Added option to remove OTP 2FA.
This commit is contained in:
parent
cfeab35332
commit
db3659d665
|
@ -414,6 +414,7 @@
|
||||||
"email2factor": { "type": "boolean", "default": true, "description": "Set to false to disable email 2FA." },
|
"email2factor": { "type": "boolean", "default": true, "description": "Set to false to disable email 2FA." },
|
||||||
"sms2factor": { "type": "boolean", "default": true, "description": "Set to false to disable SMS 2FA." },
|
"sms2factor": { "type": "boolean", "default": true, "description": "Set to false to disable SMS 2FA." },
|
||||||
"push2factor": { "type": "boolean", "default": true, "description": "Set to false to disable push notification 2FA." },
|
"push2factor": { "type": "boolean", "default": true, "description": "Set to false to disable push notification 2FA." },
|
||||||
|
"otp2factor": { "type": "boolean", "default": true, "description": "Set to false to disable one-time-password 2FA." },
|
||||||
"force2factor": { "type": "boolean", "default": false, "description": "Requires that all accounts setup 2FA." },
|
"force2factor": { "type": "boolean", "default": false, "description": "Requires that all accounts setup 2FA." },
|
||||||
"skip2factor": { "type": "string", "description": "IP addresses where 2FA login is skipped, for example: 127.0.0.1,192.168.2.0/24" },
|
"skip2factor": { "type": "string", "description": "IP addresses where 2FA login is skipped, for example: 127.0.0.1,192.168.2.0/24" },
|
||||||
"oldPasswordBan": { "type": "integer", "description": "Number of old passwords the server should remember and not allow the user to switch back to." },
|
"oldPasswordBan": { "type": "integer", "description": "Number of old passwords the server should remember and not allow the user to switch back to." },
|
||||||
|
|
|
@ -3493,6 +3493,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||||
// Do not allow this command when logged in using a login token
|
// Do not allow this command when logged in using a login token
|
||||||
if (req.session.loginToken != null) break;
|
if (req.session.loginToken != null) break;
|
||||||
|
|
||||||
|
// Check of OTP 2FA is allowed
|
||||||
|
if ((domain.passwordrequirements) && (domain.passwordrequirements.otp2factor == false)) break;
|
||||||
|
|
||||||
if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return; // If this account is settings locked, return here.
|
if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return; // If this account is settings locked, return here.
|
||||||
|
|
||||||
// Check if 2-step login is supported
|
// Check if 2-step login is supported
|
||||||
|
@ -3515,6 +3518,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||||
// Do not allow this command when logged in using a login token
|
// Do not allow this command when logged in using a login token
|
||||||
if (req.session.loginToken != null) break;
|
if (req.session.loginToken != null) break;
|
||||||
|
|
||||||
|
// Check of OTP 2FA is allowed
|
||||||
|
if ((domain.passwordrequirements) && (domain.passwordrequirements.otp2factor == false)) break;
|
||||||
|
|
||||||
if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return; // If this account is settings locked, return here.
|
if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return; // If this account is settings locked, return here.
|
||||||
|
|
||||||
// Check if 2-step login is supported
|
// Check if 2-step login is supported
|
||||||
|
|
|
@ -1371,8 +1371,8 @@
|
||||||
QV('p2AccountSecurity', ((features & 4) == 0) && (serverinfo.domainauth == false) && ((features & 4096) != 0) && (accountSettingsLocked == false)); // Hide Account Security if in single user mode or domain authentication, 2 factor auth not supported.
|
QV('p2AccountSecurity', ((features & 4) == 0) && (serverinfo.domainauth == false) && ((features & 4096) != 0) && (accountSettingsLocked == false)); // Hide Account Security if in single user mode or domain authentication, 2 factor auth not supported.
|
||||||
QV('p2AccountImage', !accountSettingsLocked);
|
QV('p2AccountImage', !accountSettingsLocked);
|
||||||
QV('verifyEmailId', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true));
|
QV('verifyEmailId', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true));
|
||||||
QV('manageAuthApp', features & 4096);
|
QV('manageAuthApp', (features & 4096) && ((userinfo.otpsecret == 1) || ((features2 & 0x00020000) == 0)));
|
||||||
QV('manageOtp', ((features & 4096) != 0) && ((userinfo.otpsecret == 1) || (userinfo.otphkeys > 0)));
|
QV('manageOtp', (features & 4096) && ((userinfo.otpsecret == 1) || (userinfo.otphkeys > 0)));
|
||||||
QV('authPhoneNumberCheck', (userinfo.phone != null));
|
QV('authPhoneNumberCheck', (userinfo.phone != null));
|
||||||
QV('authEmailSetupCheck', (userinfo.otpekey == 1) && (userinfo.email != null) && (userinfo.emailVerified == true));
|
QV('authEmailSetupCheck', (userinfo.otpekey == 1) && (userinfo.email != null) && (userinfo.emailVerified == true));
|
||||||
QV('authAppSetupCheck', userinfo.otpsecret == 1);
|
QV('authAppSetupCheck', userinfo.otpsecret == 1);
|
||||||
|
|
|
@ -2120,6 +2120,7 @@
|
||||||
QV('authPhoneNumberCheck', (userinfo.phone != null));
|
QV('authPhoneNumberCheck', (userinfo.phone != null));
|
||||||
QV('authEmailSetupCheck', (userinfo.otpekey == 1) && (userinfo.email != null) && (userinfo.emailVerified == true));
|
QV('authEmailSetupCheck', (userinfo.otpekey == 1) && (userinfo.email != null) && (userinfo.emailVerified == true));
|
||||||
QV('authAppSetupCheck', userinfo.otpsecret == 1);
|
QV('authAppSetupCheck', userinfo.otpsecret == 1);
|
||||||
|
QV('manageAuthApp', (userinfo.otpsecret == 1) || ((features2 & 0x00020000) == 0));
|
||||||
QV('authKeySetupCheck', userinfo.otphkeys > 0);
|
QV('authKeySetupCheck', userinfo.otphkeys > 0);
|
||||||
QV('authPushAuthDevCheck', (userinfo.otpdev > 0) && ((features2 & 0x40) != 0));
|
QV('authPushAuthDevCheck', (userinfo.otpdev > 0) && ((features2 & 0x40) != 0));
|
||||||
QV('authCodesSetupCheck', userinfo.otpkeys > 0);
|
QV('authCodesSetupCheck', userinfo.otpkeys > 0);
|
||||||
|
|
|
@ -2848,6 +2848,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||||
if (domain.mailserver != null) { features2 += 0x00004000; } // Indicates email server is active
|
if (domain.mailserver != null) { features2 += 0x00004000; } // Indicates email server is active
|
||||||
if (domain.devicesearchbarserverandclientname) { features2 += 0x00008000; } // Search bar will find both server name and client name
|
if (domain.devicesearchbarserverandclientname) { features2 += 0x00008000; } // Search bar will find both server name and client name
|
||||||
if (domain.ipkvm) { features2 += 0x00010000; } // Indicates support for IP KVM device groups
|
if (domain.ipkvm) { features2 += 0x00010000; } // Indicates support for IP KVM device groups
|
||||||
|
if ((domain.passwordrequirements) && (domain.passwordrequirements.otp2factor == false)) { features2 += 0x00020000; } // Indicates support for OTP 2FA is disabled
|
||||||
return { features: features, features2: features2 };
|
return { features: features, features2: features2 };
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue