +2168,12 @@ func getGroupFromPostFields(r *http.Request) (dataprovider.Group, error) {
|
||||||
}
|
}
|
||||||
group = dataprovider.Group{
|
group = dataprovider.Group{
|
||||||
BaseGroup: sdk.BaseGroup{
|
BaseGroup: sdk.BaseGroup{
|
||||||
Name: r.Form.Get("name"),
|
Name: strings.TrimSpace(r.Form.Get("name")),
|
||||||
Description: r.Form.Get("description"),
|
Description: r.Form.Get("description"),
|
||||||
},
|
},
|
||||||
UserSettings: dataprovider.GroupUserSettings{
|
UserSettings: dataprovider.GroupUserSettings{
|
||||||
BaseGroupUserSettings: sdk.BaseGroupUserSettings{
|
BaseGroupUserSettings: sdk.BaseGroupUserSettings{
|
||||||
HomeDir: r.Form.Get("home_dir"),
|
HomeDir: strings.TrimSpace(r.Form.Get("home_dir")),
|
||||||
MaxSessions: maxSessions,
|
MaxSessions: maxSessions,
|
||||||
QuotaSize: quotaSize,
|
QuotaSize: quotaSize,
|
||||||
QuotaFiles: quotaFiles,
|
QuotaFiles: quotaFiles,
|
||||||
|
@ -2199,7 +2199,7 @@ func getKeyValsFromPostFields(r *http.Request, key, val string) []dataprovider.K
|
||||||
if strings.HasPrefix(k, key) {
|
if strings.HasPrefix(k, key) {
|
||||||
formKey := r.Form.Get(k)
|
formKey := r.Form.Get(k)
|
||||||
idx := strings.TrimPrefix(k, key)
|
idx := strings.TrimPrefix(k, key)
|
||||||
formVal := r.Form.Get(fmt.Sprintf("%s%s", val, idx))
|
formVal := strings.TrimSpace(r.Form.Get(fmt.Sprintf("%s%s", val, idx)))
|
||||||
if formKey != "" && formVal != "" {
|
if formKey != "" && formVal != "" {
|
||||||
res = append(res, dataprovider.KeyValue{
|
res = append(res, dataprovider.KeyValue{
|
||||||
Key: formKey,
|
Key: formKey,
|
||||||
|
@ -2215,7 +2215,7 @@ func getFoldersRetentionFromPostFields(r *http.Request) ([]dataprovider.FolderRe
|
||||||
var res []dataprovider.FolderRetention
|
var res []dataprovider.FolderRetention
|
||||||
for k := range r.Form {
|
for k := range r.Form {
|
||||||
if strings.HasPrefix(k, "folder_retention_path") {
|
if strings.HasPrefix(k, "folder_retention_path") {
|
||||||
folderPath := r.Form.Get(k)
|
folderPath := strings.TrimSpace(r.Form.Get(k))
|
||||||
if folderPath != "" {
|
if folderPath != "" {
|
||||||
idx := strings.TrimPrefix(k, "folder_retention_path")
|
idx := strings.TrimPrefix(k, "folder_retention_path")
|
||||||
retention, err := strconv.Atoi(r.Form.Get(fmt.Sprintf("folder_retention_val%s", idx)))
|
retention, err := strconv.Atoi(r.Form.Get(fmt.Sprintf("folder_retention_val%s", idx)))
|
||||||
|
@ -2239,14 +2239,14 @@ func getHTTPPartsFromPostFields(r *http.Request) []dataprovider.HTTPPart {
|
||||||
var result []dataprovider.HTTPPart
|
var result []dataprovider.HTTPPart
|
||||||
for k := range r.Form {
|
for k := range r.Form {
|
||||||
if strings.HasPrefix(k, "http_part_name") {
|
if strings.HasPrefix(k, "http_part_name") {
|
||||||
partName := r.Form.Get(k)
|
partName := strings.TrimSpace(r.Form.Get(k))
|
||||||
if partName != "" {
|
if partName != "" {
|
||||||
idx := strings.TrimPrefix(k, "http_part_name")
|
idx := strings.TrimPrefix(k, "http_part_name")
|
||||||
order, err := strconv.Atoi(idx)
|
order, err := strconv.Atoi(idx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
filePath := r.Form.Get(fmt.Sprintf("http_part_file%s", idx))
|
filePath := strings.TrimSpace(r.Form.Get(fmt.Sprintf("http_part_file%s", idx)))
|
||||||
body := r.Form.Get(fmt.Sprintf("http_part_body%s", idx))
|
body := r.Form.Get(fmt.Sprintf("http_part_body%s", idx))
|
||||||
concatHeaders := getSliceFromDelimitedValues(r.Form.Get(fmt.Sprintf("http_part_headers%s", idx)), "\n")
|
concatHeaders := getSliceFromDelimitedValues(r.Form.Get(fmt.Sprintf("http_part_headers%s", idx)), "\n")
|
||||||
var headers []dataprovider.KeyValue
|
var headers []dataprovider.KeyValue
|
||||||
|
@ -2314,8 +2314,8 @@ func getEventActionOptionsFromPostFields(r *http.Request) (dataprovider.BaseEven
|
||||||
}
|
}
|
||||||
options := dataprovider.BaseEventActionOptions{
|
options := dataprovider.BaseEventActionOptions{
|
||||||
HTTPConfig: dataprovider.EventActionHTTPConfig{
|
HTTPConfig: dataprovider.EventActionHTTPConfig{
|
||||||
Endpoint: r.Form.Get("http_endpoint"),
|
Endpoint: strings.TrimSpace(r.Form.Get("http_endpoint")),
|
||||||
Username: r.Form.Get("http_username"),
|
Username: strings.TrimSpace(r.Form.Get("http_username")),
|
||||||
Password: getSecretFromFormField(r, "http_password"),
|
Password: getSecretFromFormField(r, "http_password"),
|
||||||
Headers: getKeyValsFromPostFields(r, "http_header_key", "http_header_val"),
|
Headers: getKeyValsFromPostFields(r, "http_header_key", "http_header_val"),
|
||||||
Timeout: httpTimeout,
|
Timeout: httpTimeout,
|
||||||
|
@ -2326,7 +2326,7 @@ func getEventActionOptionsFromPostFields(r *http.Request) (dataprovider.BaseEven
|
||||||
Parts: getHTTPPartsFromPostFields(r),
|
Parts: getHTTPPartsFromPostFields(r),
|
||||||
},
|
},
|
||||||
CmdConfig: dataprovider.EventActionCommandConfig{
|
CmdConfig: dataprovider.EventActionCommandConfig{
|
||||||
Cmd: r.Form.Get("cmd_path"),
|
Cmd: strings.TrimSpace(r.Form.Get("cmd_path")),
|
||||||
Args: cmdArgs,
|
Args: cmdArgs,
|
||||||
Timeout: cmdTimeout,
|
Timeout: cmdTimeout,
|
||||||
EnvVars: getKeyValsFromPostFields(r, "cmd_env_key", "cmd_env_val"),
|
EnvVars: getKeyValsFromPostFields(r, "cmd_env_key", "cmd_env_val"),
|
||||||
|
@ -2350,7 +2350,7 @@ func getEventActionOptionsFromPostFields(r *http.Request) (dataprovider.BaseEven
|
||||||
Exist: getSliceFromDelimitedValues(r.Form.Get("fs_exist_paths"), ","),
|
Exist: getSliceFromDelimitedValues(r.Form.Get("fs_exist_paths"), ","),
|
||||||
Copy: getKeyValsFromPostFields(r, "fs_copy_source", "fs_copy_target"),
|
Copy: getKeyValsFromPostFields(r, "fs_copy_source", "fs_copy_target"),
|
||||||
Compress: dataprovider.EventActionFsCompress{
|
Compress: dataprovider.EventActionFsCompress{
|
||||||
Name: r.Form.Get("fs_compress_name"),
|
Name: strings.TrimSpace(r.Form.Get("fs_compress_name")),
|
||||||
Paths: getSliceFromDelimitedValues(r.Form.Get("fs_compress_paths"), ","),
|
Paths: getSliceFromDelimitedValues(r.Form.Get("fs_compress_paths"), ","),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2380,7 +2380,7 @@ func getEventActionFromPostFields(r *http.Request) (dataprovider.BaseEventAction
|
||||||
return dataprovider.BaseEventAction{}, err
|
return dataprovider.BaseEventAction{}, err
|
||||||
}
|
}
|
||||||
action := dataprovider.BaseEventAction{
|
action := dataprovider.BaseEventAction{
|
||||||
Name: r.Form.Get("name"),
|
Name: strings.TrimSpace(r.Form.Get("name")),
|
||||||
Description: r.Form.Get("description"),
|
Description: r.Form.Get("description"),
|
||||||
Type: actionType,
|
Type: actionType,
|
||||||
Options: options,
|
Options: options,
|
||||||
|
@ -2404,12 +2404,12 @@ func getEventRuleConditionsFromPostFields(r *http.Request) (dataprovider.EventCo
|
||||||
var names, groupNames, roleNames, fsPaths []dataprovider.ConditionPattern
|
var names, groupNames, roleNames, fsPaths []dataprovider.ConditionPattern
|
||||||
for k := range r.Form {
|
for k := range r.Form {
|
||||||
if strings.HasPrefix(k, "schedule_hour") {
|
if strings.HasPrefix(k, "schedule_hour") {
|
||||||
hour := r.Form.Get(k)
|
hour := strings.TrimSpace(r.Form.Get(k))
|
||||||
if hour != "" {
|
if hour != "" {
|
||||||
idx := strings.TrimPrefix(k, "schedule_hour")
|
idx := strings.TrimPrefix(k, "schedule_hour")
|
||||||
dayOfWeek := r.Form.Get(fmt.Sprintf("schedule_day_of_week%s", idx))
|
dayOfWeek := strings.TrimSpace(r.Form.Get(fmt.Sprintf("schedule_day_of_week%s", idx)))
|
||||||
dayOfMonth := r.Form.Get(fmt.Sprintf("schedule_day_of_month%s", idx))
|
dayOfMonth := strings.TrimSpace(r.Form.Get(fmt.Sprintf("schedule_day_of_month%s", idx)))
|
||||||
month := r.Form.Get(fmt.Sprintf("schedule_month%s", idx))
|
month := strings.TrimSpace(r.Form.Get(fmt.Sprintf("schedule_month%s", idx)))
|
||||||
schedules = append(schedules, dataprovider.Schedule{
|
schedules = append(schedules, dataprovider.Schedule{
|
||||||
Hours: hour,
|
Hours: hour,
|
||||||
DayOfWeek: dayOfWeek,
|
DayOfWeek: dayOfWeek,
|
||||||
|
@ -2419,7 +2419,7 @@ func getEventRuleConditionsFromPostFields(r *http.Request) (dataprovider.EventCo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if strings.HasPrefix(k, "name_pattern") {
|
if strings.HasPrefix(k, "name_pattern") {
|
||||||
pattern := r.Form.Get(k)
|
pattern := strings.TrimSpace(r.Form.Get(k))
|
||||||
if pattern != "" {
|
if pattern != "" {
|
||||||
idx := strings.TrimPrefix(k, "name_pattern")
|
idx := strings.TrimPrefix(k, "name_pattern")
|
||||||
patternType := r.Form.Get(fmt.Sprintf("type_name_pattern%s", idx))
|
patternType := r.Form.Get(fmt.Sprintf("type_name_pattern%s", idx))
|
||||||
|
@ -2430,7 +2430,7 @@ func getEventRuleConditionsFromPostFields(r *http.Request) (dataprovider.EventCo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if strings.HasPrefix(k, "group_name_pattern") {
|
if strings.HasPrefix(k, "group_name_pattern") {
|
||||||
pattern := r.Form.Get(k)
|
pattern := strings.TrimSpace(r.Form.Get(k))
|
||||||
if pattern != "" {
|
if pattern != "" {
|
||||||
idx := strings.TrimPrefix(k, "group_name_pattern")
|
idx := strings.TrimPrefix(k, "group_name_pattern")
|
||||||
patternType := r.Form.Get(fmt.Sprintf("type_group_name_pattern%s", idx))
|
patternType := r.Form.Get(fmt.Sprintf("type_group_name_pattern%s", idx))
|
||||||
|
@ -2441,7 +2441,7 @@ func getEventRuleConditionsFromPostFields(r *http.Request) (dataprovider.EventCo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if strings.HasPrefix(k, "role_name_pattern") {
|
if strings.HasPrefix(k, "role_name_pattern") {
|
||||||
pattern := r.Form.Get(k)
|
pattern := strings.TrimSpace(r.Form.Get(k))
|
||||||
if pattern != "" {
|
if pattern != "" {
|
||||||
idx := strings.TrimPrefix(k, "role_name_pattern")
|
idx := strings.TrimPrefix(k, "role_name_pattern")
|
||||||
patternType := r.Form.Get(fmt.Sprintf("type_role_name_pattern%s", idx))
|
patternType := r.Form.Get(fmt.Sprintf("type_role_name_pattern%s", idx))
|
||||||
|
@ -2452,7 +2452,7 @@ func getEventRuleConditionsFromPostFields(r *http.Request) (dataprovider.EventCo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if strings.HasPrefix(k, "fs_path_pattern") {
|
if strings.HasPrefix(k, "fs_path_pattern") {
|
||||||
pattern := r.Form.Get(k)
|
pattern := strings.TrimSpace(r.Form.Get(k))
|
||||||
if pattern != "" {
|
if pattern != "" {
|
||||||
idx := strings.TrimPrefix(k, "fs_path_pattern")
|
idx := strings.TrimPrefix(k, "fs_path_pattern")
|
||||||
patternType := r.Form.Get(fmt.Sprintf("type_fs_path_pattern%s", idx))
|
patternType := r.Form.Get(fmt.Sprintf("type_fs_path_pattern%s", idx))
|
||||||
|
@ -2495,7 +2495,7 @@ func getEventRuleActionsFromPostFields(r *http.Request) ([]dataprovider.EventAct
|
||||||
var actions []dataprovider.EventAction
|
var actions []dataprovider.EventAction
|
||||||
for k := range r.Form {
|
for k := range r.Form {
|
||||||
if strings.HasPrefix(k, "action_name") {
|
if strings.HasPrefix(k, "action_name") {
|
||||||
name := r.Form.Get(k)
|
name := strings.TrimSpace(r.Form.Get(k))
|
||||||
if name != "" {
|
if name != "" {
|
||||||
idx := strings.TrimPrefix(k, "action_name")
|
idx := strings.TrimPrefix(k, "action_name")
|
||||||
order, err := strconv.Atoi(r.Form.Get(fmt.Sprintf("action_order%s", idx)))
|
order, err := strconv.Atoi(r.Form.Get(fmt.Sprintf("action_order%s", idx)))
|
||||||
|
@ -2542,7 +2542,7 @@ func getEventRuleFromPostFields(r *http.Request) (dataprovider.EventRule, error)
|
||||||
return dataprovider.EventRule{}, err
|
return dataprovider.EventRule{}, err
|
||||||
}
|
}
|
||||||
rule := dataprovider.EventRule{
|
rule := dataprovider.EventRule{
|
||||||
Name: r.Form.Get("name"),
|
Name: strings.TrimSpace(r.Form.Get("name")),
|
||||||
Status: status,
|
Status: status,
|
||||||
Description: r.Form.Get("description"),
|
Description: r.Form.Get("description"),
|
||||||
Trigger: trigger,
|
Trigger: trigger,
|
||||||
|
@ -2559,7 +2559,7 @@ func getRoleFromPostFields(r *http.Request) (dataprovider.Role, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
return dataprovider.Role{
|
return dataprovider.Role{
|
||||||
Name: r.Form.Get("name"),
|
Name: strings.TrimSpace(r.Form.Get("name")),
|
||||||
Description: r.Form.Get("description"),
|
Description: r.Form.Get("description"),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
@ -2587,7 +2587,7 @@ func getIPListEntryFromPostFields(r *http.Request, listType dataprovider.IPListT
|
||||||
}
|
}
|
||||||
|
|
||||||
return dataprovider.IPListEntry{
|
return dataprovider.IPListEntry{
|
||||||
IPOrNet: r.Form.Get("ipornet"),
|
IPOrNet: strings.TrimSpace(r.Form.Get("ipornet")),
|
||||||
Mode: mode,
|
Mode: mode,
|
||||||
Protocols: protocols,
|
Protocols: protocols,
|
||||||
Description: r.Form.Get("description"),
|
Description: r.Form.Get("description"),
|
||||||
|
@ -2651,14 +2651,14 @@ func getSMTPConfigsFromPostFields(r *http.Request) *dataprovider.SMTPConfigs {
|
||||||
oauth2Provider = 1
|
oauth2Provider = 1
|
||||||
}
|
}
|
||||||
return &dataprovider.SMTPConfigs{
|
return &dataprovider.SMTPConfigs{
|
||||||
Host: r.Form.Get("smtp_host"),
|
Host: strings.TrimSpace(r.Form.Get("smtp_host")),
|
||||||
Port: port,
|
Port: port,
|
||||||
From: r.Form.Get("smtp_from"),
|
From: strings.TrimSpace(r.Form.Get("smtp_from")),
|
||||||
User: r.Form.Get("smtp_username"),
|
User: strings.TrimSpace(r.Form.Get("smtp_username")),
|
||||||
Password: getSecretFromFormField(r, "smtp_password"),
|
Password: getSecretFromFormField(r, "smtp_password"),
|
||||||
AuthType: authType,
|
AuthType: authType,
|
||||||
Encryption: encryption,
|
Encryption: encryption,
|
||||||
Domain: r.Form.Get("smtp_domain"),
|
Domain: strings.TrimSpace(r.Form.Get("smtp_domain")),
|
||||||
Debug: debug,
|
Debug: debug,
|
||||||
OAuth2: dataprovider.SMTPOAuth2{
|
OAuth2: dataprovider.SMTPOAuth2{
|
||||||
Provider: oauth2Provider,
|
Provider: oauth2Provider,
|
||||||
|
@ -3385,8 +3385,8 @@ func (s *httpdServer) handleWebAddFolderPost(w http.ResponseWriter, r *http.Requ
|
||||||
s.renderForbiddenPage(w, r, err.Error())
|
s.renderForbiddenPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
folder.MappedPath = r.Form.Get("mapped_path")
|
folder.MappedPath = strings.TrimSpace(r.Form.Get("mapped_path"))
|
||||||
folder.Name = r.Form.Get("name")
|
folder.Name = strings.TrimSpace(r.Form.Get("name"))
|
||||||
folder.Description = r.Form.Get("description")
|
folder.Description = r.Form.Get("description")
|
||||||
fsConfig, err := getFsConfigFromPostFields(r)
|
fsConfig, err := getFsConfigFromPostFields(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -3452,7 +3452,7 @@ func (s *httpdServer) handleWebUpdateFolderPost(w http.ResponseWriter, r *http.R
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
updatedFolder := vfs.BaseVirtualFolder{
|
updatedFolder := vfs.BaseVirtualFolder{
|
||||||
MappedPath: r.Form.Get("mapped_path"),
|
MappedPath: strings.TrimSpace(r.Form.Get("mapped_path")),
|
||||||
Description: r.Form.Get("description"),
|
Description: r.Form.Get("description"),
|
||||||
}
|
}
|
||||||
updatedFolder.ID = folder.ID
|
updatedFolder.ID = folder.ID
|
||||||
|
@ -4214,8 +4214,16 @@ func (s *httpdServer) handleOAuth2TokenRedirect(w http.ResponseWriter, r *http.R
|
||||||
s.renderMessagePage(w, r, errorTitle, "Unable to get token:", http.StatusInternalServerError, err, "")
|
s.renderMessagePage(w, r, errorTitle, "Unable to get token:", http.StatusInternalServerError, err, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if token.RefreshToken == "" {
|
||||||
|
errTxt := "the OAuth2 provider returned an empty token. " +
|
||||||
|
"Some providers only return the token when the user first authorizes. " +
|
||||||
|
"If you have already registered SFTPGo with this user in the past, revoke access and try again. " +
|
||||||
|
"This way you will invalidate the previous token."
|
||||||
|
s.renderMessagePage(w, r, errorTitle, "Unable to get token:", http.StatusBadRequest, errors.New(errTxt), "")
|
||||||
|
return
|
||||||
|
}
|
||||||
s.renderMessagePage(w, r, successTitle, "", http.StatusOK, nil,
|
s.renderMessagePage(w, r, successTitle, "", http.StatusOK, nil,
|
||||||
fmt.Sprintf("Copy the following string, without the quotes, into your SMTP OAuth2 Token configuration: %q", token.RefreshToken))
|
fmt.Sprintf("Copy the following string, without the quotes, into SMTP OAuth2 Token configuration field: %q", token.RefreshToken))
|
||||||
}
|
}
|
||||||
|
|
||||||
func updateSMTPSecrets(newConfigs, currentConfigs *dataprovider.SMTPConfigs) {
|
func updateSMTPSecrets(newConfigs, currentConfigs *dataprovider.SMTPConfigs) {
|
||||||
|
|
|
@ -1265,7 +1265,7 @@ func (s *httpdServer) handleWebClientProfilePost(w http.ResponseWriter, r *http.
|
||||||
user.Filters.AllowAPIKeyAuth = r.Form.Get("allow_api_key_auth") != ""
|
user.Filters.AllowAPIKeyAuth = r.Form.Get("allow_api_key_auth") != ""
|
||||||
}
|
}
|
||||||
if userMerged.CanChangeInfo() {
|
if userMerged.CanChangeInfo() {
|
||||||
user.Email = r.Form.Get("email")
|
user.Email = strings.TrimSpace(r.Form.Get("email"))
|
||||||
user.Description = r.Form.Get("description")
|
user.Description = r.Form.Get("description")
|
||||||
}
|
}
|
||||||
err = dataprovider.UpdateUser(&user, dataprovider.ActionExecutorSelf, ipAddr, user.Role)
|
err = dataprovider.UpdateUser(&user, dataprovider.ActionExecutorSelf, ipAddr, user.Role)
|
||||||
|
@ -1297,10 +1297,15 @@ func getShareFromPostFields(r *http.Request) (*dataprovider.Share, error) {
|
||||||
if err := r.ParseForm(); err != nil {
|
if err := r.ParseForm(); err != nil {
|
||||||
return share, err
|
return share, err
|
||||||
}
|
}
|
||||||
share.Name = r.Form.Get("name")
|
share.Name = strings.TrimSpace(r.Form.Get("name"))
|
||||||
share.Description = r.Form.Get("description")
|
share.Description = r.Form.Get("description")
|
||||||
share.Paths = r.Form["paths"]
|
for _, p := range r.Form["paths"] {
|
||||||
share.Password = r.Form.Get("password")
|
p = strings.TrimSpace(p)
|
||||||
|
if p != "" {
|
||||||
|
share.Paths = append(share.Paths, p)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
share.Password = strings.TrimSpace(r.Form.Get("password"))
|
||||||
share.AllowFrom = getSliceFromDelimitedValues(r.Form.Get("allowed_ip"), ",")
|
share.AllowFrom = getSliceFromDelimitedValues(r.Form.Get("allowed_ip"), ",")
|
||||||
scope, err := strconv.Atoi(r.Form.Get("scope"))
|
scope, err := strconv.Atoi(r.Form.Get("scope"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1313,8 +1318,8 @@ func getShareFromPostFields(r *http.Request) (*dataprovider.Share, error) {
|
||||||
}
|
}
|
||||||
share.MaxTokens = maxTokens
|
share.MaxTokens = maxTokens
|
||||||
expirationDateMillis := int64(0)
|
expirationDateMillis := int64(0)
|
||||||
expirationDateString := r.Form.Get("expiration_date")
|
expirationDateString := strings.TrimSpace(r.Form.Get("expiration_date"))
|
||||||
if strings.TrimSpace(expirationDateString) != "" {
|
if expirationDateString != "" {
|
||||||
expirationDate, err := time.Parse(webDateTimeFormat, expirationDateString)
|
expirationDate, err := time.Parse(webDateTimeFormat, expirationDateString)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return share, err
|
return share, err
|
||||||
|
@ -1347,7 +1352,7 @@ func (s *httpdServer) handleWebClientForgotPwdPost(w http.ResponseWriter, r *htt
|
||||||
s.renderClientForbiddenPage(w, r, err.Error())
|
s.renderClientForbiddenPage(w, r, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
username := r.Form.Get("username")
|
username := strings.TrimSpace(r.Form.Get("username"))
|
||||||
err = handleForgotPassword(r, username, false)
|
err = handleForgotPassword(r, username, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if e, ok := err.(*util.ValidationError); ok {
|
if e, ok := err.(*util.ValidationError); ok {
|
||||||
|
@ -1479,7 +1484,7 @@ func (s *httpdServer) handleClientShareLoginPost(w http.ResponseWriter, r *http.
|
||||||
s.renderShareLoginPage(w, r.RequestURI, dataprovider.ErrInvalidCredentials.Error(), ipAddr)
|
s.renderShareLoginPage(w, r.RequestURI, dataprovider.ErrInvalidCredentials.Error(), ipAddr)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
match, err := share.CheckCredentials(r.Form.Get("share_password"))
|
match, err := share.CheckCredentials(strings.TrimSpace(r.Form.Get("share_password")))
|
||||||
if !match || err != nil {
|
if !match || err != nil {
|
||||||
s.renderShareLoginPage(w, r.RequestURI, dataprovider.ErrInvalidCredentials.Error(), ipAddr)
|
s.renderShareLoginPage(w, r.RequestURI, dataprovider.ErrInvalidCredentials.Error(), ipAddr)
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in a new issue