MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed for typing issue #2416

This commit is contained in:
Ylian Saint-Hilaire 2021-04-15 15:38:07 -07:00
parent 9a71a2b83a
commit 56ba656bd4
4 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
meshcentral-config-schema.json
View File

@ -345,7 +345,8 @@
"force2factor": { "type": "boolean", "default": false, "description": "Requires that all accounts setup 2FA." },
"skip2factor": { "type": "string", "description": "IP addresses where 2FA login is skipped, for example: 127.0.0.1,192.168.2.0/24" },
"oldPasswordBan": { "type": "integer", "description": "Number of old passwords the server should remember and not allow the user to switch back to." },
"banCommonPasswords": { "type": "boolean", "default": false, "description": "Uses WildLeek to block use of the 10000 most commonly used passwords." }
"banCommonPasswords": { "type": "boolean", "default": false, "description": "Uses WildLeek to block use of the 10000 most commonly used passwords." },
"loginTokens": { "type": "boolean", "default": true, "description": "Allows users to create alternative username/passwords for their account." }
}
},
"twoFactorCookieDurationDays": { "type": "integer", "default": 30, "description": "Number of days that a user is allowed to remember this device for when completing 2FA. Set this to 0 to remove this option." },

9
meshuser.js
View File

@ -5610,6 +5610,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
}
break;
}
case 'createLoginToken': {
if ((typeof domain.passwordrequirements != 'object') && (domain.passwordrequirements.logintokens == false)) break; // Login tokens are not supported on this server
if (common.validateString(command.name, 1, 100) == false) break; // Check name
if ((typeof command.expire != 'number') || (command.expire < 0)) break; // Check expire
console.log(command);
break;
}
case 'getDeviceDetails': {
if (common.validateStrArray(command.nodeids, 1) == false) break; // Check nodeids
if (common.validateString(command.type, 3, 4) == false) break; // Check type

21
views/default.handlebars
View File

@ -381,6 +381,7 @@
<a href=# onclick="return account_showChangePassword()">Change password</a><span id="p2nextPasswordUpdateTime"></span><br />
<a href=# onclick="return account_showDeleteAccount()">Delete account</a><br />
</span>
<span id="accountCreateLoginTokenSpan" style="display:none"><a href=# onclick="return account_createLoginToken()">Create login token</a><br /></span>
</p>
<br style=clear:both />
</div>
@ -1934,6 +1935,7 @@
QV('manageEmail2FA', features & 0x00800000);
QV('p2AccountPassActions', ((features & 4) == 0) && (serverinfo.domainauth == false) && (userinfo != null) && (userinfo._id.split('/')[2].startsWith('~') == false)); // Hide Account Actions if in single user mode or domain authentication
//QV('p2AccountImage', ((features & 4) == 0) && (serverinfo.domainauth == false)); // If account actions are not visible, also remove the image on that panel
QV('accountCreateLoginTokenSpan', features2 & 0x00000080);
QV('p2AccountImage', !accountSettingsLocked)
QV('p2ServerActions', (siteRights & 21) && ((serverFeatures & 15) != 0));
QV('LeftMenuMyServer', (siteRights & 21) && ((serverFeatures & 64) != 0)); // 16 + 4 + 1
@ -10169,6 +10171,25 @@
return false;
}
function account_createLoginToken() {
if (xxdialogMode) return false;
var y = '', x = "Create a temporary username and password that can be used as alternative login to your account. This is useful for allowing tools or other services to access your account." + '<br /><br />';
var options = { 0 : "Unlimited", 1 : "1 minute", 5 : "5 minutes", 10 : "10 minutes", 15 : "15 minutes", 30 : "30 minutes", 45 : "45 minutes", 60 : "60 minutes", 120 : "2 hours", 240 : "4 hours", 480 : "8 hours", 720 : "12 hours", 960 : "16 hours", 1440 : "24 hours", 2880 : "2 days", 5760 : "4 days" }
for (var i in options) { y += '<option value=' + i + '>' + options[i] + '</option>'; }
x += addHtmlValue("Token Name", '<input id=d2tokenName style=width:250px maxlength=100 type=text onchange=account_createLoginTokenValidate() onkeyup=account_createLoginTokenValidate() />');
x += addHtmlValue("Expire Time", '<select id=d2tokenExpire style=width:250px>' + y + '</select>');
setDialogMode(2, "Create Login Token", 3, account_createLoginTokenEx, x);
QE('idx_dlgOkButton', false);
}
function account_createLoginTokenValidate() {
QE('idx_dlgOkButton', Q('d2tokenName').value.length > 0);
}
function account_createLoginTokenEx() {
meshserver.send({ action: 'createLoginToken', name: Q('d2tokenName').value, expire: parseInt(Q('d2tokenExpire').value) });
}
function account_showAccountNotifySettings() {
if (xxdialogMode) return false;
var x = '';

1
webserver.js
View File

@ -2547,6 +2547,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (((obj.args.noagentupdate == 1) || (obj.args.noagentupdate == true))) { features2 += 0x00000010; } // No agent update
if (parent.amtProvisioningServer != null) { features2 += 0x00000020; } // Intel AMT LAN provisioning server
if (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.push2factor != false)) && (obj.parent.firebase != null)) { features2 += 0x00000040; } // Indicates device push notification 2FA is enabled
if ((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.logintokens != false)) { features2 += 0x00000080; } // Indicates login tokens are allowed
// Create a authentication cookie
const authCookie = obj.parent.encodeCookie({ userid: dbGetFunc.user._id, domainid: domain.id, ip: req.clientIp }, obj.parent.loginCookieEncryptionKey);