(conn ssh.ConnMetadata, password []byte)
| 93 | } |
| 94 | |
| 95 | func (d *SftpDriver) PasswordAuth(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) { |
| 96 | ip := conn.RemoteAddr().String() |
| 97 | count, ok := model.LoginCache.Get(ip) |
| 98 | if ok && count >= model.DefaultMaxAuthRetries { |
| 99 | model.LoginCache.Expire(ip, model.DefaultLockDuration) |
| 100 | return nil, errors.New("Too many unsuccessful sign-in attempts have been made using an incorrect username or password, Try again later.") |
| 101 | } |
| 102 | pass := string(password) |
| 103 | userObj, err := op.GetUserByName(conn.User()) |
| 104 | if err == nil { |
| 105 | err = userObj.ValidateRawPassword(pass) |
| 106 | if err != nil && setting.GetBool(conf.LdapLoginEnabled) && userObj.AllowLdap { |
| 107 | err = common.HandleLdapLogin(conn.User(), pass) |
| 108 | } |
| 109 | } else if setting.GetBool(conf.LdapLoginEnabled) && model.CanFTPAccess(int32(setting.GetInt(conf.LdapDefaultPermission, 0))) { |
| 110 | userObj, err = tryLdapLoginAndRegister(conn.User(), pass) |
| 111 | } |
| 112 | if err != nil { |
| 113 | model.LoginCache.Set(ip, count+1) |
| 114 | return nil, err |
| 115 | } |
| 116 | if userObj.Disabled || !userObj.CanFTPAccess() { |
| 117 | model.LoginCache.Set(ip, count+1) |
| 118 | return nil, errors.New("user is not allowed to access via SFTP") |
| 119 | } |
| 120 | model.LoginCache.Del(ip) |
| 121 | return nil, nil |
| 122 | } |
| 123 | |
| 124 | func (d *SftpDriver) PublicKeyAuth(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) { |
| 125 | userObj, err := op.GetUserByName(conn.User()) |
nothing calls this directly
no test coverage detected