From 56ba656bd4cc23ab3376ad327b49fc686ded3fee Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 15 Apr 2021 15:38:07 -0700 Subject: [PATCH] Fixed for typing issue #2416 --- meshcentral-config-schema.json | 3 ++- meshuser.js | 9 +++++++++ views/default.handlebars | 21 +++++++++++++++++++++ webserver.js | 1 + 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index 20becaed..1a43bc92 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -345,7 +345,8 @@ "force2factor": { "type": "boolean", "default": false, "description": "Requires that all accounts setup 2FA." }, "skip2factor": { "type": "string", "description": "IP addresses where 2FA login is skipped, for example: 127.0.0.1,192.168.2.0/24" }, "oldPasswordBan": { "type": "integer", "description": "Number of old passwords the server should remember and not allow the user to switch back to." }, - "banCommonPasswords": { "type": "boolean", "default": false, "description": "Uses WildLeek to block use of the 10000 most commonly used passwords." } + "banCommonPasswords": { "type": "boolean", "default": false, "description": "Uses WildLeek to block use of the 10000 most commonly used passwords." }, + "loginTokens": { "type": "boolean", "default": true, "description": "Allows users to create alternative username/passwords for their account." } } }, "twoFactorCookieDurationDays": { "type": "integer", "default": 30, "description": "Number of days that a user is allowed to remember this device for when completing 2FA. Set this to 0 to remove this option." }, diff --git a/meshuser.js b/meshuser.js index 3f05b74b..80ba9137 100644 --- a/meshuser.js +++ b/meshuser.js @@ -5610,6 +5610,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use } break; } + case 'createLoginToken': { + if ((typeof domain.passwordrequirements != 'object') && (domain.passwordrequirements.logintokens == false)) break; // Login tokens are not supported on this server + if (common.validateString(command.name, 1, 100) == false) break; // Check name + if ((typeof command.expire != 'number') || (command.expire < 0)) break; // Check expire + + console.log(command); + + break; + } case 'getDeviceDetails': { if (common.validateStrArray(command.nodeids, 1) == false) break; // Check nodeids if (common.validateString(command.type, 3, 4) == false) break; // Check type diff --git a/views/default.handlebars b/views/default.handlebars index ba5abe2e..9925b45a 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -381,6 +381,7 @@ Change password
Delete account
+


@@ -1934,6 +1935,7 @@ QV('manageEmail2FA', features & 0x00800000); QV('p2AccountPassActions', ((features & 4) == 0) && (serverinfo.domainauth == false) && (userinfo != null) && (userinfo._id.split('/')[2].startsWith('~') == false)); // Hide Account Actions if in single user mode or domain authentication //QV('p2AccountImage', ((features & 4) == 0) && (serverinfo.domainauth == false)); // If account actions are not visible, also remove the image on that panel + QV('accountCreateLoginTokenSpan', features2 & 0x00000080); QV('p2AccountImage', !accountSettingsLocked) QV('p2ServerActions', (siteRights & 21) && ((serverFeatures & 15) != 0)); QV('LeftMenuMyServer', (siteRights & 21) && ((serverFeatures & 64) != 0)); // 16 + 4 + 1 @@ -10169,6 +10171,25 @@ return false; } + function account_createLoginToken() { + if (xxdialogMode) return false; + var y = '', x = "Create a temporary username and password that can be used as alternative login to your account. This is useful for allowing tools or other services to access your account." + '

'; + var options = { 0 : "Unlimited", 1 : "1 minute", 5 : "5 minutes", 10 : "10 minutes", 15 : "15 minutes", 30 : "30 minutes", 45 : "45 minutes", 60 : "60 minutes", 120 : "2 hours", 240 : "4 hours", 480 : "8 hours", 720 : "12 hours", 960 : "16 hours", 1440 : "24 hours", 2880 : "2 days", 5760 : "4 days" } + for (var i in options) { y += ''; } + x += addHtmlValue("Token Name", ''); + x += addHtmlValue("Expire Time", ''); + setDialogMode(2, "Create Login Token", 3, account_createLoginTokenEx, x); + QE('idx_dlgOkButton', false); + } + + function account_createLoginTokenValidate() { + QE('idx_dlgOkButton', Q('d2tokenName').value.length > 0); + } + + function account_createLoginTokenEx() { + meshserver.send({ action: 'createLoginToken', name: Q('d2tokenName').value, expire: parseInt(Q('d2tokenExpire').value) }); + } + function account_showAccountNotifySettings() { if (xxdialogMode) return false; var x = ''; diff --git a/webserver.js b/webserver.js index 44975137..792f7d9f 100644 --- a/webserver.js +++ b/webserver.js @@ -2547,6 +2547,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (((obj.args.noagentupdate == 1) || (obj.args.noagentupdate == true))) { features2 += 0x00000010; } // No agent update if (parent.amtProvisioningServer != null) { features2 += 0x00000020; } // Intel AMT LAN provisioning server if (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.push2factor != false)) && (obj.parent.firebase != null)) { features2 += 0x00000040; } // Indicates device push notification 2FA is enabled + if ((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.logintokens != false)) { features2 += 0x00000080; } // Indicates login tokens are allowed // Create a authentication cookie const authCookie = obj.parent.encodeCookie({ userid: dbGetFunc.user._id, domainid: domain.id, ip: req.clientIp }, obj.parent.loginCookieEncryptionKey);