From 09c7ace2d1f3c2b9a39ddc024464b6193baf4102 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Mon, 20 Apr 2020 02:44:14 -0700
Subject: [PATCH] Server crash fix, improved authlog.

---
 meshuser.js              | 32 +++++++++++++++++++++++++++++++-
 package.json             |  2 +-
 sample-config.json       |  5 +++--
 translate/translate.json |  2 +-
 views/default.handlebars |  4 +++-
 5 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/meshuser.js b/meshuser.js
index 77833e31..92258a64 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -1245,6 +1245,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                                 if (user.groups) { for (var i in user.groups) { targets.push('server-users:' + i); } }
                                 parent.parent.DispatchEvent(targets, obj, message);
 
+                                // Log in the auth log
+                                if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' changed email from ' + oldemail + ' to ' + user.email); }
+
                                 // Send the verification email
                                 if (parent.parent.mailserver != null) { parent.parent.mailserver.sendAccountCheckMail(domain, user.name, user.email, parent.getLanguageCodes(req)); }
                             }
@@ -1388,6 +1391,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
 
                     if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deleteuser', responseid: command.responseid, result: 'ok' })); } catch (ex) { } }
 
+                    // Log in the auth log
+                    if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' deleted user account ' + deluser.name); }
+
                     break;
                 }
             case 'userbroadcast':
@@ -1491,6 +1497,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                                         }
                                         if (parent.db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to create the user. Another event will come.
                                         parent.parent.DispatchEvent(targets, obj, event);
+
+                                        // Log in the auth log
+                                        if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' created user account ' + newuser.name); }
                                     }, newuser);
                                 }
                             }
@@ -1592,6 +1601,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                                         parent.parent.mailserver.sendAccountInviteMail(domain, user.name, newusername, command.email.toLowerCase(), command.pass, parent.getLanguageCodes(req));
                                     }
 
+                                    // Log in the auth log
+                                    if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' created user account ' + newuser.name); }
+
                                     // OK Response
                                     if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'adduser', responseid: command.responseid, result: 'ok' })); } catch (ex) { } }
                                 } else {
@@ -1783,6 +1795,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                         // Event any pending events, these must be sent out after the group creation event is displatched.
                         for (var i in pendingDispatchEvents) { var ev = pendingDispatchEvents[i]; parent.parent.DispatchEvent(ev[0], ev[1], ev[2]); }
 
+                        // Log in the auth log
+                        if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' created user group ' + ugrp.name); }
+
                         try { ws.send(JSON.stringify({ action: 'createusergroup', responseid: command.responseid, result: 'ok', ugrpid: ugrpid, links: ugrp.links })); } catch (ex) { }
                     });
                     break;
@@ -1839,6 +1854,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                         var event = { etype: 'ugrp', userid: user._id, username: user.name, ugrpid: group._id, action: 'deleteusergroup', msg: change, domain: domain.id };
                         if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the mesh. Another event will come.
                         parent.parent.DispatchEvent(['*', group._id, user._id], obj, event);
+
+                        // Log in the auth log
+                        if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' deleted user group ' + group.name); }
                     });
                     break;
                 }
@@ -2066,6 +2084,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
 
                                     // Send user notification of password change
                                     displayNotificationMessage('Password changed.', 'Account Settings', 'ServerNotify');
+
+                                    // Log in the auth log
+                                    if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' changed this password'); }
                                 }
                             }, 0);
                         } else {
@@ -2117,6 +2138,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                                 var event = { etype: 'user', userid: user._id, username: user.name, account: parent.CloneSafeUser(chguser), action: 'accountchange', msg: 'Changed account credentials.', domain: domain.id };
                                 if (db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to change the user. Another event will come.
                                 parent.parent.DispatchEvent(targets, obj, event);
+
+                                // Log in the auth log
+                                if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' changed account password of user ' + chguser.name); }
                             } else {
                                 // Report that the password change failed
                                 // TODO
@@ -2276,6 +2300,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                         var event = { etype: 'mesh', userid: user._id, username: user.name, meshid: meshid, name: command.meshname, mtype: command.meshtype, desc: command.desc, action: 'createmesh', links: links, msg: 'Device group created: ' + command.meshname, domain: domain.id };
                         parent.parent.DispatchEvent(['*', meshid, user._id], obj, event); // Even if DB change stream is active, this event must be acted upon.
 
+                        // Log in the auth log
+                        if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' created device group ' + mesh.name); }
+
                         try { ws.send(JSON.stringify({ action: 'createmesh', responseid: command.responseid, result: 'ok', meshid: meshid, links: links })); } catch (ex) { }
                     });
                     break;
@@ -2365,6 +2392,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                     db.RemoveMeshDocuments(command.meshid);
                     // TODO: We are possibly deleting devices that users will have links to. We need to clean up the broken links from on occasion.
 
+                    // Log in the auth log
+                    if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' deleted device group ' + mesh.name); }
+
                     if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'deletemesh', responseid: command.responseid, result: 'ok' })); } catch (ex) { } }
                     break;
                 }
@@ -2479,7 +2509,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                             if (newuserid == obj.user._id) { msgs.push("Can't change self"); continue; }
 
                             var targetMeshRights = 0;
-                            if (newuser.links[command.meshid]) { targetMeshRights = newuser.links[command.meshid].rights; }
+                            if ((newuser.links != null) && (newuser.links[command.meshid] != null) && (newuser.links[command.meshid].rights != null)) { targetMeshRights = newuser.links[command.meshid].rights; }
                             if ((targetMeshRights == 0xFFFFFFFF) && (selfMeshRights != 0xFFFFFFFF)) { msgs.push("Can't change rights of device group administrator"); continue; } // A non-admin can't kick out an admin
 
                             if (command.remove === true) {
diff --git a/package.json b/package.json
index cb33f3db..ca02a6db 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "meshcentral",
-  "version": "0.5.8",
+  "version": "0.5.9",
   "keywords": [
     "Remote Management",
     "Intel AMT",
diff --git a/sample-config.json b/sample-config.json
index da4e4633..e383cdcd 100644
--- a/sample-config.json
+++ b/sample-config.json
@@ -56,8 +56,9 @@
     "_MpsTlsOffload": true,
     "_No2FactorAuth": true,
     "_Log": "main,web,webrequest,cert",
-    "_syslog": true,
-    "_syslogjson": true,
+    "_syslog": "meshcentral",
+    "_syslogauth": "meshcentral-auth",
+    "_syslogjson": "meshcentral-json",
     "_WebRtConfig": {
       "iceServers": [
         { "urls": "stun:stun.services.mozilla.com" },
diff --git a/translate/translate.json b/translate/translate.json
index becddcfc..a3e096c9 100644
--- a/translate/translate.json
+++ b/translate/translate.json
@@ -29577,4 +29577,4 @@
       ]
     }
   ]
-}
+}
\ No newline at end of file
diff --git a/views/default.handlebars b/views/default.handlebars
index 80b3563a..0b0cb46f 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -8392,7 +8392,9 @@
             for (var i in sortedusers) {
                 var trash = '', r = sortedusers[i].rights, rights = makeDeviceGroupRightsString(r), icon = 2;
                 if ((sortedusers[i].id != userinfo._id) && (meshrights == 0xFFFFFFFF || (((meshrights & 2) != 0)))) {
-                    trash = '<a href=# onclick=\'return p20deleteUser(event,"' + encodeURIComponent(sortedusers[i].id) + '")\' title=\"' + "Remove user rights to this device group" + '\" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
+                    if ((meshrights == 0xFFFFFFFF) || (currentMesh.links[sortedusers[i].id].rights != 0xFFFFFFFF)) {
+                        trash = '<a href=# onclick=\'return p20deleteUser(event,"' + encodeURIComponent(sortedusers[i].id) + '")\' title=\"' + "Remove user rights to this device group" + '\" style=cursor:pointer><img src=images/trash.png border=0 height=10 width=10></a>';
+                    }
                     rights = '<span tabindex=0 style=cursor:pointer onclick=p20viewuser("' + encodeURIComponent(sortedusers[i].id) + '") onkeypress="if (event.key==\'Enter\') p20viewuser(\'' + encodeURIComponent(sortedusers[i].id) + '\')">' + rights + ' <img class=hoverButton style=cursor:pointer src=images/link5.png></span>';
                 }
                 if (sortedusers[i].id.startsWith('ugrp/')) { icon = 4; }