Merge pull request #4522 from silversword411/master

Typo squashing - Double-check 2nd commit!
This commit is contained in:
Ylian Saint-Hilaire 2022-09-07 08:09:41 -07:00 committed by GitHub
commit 47dceea585
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 404 additions and 23 deletions

383
.vscode/settings.json vendored
View File

@ -1,7 +1,11 @@
{
"cSpell.words": [
"abcdf",
"accountchange",
"accountcreate",
"accountid",
"accountremove",
"acmd",
"acmepath",
"actiontype",
"adddevicegroup",
@ -16,17 +20,30 @@
"addusertousergroup",
"adminaccount",
"adminname",
"agentaliasdns",
"agentaliasport",
"agentallowedip",
"agentapp",
"agentblockedip",
"agentconfig",
"agentconsole",
"agentcoredump",
"agentcoredumpusers",
"agentcustomization",
"agentdownload",
"agenterrorlogs",
"agentid",
"agentidletimeout",
"agentinfo",
"agentinvite",
"agentinvitecodes",
"agentkey",
"Agentless",
"agentnoproxy",
"agentport",
"agentportbind",
"agentporttls",
"agenttransfer",
"agenttype",
"agentupdateblocksize",
"agentupdatetest",
@ -34,57 +51,97 @@
"aliasport",
"allevents",
"allowaccountreset",
"allowframing",
"allowfullscreen",
"allowhighqualitydesktop",
"allowsavingdevicecredentials",
"allusers",
"alreadyinstalled",
"amtacmactivation",
"amtevents",
"amthost",
"amtmanager",
"amtoff",
"amton",
"amtonly",
"amtpass",
"amtreset",
"amtscanner",
"amtscanoptions",
"anewaccountcaptcha",
"apassword",
"apasswordhint",
"apikey",
"apos",
"appmetrics",
"apprelays",
"ashx",
"assistantconfig",
"assistantcustomization",
"assistantnoproxy",
"atag",
"authcookie",
"authenticode",
"authfail",
"authlog",
"authlogfile",
"Authn",
"authorizationurl",
"authstr",
"authstrategies",
"autofido",
"awsrds",
"backgroundcolor",
"backgroundonly",
"backupcode",
"backuppath",
"badargs",
"badtlscert",
"bancommonpasswords",
"batchupload",
"bitmask",
"Bounser",
"callbackurl",
"captchaargs",
"ccmp",
"Centralv",
"certbot",
"certfiles",
"certhash",
"certkeyhash",
"certpfx",
"certpfxpass",
"certurl",
"cfile",
"changedevice",
"changenode",
"changepassword",
"chatnotify",
"checkemail",
"checkmail",
"chnl",
"CIRA",
"ciraconn",
"ciralocalfqdn",
"ckey",
"clearpower",
"clientid",
"clientsecret",
"clipboardget",
"clipboardset",
"cmdoptions",
"cmds",
"cnonce",
"companyname",
"configfile",
"configfiles",
"configkey",
"connectionstring",
"Consts",
"cookieipcheck",
"cookiesamesite",
"coolofftime",
"coredump",
"coredumps",
"createaccount",
"createmesh",
@ -92,8 +149,14 @@
"crowdsec",
"crypted",
"cscli",
"curloptionshttp",
"curloptionshttps",
"cuser",
"cuserid",
"customui",
"datafile",
"datapath",
"datas",
"datastr",
"dbconfig",
"dbdeleteconfigfiles",
@ -107,67 +170,119 @@
"dbpulldatafiles",
"dbpushconfigfiles",
"dbshowconfigfile",
"debuglevel",
"defaultuserwebstate",
"deldump",
"deleteaccount",
"deletedefaultdomain",
"deletedomain",
"deletemesh",
"deleteuser",
"deleteusergroup",
"deluser",
"deluserpath",
"DESKLIMITEDINPUT",
"desktopmultiplex",
"desktopnotify",
"desktopprivacybar",
"desktopprompt",
"desktoprelays",
"desktopviewonly",
"devbox",
"devicefile",
"deviceid",
"deviceinfo",
"deviceinfocount",
"devicemessage",
"deviceopenurl",
"devicepower",
"devicepowerevents",
"devicesearchbarserverandclientname",
"deviceshare",
"devicesharing",
"devicetoast",
"devid",
"Digesthash",
"disablerequestedauthncontext",
"displayname",
"dlccore",
"dlcore",
"dldump",
"dnscount",
"dnssuffix",
"domaindefaults",
"domainid",
"domainname",
"domainurl",
"domainx",
"dont",
"dontlognull",
"downloadfile",
"dumpcores",
"dumpfile",
"editdevice",
"editdevicegroup",
"editgroup",
"editmesh",
"edituser",
"emailaddress",
"emailcheck",
"emaildomain",
"emailexists",
"emailok",
"emailvalidation",
"emailvalidationrequired",
"emailverified",
"entityid",
"entrypoints",
"errdesc",
"errlogpath",
"esversion",
"etype",
"eventlogger",
"exactport",
"exactports",
"exphbs",
"extractall",
"extrakey",
"extralinks",
"extrascriptsrc",
"factorauth",
"factorwarning",
"fadev",
"fahold",
"fasent",
"fastcert",
"fchallenge",
"fileaccess",
"filedata",
"filefullpath",
"filenotify",
"fileprompt",
"filesize",
"filespath",
"filestats",
"fileurl",
"filteredusers",
"filterid",
"firebaserelay",
"firstname",
"forceduserwebstate",
"foregroundcolor",
"forwardclient",
"forwardfor",
"forwardwrite",
"forwardwsocket",
"fpath",
"Freemonitoring",
"frontends",
"ftarget",
"fullpath",
"fullrights",
"fullscreen",
"gatewaymac",
"generateinvitelink",
"geourl",
"getnetworkinfo",
"getsysinfo",
"getwspass",
@ -175,49 +290,85 @@
"gotodevicename",
"gotonode",
"groupid",
"guestdevicesharing",
"guestname",
"GUESTSHARING",
"hashhex",
"Hashi",
"hashpass",
"hashpasssplit",
"hashpassword",
"Hashs",
"healthcheck",
"Hilaire",
"hkey",
"httpheaders",
"httplog",
"httpport",
"hwchallenge",
"hwotp",
"hwstate",
"hwtoken",
"Ider",
"idexists",
"idhex",
"idpurl",
"idsplit",
"iframe",
"ignoreagenthashcheck",
"iishash",
"imagebase",
"imagefile",
"indexagenterrorlog",
"indexmcrec",
"installflags",
"installsize",
"installtext",
"intelamt",
"interactiveonly",
"interuser",
"invitecodes",
"ipaddr",
"ipblockeduserredirect",
"ipcheck",
"ipex",
"ipkvm",
"iplayer",
"ipranges",
"isaml",
"Jitsi",
"jumpcloud",
"keyfile",
"keygrip",
"keyid",
"lanonly",
"LAPI",
"lastaddr",
"lastconnect",
"lastname",
"ldapauth",
"ldapobj",
"ldapoptions",
"ldapsaveusertofile",
"ldapsyncwithusergroups",
"ldapuserbinarykey",
"ldapuseremail",
"ldapusergroups",
"ldapuserimage",
"ldapuserkey",
"ldapusername",
"ldapuserphonenumber",
"ldapuserrealname",
"ldapuserrequiredgroupmembership",
"ldapusers",
"leok",
"letsencrypt",
"lightgray",
"limiteddesktop",
"limitedevents",
"LIMITEVENTS",
"Linaro",
"linuxpath",
"listdevicegroups",
"listdevices",
"listdomains",
@ -228,56 +379,93 @@
"listusersessions",
"listusersofdevicegroup",
"loadconfigfromdb",
"localdiscovery",
"localfile",
"localpath",
"localrelay",
"localsessionrecording",
"localurl",
"lockagentdownload",
"locksettings",
"logfile",
"logincodeb",
"logindomain",
"loginfooter",
"loginkey",
"loginkeyfile",
"loginlogo",
"loginmode",
"loginpass",
"loginpicture",
"loginscreen",
"logintoken",
"logintokengen",
"logintokenkey",
"logintokens",
"loginuser",
"logoback",
"logoutcontrols",
"logouturl",
"macrouter",
"magenturl",
"mailserver",
"mailtokengen",
"maintenancemode",
"mainwelcome",
"MANAGECOMPUTERS",
"managedevices",
"manageusers",
"markcoredump",
"maxfidokeys",
"maxlen",
"maxuseraccounts",
"mcpath",
"mcrdesktop",
"mcrec",
"mcrfiles",
"mcrouter",
"Mebx",
"meshaction",
"meshadmin",
"meshagent",
"meshagents",
"meshauth",
"meshcentral",
"meshcentralhost",
"meshchange",
"meshcmd",
"meshcommander",
"meshcookie",
"meshcore",
"meshctrl",
"meshdesktopmultiplex",
"meshdevicefile",
"mesherrorlogpath",
"mesherrors",
"meshfilename",
"meshid",
"meshidhex",
"meshidname",
"meshinstall",
"meshmail",
"meshmessenger",
"meshmessengerid",
"meshmessengerpicture",
"meshmessengertitle",
"meshname",
"meshosxagent",
"meshquota",
"meshrelay",
"MESHRIGHT",
"meshrights",
"meshscanner",
"meshserver",
"meshsettings",
"meshsettingslines",
"meshtype",
"meshuser",
"Messagebox",
"messageid",
"Messenging",
"minfo",
"minifyall",
@ -287,17 +475,25 @@
"mongorestore",
"moutput",
"movetodevicegroup",
"mpkg",
"mpsaliasport",
"mpscert",
"mpsdebug",
"mpspass",
"mpsport",
"mpsserver",
"mpsservers",
"MPSSSL",
"mpstlsoffload",
"mqttbroker",
"MSCHA",
"msgid",
"mstsc",
"mstscrelay",
"mtype",
"multiplexor",
"multiresponse",
"multivalued",
"myaccountname",
"mycompany",
"mydomain",
@ -309,13 +505,19 @@
"netif",
"newaccountemaildomains",
"newaccountname",
"newaccountrealms",
"newaccounts",
"newaccountscaptcha",
"newaccountspass",
"newaccountsrights",
"newaccountsusergroups",
"newgroupname",
"newobj",
"newpass",
"newpassword",
"NGNIX",
"nightmode",
"noact",
"noagentupdate",
"noamt",
"noauth",
@ -324,47 +526,91 @@
"nodecount",
"nodeid",
"nodeids",
"nodeidsplit",
"nodeinfo",
"nodekey",
"nodepath",
"NODESKTOP",
"nodewindows",
"nofiles",
"nofirewall",
"nolog",
"nologout",
"NOMESHCMD",
"nominify",
"nonalpha",
"NONEWDEVICES",
"nonewgroups",
"noproxy",
"noredirect",
"nosniff",
"noterminal",
"notools",
"nouser",
"nousers",
"novnc",
"npmjs",
"npmpath",
"npmproxy",
"npmtag",
"objid",
"ODELAY",
"offloader",
"offloaders",
"oidc",
"oldpassword",
"oldpasswordban",
"oldpasswords",
"oneclickrecovery",
"onlyselecteddevicegroups",
"onlyselectedusers",
"openidconnect",
"openstreetmap",
"openurl",
"orphanagentuser",
"osdesc",
"osinfo",
"otpdev",
"otpekey",
"otpemail",
"otphkeys",
"otpkeys",
"otplib",
"otppush",
"otpsecret",
"otpsms",
"parentpath",
"passchange",
"passhint",
"passlogin",
"passrequirementstr",
"passtype",
"passwordrequirements",
"passwordrequirementsstr",
"pastlogin",
"pathx",
"peinfo",
"phonenumber",
"PKCK",
"plivo",
"pluginadmin",
"plusplus",
"portbind",
"postflight",
"poweraction",
"powerevents",
"Proto",
"publicid",
"pushlogin",
"pushrelay",
"pushrelayserver",
"qport",
"randompass",
"Raritan",
"rauth",
"rawdata",
"rcookie",
"rdpport",
"realname",
"recordencryptionrecode",
"recordpath",
@ -373,11 +619,21 @@
"redirections",
"redirport",
"redirserver",
"refreshtoken",
"relayaliasport",
"relaydns",
"relayid",
"relayport",
"relayserver",
"relaysession",
"remembertoken",
"remoteaddr",
"remoteaddrport",
"REMOTECOMMAND",
"remotecontrol",
"remotefile",
"remotepath",
"REMOTEVIEWONLY",
"removeallusersfromusergroup",
"removedevicegroup",
"removedomain",
@ -392,11 +648,20 @@
"removeuserfromusergroup",
"removeusergroup",
"resetaccount",
"RESETOFF",
"resetpass",
"responseid",
"restoreserver",
"rightsstr",
"rname",
"rnamel",
"rootcert",
"rootredirect",
"rpassword",
"rpasswordhint",
"rport",
"rtpass",
"rtuser",
"runasuser",
"runasuseronly",
"runcommand",
@ -404,23 +669,43 @@
"runmode",
"runonservererror",
"runonserverupdated",
"ruserid",
"sameorigin",
"selfupdate",
"selfurl",
"senderid",
"sendgrid",
"sendinviteemail",
"serialtunnel",
"SERVERBACKUP",
"serverfeatures",
"serverfiles",
"serverhttps",
"serverid",
"serveridhex",
"serverinfo",
"serverkey",
"servername",
"servernoproxy",
"serverpath",
"serverpic",
"serverport",
"SERVERRESTORE",
"servertlshash",
"serverupdate",
"servicename",
"servicepath",
"sessioncode",
"sessionkey",
"sessionrecording",
"sessionsamesite",
"sessiontime",
"setbad",
"SETNOTES",
"settodomain",
"sftpconnect",
"shareid",
"showagents",
"showall",
"showallmeshes",
"showevents",
@ -428,20 +713,31 @@
"showitem",
"showmeshes",
"shownodes",
"showpasswordlogin",
"showpower",
"showsmbios",
"showusergroups",
"showusers",
"showversion",
"siteadmin",
"SITERIGHT",
"sitestyle",
"smsserver",
"specificupdate",
"splitip",
"splitpath",
"spliturl",
"srights",
"sshconnect",
"sshfilesrelay",
"sshport",
"sshrelay",
"sshterminalrelay",
"ssid",
"sspi",
"startack",
"statsevents",
"stricttransportsecurity",
"Strs",
"subdir",
"swarmallowedip",
@ -451,86 +747,171 @@
"syslogauth",
"syslogjson",
"syslogtcp",
"tcpport",
"telnyx",
"temail",
"tenantid",
"terminalnotify",
"terminalprompt",
"termsize",
"timedoc",
"titleid",
"titlepicture",
"tkip",
"tlscertcheck",
"tlshash",
"tlsock",
"tlsoffload",
"tlsoptions",
"tlsrootcert",
"tlsstrict",
"tmpdl",
"tokenemail",
"tokenlogin",
"tokenpassword",
"tokenpush",
"tokenrequired",
"tokensms",
"tokenurl",
"tokenuserid",
"tokenusername",
"totalsize",
"tpass",
"tpassword",
"tpush",
"traefik",
"translateall",
"translationpath",
"trustedcert",
"trustedproxy",
"tsms",
"TTLS",
"tunnelws",
"tunnelwsstate",
"tuser",
"tuserid",
"tusername",
"twofactor",
"twofactorcookiedurationdays",
"twofactortimeout",
"tzoffset",
"uaparser",
"ucookie",
"ugroup",
"ugroups",
"ugrp",
"ugrpid",
"uicustomevent",
"unadmin",
"unknownuserrootredirect",
"unsealkey",
"updatefiles",
"uploadack",
"uploaderror",
"uploadfile",
"uploadfilebatch",
"uploadmeshcorefile",
"uploadstart",
"urlpath",
"urlswitching",
"useid",
"userallowedip",
"userblockedip",
"userbroadcast",
"userconsentflags",
"usercount",
"userex",
"userfiles",
"usergroupchange",
"usergroups",
"userid",
"userids",
"userimage",
"userinfourl",
"usernameisemail",
"userquota",
"userrequiredhttpheader",
"Usersessionidletimeout",
"usersid",
"usersplit",
"vaultdeleteconfigfiles",
"vaultpullconfigfiles",
"vaultpushconfigfiles",
"verifyemail",
"Viewmode",
"viewonly",
"WAKEDEVICE",
"wakedevices",
"Walkthru",
"wanonly",
"Webauthn",
"webcerthash",
"webdefault",
"webemailspath",
"webider",
"webpublicpath",
"webpush",
"webrelay",
"webrelaydata",
"webrelayserver",
"webrequest",
"webrtc",
"webrtconfig",
"webserver",
"websockets",
"WEBSSL",
"webstate",
"webviewspath",
"WELCOMEMSG",
"welcomepicture",
"welcomepicturefullscreen",
"welcometext",
"wgetoptionshttp",
"wgetoptionshttps",
"wildleek",
"winassistant",
"winpath",
"winrouter",
"winservice",
"wsagents",
"wscompression",
"wsrelays",
"wssessioncount",
"wssessions",
"xarg",
"xbytes",
"xcmd",
"xdomain",
"xdomains",
"xenv",
"xevents",
"xfile",
"xfilelen",
"xfilepath",
"xflags",
"xforwardedhost",
"xinstall",
"xjslint",
"xmeshes",
"xpad",
"xpassword",
"xrelay",
"xrestart",
"xstate",
"xtls",
"xtransport",
"xuninstall",
"xuserid",
"xusername",
"xxdata",
"xxprocess",
"xxurl",
"xxuser",
"xxxprocess",
"Ylian",
"yubikey"
"yubikey",
"yubikeyotp",
"zdata",
"zipfile"
]
}

View File

@ -199,7 +199,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
obj.wsPeerSessions3 = {}; // ServerId --> UserId --> [ SessionId ]
obj.sessionsCount = {}; // Merged session counters, used when doing server peering. UserId --> SessionCount
obj.wsrelays = {}; // Id -> Relay
obj.desktoprelays = {}; // Id -> Desktop Multiplexor Relay
obj.desktoprelays = {}; // Id -> Desktop Multiplexer Relay
obj.wsPeerRelays = {}; // Id -> { ServerId, Time }
var tlsSessionStore = {}; // Store TLS session information for quick resume.
var tlsSessionStoreCount = 0; // Number of cached TLS session information in store.
@ -239,7 +239,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
for (i in docs) { var u = obj.users[docs[i]._id] = docs[i]; domainUserCount[u.domain]++; }
for (i in parent.config.domains) {
if ((parent.config.domains[i].share == null) && (domainUserCount[i] == 0)) {
// If newaccounts is set to no new accounts, but no accounts exists, temporarly allow account creation.
// If newaccounts is set to no new accounts, but no accounts exists, temporarily allow account creation.
//if ((parent.config.domains[i].newaccounts === 0) || (parent.config.domains[i].newaccounts === false)) { parent.config.domains[i].newaccounts = 2; }
console.log('Server ' + ((i == '') ? '' : (i + ' ')) + 'has no users, next new account will be site administrator.');
}
@ -431,7 +431,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if (!user) { fn(new Error('cannot find user')); return; }
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
// Succesful login token authentication
// Successful login token authentication
var loginOptions = { tokenName: loginToken.name, tokenUser: loginToken.tokenUser };
if (loginToken.expire != 0) { loginOptions.expire = loginToken.expire; }
return fn(null, user._id, null, loginOptions);
@ -519,9 +519,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Get the email address for this LDAP user
var email = null;
if (domain.ldapuseremail) { email = xxuser[domain.ldapuseremail]; } else if (xxuser['mail']) { email = xxuser['mail']; } // Use given feild name or default
if (domain.ldapuseremail) { email = xxuser[domain.ldapuseremail]; } else if (xxuser['mail']) { email = xxuser['mail']; } // Use given field name or default
if (Array.isArray(email)) { email = email[0]; } // Mail may be multivalued in LDAP in which case, answer is an array. Use the 1st value.
if (email) { email = email.toLowerCase(); } // it seems some code elsewhere also lowercase the emailaddress, so let's be consistant.
if (email) { email = email.toLowerCase(); } // it seems some code elsewhere also lowercase the emailaddress, so let's be consistent.
// Get the real name for this LDAP user
var realname = null;
@ -846,7 +846,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
function checkUserOneTimePasswordSkip(domain, user, req, loginOptions) {
if (parent.config.settings.no2factorauth == true) return null;
// If this login occured using a login token, no 2FA needed.
// If this login occurred using a login token, no 2FA needed.
if ((loginOptions != null) && (typeof loginOptions.tokenName === 'string')) { return { twoFactorType: 'tokenlogin' }; }
// Check if we can skip 2nd factor auth because of the source IP address
@ -859,7 +859,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
const cookies = req.headers.cookie.split('; ');
for (var i in cookies) {
if (cookies[i].startsWith('twofactor=')) {
var twoFactorCookie = obj.parent.decodeCookie(decodeURIComponent(cookies[i].substring(10)), obj.parent.loginCookieEncryptionKey, (30 * 24 * 60)); // If the cookies does not have an expire feild, assume 30 day timeout.
var twoFactorCookie = obj.parent.decodeCookie(decodeURIComponent(cookies[i].substring(10)), obj.parent.loginCookieEncryptionKey, (30 * 24 * 60)); // If the cookies does not have an expire field, assume 30 day timeout.
if ((twoFactorCookie != null) && ((twoFactorCookie.ip == null) || checkCookieIp(twoFactorCookie.ip, req.clientIp)) && (twoFactorCookie.userid == user._id)) { return { twoFactorType: 'cookie' }; }
}
}
@ -870,7 +870,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Return true if this user has 2-step auth active
function checkUserOneTimePasswordRequired(domain, user, req, loginOptions) {
// If this login occured using a login token, no 2FA needed.
// If this login occurred using a login token, no 2FA needed.
if ((loginOptions != null) && (typeof loginOptions.tokenName === 'string')) { return false; }
// Check if we can skip 2nd factor auth because of the source IP address
@ -883,7 +883,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
const cookies = req.headers.cookie.split('; ');
for (var i in cookies) {
if (cookies[i].startsWith('twofactor=')) {
var twoFactorCookie = obj.parent.decodeCookie(decodeURIComponent(cookies[i].substring(10)), obj.parent.loginCookieEncryptionKey, (30 * 24 * 60)); // If the cookies does not have an expire feild, assume 30 day timeout.
var twoFactorCookie = obj.parent.decodeCookie(decodeURIComponent(cookies[i].substring(10)), obj.parent.loginCookieEncryptionKey, (30 * 24 * 60)); // If the cookies does not have an expire field, assume 30 day timeout.
if ((twoFactorCookie != null) && ((twoFactorCookie.ip == null) || checkCookieIp(twoFactorCookie.ip, req.clientIp)) && (twoFactorCookie.userid == user._id)) { return false; }
}
}
@ -910,7 +910,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Check 2FA login cookie
if ((token != null) && (token.startsWith('cookie='))) {
var twoFactorCookie = obj.parent.decodeCookie(decodeURIComponent(token.substring(7)), obj.parent.loginCookieEncryptionKey, (30 * 24 * 60)); // If the cookies does not have an expire feild, assume 30 day timeout.
var twoFactorCookie = obj.parent.decodeCookie(decodeURIComponent(token.substring(7)), obj.parent.loginCookieEncryptionKey, (30 * 24 * 60)); // If the cookies does not have an expire field, assume 30 day timeout.
if ((twoFactorCookie != null) && ((twoFactorCookie.ip == null) || checkCookieIp(twoFactorCookie.ip, req.clientIp)) && (twoFactorCookie.userid == user._id)) { func(true, { twoFactorType: 'cookie' }); return; }
}
@ -1423,7 +1423,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if (domain.usernameisemail) { req.body.username = req.body.email; }
// Check if there is domain.newAccountToken, check if supplied token is valid
if ((domain.newaccountspass != null) && (domain.newaccountspass != '') && (req.body.anewaccountpass != domain.newaccountspass)) {
if ((domain.newaccountspass != null) && (domain.newaccountspass != '') && (req.body.newaccountspass != domain.newaccountspass)) {
parent.debug('web', 'handleCreateAccountRequest: Invalid account creation token');
req.session.loginmode = 2;
req.session.messageid = 103; // Invalid account creation token.
@ -1863,7 +1863,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Check is email already exists
obj.db.GetUserWithVerifiedEmail(domain.id, email, function (err, docs) {
if ((err != null) || ((docs.length > 0) && (docs.find(function (u) { return (u._id === req.session.cuserid); }) < 0))) {
// Email already exitst
// Email already exists
req.session.messageid = 102; // Existing account with this email address.
} else {
// Update the user and notify of user email address change
@ -2515,8 +2515,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
});
}
// Called when a strategy login occured
// This is called after a succesful Oauth to Twitter, Google, GitHub...
// Called when a strategy login occurred
// This is called after a successful Oauth to Twitter, Google, GitHub...
function handleStrategyLogin(req, res) {
const domain = checkUserIpAddress(req, res);
const authStrategy = req.user.strategy
@ -2817,7 +2817,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
setSessionRandom(req);
} else if (req.query.login && (obj.parent.loginCookieEncryptionKey != null)) {
var loginCookie = obj.parent.decodeCookie(req.query.login, obj.parent.loginCookieEncryptionKey, 60); // 60 minute timeout
//if ((loginCookie != null) && (loginCookie.ip != null) && !checkCookieIp(loginCookie.ip, req.clientIp)) { loginCookie = null; } // If the cookie if binded to an IP address, check here.
//if ((loginCookie != null) && (loginCookie.ip != null) && !checkCookieIp(loginCookie.ip, req.clientIp)) { loginCookie = null; } // If the cookie is bound to an IP address, check here.
if ((loginCookie != null) && (loginCookie.a == 3) && (loginCookie.u != null) && (loginCookie.u.split('/')[1] == domain.id)) {
// If a login cookie was provided, setup the session here.
parent.debug('web', 'handleRootRequestEx: cookie auth ok.');
@ -3942,7 +3942,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if ((err != null) || (docs == null) || (docs.length != 1)) { res.sendStatus(404); return; }
const doc = docs[0];
// If this is a recurrent share, check if we are at the currect time to make use of it
// If this is a recurrent share, check if we are at the correct time to make use of it
if (typeof doc.recurring == 'number') {
const now = Date.now();
if (now >= doc.startTime) { // We don't want to move the validity window before the start time
@ -4567,7 +4567,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
tlsock.setEncoding('binary');
tlsock.on('error', function (err) { parent.debug('webrelay', "CIRA TLS Connection Error", err); });
// Decrypted tunnel from TLS communcation to be forwarded to websocket
// Decrypted tunnel from TLS communication to be forwarded to websocket
tlsock.on('data', function (data) {
// AMT/TLS ---> WS
if (ws.interceptor) { data = ws.interceptor.processAmtData(data); } // Run data thru interceptor
@ -4615,7 +4615,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
ws.forwardclient.onData = function (ciraconn, data) {
//parent.debug('webrelaydata', 'Relay CIRA data to WS', data.length);
// Run data thru interceptorp
// Run data thru interceptor
if (ws.interceptor) { data = ws.interceptor.processAmtData(data); }
//console.log('AMT --> WS', Buffer.from(data, 'binary').toString('hex'));
@ -4633,7 +4633,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
ws.forwardclient.onSendOk = function (ciraconn) { };
}
// When data is received from the web socket, forward the data into the associated CIRA cahnnel.
// When data is received from the web socket, forward the data into the associated CIRA channel.
// If the CIRA connection is pending, the CIRA channel has built-in buffering, so we are ok sending anyway.
ws.on('message', function (data) {
//parent.debug('webrelaydata', 'Relay WS data to CIRA', data.length);
@ -6703,7 +6703,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
const urlCookie = obj.parent.decodeCookie(req.query.c, parent.loginCookieEncryptionKey, 32); // Allow cookies up to 32 minutes old. The web page will renew this cookie every 30 minutes.
if (urlCookie == null) { res.sendStatus(404); return; }
// Decode the incomign cookie
// Decode the incoming cookie
if ((urlCookie.ruserid != null) && (urlCookie.x != null)) {
if (parent.webserver.destroyedSessions[urlCookie.ruserid + '/' + urlCookie.x] != null) { res.sendStatus(404); return; }
@ -6853,7 +6853,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Indicates to ExpressJS that the override public folder should be used to serve static files.
if (parent.config.domains[i].webpublicpath != null) {
// Use domain public pathe
// Use domain public path
obj.app.use(url, obj.express.static(parent.config.domains[i].webpublicpath));
} else if (obj.parent.webPublicOverridePath != null) {
// Use override path
@ -7154,7 +7154,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// The web relay session is valid, use it
relaySession.handleRequest(req, res);
} else {
// No web relay ession with this relay identifier, close the HTTP request.
// No web relay session with this relay identifier, close the HTTP request.
res.sendStatus(404);
}
} else {