WebDAV integration with OIDC

[denis-dysen]

I just implemented OIDC on my instance, and I've noticed it's impossible to login to WebDAV as there are no local account passwords for the users I assume. Is there some way to get this to work? Maybe through a pre-login hook for DAV logins?

[m1212e]

Hey, did you by any chance solve this?

[denis-dysen]

Hi! I have a half-solution, it's just really ugly and I implemented it a while ago (apparently over a year ago) so I barely remember what it does or how to use it

This is a script I have in the root of the sftpgo appdata (/var/lib/sftpgo) that I called hook.sh, and in sftpgo.json I have this entry:

"pre_login_hook": "/var/lib/sftpgo/hook.sh",

I redacted my personal values, but what I believe this does is whenever someone logs into the web ui with OIDC, it checks to see if their username matches, and if so it creates (not sure if it updates) the user with the specified values - the password and as you can see I also specified their home directory and quotas.

As I said it's a very rough solution and I hope they implement something native but I hope this helps!

hook.sh

#!/bin/sh

#export PATH=/var/lib/sftpgo/hooks:$PATH

USERNAME=$(echo "$SFTPGO_LOGIND_USER" | jq --compact-output '.username') 
USERNAME=$(echo "$USERNAME" | sed 's/"//g')

if [ "$USERNAME" == "user1" ]; then
        PASSWORD="user1password"
    elif [ "$USERNAME" == "admin" ]; then
        PASSWORD="adminpassword"
    elif [ "$USERNAME" == "user2" ]; then
        PASSWORD="user2password"
    else
        PASSWORD="everyoneelsespassword"
fi

if [ "$SFTPGO_LOGIND_PROTOCOL" == "OIDC" ]; then
    if [ "$USERNAME" == "admin" ]; then
            echo "$SFTPGO_LOGIND_USER" | jq --compact-output '.+{"home_dir": ("/mnt/"), "password": '\"$PASSWORD\"', "permissions": {"/": ["*"]},"status":1,"quota_size": 0,"quota_files":0}' # Create a new user
        elif [ "$USERNAME" == "user1" ]; then
            echo "$SFTPGO_LOGIND_USER" | jq --compact-output '.+{"home_dir": ("/mnt/pool/data/users/"+.username), "password": '\"$PASSWORD\"', "permissions": {"/": ["*"]},"status":1,"quota_size": 0,"quota_files":0}' # Create a new user
        else
            echo "$SFTPGO_LOGIND_USER" | jq --compact-output '.+{"home_dir": ("/mnt/pool/data/users/"+.username), "password": '\"$PASSWORD\"', "permissions": {"/": ["*"]},"status":1,"quota_size": 10000000000,"quota_files":100000}' # Create a new user
    fi
fi


echo "" # Do not create a user