mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-26 07:05:52 -05:00
More work on OAuth support.
This commit is contained in:
parent
957caf15c2
commit
d9308b5550
@ -803,6 +803,21 @@ NoMeshesPanel img {
|
||||
background-color:#44F;
|
||||
}
|
||||
|
||||
.userAuthStrategyLogo {
|
||||
text-align:center;
|
||||
position:absolute;
|
||||
right:20px;
|
||||
top:140px;
|
||||
width:64px;
|
||||
height:64px;
|
||||
color:#FFF;
|
||||
padding:2px;
|
||||
background-color:#FFF;
|
||||
border-radius:20px;
|
||||
box-shadow: 2px 2px 10px black;
|
||||
z-index:1;
|
||||
}
|
||||
|
||||
#xdevices {
|
||||
max-height: calc(100vh - 242px);
|
||||
overflow-y: auto;
|
||||
|
@ -157,6 +157,29 @@
|
||||
"_maxRecordingSizeMegabytes": 3,
|
||||
"__protocols__": "Is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection",
|
||||
"protocols": [ 1, 2, 101 ]
|
||||
},
|
||||
"_authStrategies": {
|
||||
"__comment__" : "This section is used to allow users to login using other accounts. You will need to get an API key from the services and register callback URL's",
|
||||
"twitter": {
|
||||
"__callbackurl": "https://server/auth-twitter-callback",
|
||||
"apikey": "xxxxxxxxxxxxxxxxxxxxxxx",
|
||||
"apisecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
||||
},
|
||||
"google": {
|
||||
"__callbackurl": "https://server/auth-google-callback",
|
||||
"clientid": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
|
||||
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxx"
|
||||
},
|
||||
"github": {
|
||||
"__callbackurl": "https://server/auth-github-callback",
|
||||
"clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
|
||||
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
||||
},
|
||||
"reddit": {
|
||||
"__callbackurl": "https://server/auth-reddit-callback",
|
||||
"clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
|
||||
"clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
||||
}
|
||||
}
|
||||
},
|
||||
"_customer1": {
|
||||
|
@ -885,7 +885,8 @@
|
||||
<div id=p30html></div>
|
||||
</td>
|
||||
<td style=width:20px></td>
|
||||
<td style=width:200px valign=top>
|
||||
<td style=width:200px;position:relative valign=top>
|
||||
<img id="p30userAuthServiceLogo" loading="lazy" style="display:none" class=userAuthStrategyLogo src=images/login/reddit64.png width=64 height=64>
|
||||
<picture id=MainUserImage style=border-width:0px;height:200px;width:200px;float:right>
|
||||
<source type="image/webp" width=200 height=200 srcset="images/webp/user-256.webp" />
|
||||
<img alt="" width=200 height=200 src=images/user-256.png />
|
||||
@ -9928,9 +9929,9 @@
|
||||
if ((users == null) || ((features & 4) != 0)) { QH('p3users', ''); return; }
|
||||
|
||||
// Sort the list of user id's
|
||||
var sortedUserIds = [], maxUsers = 100, hiddenUsers = 0;
|
||||
for (var i in users) { sortedUserIds.push(i); }
|
||||
sortedUserIds.sort();
|
||||
var sortedUsers = [], maxUsers = 100, hiddenUsers = 0;
|
||||
for (var i in users) { sortedUsers.push(users[i]); }
|
||||
sortedUsers.sort(nameSort);
|
||||
|
||||
// Get search
|
||||
var userSearch = Q('UserSearchInput').value.toLowerCase();
|
||||
@ -9949,8 +9950,8 @@
|
||||
for (var i=0;i<elements.length;i++) { if (elements[i].checked) { checkedUserids.push(elements[i].value); } }
|
||||
|
||||
// Online users
|
||||
for (var i in sortedUserIds) {
|
||||
var user = users[sortedUserIds[i]], sessions = null;
|
||||
for (var i in sortedUsers) {
|
||||
var user = sortedUsers[i], sessions = null;
|
||||
if (wssessions != null) { sessions = wssessions[user._id]; }
|
||||
if ((sessions != null) &&
|
||||
((userSearch != null) && ((userSearch == '') || (user.name.toLowerCase().indexOf(userSearch) >= 0)) ||
|
||||
@ -9967,8 +9968,8 @@
|
||||
}
|
||||
addHeader = true;
|
||||
// Offline users
|
||||
for (var i in sortedUserIds) {
|
||||
var user = users[sortedUserIds[i]], sessions = null;
|
||||
for (var i in sortedUsers) {
|
||||
var user = sortedUsers[i], sessions = null;
|
||||
if (wssessions != null) { sessions = wssessions[user._id]; }
|
||||
if ((sessions == null) &&
|
||||
((userSearch != null) && ((userSearch == '') || (user.name.toLowerCase().indexOf(userSearch) >= 0)) ||
|
||||
@ -10859,6 +10860,15 @@
|
||||
Q('MainUserImage').classList.remove('gray');
|
||||
if (activeSessions == 0) { Q('MainUserImage').classList.add('gray'); }
|
||||
|
||||
// Add user auth strategy
|
||||
var shortuserid = user._id.split('/')[2];
|
||||
if (shortuserid.startsWith('~twitter:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/twitter64.png';; }
|
||||
else if (shortuserid.startsWith('~google:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/google64.png';; }
|
||||
else if (shortuserid.startsWith('~github:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/github64.png';; }
|
||||
else if (shortuserid.startsWith('~reddit:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/reddit64.png';; }
|
||||
else if (shortuserid.startsWith('~intel:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/intel64.png';; }
|
||||
else { QV('p30userAuthServiceLogo', false); }
|
||||
|
||||
// Server permissions
|
||||
var msg = [], premsg = '';
|
||||
if ((user.siteadmin != null) && ((user.siteadmin & 32) != 0) && (user.siteadmin != 0xFFFFFFFF)) { premsg = '<img src="images/padlock12.png" height=12 width=8 title="' + "Account is locked" + '" style="margin-top:2px" /> '; msg.push("Locked account"); }
|
||||
@ -11979,7 +11989,7 @@
|
||||
if ((xxcurrentView == 11) && (desktop != null) && (desktop.m.recordedData != null)) { deskRecordSession(); }
|
||||
|
||||
// If we are trying to go to "My Users" and we are not a user manager, move to recordings
|
||||
if ((x == 4) && (users == null) || ((features & 4) != 0)) { x = 52; }
|
||||
if (((x == 4) && ((userinfo.siteadmin & 2) == 0)) || ((features & 4) != 0)) { x = 52; }
|
||||
|
||||
// Edit this line when adding a new screen
|
||||
for (var i = 0; i < 53; i++) { QV('p' + i, i == x); }
|
||||
|
33
webserver.js
33
webserver.js
@ -4043,6 +4043,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
passport.serializeUser(function (user, done) { done(null, user.id); });
|
||||
passport.deserializeUser(function (id, done) { done(null, { id: id }); });
|
||||
obj.app.use(passport.initialize());
|
||||
//obj.app.use(passport.session());
|
||||
|
||||
// Twitter
|
||||
if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.apikey == 'string') && (typeof domain.authstrategies.twitter.apisecret == 'string')) {
|
||||
@ -4055,7 +4056,17 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
));
|
||||
obj.app.get(url + 'auth-twitter', domain.passport.authenticate('twitter'));
|
||||
obj.app.get(url + 'auth-twitter-callback', domain.passport.authenticate('twitter', { failureRedirect: '/' }), handleStrategyLogin);
|
||||
obj.app.get(url + 'auth-twitter-callback', function (req, res, next) {
|
||||
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
|
||||
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
|
||||
var url = req.url;
|
||||
if (url.indexOf('?') >= 0) { url += '&nmr=1'; } else { url += '?nmr=1'; } // Add this to the URL to prevent redirect loop.
|
||||
res.set('Content-Type', 'text/html');
|
||||
res.end('<html><head><meta http-equiv="refresh" content=0;url="' + url + '"></head><body></body></html>');
|
||||
} else {
|
||||
domain.passport.authenticate('twitter', { failureRedirect: '/' })(req, res, next);
|
||||
}
|
||||
}, handleStrategyLogin);
|
||||
}
|
||||
|
||||
// Google
|
||||
@ -4096,19 +4107,27 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
return cb(null, user);
|
||||
}
|
||||
));
|
||||
obj.app.get(url + 'auth-reddit', function(req, res, next) {
|
||||
domain.passport.authenticate('reddit', { state: 'rcookie', duration: 'permanent' })(req, res, next); // TODO: Replace 'rcookie' with a time-limited cookie
|
||||
obj.app.get(url + 'auth-reddit', function (req, res, next) {
|
||||
req.session.rstate = obj.crypto.randomBytes(32).toString('hex');
|
||||
domain.passport.authenticate('reddit', { state: req.session.rstate, duration: 'permanent' })(req, res, next); // TODO: Replace 'rcookie' with a time-limited cookie
|
||||
});
|
||||
obj.app.get(url + 'auth-reddit-callback',
|
||||
function(req, res, next) {
|
||||
if (req.query.state == 'rcookie') {
|
||||
obj.app.get(url + 'auth-reddit-callback', function (req, res, next) {
|
||||
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
|
||||
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
|
||||
var url = req.url;
|
||||
if (url.indexOf('?') >= 0) { url += '&nmr=1'; } else { url += '?nmr=1'; } // Add this to the URL to prevent redirect loop.
|
||||
res.set('Content-Type', 'text/html');
|
||||
res.end('<html><head><meta http-equiv="refresh" content=0;url="' + url + '"></head><body></body></html>');
|
||||
} else {
|
||||
if (req.query.state == req.session.rstate) {
|
||||
delete req.session.rstate;
|
||||
domain.passport.authenticate('reddit', { failureRedirect: '/' })(req, res, next);
|
||||
} else {
|
||||
delete req.session.rstate;
|
||||
next(new Error(403));
|
||||
}
|
||||
}, handleStrategyLogin);
|
||||
}
|
||||
}, handleStrategyLogin);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user