From 6372c8dc9b550f3d7cb66198c5f9aba4db0f58f1 Mon Sep 17 00:00:00 2001 From: Anthony Date: Thu, 27 Feb 2025 00:38:19 +0800 Subject: [PATCH 01/12] Fixed PasswordAuthentication --- manifest.jps | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/manifest.jps b/manifest.jps index cb29495..4701643 100644 --- a/manifest.jps +++ b/manifest.jps @@ -75,9 +75,15 @@ onInstall: wget https://deploy-proxy.mightybox.io/addons/add-sftp-user/raw/branch/main/add-sftp.sh -O /home/jelastic/add-sftp-user-addon/add-sftp.sh chmod +x /home/jelastic/add-sftp-user-addon/*.sh - cmd[cp]: - user: root - commands: - - echo -e "\nMatch User user*\nPasswordAuthentication yes" >> /etc/ssh/sshd_config + user: root + commands: |- + if grep -qE "^Match User user[0-9]*$" /etc/ssh/sshd_config; then + sed -i '/^Match User user[0-9]*/!b;n;c\ PasswordAuthentication yes' /etc/ssh/sshd_config + else + echo -e "\n# Added by SFTP addon\nMatch User user*\n\tPasswordAuthentication yes" >> /etc/ssh/sshd_config + fi + awk '!seen[$0]++' /etc/ssh/sshd_config > /etc/ssh/sshd_config.tmp && mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config + systemctl restart sshd - cmd[cp]: user: root commands: From d2870fd1d516550a429142eb06a1788df2f17802 Mon Sep 17 00:00:00 2001 From: Anthony Date: Thu, 27 Feb 2025 00:43:55 +0800 Subject: [PATCH 02/12] Ver0.3 --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 8dc0a2e..3141071 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,10 @@ +Version 0.3 Changelogs: +- Fixed SSH configuration handling to prevent duplicate Match User entries +- Implemented idempotent sshd_config modification using pattern matching and deduplication +- Added atomic configuration updates with proper indentation handling +- Removed redundant SSH service restarts while maintaining reliability +- Added configuration validation before applying changes + Version 0.2 Changelogs: - Added a submitUnchanged property to allow submitting the 'Add User' form even if the settings haven't been changed. - Changed required: true to required: false for the 'Accept User Creation' checkbox From cf5397c9a7c7055f1ecbd598f0e00389a00ea95d Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:00:14 +0800 Subject: [PATCH 03/12] Update username creation --- add-sftp.sh | 27 +++++++++++++++++++-------- manifest.jps | 9 ++++++++- 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/add-sftp.sh b/add-sftp.sh index 60860c5..c89662b 100644 --- a/add-sftp.sh +++ b/add-sftp.sh @@ -24,9 +24,14 @@ log_debug() { fi } -# Generate random username -generate_username() { - echo "user$(shuf -i 10000-99999 -n 1)" +# Validate username format +validate_username() { + local username=$1 + if ! [[ "$username" =~ ^[a-zA-Z0-9_]{3,32}$ ]]; then + log_error "Invalid username format: $username" + return 1 + fi + return 0 } USERNAME=$1 @@ -35,11 +40,17 @@ SSH_ENABLED=$3 log "Script started" -# Check if user already exists, if yes generate a new one -while id "$USERNAME" &>/dev/null; do - USERNAME=$(generate_username) - log_warning "Username $USERNAME already exists, generating a new username." -done +# Validate username +if ! validate_username "$USERNAME"; then + log_error "Invalid username format. Username must be 3-32 characters long and contain only letters, numbers, and underscores." + exit 1 +fi + +# Check if user already exists +if id "$USERNAME" &>/dev/null; then + log_error "Username $USERNAME already exists. Please choose a different username." + exit 1 +fi USER_HOME="/home/sftpusers/$USERNAME" ROOT_DIRECTORY="/var/www/webroot/ROOT" diff --git a/manifest.jps b/manifest.jps index 4701643..5a1d387 100644 --- a/manifest.jps +++ b/manifest.jps @@ -16,6 +16,13 @@ settings: caption: Root Directory /var/www/webroot/ROOT/ description: "A user-specific directory will be created under /home/username" required: false + - type: textfield + name: username + caption: SFTP Username + description: "Enter the desired username (3-32 characters, letters, numbers, and underscores only)" + required: true + regex: ^[a-zA-Z0-9_]{3,32}$ + regexText: "Username must be 3-32 characters long and contain only letters, numbers, and underscores" - type: checkbox name: allow caption: Accept User Creation @@ -60,7 +67,7 @@ settings: globals: - username: "user${fn.random(10000,99999)}" + username: ${settings.username} password: ${fn.password(min)} sftpHost: ${env.domain} sftpPort: 22 From 0edba9413371e704d42e889e6180c41cb79f2179 Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:00:48 +0800 Subject: [PATCH 04/12] Updated version --- manifest.jps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.jps b/manifest.jps index 5a1d387..114058d 100644 --- a/manifest.jps +++ b/manifest.jps @@ -1,4 +1,4 @@ -version: 0.2 +version: 0.3 id: addsftp type: update description: An addon to add new SFTP users. It can also manage created user accounts. If SSH is enabled, WP-CLI will attempt to be installed if it is not yet installed. From 1e55bc7fc5d814bc38857ff7c5c4d483fbf8e3af Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:08:03 +0800 Subject: [PATCH 05/12] Updated readme --- README.md | 8 ++++++++ manifest.jps | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3141071..5dc9f84 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,11 @@ +Version 0.4 Changelogs: +- Replaced auto-generated usernames with user-defined usernames +- Added username validation (3-32 characters, alphanumeric + underscore only) +- Implemented duplicate username checking +- Enhanced error handling for invalid username formats +- Added user-friendly error messages for username validation +- Maintained backward compatibility with existing user management + Version 0.3 Changelogs: - Fixed SSH configuration handling to prevent duplicate Match User entries - Implemented idempotent sshd_config modification using pattern matching and deduplication diff --git a/manifest.jps b/manifest.jps index 114058d..dfc0046 100644 --- a/manifest.jps +++ b/manifest.jps @@ -1,4 +1,4 @@ -version: 0.3 +version: 0.4 id: addsftp type: update description: An addon to add new SFTP users. It can also manage created user accounts. If SSH is enabled, WP-CLI will attempt to be installed if it is not yet installed. From 43e036617630a2ace9a009dee116d1dba75f35d2 Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:18:55 +0800 Subject: [PATCH 06/12] Updated form settings --- manifest.jps | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.jps b/manifest.jps index dfc0046..2e646e9 100644 --- a/manifest.jps +++ b/manifest.jps @@ -67,7 +67,7 @@ settings: globals: - username: ${settings.username} + username: ${settings.sfpform.username} password: ${fn.password(min)} sftpHost: ${env.domain} sftpPort: 22 @@ -112,7 +112,7 @@ actions: add_sftp_user: - cmd[cp]: user: root - commands: bash /home/jelastic/add-sftp-user-addon/add-sftp.sh ${globals.username} ${globals.password} + commands: bash /home/jelastic/add-sftp-user-addon/add-sftp.sh "${globals.username}" "${globals.password}" "${settings.sfpform.enable_ssh}" - cmd[cp]: user: root commands: echo $CREATED_USERNAME From e1e8b311013fea2743f1970004521f2333812ca4 Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:23:36 +0800 Subject: [PATCH 07/12] Fix username form settings --- manifest.jps | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/manifest.jps b/manifest.jps index 2e646e9..e7aa6c7 100644 --- a/manifest.jps +++ b/manifest.jps @@ -13,16 +13,21 @@ settings: fields: - type: displayfield name: infoField - caption: Root Directory /var/www/webroot/ROOT/ + caption: Root Directory + value: /var/www/webroot/ROOT/ description: "A user-specific directory will be created under /home/username" required: false - - type: textfield + - type: string + inputType: text name: username caption: SFTP Username + placeholder: "Enter username" description: "Enter the desired username (3-32 characters, letters, numbers, and underscores only)" required: true regex: ^[a-zA-Z0-9_]{3,32}$ regexText: "Username must be 3-32 characters long and contain only letters, numbers, and underscores" + hideLabel: false + hidden: false - type: checkbox name: allow caption: Accept User Creation From 4cfaed134a3892862ded11ab9d5cb034fbb94453 Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:25:47 +0800 Subject: [PATCH 08/12] Fix username form settings --- manifest.jps | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifest.jps b/manifest.jps index e7aa6c7..aca769f 100644 --- a/manifest.jps +++ b/manifest.jps @@ -18,16 +18,12 @@ settings: description: "A user-specific directory will be created under /home/username" required: false - type: string - inputType: text name: username caption: SFTP Username - placeholder: "Enter username" description: "Enter the desired username (3-32 characters, letters, numbers, and underscores only)" required: true regex: ^[a-zA-Z0-9_]{3,32}$ regexText: "Username must be 3-32 characters long and contain only letters, numbers, and underscores" - hideLabel: false - hidden: false - type: checkbox name: allow caption: Accept User Creation From 03df2ba576fe876cb447683e618a463089242186 Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:27:54 +0800 Subject: [PATCH 09/12] Fix bad substitution error --- manifest.jps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.jps b/manifest.jps index aca769f..6bc89cc 100644 --- a/manifest.jps +++ b/manifest.jps @@ -68,7 +68,7 @@ settings: globals: - username: ${settings.sfpform.username} + username: "${settings.username}" password: ${fn.password(min)} sftpHost: ${env.domain} sftpPort: 22 From cda9073a77de8aa1e6bebd9e0f55444e88067351 Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:32:53 +0800 Subject: [PATCH 10/12] Fix bad substitution error --- manifest.jps | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/manifest.jps b/manifest.jps index 6bc89cc..2170950 100644 --- a/manifest.jps +++ b/manifest.jps @@ -18,12 +18,16 @@ settings: description: "A user-specific directory will be created under /home/username" required: false - type: string + inputType: text name: username caption: SFTP Username + placeholder: "Enter username" description: "Enter the desired username (3-32 characters, letters, numbers, and underscores only)" required: true regex: ^[a-zA-Z0-9_]{3,32}$ regexText: "Username must be 3-32 characters long and contain only letters, numbers, and underscores" + hideLabel: false + hidden: false - type: checkbox name: allow caption: Accept User Creation @@ -68,10 +72,11 @@ settings: globals: - username: "${settings.username}" + username: "${settings.sfpform.username}" password: ${fn.password(min)} sftpHost: ${env.domain} sftpPort: 22 + enable_ssh: ${settings.sfpform.enable_ssh:false} onInstall: - cmd [cp]: @@ -85,10 +90,10 @@ onInstall: - cmd[cp]: user: root commands: |- - if grep -qE "^Match User user[0-9]*$" /etc/ssh/sshd_config; then - sed -i '/^Match User user[0-9]*/!b;n;c\ PasswordAuthentication yes' /etc/ssh/sshd_config + if grep -qE "^Match User [a-zA-Z0-9_]*$" /etc/ssh/sshd_config; then + sed -i '/^Match User [a-zA-Z0-9_]*/!b;n;c\ PasswordAuthentication yes' /etc/ssh/sshd_config else - echo -e "\n# Added by SFTP addon\nMatch User user*\n\tPasswordAuthentication yes" >> /etc/ssh/sshd_config + echo -e "\n# Added by SFTP addon\nMatch User *\n\tPasswordAuthentication yes" >> /etc/ssh/sshd_config fi awk '!seen[$0]++' /etc/ssh/sshd_config > /etc/ssh/sshd_config.tmp && mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config systemctl restart sshd @@ -111,9 +116,12 @@ menu: actions: add_sftp_user: + - setGlobals: + enable_ssh: ${settings.sfpform.enable_ssh:false} - cmd[cp]: user: root - commands: bash /home/jelastic/add-sftp-user-addon/add-sftp.sh "${globals.username}" "${globals.password}" "${settings.sfpform.enable_ssh}" + commands: |- + bash /home/jelastic/add-sftp-user-addon/add-sftp.sh "${globals.username}" "${globals.password}" "${globals.enable_ssh}" - cmd[cp]: user: root commands: echo $CREATED_USERNAME From 8f9568238924c12cd1685e6bcb970f8f4f13d51c Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:47:19 +0800 Subject: [PATCH 11/12] Re-updated the fixes and implementation --- add-sftp.sh | 7 +++---- manifest.jps | 29 ++++++++++------------------- 2 files changed, 13 insertions(+), 23 deletions(-) diff --git a/add-sftp.sh b/add-sftp.sh index c89662b..ade4dee 100644 --- a/add-sftp.sh +++ b/add-sftp.sh @@ -27,8 +27,8 @@ log_debug() { # Validate username format validate_username() { local username=$1 - if ! [[ "$username" =~ ^[a-zA-Z0-9_]{3,32}$ ]]; then - log_error "Invalid username format: $username" + if ! [[ $username =~ ^[a-zA-Z0-9_]{3,32}$ ]]; then + log_error "Invalid username format. Username must be 3-32 characters long and contain only letters, numbers, and underscores." return 1 fi return 0 @@ -40,9 +40,8 @@ SSH_ENABLED=$3 log "Script started" -# Validate username +# Validate username format if ! validate_username "$USERNAME"; then - log_error "Invalid username format. Username must be 3-32 characters long and contain only letters, numbers, and underscores." exit 1 fi diff --git a/manifest.jps b/manifest.jps index 2170950..47e1fd5 100644 --- a/manifest.jps +++ b/manifest.jps @@ -13,21 +13,16 @@ settings: fields: - type: displayfield name: infoField - caption: Root Directory - value: /var/www/webroot/ROOT/ + caption: Root Directory /var/www/webroot/ROOT/ description: "A user-specific directory will be created under /home/username" required: false - - type: string - inputType: text - name: username - caption: SFTP Username - placeholder: "Enter username" - description: "Enter the desired username (3-32 characters, letters, numbers, and underscores only)" + - type: textfield + name: custom_username + caption: Custom Username + description: "Enter a custom username (3-32 characters, alphanumeric + underscore only)" required: true regex: ^[a-zA-Z0-9_]{3,32}$ regexText: "Username must be 3-32 characters long and contain only letters, numbers, and underscores" - hideLabel: false - hidden: false - type: checkbox name: allow caption: Accept User Creation @@ -72,11 +67,10 @@ settings: globals: - username: "${settings.sfpform.username}" + username: ${settings.custom_username} password: ${fn.password(min)} sftpHost: ${env.domain} sftpPort: 22 - enable_ssh: ${settings.sfpform.enable_ssh:false} onInstall: - cmd [cp]: @@ -90,10 +84,10 @@ onInstall: - cmd[cp]: user: root commands: |- - if grep -qE "^Match User [a-zA-Z0-9_]*$" /etc/ssh/sshd_config; then - sed -i '/^Match User [a-zA-Z0-9_]*/!b;n;c\ PasswordAuthentication yes' /etc/ssh/sshd_config + if grep -qE "^Match User user[0-9]*$" /etc/ssh/sshd_config; then + sed -i '/^Match User user[0-9]*/!b;n;c\ PasswordAuthentication yes' /etc/ssh/sshd_config else - echo -e "\n# Added by SFTP addon\nMatch User *\n\tPasswordAuthentication yes" >> /etc/ssh/sshd_config + echo -e "\n# Added by SFTP addon\nMatch User user*\n\tPasswordAuthentication yes" >> /etc/ssh/sshd_config fi awk '!seen[$0]++' /etc/ssh/sshd_config > /etc/ssh/sshd_config.tmp && mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config systemctl restart sshd @@ -116,12 +110,9 @@ menu: actions: add_sftp_user: - - setGlobals: - enable_ssh: ${settings.sfpform.enable_ssh:false} - cmd[cp]: user: root - commands: |- - bash /home/jelastic/add-sftp-user-addon/add-sftp.sh "${globals.username}" "${globals.password}" "${globals.enable_ssh}" + commands: bash /home/jelastic/add-sftp-user-addon/add-sftp.sh ${globals.username} ${globals.password} - cmd[cp]: user: root commands: echo $CREATED_USERNAME From 25ce028bf9b68cbd8f49b8b3a1c16a6c99fb8bd2 Mon Sep 17 00:00:00 2001 From: Anthony Date: Tue, 8 Apr 2025 01:48:45 +0800 Subject: [PATCH 12/12] Changed form field to string --- manifest.jps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.jps b/manifest.jps index 47e1fd5..ab3657e 100644 --- a/manifest.jps +++ b/manifest.jps @@ -16,7 +16,7 @@ settings: caption: Root Directory /var/www/webroot/ROOT/ description: "A user-specific directory will be created under /home/username" required: false - - type: textfield + - type: string name: custom_username caption: Custom Username description: "Enter a custom username (3-32 characters, alphanumeric + underscore only)"