IdP (#62): add groups + dynamic vols (non-persistent)

features which should be good to go: * user groups * assigning permissions by group * dynamically created volumes based on username/groupname * rebuild vfs when new users/groups appear but several important features still pending; * detect dangerous configurations * dynamic vol below readable path * remember volumes created during previous runs * helps prevent unintended access * correct filesystem-scan on startup
2026-03-28 02:53:03 +10:00 · 2024-01-30 19:13:42 +01:00
parent eefa0518db
commit caf7e93f5e
12 changed files with 559 additions and 56 deletions
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -458,9 +458,20 @@ class HttpCli(object):

        if self.args.idp_h_usr:
            self.pw = ""
-            self.uname = self.headers.get(self.args.idp_h_usr) or "*"
-            if self.uname not in self.asrv.vfs.aread:
-                self.log("unknown username: [%s]" % (self.uname), 1)
+            idp_usr = self.headers.get(self.args.idp_h_usr) or ""
+            if idp_usr:
+                idp_grp = (
+                    self.headers.get(self.args.idp_h_grp) or ""
+                    if self.args.idp_h_grp
+                    else ""
+                )
+                self.asrv.idp_checkin(self.conn.hsrv.broker, idp_usr, idp_grp)
+                if idp_usr in self.asrv.vfs.aread:
+                    self.uname = idp_usr
+                else:
+                    self.log("unknown username: [%s]" % (idp_usr), 1)
+                    self.uname = "*"
+            else:
                self.uname = "*"
        else:
            self.pw = uparam.get("pw") or self.headers.get("pw") or bauth or cookie_pw