external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

You can now limit which users can create login tokens. #3787

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-03-24 15:05:20 -07:00
parent 7d1d0853a0
commit 1356dae4f2
4 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
meshuser.js
View file

@ -4521,7 +4521,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
var err = null;
if (req.session.loginToken != null) { err = "Access denied"; } // Do not allow this command when logged in using a login token
else if ((typeof domain.passwordrequirements == 'object') && (domain.passwordrequirements.logintokens == false)) { err = "Not supported"; } // Login tokens are not supported on this server
else if ((typeof domain.passwordrequirements == 'object') && (domain.passwordrequirements.logintokens === false)) { err = "Not supported"; } // Login tokens are not supported on this server
else if ((typeof domain.passwordrequirements == 'object') && Array.isArray(domain.passwordrequirements.logintokens) && (domain.passwordrequirements.logintokens.indexOf(user._id) < 0)) { err = "Not supported"; } // Login tokens are not supported by this user
else if (common.validateString(command.name, 1, 100) == false) { err = "Invalid name"; } // Check name
else if ((typeof command.expire != 'number') || (command.expire < 0)) { err = "Invalid expire value"; } // Check expire