mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 22:25:52 -05:00
Fixed FIDO2 HW keys with LDAP.
This commit is contained in:
parent
d9e23a3de1
commit
11af25924a
11
webserver.js
11
webserver.js
@ -948,6 +948,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
req.session.loginmode = '4';
|
||||
req.session.tokenemail = ((user.email != null) && (user.emailVerified == true) && (parent.mailserver != null) && (user.otpekey != null));
|
||||
req.session.tokensms = ((user.phone != null) && (parent.smsserver != null));
|
||||
req.session.tokenuserid = userid;
|
||||
req.session.tokenusername = xusername;
|
||||
req.session.tokenpassword = xpassword;
|
||||
if (direct === true) { handleRootRequestEx(req, res, domain); } else { res.redirect(domain.url + getQueryPortion(req)); }
|
||||
@ -1042,6 +1043,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
parent.debug('web', 'handleLoginRequest: login ok, password change requested');
|
||||
req.session.loginmode = '6';
|
||||
req.session.messageid = 113; // Password change requested.
|
||||
req.session.resettokenuserid = userid;
|
||||
req.session.resettokenusername = xusername;
|
||||
req.session.resettokenpassword = xpassword;
|
||||
if (direct === true) { handleRootRequestEx(req, res, domain); } else { res.redirect(domain.url + getQueryPortion(req)); }
|
||||
@ -1062,6 +1064,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
//req.session.regenerate(function () {
|
||||
// Store the user's primary key in the session store to be retrieved, or in this case the entire user object
|
||||
delete req.session.loginmode;
|
||||
delete req.session.tokenuserid;
|
||||
delete req.session.tokenusername;
|
||||
delete req.session.tokenpassword;
|
||||
delete req.session.tokenemail;
|
||||
@ -1254,8 +1257,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if ((domain == null) || (domain.auth == 'sspi') || (domain.auth == 'ldap') || (typeof req.body.rpassword1 != 'string') || (typeof req.body.rpassword2 != 'string') || (req.body.rpassword1 != req.body.rpassword2) || (typeof req.body.rpasswordhint != 'string') || (req.session == null) || (typeof req.session.resettokenusername != 'string') || (typeof req.session.resettokenpassword != 'string')) {
|
||||
parent.debug('web', 'handleResetPasswordRequest: checks failed');
|
||||
delete req.session.loginmode;
|
||||
delete req.session.tokenuserid;
|
||||
delete req.session.tokenusername;
|
||||
delete req.session.tokenpassword;
|
||||
delete req.session.resettokenuserid;
|
||||
delete req.session.resettokenusername;
|
||||
delete req.session.resettokenpassword;
|
||||
delete req.session.tokenemail;
|
||||
@ -1317,8 +1322,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
// Failed, error out.
|
||||
parent.debug('web', 'handleResetPasswordRequest: failed authenticate()');
|
||||
delete req.session.loginmode;
|
||||
delete req.session.tokenuserid;
|
||||
delete req.session.tokenusername;
|
||||
delete req.session.tokenpassword;
|
||||
delete req.session.resettokenuserid;
|
||||
delete req.session.resettokenusername;
|
||||
delete req.session.resettokenpassword;
|
||||
delete req.session.tokenemail;
|
||||
@ -2268,8 +2275,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
// Send back the login application
|
||||
// If this is a 2 factor auth request, look for a hardware key challenge.
|
||||
// Normal login 2 factor request
|
||||
if (req.session && (req.session.loginmode == '4') && (req.session.tokenusername)) {
|
||||
var user = obj.users['user/' + domain.id + '/' + req.session.tokenusername.toLowerCase()];
|
||||
if (req.session && (req.session.loginmode == '4') && (req.session.tokenuserid)) {
|
||||
var user = obj.users[req.session.tokenuserid];
|
||||
if (user != null) {
|
||||
parent.debug('web', 'handleRootRequestEx: sending 2FA challenge.');
|
||||
getHardwareKeyChallenge(req, domain, user, function (hwchallenge) { handleRootRequestLogin(req, res, domain, hwchallenge, passRequirements); });
|
||||
|
Loading…
Reference in New Issue
Block a user