Nicola Murino
e54fd46a9e
SQL providers: make sure we don't exceed the allowed placeholders
...
Fixes #1415
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-09-12 19:15:40 +02:00
Nicola Murino
fac022090d
httpd: disable directory index for static files
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-09-08 19:55:45 +02:00
Nicola Murino
aefcea034a
validate API key scope
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-09-08 18:54:11 +02:00
Nicola Murino
f03fdd1155
add object metadata to notification events
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-08-12 18:51:47 +02:00
Nicola Murino
6c482a248d
portable mode: add WebClient
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-08-10 19:02:55 +02:00
Nicola Murino
25450d9efc
fix event validation test case
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-08-09 19:00:59 +02:00
Nicola Murino
63212bb033
remove the legacy PreferServerCipherSuites configuration
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-08-07 19:11:48 +02:00
Nicola Murino
830116bcf2
shares: allow to force an expiration date
...
this is a soft requirement, users can reactivate expired shares by
updating the expiration date
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-08-07 19:07:20 +02:00
Nicola Murino
af0d7b48ad
sftpd: refactor multi-step authentication
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-08-04 20:56:23 +02:00
Nicola Murino
0413c0471c
add a specific permission to manage folders
...
creating/updating folders embedded in users is no longer supported.
Fixes #1349
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-07-23 18:48:49 +02:00
Nicola Murino
00366fce07
shares: respect password strength
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-07-16 16:51:38 +02:00
Nicola Murino
e88172dd7e
back to development
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-07-15 12:35:30 +02:00
Nicola Murino
a38ce460bb
WebClient: show user quota
...
Also remove per-source data transfer limits. This was an
oversight
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-06-16 21:06:21 +02:00
Nicola Murino
1c1b76011f
WebAdmin: relax key prefix validation
...
try to automatically fix leading and trailing slashes
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-06-12 19:13:16 +02:00
Nicola Murino
9d60972743
WebClient: redirect to the requested URL after login
...
This feature is only useful and enabled for file manager urls
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-06-08 18:14:47 +02:00
Nicola Murino
f938af5a61
WebClient: fix sorting by size
...
Fixes #1313
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-06-04 21:45:31 +02:00
Nicola Murino
3499edd5c2
WebUI: remove leading and trailing spaces from user-submitted input
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-06-04 08:45:17 +02:00
Nicola Murino
48939b2b4f
add XOAUTH2
...
start the countdown, let's see how long it takes for your favorite
Go-based proprietary SFTP server to notice this change, copy the SFTPGo
code and thus violate its license, and announce the same feature :)
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-06-03 16:17:32 +02:00
Nicola Murino
8339fee69d
smtp: add debug option
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-05-30 19:11:28 +02:00
Nicola Murino
8f934f7c82
email action: allow to configure Bcc
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-05-25 19:55:27 +02:00
Nicola Murino
bbaca578cd
EventManager: add content type option for email config
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-05-17 19:28:13 +02:00
Nicola Murino
52ec36dbd6
update pwd reset template. Update deps and use new features from the OIDC library
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-05-17 18:10:57 +02:00
Nicola Murino
e0d9b8bddf
WebClient: update password change timestamp after password reset
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-05-16 19:15:45 +02:00
Nicola Murino
adad8e658b
osfs: add optional buffering
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-05-16 18:08:14 +02:00
Nicola Murino
4eded56d5f
add support for log events
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-05-12 18:34:59 +02:00
Nicola Murino
712f2053a4
REST API dumpdata: allow to specify the resources to dump
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-04-18 18:11:23 +02:00
Nicola Murino
466f2e88b3
WebClient: fix rename
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-04-15 14:16:26 +02:00
Nicola Murino
4294659785
try harder to convert transfer errors in well-known error types
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-04-08 14:55:04 +02:00
Nicola Murino
184b99d500
user: add a field to indicate whether the password is set
...
A structure similar to the one used for secrets would be better,
but we don't want to break backwards compatibility.
Also document that omitting the password field in the request body
will preserve the current password when updating a user using the
REST API. Added a test case for this.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-04-06 18:22:09 +02:00
Nicola Murino
354fc9b3d6
OIDC: allow to extract custom fields from sub-structs
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-03-23 18:15:07 +01:00
Nicola Murino
e29f6857db
EventManager: add IDP login trigger and check account action
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-03-22 19:02:54 +01:00
Nicola Murino
84396343da
fix some codeql warnings
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-03-10 17:30:06 +01:00
Nicola Murino
0423e8f157
httpd: generate defender events for failed 2fa and password resets
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-03-04 13:55:48 +01:00
Nicola Murino
bdcee06665
WebClient: remove the default upload size limit
...
Users who want a limit can still set it.
By default, we want to allow uploads of any size
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-03-02 18:26:21 +01:00
Nicola Murino
4ba3ae876d
allow to set password strength at user/group level
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-03-02 09:11:30 +01:00
Nicola Murino
662164c7ff
smtp: require templates only if a server is configured or in service mode
...
This regression was introduced after recent changes to allow setting the SMTP
settings from the WebAdmin UI.
Fixes #1217
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-03-01 18:31:02 +01:00
Nicola Murino
fad6af11e5
don't expose error messages from pre-actions and post connect hooks
...
always return a generic error instead to avoid leaking internal info
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-28 18:01:09 +01:00
Nicola Murino
dba088daed
printf: replace %#v with the more explicit %q
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-27 19:19:57 +01:00
Nicola Murino
561976bcd0
WebClient: return proper status code for http.MaxBytesError
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-27 11:03:05 +01:00
Nicola Murino
9a10740218
allow ACME HTTP-01 challenge with https redirect from port 80
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-24 20:08:14 +01:00
Nicola Murino
8805d85377
configs: add ACME section
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-23 19:25:20 +01:00
Nicola Murino
a3fff56da5
WebAdmin: add configs section
...
Setting configurations is an experimental feature and is not currently
supported in the REST API
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-19 19:03:45 +01:00
Nicola Murino
78cd5d8eba
groups: add expiration date override
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-13 19:32:36 +01:00
Nicola Murino
7738faa040
events: add elapsed to UI and exports
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-13 12:58:21 +01:00
Nicola Murino
7e85356325
WebClient shares: replace basic auth with a login form
...
basic auth will continue to work for REST API
Fixes #1166
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-12 08:29:53 +01:00
Nicola Murino
1b1745b7f7
move IP/Network lists to the data provider
...
this is a backward incompatible change, all previous file based IP/network
lists will not work anymore
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-02-09 09:33:33 +01:00
Nicola Murino
c0fe08b597
defender: allow to set a different score for "no auth tried" events
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-01-25 18:49:03 +01:00
Nicola Murino
5550a5d2c0
update users: also disconnect users from remote nodes when requested
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-01-24 18:53:34 +01:00
Nicola Murino
7b5bebc588
EventManager: add "on-demand" trigger
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-01-21 15:41:24 +01:00
Nicola Murino
53f17b5715
allow to disable event rules
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-01-19 18:33:04 +01:00