Add SFTP public key authentication support #13190
Conversation
|
Thanks a lot for your contribution! Contributions to the core repo require a signed contributors agreement http://owncloud.org/contribute/agreement/ Alternatively you can add a comment here stating that this contribution is MIT licensed. Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/ |
|
Signed contributor agreement went to Frank Karlitschek on Wednesday 7th Jan 2015, and I believe is being progressed. |
There was a problem hiding this comment.
Can I ask you to use the AppFramework for this new AJAX file?
http://doc.owncloud.org/server/7.0/developer_manual/app/index.html
There was a problem hiding this comment.
What would be needed here is:
- Create an application.php for the files_external app
- Migrate this to a controller
- Add a route
- Add some unit tests
|
@icewind1991 @bantu THX - your expertise is requested here. |
apps/files_external/appinfo/app.php
Outdated
There was a problem hiding this comment.
More or less a direct cut & paste from the SFTP plugin definition above. Will test and find out what type is coming back.
There was a problem hiding this comment.
Please change:
'root' => '&'.$l->t('Root')) --> 'root' => '&'.$l->t('Remote subfolder'))
as we have harmonized the terms used recently
Please do not forget to document this in:
https://github.com/owncloud/documentation/blob/master/admin_manual/configuration/external_storage_configuration.rst
https://github.com/owncloud/documentation/blob/master/admin_manual/configuration/external_storage_configuration_gui.rst
There was a problem hiding this comment.
The (string) thing was introduced by @wakeup - perhaps he could shed some light on it?
|
@owncloud-bot This is okay to test. |
|
@rnicoll THX for your contribution. We're currently in code-freeze for 8.0 this month so this code can get merged earliest next month. Let me know if you need any help to address the comments that I made. - Using the AppFramework here would allow us to test this code instead of an untestable file. |
|
Please also take a look at the things @scrutinizer-notifier reported. |
|
Still not done with the cleanup, just pushing updates so you can see progress. Should be much closer now though. |
There was a problem hiding this comment.
FYI: @rnicoll @Xenopathic casting to string was necessary to make the strings visible. This is the correct way though. If there are other chars like * or & no casting is necessary.
rnicoll
force-pushed
the
master-sftp-key
branch
2 times, most recently
from
4fb08e0 to
f7d79e3
Compare
|
Squashed the whole lot down, that should be everything but the tests done now. |
|
Barring two tests (testHashInFileName and testRenameOverWriteDirectory) which also fail with the existing SFTP plugin (and I think are therefore more about how my server works, than anything else), all unit tests pass. Any other changes required? |
|
Looks good! I'll be testing this at some point, then I can give my review mark 😄 |
|
@karlitschek Please verify #13190 (comment). - THX. |
|
@LukasReschke Confirmed :-) |
|
Neat! I like the auto-generation of SSH keys, it makes it really simple to use. Only issue is a minor problem with the position of the 'Generate keys' button: it drops underneath the divider line and looks a bit odd:
It seems that the button is an Other than that though, it's looking great! |
Add support for external files accessed via SFTP using public key exchange authentication. Keys are generated automatically when the configuration is added, or can be regenerated on demand if a key is compromised. Creation of a new configuration row now triggers focus on that row. This is used to trigger auto-configuration for SFTP keys. Generated public keys are saved in user's data directory for easy retrieval by an external application. Add controller for SFTP key generation AJAX SFTP class initialisation no longer produces a warning if the password field is missing. Add unit tests for SFTP with key authentication backend
rnicoll
force-pushed
the
master-sftp-key
branch
from
06cf347 to
64f4f8f
Compare
|
Done. I'll update Google and Dropbox plugins to match in a moment. |
|
Nice! 👍 Now we wait for feature merges to be accepted again |
|
The inspection completed: 26 new issues, 30 updated code elements |
|
@owncloud-bot ok to test |
|
You might want to rebase on top of master in case this PR needs the styling fixes from #13364 which was merged on master |
|
Refer to this link for build results (access rights to CI server needed): |
|
Works 👍 But I wonder about the private key which is stored in plain text inside mount.json. Is it worth encrypting the private key like we did for passwords there ? CC @LukasReschke |
|
I'm merging this now as we need the AjaxController for other stuff. The "private_key" encryption can be submit as a separate PR, if wanted. Thanks a lot @rnicoll ! |
Add SFTP public key authentication support
|
Private key encryption occurs at https://github.com/owncloud/core/pull/13190/files#diff-fc861a6589e68fe5eaca28c5e2f03296R23 based on the system's secret value. Please do let me know if there's any problems there. |
|
@rnicoll ah ok. I wasn't sure because when I looked at "mount.json" I saw the block "--- PRIVATE KEY BEGIN ---" or something. It looked like it was just the plain key. |
8 participants
Adds a new SFTP external file plugin which uses public key based authentication instead of passwords.
A number of private fields/functions in the existing SFTP class have been made protected in order to make extension of that class feasible, as part of this work.
When adding a new external file store, the first field is now automatically selected. This is a minor UI improvement, but also caught by the SFTP key UI in order to trigger key pair generation.