More FIDO2 fixes.
This commit is contained in:
Ylian Saint-Hilaire
parent
751afdef37
commit
ee8a204abe
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "meshcentral",
|
"name": "meshcentral",
|
||||||
"version": "0.3.0-y",
|
"version": "0.3.0-z",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Remote Management",
|
"Remote Management",
|
||||||
"Intel AMT",
|
"Intel AMT",
|
||||||
|
|
|
||||||
|
|
@ -260,7 +260,7 @@
|
||||||
var passRequirements = "{{{passRequirements}}}";
|
var passRequirements = "{{{passRequirements}}}";
|
||||||
if (passRequirements != "") { passRequirements = JSON.parse(decodeURIComponent(passRequirements)); } else { passRequirements = {}; }
|
if (passRequirements != "") { passRequirements = JSON.parse(decodeURIComponent(passRequirements)); } else { passRequirements = {}; }
|
||||||
var passRequirementsEx = ((passRequirements.min != null) || (passRequirements.max != null) || (passRequirements.upper != null) || (passRequirements.lower != null) || (passRequirements.numeric != null) || (passRequirements.nonalpha != null));
|
var passRequirementsEx = ((passRequirements.min != null) || (passRequirements.max != null) || (passRequirements.upper != null) || (passRequirements.lower != null) || (passRequirements.numeric != null) || (passRequirements.nonalpha != null));
|
||||||
var hardwareKeyChallenge = '{{{hkey}}}';
|
var hardwareKeyChallenge = decodeURIComponent('{{{hkey}}}');
|
||||||
var currentpanel = 0;
|
var currentpanel = 0;
|
||||||
|
|
||||||
function startup() {
|
function startup() {
|
||||||
|
|
|
||||||
|
|
@ -110,7 +110,7 @@
|
||||||
<div id="welcomeText" style="display:none">Connect to your home or office devices from anywhere in the world using <a href="http://www.meshcommander.com/meshcentral2">MeshCentral</a>, the real time, open source remote monitoring and management web site. You will need to download and install a management agent on your computers. Once installed, computers will show up in the "My Devices" section of this web site and you will be able to monitor them and take control of them.</div>
|
<div id="welcomeText" style="display:none">Connect to your home or office devices from anywhere in the world using <a href="http://www.meshcommander.com/meshcentral2">MeshCentral</a>, the real time, open source remote monitoring and management web site. You will need to download and install a management agent on your computers. Once installed, computers will show up in the "My Devices" section of this web site and you will be able to monitor them and take control of them.</div>
|
||||||
<table id="centralTable" style=width:100%>
|
<table id="centralTable" style=width:100%>
|
||||||
<tr>
|
<tr>
|
||||||
<td id="welcomeimage" align="right">
|
<td id="welcomeimage" align="right" style="display:none">
|
||||||
<picture>
|
<picture>
|
||||||
<img alt="" width=359 height=310 src=welcome.jpg />
|
<img alt="" width=359 height=310 src=welcome.jpg />
|
||||||
</picture>
|
</picture>
|
||||||
|
|
@ -332,7 +332,7 @@
|
||||||
var newAccountPass = parseInt('{{{newAccountPass}}}');
|
var newAccountPass = parseInt('{{{newAccountPass}}}');
|
||||||
var emailCheck = ('{{{emailcheck}}}' == 'true');
|
var emailCheck = ('{{{emailcheck}}}' == 'true');
|
||||||
var passRequirements = "{{{passRequirements}}}";
|
var passRequirements = "{{{passRequirements}}}";
|
||||||
var hardwareKeyChallenge = '{{{hkey}}}';
|
var hardwareKeyChallenge = decodeURIComponent('{{{hkey}}}');
|
||||||
if (passRequirements != "") { passRequirements = JSON.parse(decodeURIComponent(passRequirements)); } else { passRequirements = {}; }
|
if (passRequirements != "") { passRequirements = JSON.parse(decodeURIComponent(passRequirements)); } else { passRequirements = {}; }
|
||||||
var passRequirementsEx = ((passRequirements.min != null) || (passRequirements.max != null) || (passRequirements.upper != null) || (passRequirements.lower != null) || (passRequirements.numeric != null) || (passRequirements.nonalpha != null));
|
var passRequirementsEx = ((passRequirements.min != null) || (passRequirements.max != null) || (passRequirements.upper != null) || (passRequirements.lower != null) || (passRequirements.numeric != null) || (passRequirements.nonalpha != null));
|
||||||
var features = parseInt('{{{features}}}');
|
var features = parseInt('{{{features}}}');
|
||||||
|
|
|
||||||
24
webserver.js
24
webserver.js
|
|
@ -396,7 +396,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||||
for (var i = 0; i < user.otphkeys.length; i++) { if (user.otphkeys[i].type == 1) { u2fKeys.push(user.otphkeys[i]); } }
|
for (var i = 0; i < user.otphkeys.length; i++) { if (user.otphkeys[i].type == 1) { u2fKeys.push(user.otphkeys[i]); } }
|
||||||
if (u2fKeys.length > 0) {
|
if (u2fKeys.length > 0) {
|
||||||
// Check authentication response
|
// Check authentication response
|
||||||
require('authdog').finishAuthentication(req.session.u2fchallenge, authResponse, u2fKeys).then(function (authenticationStatus) { func(true); }, function (error) { func(false); });
|
var authdoglib = null;
|
||||||
|
try { authdoglib = require('authdog'); } catch (ex) { }
|
||||||
|
if (authdoglib == null) { func(false); } else {
|
||||||
|
authdoglib.finishAuthentication(req.session.u2fchallenge, authResponse, u2fKeys).then(function (authenticationStatus) { func(true); }, function (error) { console.log(error); func(false); });
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -458,13 +462,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var authdoglib = null;
|
||||||
|
try { authdoglib = require('authdog'); } catch (ex) { }
|
||||||
|
if (authdoglib != null) {
|
||||||
// Get all U2F keys
|
// Get all U2F keys
|
||||||
var u2fKeys = [];
|
var u2fKeys = [];
|
||||||
for (var i = 0; i < user.otphkeys.length; i++) { if (user.otphkeys[i].type == 1) { u2fKeys.push(user.otphkeys[i]); } }
|
for (var i = 0; i < user.otphkeys.length; i++) { if (user.otphkeys[i].type == 1) { u2fKeys.push(user.otphkeys[i]); } }
|
||||||
|
|
||||||
// Generate a U2F challenge
|
// Generate a U2F challenge
|
||||||
if (u2fKeys.length > 0) {
|
if (u2fKeys.length > 0) {
|
||||||
require('authdog').startAuthentication('https://' + obj.parent.certificates.CommonName, u2fKeys, { requestId: 0, timeoutSeconds: 60 }).then(function (registrationRequest) {
|
authdoglib.startAuthentication('https://' + obj.parent.certificates.CommonName, u2fKeys, { requestId: 0, timeoutSeconds: 60 }).then(function (registrationRequest) {
|
||||||
// Save authentication request to session for later use
|
// Save authentication request to session for later use
|
||||||
req.session.u2fchallenge = registrationRequest;
|
req.session.u2fchallenge = registrationRequest;
|
||||||
|
|
||||||
|
|
@ -477,6 +484,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||||
} else {
|
} else {
|
||||||
func('');
|
func('');
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
func('');
|
func('');
|
||||||
}
|
}
|
||||||
|
|
@ -1187,9 +1195,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||||
// If this is a 2 factor auth request, look for a hardware key challenge.
|
// If this is a 2 factor auth request, look for a hardware key challenge.
|
||||||
// Normal login 2 factor request
|
// Normal login 2 factor request
|
||||||
if ((req.session.loginmode == '4') && (req.session.tokenusername)) {
|
if ((req.session.loginmode == '4') && (req.session.tokenusername)) {
|
||||||
var user = obj.users['user/' + domain.id + '/' + req.session.tokenusername];
|
var user = obj.users['user/' + domain.id + '/' + req.session.tokenusername.toLowerCase()];
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
getHardwareKeyChallenge(req, domain, user, function (u2fChallenge) { handleRootRequestLogin(req, res, domain, u2fChallenge, passRequirements); });
|
getHardwareKeyChallenge(req, domain, user, function (hwchallenge) { handleRootRequestLogin(req, res, domain, hwchallenge, passRequirements); });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -1202,7 +1210,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||||
} else {
|
} else {
|
||||||
var user = obj.users[docs[0]._id];
|
var user = obj.users[docs[0]._id];
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
getHardwareKeyChallenge(req, domain, user, function (u2fChallenge) { handleRootRequestLogin(req, res, domain, u2fChallenge, passRequirements); });
|
getHardwareKeyChallenge(req, domain, user, function (hwchallenge) { handleRootRequestLogin(req, res, domain, hwchallenge, passRequirements); });
|
||||||
} else {
|
} else {
|
||||||
req.session = null;
|
req.session = null;
|
||||||
res.redirect(domain.url);
|
res.redirect(domain.url);
|
||||||
|
|
@ -1240,14 +1248,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||||
if (obj.args.minify && !req.query.nominify) {
|
if (obj.args.minify && !req.query.nominify) {
|
||||||
// Try to server the minified version if we can.
|
// Try to server the minified version if we can.
|
||||||
try {
|
try {
|
||||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'login-mobile-min' : 'login-min'), { loginmode: loginmode, rootCertLink: getRootCertLink(), title: domain.title, title2: domain.title2, newAccount: domain.newaccounts, newAccountPass: (((domain.newaccountspass == null) || (domain.newaccountspass == '')) ? 0 : 1), serverDnsName: obj.getWebServerName(domain), serverPublicPort: httpsPort, emailcheck: emailcheck, features: features, sessiontime: args.sessiontime, passRequirements: passRequirements, footer: (domain.footer == null) ? '' : domain.footer, hkey: hardwareKeyChallenge, message: message, passhint: passhint, welcometext: domain.welcometext?encodeURIComponent(domain.welcometext):null });
|
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'login-mobile-min' : 'login-min'), { loginmode: loginmode, rootCertLink: getRootCertLink(), title: domain.title, title2: domain.title2, newAccount: domain.newaccounts, newAccountPass: (((domain.newaccountspass == null) || (domain.newaccountspass == '')) ? 0 : 1), serverDnsName: obj.getWebServerName(domain), serverPublicPort: httpsPort, emailcheck: emailcheck, features: features, sessiontime: args.sessiontime, passRequirements: passRequirements, footer: (domain.footer == null) ? '' : domain.footer, hkey: encodeURIComponent(hardwareKeyChallenge), message: message, passhint: passhint, welcometext: domain.welcometext?encodeURIComponent(domain.welcometext):null });
|
||||||
} catch (ex) {
|
} catch (ex) {
|
||||||
// In case of an exception, serve the non-minified version.
|
// In case of an exception, serve the non-minified version.
|
||||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'login-mobile' : 'login'), { loginmode: loginmode, rootCertLink: getRootCertLink(), title: domain.title, title2: domain.title2, newAccount: domain.newaccounts, newAccountPass: (((domain.newaccountspass == null) || (domain.newaccountspass == '')) ? 0 : 1), serverDnsName: obj.getWebServerName(domain), serverPublicPort: httpsPort, emailcheck: emailcheck, features: features, sessiontime: args.sessiontime, passRequirements: passRequirements, footer: (domain.footer == null) ? '' : domain.footer, hkey: hardwareKeyChallenge, message: message, passhint: passhint, welcometext: domain.welcometext ? encodeURIComponent(domain.welcometext) : null });
|
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'login-mobile' : 'login'), { loginmode: loginmode, rootCertLink: getRootCertLink(), title: domain.title, title2: domain.title2, newAccount: domain.newaccounts, newAccountPass: (((domain.newaccountspass == null) || (domain.newaccountspass == '')) ? 0 : 1), serverDnsName: obj.getWebServerName(domain), serverPublicPort: httpsPort, emailcheck: emailcheck, features: features, sessiontime: args.sessiontime, passRequirements: passRequirements, footer: (domain.footer == null) ? '' : domain.footer, hkey: encodeURIComponent(hardwareKeyChallenge), message: message, passhint: passhint, welcometext: domain.welcometext ? encodeURIComponent(domain.welcometext) : null });
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Serve non-minified version of web pages.
|
// Serve non-minified version of web pages.
|
||||||
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'login-mobile' : 'login'), { loginmode: loginmode, rootCertLink: getRootCertLink(), title: domain.title, title2: domain.title2, newAccount: domain.newaccounts, newAccountPass: (((domain.newaccountspass == null) || (domain.newaccountspass == '')) ? 0 : 1), serverDnsName: obj.getWebServerName(domain), serverPublicPort: httpsPort, emailcheck: emailcheck, features: features, sessiontime: args.sessiontime, passRequirements: passRequirements, footer: (domain.footer == null) ? '' : domain.footer, hkey: hardwareKeyChallenge, message: message, passhint: passhint, welcometext: domain.welcometext ? encodeURIComponent(domain.welcometext) : null });
|
res.render(obj.path.join(obj.parent.webViewsPath, isMobileBrowser(req) ? 'login-mobile' : 'login'), { loginmode: loginmode, rootCertLink: getRootCertLink(), title: domain.title, title2: domain.title2, newAccount: domain.newaccounts, newAccountPass: (((domain.newaccountspass == null) || (domain.newaccountspass == '')) ? 0 : 1), serverDnsName: obj.getWebServerName(domain), serverPublicPort: httpsPort, emailcheck: emailcheck, features: features, sessiontime: args.sessiontime, passRequirements: passRequirements, footer: (domain.footer == null) ? '' : domain.footer, hkey: encodeURIComponent(hardwareKeyChallenge), message: message, passhint: passhint, welcometext: domain.welcometext ? encodeURIComponent(domain.welcometext) : null });
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue