MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-10-29 23:35:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

Single factor warning, more security checking.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2019-09-25 12:10:41 -07:00
parent 548498d8b9
commit ee3936af32
4 changed files with 92 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
meshuser.js
View File

@ -479,11 +479,21 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
case 'powertimeline': case 'powertimeline':
{ {
// TODO: Check that we have permissions for this node. // Perform pre-validation
if (common.validateString(command.nodeid, 0, 128) == false) break;
var snode = command.nodeid.split('/');
if ((snode.length != 3) || (snode[1] != domain.id)) break;
// Check that we have permissions for this node.
if (obj.user.links == null) return;
db.Get(command.nodeid, function (err, nodes) {
if (nodes == null || nodes.length != 1) return;
const node = nodes[0];
var meshlink = obj.user.links[node.meshid];
if ((meshlink != null) && (meshlink.rights != 0)) {
// Query the database for the power timeline for a given node // Query the database for the power timeline for a given node
// The result is a compacted array: [ startPowerState, startTimeUTC, powerState ] + many[ deltaTime, powerState ] // The result is a compacted array: [ startPowerState, startTimeUTC, powerState ] + many[ deltaTime, powerState ]
if (common.validateString(command.nodeid, 0, 128) == false) return;
db.getPowerTimeline(command.nodeid, function (err, docs) { db.getPowerTimeline(command.nodeid, function (err, docs) {
if ((err == null) && (docs != null) && (docs.length > 0)) { if ((err == null) && (docs != null) && (docs.length > 0)) {
var timeline = [], time = null, previousPower; var timeline = [], time = null, previousPower;
@ -510,15 +520,25 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (state != null) { try { ws.send(JSON.stringify({ action: 'powertimeline', nodeid: command.nodeid, timeline: [state.powerState, Date.now(), state.powerState], tag: command.tag })); } catch (ex) { } } if (state != null) { try { ws.send(JSON.stringify({ action: 'powertimeline', nodeid: command.nodeid, timeline: [state.powerState, Date.now(), state.powerState], tag: command.tag })); } catch (ex) { } }
} }
}); });
}
});
break; break;
} }
case 'getsysinfo': case 'getsysinfo':
{ {
// TODO: Check that we have permissions for this node. // Perform pre-validation
if (common.validateString(command.nodeid, 0, 128) == false) break; if (common.validateString(command.nodeid, 0, 128) == false) break;
var snode = command.nodeid.split('/'); var snode = command.nodeid.split('/');
if ((snode.length != 3) || (snode[1] != domain.id)) break; if ((snode.length != 3) || (snode[1] != domain.id)) break;
// Check that we have permissions for this node.
if (obj.user.links == null) return;
db.Get(command.nodeid, function (err, nodes) {
if (nodes == null || nodes.length != 1) return;
const node = nodes[0];
var meshlink = obj.user.links[node.meshid];
if ((meshlink != null) && (meshlink.rights != 0)) {
// Query the database system information // Query the database system information
db.Get('si' + command.nodeid, function (err, docs) { db.Get('si' + command.nodeid, function (err, docs) {
if ((docs != null) && (docs.length > 0)) { if ((docs != null) && (docs.length > 0)) {
@ -534,22 +554,33 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
try { ws.send(JSON.stringify({ action: 'getsysinfo', nodeid: command.nodeid, tag: command.tag, noinfo: true })); } catch (ex) { } try { ws.send(JSON.stringify({ action: 'getsysinfo', nodeid: command.nodeid, tag: command.tag, noinfo: true })); } catch (ex) { }
} }
}); });
}
});
break; break;
} }
case 'lastconnect': case 'lastconnect':
{ {
// TODO: Check that we have permissions for this node. // Perform pre-validation
if (common.validateString(command.nodeid, 0, 128) == false) return; if (common.validateString(command.nodeid, 0, 128) == false) return;
var snode = command.nodeid.split('/'); var snode = command.nodeid.split('/');
if ((snode.length != 3) || (snode[1] != domain.id)) break; if ((snode.length != 3) || (snode[1] != domain.id)) break;
// Check that we have permissions for this node.
if (obj.user.links == null) return;
db.Get(command.nodeid, function (err, nodes) {
if (nodes == null || nodes.length != 1) return;
const node = nodes[0];
var meshlink = obj.user.links[node.meshid];
if ((meshlink != null) && (meshlink.rights != 0)) {
// Query the database for the last time this node connected // Query the database for the last time this node connected
db.Get('lc' + command.nodeid, function (err, docs) { db.Get('lc' + command.nodeid, function (err, docs) {
if ((docs != null) && (docs.length > 0)) { if ((docs != null) && (docs.length > 0)) {
try { ws.send(JSON.stringify({ action: 'lastconnect', nodeid: command.nodeid, time: docs[0].time, addr: docs[0].addr })); } catch (ex) { } try { ws.send(JSON.stringify({ action: 'lastconnect', nodeid: command.nodeid, time: docs[0].time, addr: docs[0].addr })); } catch (ex) { }
} }
}); });
}
});
break; break;
} }
case 'files': case 'files':
@ -877,7 +908,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Check that the user has access to this nodeid // Check that the user has access to this nodeid
if (obj.user.links == null) return; if (obj.user.links == null) return;
db.Get(command.nodeid, function (err, nodes) { db.Get(command.nodeid, function (err, nodes) {
if (nodes.length != 1) return; if ((node == null) || (nodes.length != 1)) return;
const node = nodes[0]; const node = nodes[0];
var meshlink = obj.user.links[node.meshid]; var meshlink = obj.user.links[node.meshid];
@ -1956,7 +1987,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// For each nodeid, change the group // For each nodeid, change the group
for (var i = 0; i < command.nodeids.length; i++) { for (var i = 0; i < command.nodeids.length; i++) {
db.Get(command.nodeids[i], function (err, nodes) { db.Get(command.nodeids[i], function (err, nodes) {
if (nodes.length != 1) return; if ((node == null) || (nodes.length != 1)) return;
const node = nodes[0]; const node = nodes[0];
// Check if already in the right mesh // Check if already in the right mesh

3
readme.md
View File

@ -1,7 +1,8 @@
MeshCentral MeshCentral
=========== ===========
For more information, [visit MeshCommander.com/MeshCentral2](http://www.meshcommander.com/meshcentral2). For more information, [visit MeshCommander.com/MeshCentral2](https://www.meshcommander.com/meshcentral2).
Discussion forum on [Reddit](https://www.reddit.com/r/MeshCentral/).
Download the [full PDF user's guide](http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide.pdf) with more information on configuring and running MeshCentral2. In addition, the [installation guide](http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2InstallGuide.pdf) can help get MeshCentral installed on Amazon AWS, Microsoft Azure, Ubuntu or Raspberry Pi. Download the [full PDF user's guide](http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide.pdf) with more information on configuring and running MeshCentral2. In addition, the [installation guide](http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2InstallGuide.pdf) can help get MeshCentral installed on Amazon AWS, Microsoft Azure, Ubuntu or Raspberry Pi.

2
views/default-min.handlebars
View File

File diff suppressed because one or more lines are too long

8
views/default.handlebars
View File

@ -1350,6 +1350,7 @@
} }
} }
var backupCodesWarningDone = false;
function updateSelf() { function updateSelf() {
QV('verifyEmailId', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true)); QV('verifyEmailId', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true));
QV('verifyEmailId2', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true)); QV('verifyEmailId2', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true));
@ -1359,6 +1360,13 @@
QV('authCodesSetupCheck', userinfo.otpkeys > 0); QV('authCodesSetupCheck', userinfo.otpkeys > 0);
masterUpdate(4 + 128 + 4096); masterUpdate(4 + 128 + 4096);
// Check if backup codes should really be enabled
if ((backupCodesWarningDone == false) && !(userinfo.otpkeys > 0) && (((userinfo.otpsecret == 1) && !(userinfo.otphkeys > 0)) || ((userinfo.otpsecret != 1) && (userinfo.otphkeys == 1)))) {
var n = { text: 'Please add two-factor backup codes. If the current factor is lost, there is not way to recover this account.', title: 'Two factor authentication' };
addNotification(n);
backupCodesWarningDone = true;
}
// If we can't create new groups, hide all links that can do that. // If we can't create new groups, hide all links that can do that.
var newGroupsAllowed = ((userinfo.siteadmin == 0xFFFFFFFF) || ((userinfo.siteadmin & 64) == 0)); var newGroupsAllowed = ((userinfo.siteadmin == 0xFFFFFFFF) || ((userinfo.siteadmin & 64) == 0));
QV('p2createMeshLink1', newGroupsAllowed); QV('p2createMeshLink1', newGroupsAllowed);