mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-23 21:55:52 -05:00
Added login password hint support
This commit is contained in:
parent
5e00e61d08
commit
6347eb7e4a
@ -3605,9 +3605,11 @@
|
||||
x += "<td align=right>Password:</td><td><input id=apassword1 type=password name=apassword1 autocomplete=off onchange=account_validateNewPassword() onkeyup=account_validateNewPassword() /> <b><span id=dxPassWarn></span></b></td>";
|
||||
x += "</tr><tr>";
|
||||
x += "<td align=right>Password:</td><td><input id=apassword2 type=password name=apassword2 autocomplete=off onchange=account_validateNewPassword() onkeyup=account_validateNewPassword() /></td>";
|
||||
x += "</tr><tr>";
|
||||
x += "<td align=right>Password Hint:</td><td><input id=apasswordhint name=apasswordhint maxlength=250 type=text autocomplete=off /></td>";
|
||||
x += '</tr></table><br /><div style="padding:10px;margin-bottom:4px">';
|
||||
x += '<input id="account_dlgCancelButton" type="button" value="Cancel" style="float:right;width:80px;margin-left:5px" onclick="dialogclose(0)">';
|
||||
x += '<input id="account_dlgOkButton" type="submit" value="OK" style="float:right;width:80px" onclick="dialogclose(1)">';
|
||||
x += '<input id=account_dlgCancelButton type=button value="Cancel" style="float:right;width:80px;margin-left:5px" onclick=dialogclose(0)>';
|
||||
x += '<input id=account_dlgOkButton type=submit value="OK" style="float:right;width:80px" onclick="dialogclose(1)">';
|
||||
x += '</div><br /></form>';
|
||||
setDialogMode(2, "Change Password", 0, null, x);
|
||||
account_validateDeleteAccount();
|
||||
|
@ -41,15 +41,15 @@
|
||||
</div>
|
||||
<table>
|
||||
<tr>
|
||||
<td align="right" width="100">Username:</td>
|
||||
<td align=right width=100>Username:</td>
|
||||
<td><input id=username type=text name=username onchange=validateLogin() onkeyup=validateLogin() /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="right">Password:</td>
|
||||
<td align=right>Password:</td>
|
||||
<td><input id=password type=password name=password autocomplete=off onchange=validateLogin() onkeyup=validateLogin() /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td></td>
|
||||
<td><div id=showPassHintLink style=display:none><a onclick=showPassHint() style="cursor:pointer">Show Hint</a></div></td>
|
||||
<td align=right><input id=loginButton type=submit value="Log In" disabled="disabled" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
@ -59,7 +59,7 @@
|
||||
</form>
|
||||
</div>
|
||||
<div id=createpanel style="background-color: #979797;border-radius:16px;width:300px;padding:16px;text-align:center;display:none">
|
||||
<form action="createaccount" method="post">
|
||||
<form action=createaccount method=post>
|
||||
<div id=message2>
|
||||
{{{message}}}
|
||||
</div>
|
||||
@ -69,19 +69,23 @@
|
||||
<table>
|
||||
<tr>
|
||||
<td align=right width=100>Username:</td>
|
||||
<td><input id="ausername" type="text" name=username onchange=validateCreate() onkeyup=validateCreate() /></td>
|
||||
<td><input id=ausername type=text name=username onchange=validateCreate() onkeyup=validateCreate() /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right width=100>Email:</td>
|
||||
<td><input id="aemail" type="text" name=email onchange=validateCreate() onkeyup=validateCreate() /></td>
|
||||
<td><input id=aemail type=text name=email onchange=validateCreate() onkeyup=validateCreate() /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right>Password:</td>
|
||||
<td><input id="apassword1" type=password name=password1 autocomplete="off" onchange=validateCreate() onkeyup=validateCreate() /></td>
|
||||
<td><input id=apassword1 type=password name=password1 autocomplete=off onchange=validateCreate() onkeyup=validateCreate() /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right>Password:</td>
|
||||
<td><input id="apassword2" type=password name=password2 autocomplete="off" onchange=validateCreate() onkeyup=validateCreate() /></td>
|
||||
<td><input id=apassword2 type=password name=password2 autocomplete=off onchange=validateCreate() onkeyup=validateCreate() /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align=right>Password Hint:</td>
|
||||
<td><input id=apasswordhint type=text name=apasswordhint autocomplete=off maxlength=250 /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan=2>
|
||||
@ -111,12 +115,40 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id=dialog style="z-index:1000;background-color:#EEE;box-shadow:0px 0px 15px #666;font-family:Arial,Helvetica,sans-serif;border-radius:5px;position:fixed;top:180px;width:400px;display:none">
|
||||
<div style="width:100%;background-color:#003366;color:#FFF;border-radius:5px 5px 0 0">
|
||||
<div id=id_dialogclose style=float:right;padding:5px;cursor:pointer onclick=setDialogMode()><b>X</b></div>
|
||||
<div id=id_dialogtitle style=padding:5px></div>
|
||||
<div style=width:100%;margin:6px></div>
|
||||
</div>
|
||||
<div style="margin-right:16px;margin-left:8px">
|
||||
<div id=dialog1 style="margin:auto;text-align:center;margin:3px">
|
||||
<div id=id_dialogMessage style="padding:10px"></div>
|
||||
</div>
|
||||
<div id=dialog2 style="margin:auto;margin:3px">
|
||||
<div id=id_dialogOptions></div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="idx_dlgButtonBar" style="padding:10px;margin-bottom:20px">
|
||||
<input id="idx_dlgCancelButton" type="button" value="Cancel" style="float:right;width:80px;margin-left:5px" onclick="dialogclose(0)">
|
||||
<input id="idx_dlgOkButton" type="button" value="OK" style="float:right;width:80px" onclick="dialogclose(1)">
|
||||
</div>
|
||||
</div>
|
||||
<script>
|
||||
var passhint = "{{{passhint}}}";
|
||||
|
||||
function startup() {
|
||||
window.onresize = center;
|
||||
center();
|
||||
validateLogin();
|
||||
validateCreate();
|
||||
if ('{{loginmode}}' != '') { go({{loginmode}}); } else { go(1); }
|
||||
QV('newAccountDiv', '{{{newAccount}}}' != '0' );
|
||||
if ((passhint != null) && (passhint.length > 0)) { QV("showPassHintLink", true); }
|
||||
}
|
||||
|
||||
function showPassHint() {
|
||||
messagebox("Password Hint", passhint);
|
||||
}
|
||||
|
||||
function xgo(x) {
|
||||
@ -126,6 +158,7 @@
|
||||
}
|
||||
|
||||
function go(x) {
|
||||
QV("showPassHintLink", false);
|
||||
QV('loginpanel', x == 1);
|
||||
QV('createpanel', x == 2);
|
||||
}
|
||||
@ -133,9 +166,11 @@
|
||||
function validateLogin() {
|
||||
var ok = (Q('username').value.length > 0 && Q('password').value.length > 0);
|
||||
QE('loginButton', ok);
|
||||
QV("showPassHintLink", false);
|
||||
}
|
||||
|
||||
function validateCreate() {
|
||||
QV("showPassHintLink", false);
|
||||
var ok = (Q('ausername').value.length > 0 && Q('aemail').value.length > 0 && Q('apassword1').value.length > 0 && Q('apassword2').value == Q('apassword1').value);
|
||||
QE('createButton', ok);
|
||||
if (Q('apassword1').value == '') {
|
||||
@ -156,6 +191,50 @@
|
||||
for (var c in variations) { varCount += (variations[c] == true) ? 1 : 0; }
|
||||
return parseInt(r + (varCount - 1) * 10);
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// POPUP DIALOG
|
||||
//
|
||||
|
||||
// undefined = Hidden, 1 = Generic Message
|
||||
var xxdialogMode;
|
||||
var xxdialogFunc;
|
||||
var xxdialogButtons;
|
||||
var xxdialogTag;
|
||||
var xxcurrentView = 0;
|
||||
|
||||
// Display a dialog box
|
||||
// Parameters: Dialog Mode (0 = none), Dialog Title, Buttons (1 = OK, 2 = Cancel, 3 = OK & Cancel), Call back function(0 = Cancel, 1 = OK), Dialog Content (Mode 2 only)
|
||||
function setDialogMode(x, y, b, f, c, tag) {
|
||||
xxdialogMode = x;
|
||||
xxdialogFunc = f;
|
||||
xxdialogButtons = b;
|
||||
xxdialogTag = tag;
|
||||
QE('idx_dlgOkButton', true);
|
||||
QV('idx_dlgOkButton', b & 1);
|
||||
QV('idx_dlgCancelButton', b & 2);
|
||||
QV('id_dialogclose', (b & 2) || (b & 8));
|
||||
QV('idx_dlgButtonBar', b & 7);
|
||||
if (y) QH('id_dialogtitle', y);
|
||||
for (var i = 1; i < 24; i++) { QV('dialog' + i, i == x); } // Edit this line when more dialogs are added
|
||||
QV('dialog', x);
|
||||
if (c) { if (x == 2) { QH('id_dialogOptions', c); } else { QH('id_dialogMessage', c); } }
|
||||
}
|
||||
|
||||
function dialogclose(x) {
|
||||
var f = xxdialogFunc;
|
||||
var b = xxdialogButtons;
|
||||
var t = xxdialogTag;
|
||||
setDialogMode();
|
||||
if (((b & 8) || x) && f) f(x, t);
|
||||
}
|
||||
|
||||
function center() { QS('dialog').left = ((((getDocWidth() - 400) / 2)) + "px"); }
|
||||
function messagebox(t, m) { QH('id_dialogMessage', m); setDialogMode(1, t, 1); }
|
||||
function statusbox(t, m) { QH('id_dialogMessage', m); setDialogMode(1, t); }
|
||||
function getDocWidth() { if (window.innerWidth) return window.innerWidth; if (document.documentElement && document.documentElement.clientWidth && document.documentElement.clientWidth != 0) return document.documentElement.clientWidth; return document.getElementsByTagName('body')[0].clientWidth; }
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
27
webserver.js
27
webserver.js
@ -82,6 +82,9 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
obj.crypto.randomBytes(16, function (err, buf) { obj.httpAuthRealm = buf.toString('hex'); });
|
||||
obj.crypto.randomBytes(32, function (err, buf) { obj.relayRandom = buf; });
|
||||
|
||||
function EscapeHtml(x) { if (typeof x == "string") return x.replace(/&/g, '&').replace(/>/g, '>').replace(/</g, '<').replace(/"/g, '"').replace(/'/g, '''); if (typeof x == "boolean") return x; if (typeof x == "number") return x; }
|
||||
function EscapeHtmlBreaks(x) { if (typeof x == "string") return x.replace(/&/g, '&').replace(/>/g, '>').replace(/</g, '<').replace(/"/g, '"').replace(/'/g, ''').replace(/\r/g, '<br />').replace(/\n/g, '').replace(/\t/g, ' '); if (typeof x == "boolean") return x; if (typeof x == "number") return x; }
|
||||
|
||||
if (obj.args.notls) {
|
||||
// Setup the HTTP server without TLS
|
||||
obj.expressWs = require('express-ws')(obj.app);
|
||||
@ -108,12 +111,15 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
if (req.session != undefined) {
|
||||
var err = req.session.error;
|
||||
var msg = req.session.success;
|
||||
var passhint = req.session.passhint;
|
||||
delete req.session.error;
|
||||
delete req.session.success;
|
||||
delete req.session.passhint;
|
||||
}
|
||||
res.locals.message = '';
|
||||
if (err) res.locals.message = '<p class="msg error">' + err + '</p>';
|
||||
if (msg) res.locals.message = '<p class="msg success">' + msg + '</p>';
|
||||
if (passhint) res.locals.passhint = EscapeHtml(passhint);
|
||||
next();
|
||||
});
|
||||
|
||||
@ -146,7 +152,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
obj.hash(pass, user.salt, function (err, hash) {
|
||||
if (err) return fn(err);
|
||||
if (hash == user.hash) return fn(null, user._id);
|
||||
fn(new Error('invalid password'));
|
||||
fn(new Error('invalid password'), null, user.passhint);
|
||||
});
|
||||
}
|
||||
}
|
||||
@ -187,7 +193,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
|
||||
function handleLoginRequest(req, res) {
|
||||
var domain = getDomain(req);
|
||||
obj.authenticate(req.body.username, req.body.password, domain, function (err, userid) {
|
||||
obj.authenticate(req.body.username, req.body.password, domain, function (err, userid, passhint) {
|
||||
if (userid) {
|
||||
var user = obj.users[userid];
|
||||
|
||||
@ -203,9 +209,8 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
req.session.userid = userid;
|
||||
req.session.domainid = domain.id;
|
||||
req.session.currentNode = '';
|
||||
if (req.body.viewmode) {
|
||||
req.session.viewmode = req.body.viewmode;
|
||||
}
|
||||
if (req.session.passhint) { delete req.session.passhint; }
|
||||
if (req.body.viewmode) { req.session.viewmode = req.body.viewmode; }
|
||||
if (req.body.host) {
|
||||
obj.db.GetAllType('node', function (err, docs) {
|
||||
for (var i = 0; i < docs.length; i++) {
|
||||
@ -227,6 +232,11 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
} else {
|
||||
delete req.session.loginmode;
|
||||
req.session.error = '<b style=color:#8C001A>Login failed, check username and password.</b>';
|
||||
if ((passhint != null) && (passhint.length > 0)) {
|
||||
req.session.passhint = passhint;
|
||||
} else {
|
||||
if (req.session.passhint) { delete req.session.passhint; }
|
||||
}
|
||||
res.redirect(domain.url);
|
||||
}
|
||||
});
|
||||
@ -245,7 +255,9 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
req.session.loginmode = 2;
|
||||
req.session.error = '<b style=color:#8C001A>Username already exists.</b>';
|
||||
} else {
|
||||
var user = { type: 'user', _id: 'user/' + domain.id + '/' + req.body.username.toLowerCase(), name: req.body.username, email: req.body.email, creation: Date.now(), login: Date.now(), domain: domain.id };
|
||||
var hint = req.body.apasswordhint;
|
||||
if (hint.length > 250) hint = hint.substring(0, 250);
|
||||
var user = { type: 'user', _id: 'user/' + domain.id + '/' + req.body.username.toLowerCase(), name: req.body.username, email: req.body.email, creation: Date.now(), login: Date.now(), domain: domain.id, passhint: hint };
|
||||
var usercount = 0;
|
||||
for (var i in obj.users) { if (obj.users[i].domain == domain.id) { usercount++; } }
|
||||
if (usercount == 0) { user.siteadmin = 0xFFFFFFFF; if (domain.newAccounts == 2) { domain.newAccounts = 0; } } // If this is the first user, give the account site admin.
|
||||
@ -295,10 +307,13 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
|
||||
// Update the password
|
||||
obj.hash(req.body.apassword1, function (err, salt, hash) {
|
||||
if (err) throw err;
|
||||
var hint = req.body.apasswordhint;
|
||||
if (hint.length > 250) hint = hint.substring(0, 250);
|
||||
var user = obj.users[req.session.userid];
|
||||
user.salt = salt;
|
||||
user.hash = hash;
|
||||
user.passchange = Date.now();
|
||||
user.passhint = req.body.apasswordhint;
|
||||
obj.db.SetUser(user);
|
||||
req.session.viewmode = 2;
|
||||
res.redirect(domain.url);
|
||||
|
Loading…
Reference in New Issue
Block a user