mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 06:05:53 -05:00
Added option to force 2 factor auth setup
This commit is contained in:
parent
d9d056359e
commit
ff226d3f03
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "meshcentral",
|
"name": "meshcentral",
|
||||||
"version": "0.3.2-c",
|
"version": "0.3.2-d",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Remote Management",
|
"Remote Management",
|
||||||
"Intel AMT",
|
"Intel AMT",
|
||||||
|
@ -49,7 +49,7 @@
|
|||||||
"_NewAccountEmailDomains": [ "sample.com" ],
|
"_NewAccountEmailDomains": [ "sample.com" ],
|
||||||
"Footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>",
|
"Footer": "<a href='https://twitter.com/mytwitter'>Twitter</a>",
|
||||||
"_CertUrl": "https://192.168.2.106:443/",
|
"_CertUrl": "https://192.168.2.106:443/",
|
||||||
"_PasswordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90 },
|
"_PasswordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1, "reset": 90, "force2factor": true },
|
||||||
"_AgentNoProxy": true,
|
"_AgentNoProxy": true,
|
||||||
"_GeoLocation": true,
|
"_GeoLocation": true,
|
||||||
"_UserAllowedIP": "127.0.0.1,192.168.1.0/24",
|
"_UserAllowedIP": "127.0.0.1,192.168.1.0/24",
|
||||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -1165,8 +1165,11 @@
|
|||||||
function account_createMesh() {
|
function account_createMesh() {
|
||||||
if (xxdialogMode) return;
|
if (xxdialogMode) return;
|
||||||
|
|
||||||
// Check if we are allowed to create a new device group
|
// Remind the user to verify the email address
|
||||||
if ((userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true) && (userinfo.siteadmin != 0xFFFFFFFF)) { setDialogMode(2, "New Device Group", 1, null, "Unable to create a new device group until the email address is verified. Go to the \"My Account\" menu option to change and verify an email address."); return; }
|
if ((userinfo.emailVerified !== true) && (serverinfo.emailcheck == true) && (userinfo.siteadmin != 0xFFFFFFFF)) { setDialogMode(2, "Account Security", 1, null, "Unable to access a device until a email address is verified. This is required for password recovery. Go to the \"My Account\" to change and verify an email address."); return; }
|
||||||
|
|
||||||
|
// Remind the user to add two factor authentication
|
||||||
|
if ((features & 0x00040000) && !((userinfo.otpsecret == 1) || (userinfo.otphkeys > 0) || (userinfo.otpkeys > 0))) { setDialogMode(2, "Account Security", 1, null, "Unable to access a device until two-factor authentication is enabled. This is required for extra security. Go to the \"My Account\" and look at the \"Account Security\" section."); return; }
|
||||||
|
|
||||||
// We are allowed, let's prompt to information
|
// We are allowed, let's prompt to information
|
||||||
var x = addHtmlValue('Name', '<input id=dp3meshname style=width:170px maxlength=64 onchange=account_validateMeshCreate() onkeyup=account_validateMeshCreate() />');
|
var x = addHtmlValue('Name', '<input id=dp3meshname style=width:170px maxlength=64 onchange=account_validateMeshCreate() onkeyup=account_validateMeshCreate() />');
|
||||||
@ -1701,6 +1704,13 @@
|
|||||||
var powerTimeline = null;
|
var powerTimeline = null;
|
||||||
function getCurrentNode() { return currentNode; };
|
function getCurrentNode() { return currentNode; };
|
||||||
function gotoDevice(nodeid, panel, refresh) {
|
function gotoDevice(nodeid, panel, refresh) {
|
||||||
|
|
||||||
|
// Remind the user to verify the email address
|
||||||
|
if ((userinfo.emailVerified !== true) && (serverinfo.emailcheck == true) && (userinfo.siteadmin != 0xFFFFFFFF)) { setDialogMode(2, "Account Security", 1, null, "Unable to access a device until a email address is verified. This is required for password recovery. Go to the \"My Account\" to change and verify an email address."); return; }
|
||||||
|
|
||||||
|
// Remind the user to add two factor authentication
|
||||||
|
if ((features & 0x00040000) && !((userinfo.otpsecret == 1) || (userinfo.otphkeys > 0) || (userinfo.otpkeys > 0))) { setDialogMode(2, "Account Security", 1, null, "Unable to access a device until two-factor authentication is enabled. This is required for extra security. Go to the \"My Account\" and look at the \"Account Security\" section."); return; }
|
||||||
|
|
||||||
var node = getNodeFromId(nodeid);
|
var node = getNodeFromId(nodeid);
|
||||||
if (node == null) { goBack(); return; }
|
if (node == null) { goBack(); return; }
|
||||||
var mesh = meshes[node.meshid];
|
var mesh = meshes[node.meshid];
|
||||||
|
@ -751,7 +751,7 @@
|
|||||||
<option value=8>Last 8 hours</option>
|
<option value=8>Last 8 hours</option>
|
||||||
<option value=24>Last day</option>
|
<option value=24>Last day</option>
|
||||||
<option value=168>Last week</option>
|
<option value=168>Last week</option>
|
||||||
<option value=5040>Last 30 days</option>
|
<option value=720>Last 30 days</option>
|
||||||
</select>
|
</select>
|
||||||
<img src=images/link4.png height=10 width=10 title="Download data points (.csv)" style=cursor:pointer onclick=p40downloadEvents()>
|
<img src=images/link4.png height=10 width=10 title="Download data points (.csv)" style=cursor:pointer onclick=p40downloadEvents()>
|
||||||
</div>
|
</div>
|
||||||
@ -3558,8 +3558,11 @@
|
|||||||
function getCurrentNode() { return currentNode; };
|
function getCurrentNode() { return currentNode; };
|
||||||
function gotoDevice(nodeid, panel, refresh, event) {
|
function gotoDevice(nodeid, panel, refresh, event) {
|
||||||
|
|
||||||
// Check if we are allowed to create a new device group
|
// Remind the user to verify the email address
|
||||||
if ((userinfo.emailVerified !== true) && (serverinfo.emailcheck == true) && (userinfo.siteadmin != 0xFFFFFFFF)) { setDialogMode(2, "New Device Group", 1, null, "Unable to create a new device group until a email address is verified. This is required for password recovery. Go to the \"My Account\" tab to change and verify an email address."); return; }
|
if ((userinfo.emailVerified !== true) && (serverinfo.emailcheck == true) && (userinfo.siteadmin != 0xFFFFFFFF)) { setDialogMode(2, "Account Security", 1, null, "Unable to access a device until a email address is verified. This is required for password recovery. Go to the \"My Account\" tab to change and verify an email address."); return; }
|
||||||
|
|
||||||
|
// Remind the user to add two factor authentication
|
||||||
|
if ((features & 0x00040000) && !((userinfo.otpsecret == 1) || (userinfo.otphkeys > 0) || (userinfo.otpkeys > 0))) { setDialogMode(2, "Account Security", 1, null, "Unable to access a device until two-factor authentication is enabled. This is required for extra security. Go to the \"My Account\" tab and look at the \"Account Security\" section."); return; }
|
||||||
|
|
||||||
if (event && (event.shiftKey == true)) {
|
if (event && (event.shiftKey == true)) {
|
||||||
// Open the device in a different tab
|
// Open the device in a different tab
|
||||||
@ -5783,8 +5786,11 @@
|
|||||||
// Check if we are disallowed from creating a device group
|
// Check if we are disallowed from creating a device group
|
||||||
if ((userinfo.siteadmin != 0xFFFFFFFF) && ((userinfo.siteadmin & 64) != 0)) { setDialogMode(2, "New Device Group", 1, null, "This account does not have the rights to create a new device group."); return; }
|
if ((userinfo.siteadmin != 0xFFFFFFFF) && ((userinfo.siteadmin & 64) != 0)) { setDialogMode(2, "New Device Group", 1, null, "This account does not have the rights to create a new device group."); return; }
|
||||||
|
|
||||||
// Check if we are allowed to create a new device group
|
// Remind the user to verify the email address
|
||||||
if ((userinfo.emailVerified !== true) && (serverinfo.emailcheck == true) && (userinfo.siteadmin != 0xFFFFFFFF)) { setDialogMode(2, "New Device Group", 1, null, "Unable to create a new device group until a email address is verified. This is required for password recovery. Go to the \"My Account\" tab to change and verify an email address."); return; }
|
if ((userinfo.emailVerified !== true) && (serverinfo.emailcheck == true) && (userinfo.siteadmin != 0xFFFFFFFF)) { setDialogMode(2, "Account Security", 1, null, "Unable to access a device until a email address is verified. This is required for password recovery. Go to the \"My Account\" tab to change and verify an email address."); return; }
|
||||||
|
|
||||||
|
// Remind the user to add two factor authentication
|
||||||
|
if ((features & 0x00040000) && !((userinfo.otpsecret == 1) || (userinfo.otphkeys > 0) || (userinfo.otpkeys > 0))) { setDialogMode(2, "Account Security", 1, null, "Unable to access a device until two-factor authentication is enabled. This is required for extra security. Go to the \"My Account\" tab and look at the \"Account Security\" section."); return; }
|
||||||
|
|
||||||
// We are allowed, let's prompt to information
|
// We are allowed, let's prompt to information
|
||||||
var x = "Create a new device group using the options below.<br /><br />";
|
var x = "Create a new device group using the options below.<br /><br />";
|
||||||
|
@ -1174,6 +1174,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
if (domain.geolocation == true) { features += 0x00008000; } // Enable geo-location features
|
if (domain.geolocation == true) { features += 0x00008000; } // Enable geo-location features
|
||||||
if ((domain.passwordrequirements != null) && (domain.passwordrequirements.hint === true)) { features += 0x00010000; } // Enable password hints
|
if ((domain.passwordrequirements != null) && (domain.passwordrequirements.hint === true)) { features += 0x00010000; } // Enable password hints
|
||||||
if ((parent.config.settings.no2factorauth !== true) && (obj.f2l != null)) { features += 0x00020000; } // Enable WebAuthn/FIDO2 support
|
if ((parent.config.settings.no2factorauth !== true) && (obj.f2l != null)) { features += 0x00020000; } // Enable WebAuthn/FIDO2 support
|
||||||
|
if ((obj.args.nousers != true) && (domain.passwordrequirements != null) && (domain.passwordrequirements.force2factor === true)) { features += 0x00040000; } // Force 2-factor auth
|
||||||
|
|
||||||
// Create a authentication cookie
|
// Create a authentication cookie
|
||||||
const authCookie = obj.parent.encodeCookie({ userid: user._id, domainid: domain.id }, obj.parent.loginCookieEncryptionKey);
|
const authCookie = obj.parent.encodeCookie({ userid: user._id, domainid: domain.id }, obj.parent.loginCookieEncryptionKey);
|
||||||
|
Loading…
Reference in New Issue
Block a user