MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added login password hint support

This commit is contained in:
Ylian Saint-Hilaire 2017-09-08 11:37:37 -07:00
parent 5e00e61d08
commit 6347eb7e4a
3 changed files with 112 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
views/default.handlebars
View File

@ -3605,9 +3605,11 @@
x += "<td align=right>Password:</td><td><input id=apassword1 type=password name=apassword1 autocomplete=off onchange=account_validateNewPassword() onkeyup=account_validateNewPassword() /> <b><span id=dxPassWarn></span></b></td>";
x += "</tr><tr>";
x += "<td align=right>Password:</td><td><input id=apassword2 type=password name=apassword2 autocomplete=off onchange=account_validateNewPassword() onkeyup=account_validateNewPassword() /></td>";
x += "</tr><tr>";
x += "<td align=right>Password Hint:</td><td><input id=apasswordhint name=apasswordhint maxlength=250 type=text autocomplete=off /></td>";
x += '</tr></table><br /><div style="padding:10px;margin-bottom:4px">';
x += '<input id="account_dlgCancelButton" type="button" value="Cancel" style="float:right;width:80px;margin-left:5px" onclick="dialogclose(0)">';
x += '<input id="account_dlgOkButton" type="submit" value="OK" style="float:right;width:80px" onclick="dialogclose(1)">';
x += '<input id=account_dlgCancelButton type=button value="Cancel" style="float:right;width:80px;margin-left:5px" onclick=dialogclose(0)>';
x += '<input id=account_dlgOkButton type=submit value="OK" style="float:right;width:80px" onclick="dialogclose(1)">';
x += '</div><br /></form>';
setDialogMode(2, "Change Password", 0, null, x);
account_validateDeleteAccount();

95
views/login.handlebars
View File

@ -41,15 +41,15 @@
</div>
<table>
<tr>
<td align="right" width="100">Username:</td>
<td align=right width=100>Username:</td>
<td><input id=username type=text name=username onchange=validateLogin() onkeyup=validateLogin() /></td>
</tr>
<tr>
<td align="right">Password:</td>
<td align=right>Password:</td>
<td><input id=password type=password name=password autocomplete=off onchange=validateLogin() onkeyup=validateLogin() /></td>
</tr>
<tr>
<td></td>
<td><div id=showPassHintLink style=display:none><a onclick=showPassHint() style="cursor:pointer">Show Hint</a></div></td>
<td align=right><input id=loginButton type=submit value="Log In" disabled="disabled" /></td>
</tr>
</table>
@ -59,7 +59,7 @@
</form>
</div>
<div id=createpanel style="background-color: #979797;border-radius:16px;width:300px;padding:16px;text-align:center;display:none">
<form action="createaccount" method="post">
<form action=createaccount method=post>
<div id=message2>
{{{message}}}
</div>
@ -69,19 +69,23 @@
<table>
<tr>
<td align=right width=100>Username:</td>
<td><input id="ausername" type="text" name=username onchange=validateCreate() onkeyup=validateCreate() /></td>
<td><input id=ausername type=text name=username onchange=validateCreate() onkeyup=validateCreate() /></td>
</tr>
<tr>
<td align=right width=100>Email:</td>
<td><input id="aemail" type="text" name=email onchange=validateCreate() onkeyup=validateCreate() /></td>
<td><input id=aemail type=text name=email onchange=validateCreate() onkeyup=validateCreate() /></td>
</tr>
<tr>
<td align=right>Password:</td>
<td><input id="apassword1" type=password name=password1 autocomplete="off" onchange=validateCreate() onkeyup=validateCreate() /></td>
<td><input id=apassword1 type=password name=password1 autocomplete=off onchange=validateCreate() onkeyup=validateCreate() /></td>
</tr>
<tr>
<td align=right>Password:</td>
<td><input id="apassword2" type=password name=password2 autocomplete="off" onchange=validateCreate() onkeyup=validateCreate() /></td>
<td><input id=apassword2 type=password name=password2 autocomplete=off onchange=validateCreate() onkeyup=validateCreate() /></td>
</tr>
<tr>
<td align=right>Password Hint:</td>
<td><input id=apasswordhint type=text name=apasswordhint autocomplete=off maxlength=250 /></td>
</tr>
<tr>
<td colspan=2>
@ -111,12 +115,40 @@
</div>
</div>
</div>
<div id=dialog style="z-index:1000;background-color:#EEE;box-shadow:0px 0px 15px #666;font-family:Arial,Helvetica,sans-serif;border-radius:5px;position:fixed;top:180px;width:400px;display:none">
<div style="width:100%;background-color:#003366;color:#FFF;border-radius:5px 5px 0 0">
<div id=id_dialogclose style=float:right;padding:5px;cursor:pointer onclick=setDialogMode()><b>X</b></div>
<div id=id_dialogtitle style=padding:5px></div>
<div style=width:100%;margin:6px></div>
</div>
<div style="margin-right:16px;margin-left:8px">
<div id=dialog1 style="margin:auto;text-align:center;margin:3px">
<div id=id_dialogMessage style="padding:10px"></div>
</div>
<div id=dialog2 style="margin:auto;margin:3px">
<div id=id_dialogOptions></div>
</div>
</div>
<div id="idx_dlgButtonBar" style="padding:10px;margin-bottom:20px">
<input id="idx_dlgCancelButton" type="button" value="Cancel" style="float:right;width:80px;margin-left:5px" onclick="dialogclose(0)">
<input id="idx_dlgOkButton" type="button" value="OK" style="float:right;width:80px" onclick="dialogclose(1)">
</div>
</div>
<script>
var passhint = "{{{passhint}}}";
function startup() {
window.onresize = center;
center();
validateLogin();
validateCreate();
if ('{{loginmode}}' != '') { go({{loginmode}}); } else { go(1); }
QV('newAccountDiv', '{{{newAccount}}}' != '0' );
if ((passhint != null) && (passhint.length > 0)) { QV("showPassHintLink", true); }
}
function showPassHint() {
messagebox("Password Hint", passhint);
}
function xgo(x) {
@ -126,6 +158,7 @@
}
function go(x) {
QV("showPassHintLink", false);
QV('loginpanel', x == 1);
QV('createpanel', x == 2);
}
@ -133,9 +166,11 @@
function validateLogin() {
var ok = (Q('username').value.length > 0 && Q('password').value.length > 0);
QE('loginButton', ok);
QV("showPassHintLink", false);
}
function validateCreate() {
QV("showPassHintLink", false);
var ok = (Q('ausername').value.length > 0 && Q('aemail').value.length > 0 && Q('apassword1').value.length > 0 && Q('apassword2').value == Q('apassword1').value);
QE('createButton', ok);
if (Q('apassword1').value == '') {
@ -156,6 +191,50 @@
for (var c in variations) { varCount += (variations[c] == true) ? 1 : 0; }
return parseInt(r + (varCount - 1) * 10);
}
//
// POPUP DIALOG
//
// undefined = Hidden, 1 = Generic Message
var xxdialogMode;
var xxdialogFunc;
var xxdialogButtons;
var xxdialogTag;
var xxcurrentView = 0;
// Display a dialog box
// Parameters: Dialog Mode (0 = none), Dialog Title, Buttons (1 = OK, 2 = Cancel, 3 = OK & Cancel), Call back function(0 = Cancel, 1 = OK), Dialog Content (Mode 2 only)
function setDialogMode(x, y, b, f, c, tag) {
xxdialogMode = x;
xxdialogFunc = f;
xxdialogButtons = b;
xxdialogTag = tag;
QE('idx_dlgOkButton', true);
QV('idx_dlgOkButton', b & 1);
QV('idx_dlgCancelButton', b & 2);
QV('id_dialogclose', (b & 2) || (b & 8));
QV('idx_dlgButtonBar', b & 7);
if (y) QH('id_dialogtitle', y);
for (var i = 1; i < 24; i++) { QV('dialog' + i, i == x); } // Edit this line when more dialogs are added
QV('dialog', x);
if (c) { if (x == 2) { QH('id_dialogOptions', c); } else { QH('id_dialogMessage', c); } }
}
function dialogclose(x) {
var f = xxdialogFunc;
var b = xxdialogButtons;
var t = xxdialogTag;
setDialogMode();
if (((b & 8) || x) && f) f(x, t);
}
function center() { QS('dialog').left = ((((getDocWidth() - 400) / 2)) + "px"); }
function messagebox(t, m) { QH('id_dialogMessage', m); setDialogMode(1, t, 1); }
function statusbox(t, m) { QH('id_dialogMessage', m); setDialogMode(1, t); }
function getDocWidth() { if (window.innerWidth) return window.innerWidth; if (document.documentElement && document.documentElement.clientWidth && document.documentElement.clientWidth != 0) return document.documentElement.clientWidth; return document.getElementsByTagName('body')[0].clientWidth; }
</script>
</body>
</html>

27
webserver.js
View File

@ -82,6 +82,9 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
obj.crypto.randomBytes(16, function (err, buf) { obj.httpAuthRealm = buf.toString('hex'); });
obj.crypto.randomBytes(32, function (err, buf) { obj.relayRandom = buf; });
function EscapeHtml(x) { if (typeof x == "string") return x.replace(/&/g, '&amp;').replace(/>/g, '&gt;').replace(/</g, '&lt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;'); if (typeof x == "boolean") return x; if (typeof x == "number") return x; }
function EscapeHtmlBreaks(x) { if (typeof x == "string") return x.replace(/&/g, '&amp;').replace(/>/g, '&gt;').replace(/</g, '&lt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;').replace(/\r/g, '<br />').replace(/\n/g, '').replace(/\t/g, '&nbsp;&nbsp;'); if (typeof x == "boolean") return x; if (typeof x == "number") return x; }
if (obj.args.notls) {
// Setup the HTTP server without TLS
obj.expressWs = require('express-ws')(obj.app);
@ -108,12 +111,15 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
if (req.session != undefined) {
var err = req.session.error;
var msg = req.session.success;
var passhint = req.session.passhint;
delete req.session.error;
delete req.session.success;
delete req.session.passhint;
}
res.locals.message = '';
if (err) res.locals.message = '<p class="msg error">' + err + '</p>';
if (msg) res.locals.message = '<p class="msg success">' + msg + '</p>';
if (passhint) res.locals.passhint = EscapeHtml(passhint);
next();
});
@ -146,7 +152,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
obj.hash(pass, user.salt, function (err, hash) {
if (err) return fn(err);
if (hash == user.hash) return fn(null, user._id);
fn(new Error('invalid password'));
fn(new Error('invalid password'), null, user.passhint);
});
}
}
@ -187,7 +193,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
function handleLoginRequest(req, res) {
var domain = getDomain(req);
obj.authenticate(req.body.username, req.body.password, domain, function (err, userid) {
obj.authenticate(req.body.username, req.body.password, domain, function (err, userid, passhint) {
if (userid) {
var user = obj.users[userid];
@ -203,9 +209,8 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
req.session.userid = userid;
req.session.domainid = domain.id;
req.session.currentNode = '';
if (req.body.viewmode) {
req.session.viewmode = req.body.viewmode;
}
if (req.session.passhint) { delete req.session.passhint; }
if (req.body.viewmode) { req.session.viewmode = req.body.viewmode; }
if (req.body.host) {
obj.db.GetAllType('node', function (err, docs) {
for (var i = 0; i < docs.length; i++) {
@ -227,6 +232,11 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
} else {
delete req.session.loginmode;
req.session.error = '<b style=color:#8C001A>Login failed, check username and password.</b>';
if ((passhint != null) && (passhint.length > 0)) {
req.session.passhint = passhint;
} else {
if (req.session.passhint) { delete req.session.passhint; }
}
res.redirect(domain.url);
}
});
@ -245,7 +255,9 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
req.session.loginmode = 2;
req.session.error = '<b style=color:#8C001A>Username already exists.</b>';
} else {
var user = { type: 'user', _id: 'user/' + domain.id + '/' + req.body.username.toLowerCase(), name: req.body.username, email: req.body.email, creation: Date.now(), login: Date.now(), domain: domain.id };
var hint = req.body.apasswordhint;
if (hint.length > 250) hint = hint.substring(0, 250);
var user = { type: 'user', _id: 'user/' + domain.id + '/' + req.body.username.toLowerCase(), name: req.body.username, email: req.body.email, creation: Date.now(), login: Date.now(), domain: domain.id, passhint: hint };
var usercount = 0;
for (var i in obj.users) { if (obj.users[i].domain == domain.id) { usercount++; } }
if (usercount == 0) { user.siteadmin = 0xFFFFFFFF; if (domain.newAccounts == 2) { domain.newAccounts = 0; } } // If this is the first user, give the account site admin.
@ -295,10 +307,13 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
// Update the password
obj.hash(req.body.apassword1, function (err, salt, hash) {
if (err) throw err;
var hint = req.body.apasswordhint;
if (hint.length > 250) hint = hint.substring(0, 250);
var user = obj.users[req.session.userid];
user.salt = salt;
user.hash = hash;
user.passchange = Date.now();
user.passhint = req.body.apasswordhint;
obj.db.SetUser(user);
req.session.viewmode = 2;
res.redirect(domain.url);