MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-11-28 05:04:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Allow specific group to create Login tokens (#7424)

Browse Source
This commit is contained in:
stephannn
2025-11-24 20:39:13 +01:00
committed by GitHub
parent fa96d666cc
commit 5ab4d70e10
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meshcentral-config-schema.json
View File

@@ -1784,7 +1784,7 @@
"array"
],
"default": true,
"description": "Allows users to create alternative username/passwords for their account. Set to false to disallow all users, or set to a userid array to only allow some users."
"description": "Allows users to create alternative username/passwords for their account. Set to false to disallow all users, or set to a userid array or to a groupid array to only allow some users."
},
"twoFactorTimeout": {
"type": "integer",

2
meshuser.js
View File

@@ -5063,7 +5063,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (req.session.loginToken != null) { err = "Access denied"; } // Do not allow this command when logged in using a login token
else if ((typeof domain.passwordrequirements == 'object') && (domain.passwordrequirements.logintokens === false)) { err = "Not supported"; } // Login tokens are not supported on this server
else if ((typeof domain.passwordrequirements == 'object') && Array.isArray(domain.passwordrequirements.logintokens) && (domain.passwordrequirements.logintokens.indexOf(user._id) < 0)) { err = "Not supported"; } // Login tokens are not supported by this user
else if ((typeof domain.passwordrequirements == 'object') && Array.isArray(domain.passwordrequirements.logintokens) && ((domain.passwordrequirements.logintokens.indexOf(user._id) < 0) && (user.links && Object.keys(user.links).some(key => domain.passwordrequirements.logintokens.indexOf(key) < 0)))) { err = "Not supported"; } // Login tokens are not supported by this user
else if (common.validateString(command.name, 1, 100) == false) { err = "Invalid name"; } // Check name
else if ((typeof command.expire != 'number') || (command.expire < 0)) { err = "Invalid expire value"; } // Check expire

2
webserver.js
View File

@@ -3369,7 +3369,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if (((obj.args.noagentupdate == 1) || (obj.args.noagentupdate == true))) { features2 += 0x00000010; } // No agent update
if (parent.amtProvisioningServer != null) { features2 += 0x00000020; } // Intel AMT LAN provisioning server
if (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.push2factor != false)) && (obj.parent.firebase != null)) { features2 += 0x00000040; } // Indicates device push notification 2FA is enabled
if ((typeof domain.passwordrequirements != 'object') || ((domain.passwordrequirements.logintokens !== false) && ((Array.isArray(domain.passwordrequirements.logintokens) == false) || (domain.passwordrequirements.logintokens.indexOf(user._id) >= 0)))) { features2 += 0x00000080; } // Indicates login tokens are allowed
if ((typeof domain.passwordrequirements != 'object') || ((domain.passwordrequirements.logintokens !== false) && ((Array.isArray(domain.passwordrequirements.logintokens) == false) || ((domain.passwordrequirements.logintokens.indexOf(user._id) >= 0) || (user.links && Object.keys(user.links).some(key => domain.passwordrequirements.logintokens.indexOf(key) >= 0)) )))) { features2 += 0x00000080; } // Indicates login tokens are allowed
if (req.session.loginToken != null) { features2 += 0x00000100; } // LoginToken mode, no account changes.
if (domain.ssh == true) { features2 += 0x00000200; } // SSH is enabled
if (domain.localsessionrecording === false) { features2 += 0x00000400; } // Disable local recording feature