filestash
filestash copied to clipboard
mickael-kerjean
[bug]
Description of the bug
Issue with correct login using middleware with sftp. I do not see any option that would work and i am not sure if this is code problem or plugin problem.
If middleware is not used via workaround login to sftp works just fine.
So my only guess that it is problem with attribute mapping in some place in code or me using it wrongly.
Step by step instructions to reproduce the bug
Username_password option:
With such settings:
Prompt with credentials:
After using correct password to SFTP user:
With Direct options its the same
Workaround
Set authentiaction middleware for something diffirent i desire:
Then i am getting:
And then after pressing login i am in:
Expected behavior
To be able to create pre-sets of diffirent sftp servers profiles where user can type only user and password while other parameters are hiden(IP/fqdn, port, etc..)
There was a regression that was introduced a few days ago that could have cause this to happen. Can you check again with the new version?
I think i found root cause of the problem :D the port in sftp is not passed through in attribute mapping part. my setup is based only on docker containers so i had to use custom 2022 port for sftp server due to conflict with 22(sshd).
So i have tested couple of options after your update and i think its port mapping problem between backend and form that is passed through to log in to sftp server.
For testing purposes i have swapped the ports for my SFTP and SSH. OS has now port 2022 for sshd and sftp server in side container has port 22 as it should be in default scenario.
After that both middleware options like HTACCESS,ADMIN or PASSTHROUGH worked just fine.
So that points to port parameter that is not respected when it is filled up
If form is presented completely to user, so this is when you do not use any middleware authentication, port attribute is respected and allow me to log in to sftp.
Hope this feedback will be helpful, i can workaround it any ways, but the idea and features in your app are great :D
Just to confirm that I also have different port in use and am not able to use new middleware system to login. Old logic with direct configuration in json file is still working, that is my workaround.
After testing webdav that is not using port but Url instead, I still have issue to login, so maybe port is not an issue.
I would need to replicate this on my local to understand what's going on. To do this, can you post your config.json file?
I would need to give you some test account to test or what is the point in config.json?
that file contains the entire config of your instance, it has everything I'd need to replicate this issue. To understand what's going on I need to be able to replicate it
{
"general": {
"name": null,
"port": 20534,
"host": null,
"secret_key": "xxx",
"force_ssl": null,
"editor": null,
"fork_button": false,
"logout": null,
"display_hidden": true,
"refresh_after_upload": true,
"upload_button": true,
"upload_pool_size": null,
"filepage_default_view": "list",
"filepage_default_sort": null,
"cookie_timeout": null,
"custom_css": ".component_page_connection_form div.buttons {\n display: block !important;\n}\n:root {\n --emphasis-primary: #42a2d1 !important;\n}"
},
"features": {
"api": {
"enable": null,
"api_key": null
},
"share": {
"enable": null,
"default_access": null,
"redirect": null
},
"protection": {
"iframe": null,
"zip_timeout": null,
"enable": true,
"disable_svg": true
},
"video": {
"enable_transcoder": true,
"blacklist_format": null
},
"office": {
"enable": null,
"onlyoffice_server": null,
"can_download": null
},
"server": {
"console_enable": null
},
"search": {
"explore_timeout": null
}
},
"log": {
"enable": null,
"level": null,
"telemetry": null
},
"email": {
"server": null,
"port": null,
"username": null,
"password": null,
"from": null
},
"auth": {
"admin": "xxx"
},
"middleware": {
"identity_provider": {
"type": "passthrough",
"params": "nNx9I3XBoj7sE4XaeQA6Pfm_MJGTMlihnqi0klfJPuMt0KzEjN6W3k27RQV-L7G32-HjDeLiUXZkq4vt2ncJ5LZ1JXKG38xlAz1b4A=="
},
"attribute_mapping": {
"related_backend": "1NUC SFTP",
"params": "nNx9I3XBoj7sE4XbS6TctotISaf-2I4D7x_72wsFAuwud5GzWcxKlWg290fC8IMxNoTjVEt1gZm_5dth0A-68hmIN-JSaTg2kxGkCTwK7tBGMh1_SPtXTdREaR-l3p2k-BZHDa-qWn7NJAdDGA=="
}
},
"constant": {
"user": "filestash",
"emacs": true,
"pdftotext": true
},
"connections": [
{
"label": "1NUC SFTP",
"type": "sftp",
"hostname": "192.168.188.203",
"advanced": null,
"path": null,
"port": 20541,
"passphrase": null,
"hostkey": null
}
]
}
to replicate that issue you would have to change sftp server port to custom for example 2022.
other thing is to set in "admin web gui" static credential in middleware
so in conclusion when you open "web client gui" you are already logged in to for example "sftp"
in that moment you are getting
due to port problem.
if you would have default 22 port for sftp you will be connected without any issue.
"middleware": { "identity_provider": { "type": "passthrough", "params": "m2hCnxdSwdiykr7DV1cLq8nI4LyW8V7GFu79Qi3BDUgwy0QWsIVbC0tleROPJEufWiGscxWgtk6LVZ7o_eBPehXZDLM8bDvWwkjq3w==" }, "attribute_mapping": { "related_backend": "SFTP", "params": "m2hCnxdSwdiykr7ERORBVuq3v7Zh5h3QNvc_bqy1yf0HnbUF0bODSF07BNQgzuuPH-4QGIjOKBrbj3M2wl2oVMa8gbrSHgbEtcPsIZgWI_mhusk3stStKr6EMYf_7GhKB0NgMRkerdi5hZQEm9kbMEs1_nNxG7k7" } }, "constant": { "user": "filestash", "emacs": true, "pdftotext": true }, "connections": [ { "label": "SFTP", "type": "sftp" } ] }
In my case I am getting "backend error - Not Allowed". I also tried with {{ .user }} and {{ .password }}, same result.
I just encountered the same issue, my port is not 22 and the port config seems not passed through correctly. As what Anzel601 said, if my port is 22 then everything works fine, if my port is not the default port then I always get Not Valid.
Same if iframe is specified in settings.
Let's wait autor for the fix.
I haven't been able to replicate this and without being able to replicate it, it's impossible to provide a fix. Giving half a config file isn't enough for this
@mickael-kerjean Tell us everything you need to solve this and we’ll provide it.
a complete config.json file would do, if you have some sensitive data and don't want to publish it on github, you can either:
- send a version to me at [email protected]
- point it to a free server like either test.rebex.net or demo.wftpserver.com
After setting up the auth middleware, I get this error in the logs of the container:
2023/03/30 17:12:50 HTTP 304 GET 0.2ms /?error=Invalid%20account_
And in the browser:
And I emailed you my config.json.
Got your config file and I still can't replicate the issue. Because your hostname was an internal IP, I did replace your SFTP setup with my local machine and it went in without any issue
Ok! Let me send you a new config file connected to my SFTP server. /Fredrik
On Thu, 30 Mar 2023 at 17:31, Mickael @.***> wrote:
Got your config file and I still can't replicate the issue. I have replace your SFTP setup with my local machine as your host was on an internal IP and it went in without any issue
— Reply to this email directly, view it on GitHub https://github.com/mickael-kerjean/filestash/issues/533#issuecomment-1490509784, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGIDMYKZS6NOTKYOLUZZF2DW6WRN7ANCNFSM6AAAAAASLGBDNA . You are receiving this because you commented.Message ID: @.***>
Hi,
So, let me explain the situation, bear with me.
When opening Filestash locally at (for me 192.168.2.42:8334) I can connect to sftpgo.fdrive.se with no problem.
Like this: [image: Screenshot 2023-03-30 at 18.18.23.png]
Credentials: Server: sftpgo.fdrive.se User: demo Pass: irqBAJvGiJ4bitoZA5Rn Port: 2022
And connecting from an SFTP client like Cyberduck works fine, like this: [image: Screenshot 2023-03-30 at 18.20.02.png]
But connecting from files.fdrive.se http://files.fdrive.se, which is where I'm hosting my Filestash instance, doesn't work.
*Nevertheless, using the passthrough middleware doesn't work at all in either case. *
Here's a config with my public SFTP server with the credentials above.
/Fredrik
On Thu, 30 Mar 2023 at 17:33, Fredrik Burmester @.***> wrote:
Ok! Let me send you a new config file connected to my SFTP server. /Fredrik
On Thu, 30 Mar 2023 at 17:31, Mickael @.***> wrote:
Got your config file and I still can't replicate the issue. I have replace your SFTP setup with my local machine as your host was on an internal IP and it went in without any issue
— Reply to this email directly, view it on GitHub https://github.com/mickael-kerjean/filestash/issues/533#issuecomment-1490509784, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGIDMYKZS6NOTKYOLUZZF2DW6WRN7ANCNFSM6AAAAAASLGBDNA . You are receiving this because you commented.Message ID: @.***>
First of all thank you to Anzel601 and Fredrik, the issue would only come using a non standard sftp port like whenever using sftpgo. The root cause was an issue while parsing the json data for the port number which would make Filestash not see the port data at all and use the default of port 22 instead.
The commit above does fix that issue and it should now be fine
the new build with the fix is available, can we confirm everything is running fine with the fix?
@mickael-kerjean Everything is working for me. Both normal log-in and Authentication Middleware.