Fix for #2773.
This commit is contained in:
Ylian Saint-Hilaire
parent
8668a4449c
commit
b926196d0a
14
package.json
14
package.json
|
|
@ -36,8 +36,6 @@
|
|||
"sample-config-advanced.json"
|
||||
],
|
||||
"dependencies": {
|
||||
"archiver": "^4.0.2",
|
||||
"archiver-zip-encrypted": "^1.0.10",
|
||||
"body-parser": "^1.19.0",
|
||||
"cbor": "~5.2.0",
|
||||
"compression": "^1.7.4",
|
||||
|
|
@ -45,24 +43,14 @@
|
|||
"express": "^4.17.0",
|
||||
"express-handlebars": "^3.1.0",
|
||||
"express-ws": "^4.0.0",
|
||||
"image-size": "^1.0.0",
|
||||
"ipcheck": "^0.1.0",
|
||||
"loadavg-windows": "^1.1.1",
|
||||
"minimist": "^1.2.0",
|
||||
"mongodb": "^3.6.9",
|
||||
"multiparty": "^4.2.1",
|
||||
"nedb": "^1.8.0",
|
||||
"node-forge": "^0.10.0",
|
||||
"node-rdpjs-2": "^0.3.5",
|
||||
"node-windows": "^1.0.0-beta.5",
|
||||
"otplib": "^10.2.3",
|
||||
"saslprep": "^1.0.3",
|
||||
"ssh2": "^1.1.0",
|
||||
"web-push": "^3.4.4",
|
||||
"ws": "^5.2.0",
|
||||
"xmldom": "^0.5.0",
|
||||
"yauzl": "^2.10.0",
|
||||
"yubikeyotp": "^0.2.0"
|
||||
"yauzl": "^2.10.0"
|
||||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
|
|
|
|||
52
webserver.js
52
webserver.js
|
|
@ -408,7 +408,32 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
// Authenticate the user
|
||||
obj.authenticate = function (name, pass, domain, fn) {
|
||||
if ((typeof (name) != 'string') || (typeof (pass) != 'string') || (typeof (domain) != 'object')) { fn(new Error('invalid fields')); return; }
|
||||
if (domain.auth == 'ldap') {
|
||||
if (name.startsWith('~t:')) {
|
||||
// Login token, try to fetch the token from the database
|
||||
obj.db.Get('logintoken-' + name, function (err, docs) {
|
||||
if (err != null) { fn(err); return; }
|
||||
if ((docs == null) || (docs.length != 1)) { fn(new Error('login token not found')); return; }
|
||||
const loginToken = docs[0];
|
||||
if ((loginToken.expire != 0) && (loginToken.expire < Date.now())) { fn(new Error('login token expired')); return; }
|
||||
|
||||
// Default strong password hashing (pbkdf2 SHA384)
|
||||
require('./pass').hash(pass, loginToken.salt, function (err, hash, tag) {
|
||||
if (err) return fn(err);
|
||||
if (hash == loginToken.hash) {
|
||||
// Login username and password are valid.
|
||||
var user = obj.users[loginToken.userid];
|
||||
if (!user) { fn(new Error('cannot find user')); return; }
|
||||
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
|
||||
|
||||
// Succesful login token authentication
|
||||
var loginOptions = { tokenName: loginToken.name, tokenUser: loginToken.tokenUser };
|
||||
if (loginToken.expire != 0) { loginOptions.expire = loginToken.expire; }
|
||||
return fn(null, user._id, null, loginOptions);
|
||||
}
|
||||
fn(new Error('invalid password'));
|
||||
}, 0);
|
||||
});
|
||||
} else if (domain.auth == 'ldap') {
|
||||
if (domain.ldapoptions.url == 'test') {
|
||||
// Fake LDAP login
|
||||
var xxuser = domain.ldapoptions[name.toLowerCase()];
|
||||
|
|
@ -633,31 +658,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
}
|
||||
});
|
||||
}
|
||||
} else if (name.startsWith('~t:')) {
|
||||
// Login token, try to fetch the token from the database
|
||||
obj.db.Get('logintoken-' + name, function (err, docs) {
|
||||
if (err != null) { fn(err); return; }
|
||||
if ((docs == null) || (docs.length != 1)) { fn(new Error('login token not found')); return; }
|
||||
const loginToken = docs[0];
|
||||
if ((loginToken.expire != 0) && (loginToken.expire < Date.now())) { fn(new Error('login token expired')); return; }
|
||||
|
||||
// Default strong password hashing (pbkdf2 SHA384)
|
||||
require('./pass').hash(pass, loginToken.salt, function (err, hash, tag) {
|
||||
if (err) return fn(err);
|
||||
if (hash == loginToken.hash) {
|
||||
// Login username and password are valid.
|
||||
var user = obj.users[loginToken.userid];
|
||||
if (!user) { fn(new Error('cannot find user')); return; }
|
||||
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
|
||||
|
||||
// Succesful login token authentication
|
||||
var loginOptions = { tokenName: loginToken.name, tokenUser: loginToken.tokenUser };
|
||||
if (loginToken.expire != 0) { loginOptions.expire = loginToken.expire; }
|
||||
return fn(null, user._id, null, loginOptions);
|
||||
}
|
||||
fn(new Error('invalid password'));
|
||||
}, 0);
|
||||
});
|
||||
} else {
|
||||
// Regular login
|
||||
var user = obj.users['user/' + domain.id + '/' + name.toLowerCase()];
|
||||
|
|
|
|||
Loading…
Reference in New Issue