MCorange/wings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update SFTP logic for authentication to avoid brute forces; replicates logic from #9

Browse Source 
Co-Authored-By: Stepan Fedotov <trixterthetux@users.noreply.github.com>
This commit is contained in:
Dane Everitt
2020-07-02 21:03:11 -07:00
parent 65809b5731
commit 82912595b7
4 changed files with 30 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/sftp_endpoints.go
View File

@@ -4,7 +4,6 @@ import (
"encoding/json"
"github.com/pkg/errors"
"github.com/pterodactyl/sftp-server"
"go.uber.org/zap"
)
func (r *PanelRequest) ValidateSftpCredentials(request sftp_server.AuthenticationRequest) (*sftp_server.AuthenticationResponse, error) {
@@ -23,13 +22,10 @@ func (r *PanelRequest) ValidateSftpCredentials(request sftp_server.Authenticatio
if r.HasError() {
if r.HttpResponseCode() >= 400 && r.HttpResponseCode() < 500 {
zap.S().Debugw("failed to validate server credentials for SFTP", zap.String("error", r.Error().String()))
return nil, new(sftp_server.InvalidCredentialsError)
}
rerr := errors.New(r.Error().String())
zap.S().Warnw("error validating SFTP credentials", zap.Error(rerr))
return nil, rerr
}