make app password work with sftp

(cherry picked from commit 9faae96d61) (cherry picked from commit f3b979f112)
5.0.6 changelog
2020-03-26 21:56:45 -07:00 · 2020-03-26 19:30:52 -07:00 · 2020-03-26 19:08:43 -07:00 · 2020-03-25 07:57:39 -07:00
4 changed files with 19 additions and 6 deletions
--- a/5
+++ b/5
@@ -1848,4 +1848,9 @@
 [5.0.5]
 * Fix bug where incoming mail from dynamic hostnames was rejected
 * Increase token expiry
+* Fix bug in tag UI where tag removal did not work
+
+[5.0.6]
+* Make mail eventlog only visible to owners
+* Make app password work with sftp

--- a/src/ldap.js
+++ b/src/ldap.js
@@ -534,13 +534,16 @@ function authenticateSftp(req, res, next) {
    var parts = email.split('@');
    if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));

-    // actual user bind
-    users.verifyWithUsername(parts[0], req.credentials, users.AP_SFTP, function (error) {
+    apps.getByFqdn(parts[1], function (error, app) {
        if (error) return next(new ldap.InvalidCredentialsError(req.dn.toString()));

-        debug('sftp auth: success');
+        users.verifyWithUsername(parts[0], req.credentials, app.id, function (error) {
+            if (error) return next(new ldap.InvalidCredentialsError(req.dn.toString()));

-        res.end();
+            debug('sftp auth: success');
+
+            res.end();
+        });
    });
 }

--- a/src/server.js
+++ b/src/server.js
@@ -244,7 +244,13 @@ function initializeExpressSync() {
    }, routes.settings.set);

    // email routes
-    router.get('/api/v1/mailserver/:pathname', token, authorizeAdmin, routes.mailserver.proxy);
+    router.get('/api/v1/mailserver/:pathname', token, (req, res, next) => {
+        // some routes are more special than others
+        if (req.params.pathname === 'eventlog' || req.params.pathname === 'clear_eventlog') {
+            return authorizeOwner(req, res, next);
+        }
+        authorizeAdmin(req, res, next);
+    }, routes.mailserver.proxy);

    router.get ('/api/v1/mail/:domain',       token, authorizeAdmin, routes.mail.getDomain);
    router.post('/api/v1/mail',               token, authorizeAdmin, routes.mail.addDomain);
--- a/src/users.js
+++ b/src/users.js
@@ -31,7 +31,6 @@ exports = module.exports = {
    count: count,

    AP_MAIL: 'mail',
-    AP_SFTP: 'sftp',
    AP_WEBADMIN: 'webadmin',

    ROLE_ADMIN: 'admin',
Author	SHA1	Message	Date
Girish Ramakrishnan	92f143163b	make app password work with sftp (cherry picked from commit `9faae96d61`) (cherry picked from commit `f3b979f112`)	2020-03-26 21:56:45 -07:00
Girish Ramakrishnan	3c1a1f1b81	5.0.6 changelog	2020-03-26 19:30:52 -07:00
Girish Ramakrishnan	4bc7c70e2e	make eventlog routes owner only (cherry picked from commit `007a8d248d`)	2020-03-26 19:08:43 -07:00
Girish Ramakrishnan	cc6ddf50b1	5.0.5 changes	2020-03-25 07:57:39 -07:00