Fixed server exception when using agent installation invite codes, #4233
This commit is contained in:
Ylian Saint-Hilaire
parent
947d9094cb
commit
695e3068de
10
webserver.js
10
webserver.js
|
|
@ -1036,6 +1036,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
const domain = checkUserIpAddress(req, res);
|
||||
if (domain == null) { return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if (req.body == null) { res.sendStatus(404); return; } // Post body is empty or can't be parsed
|
||||
|
||||
// Check if this is a banned ip address
|
||||
if (obj.checkAllowLogin(req) == false) {
|
||||
|
|
@ -1343,6 +1344,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
if ((domain.auth == 'sspi') || (domain.auth == 'ldap')) { parent.debug('web', 'handleCreateAccountRequest: failed checks.'); res.sendStatus(404); return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if (req.session.loginToken != null) { res.sendStatus(404); return; } // Do not allow this command when logged in using a login token
|
||||
if (req.body == null) { res.sendStatus(404); return; } // Post body is empty or can't be parsed
|
||||
|
||||
// Check if we are in maintenance mode
|
||||
if (parent.config.settings.maintenancemode != null) {
|
||||
|
|
@ -1498,6 +1500,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
if (domain == null) { return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if (req.session.loginToken != null) { res.sendStatus(404); return; } // Do not allow this command when logged in using a login token
|
||||
if (req.body == null) { res.sendStatus(404); return; } // Post body is empty or can't be parsed
|
||||
|
||||
// Check everything is ok
|
||||
const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.allowaccountreset !== false));
|
||||
|
|
@ -1614,6 +1617,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
if ((allowAccountReset === false) || (domain.auth == 'sspi') || (domain.auth == 'ldap') || (obj.args.lanonly == true) || (obj.parent.certificates.CommonName == null) || (obj.parent.certificates.CommonName.indexOf('.') == -1)) { parent.debug('web', 'handleResetAccountRequest: check failed'); res.sendStatus(404); return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if (req.session.loginToken != null) { res.sendStatus(404); return; } // Do not allow this command when logged in using a login token
|
||||
if (req.body == null) { res.sendStatus(404); return; } // Post body is empty or can't be parsed
|
||||
|
||||
// Always lowercase the email address
|
||||
if (req.body.email) { req.body.email = req.body.email.toLowerCase(); }
|
||||
|
|
@ -1744,6 +1748,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
if ((domain.mailserver == null) || (domain.auth == 'sspi') || (domain.auth == 'ldap') || (typeof req.session.cuserid != 'string') || (obj.users[req.session.cuserid] == null) || (!obj.common.validateEmail(req.body.email, 1, 256))) { parent.debug('web', 'handleCheckAccountEmailRequest: failed checks.'); res.sendStatus(404); return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if (req.session.loginToken != null) { res.sendStatus(404); return; } // Do not allow this command when logged in using a login token
|
||||
if (req.body == null) { res.sendStatus(404); return; } // Post body is empty or can't be parsed
|
||||
|
||||
// Always lowercase the email address
|
||||
if (req.body.email) { req.body.email = req.body.email.toLowerCase(); }
|
||||
|
|
@ -1930,7 +1935,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
const domain = getDomain(req);
|
||||
if (domain == null) { parent.debug('web', 'handleInviteRequest: failed checks.'); res.sendStatus(404); return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if ((req.body.inviteCode == null) || (req.body.inviteCode == '')) { render(req, res, getRenderPage('invite', req, domain), getRenderArgs({ messageid: 0 }, req, domain)); return; } // No invitation code
|
||||
if ((req.body == null) || (req.body.inviteCode == null) || (req.body.inviteCode == '')) { render(req, res, getRenderPage('invite', req, domain), getRenderArgs({ messageid: 0 }, req, domain)); return; } // No invitation code
|
||||
|
||||
// Each for a device group that has this invite code.
|
||||
for (var i in obj.meshes) {
|
||||
|
|
@ -2184,6 +2189,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
if ((domain.auth == 'sspi') || (domain.auth == 'ldap')) { parent.debug('web', 'handleDeleteAccountRequest: failed checks.'); res.sendStatus(404); return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if (req.session.loginToken != null) { res.sendStatus(404); return; } // Do not allow this command when logged in using a login token
|
||||
if (req.body == null) { res.sendStatus(404); return; } // Post body is empty or can't be parsed
|
||||
|
||||
var user = null;
|
||||
if (req.body.authcookie) {
|
||||
|
|
@ -2367,6 +2373,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
if ((domain.auth == 'sspi') || (domain.auth == 'ldap')) { parent.debug('web', 'handlePasswordChangeRequest: failed checks (1).'); res.sendStatus(404); return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.sendStatus(404); return; } // Check 3FA URL key
|
||||
if (req.session.loginToken != null) { res.sendStatus(404); return; } // Do not allow this command when logged in using a login token
|
||||
if (req.body == null) { res.sendStatus(404); return; } // Post body is empty or can't be parsed
|
||||
|
||||
// Check if the user is logged and we have all required parameters
|
||||
if (!req.session || !req.session.userid || !req.body.apassword0 || !req.body.apassword1 || (req.body.apassword1 != req.body.apassword2) || (req.session.userid.split('/')[1] != domain.id)) {
|
||||
|
|
@ -3087,6 +3094,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
const domain = checkUserIpAddress(req, res);
|
||||
if (domain == null) { return; }
|
||||
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { res.end("Not Found"); return; } // Check 3FA URL key
|
||||
if (req.body == null) { req.body = {}; }
|
||||
parent.debug('web', 'handleRootPostRequest, action: ' + req.body.action);
|
||||
|
||||
// If a HTTP header is required, check new UserRequiredHttpHeader
|
||||
|
|
|
|||
Loading…
Reference in New Issue