external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Server partially supports hardware login keys.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2019-02-07 20:06:01 -08:00
parent 3910eba2eb
commit 198e949628
47 changed files with 307 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

98
views/default.handlebars
View file

@ -252,6 +252,7 @@
<span id="otpAuth" style="display:none"><a onclick="account_addOtp()" style="cursor:pointer">Add 2-step login</a><br /></span>
<span id="otpAuthRemove" style="display:none"><a onclick="account_removeOtp()" style="cursor:pointer">Remove 2-step login</a><br /></span>
<span id="manageOtp" style="display:none"><a onclick="account_manageOtp(0)" style="cursor:pointer">Manage one time passwords</a><br /></span>
<span id="manageHardwareOtp" style="display:none"><a onclick="account_manageHardwareOtp(0)" style="cursor:pointer">Manage hardware login keys</a><br /></span>
<a onclick="account_showChangeEmail()" style="cursor:pointer">Change email address</a><br />
<a onclick="account_showChangePassword()" style="cursor:pointer">Change password</a><br />
<a onclick="account_showDeleteAccount()" style="cursor:pointer">Delete account</a><br />
@ -1172,6 +1173,7 @@
QV('otpAuth', ((features & 4096) != 0) && (userinfo.otpsecret != 1));
QV('otpAuthRemove', ((features & 4096) != 0) && (userinfo.otpsecret == 1));
QV('manageOtp', ((features & 4096) != 0) && (userinfo.otpsecret == 1));
QV('manageHardwareOtp', ((features & 0x5000) != 0)); // Requires 2-step login + YubiKey support
}
function onMessage(server, message) {
@ -1438,6 +1440,55 @@
setDialogMode(2, "Manage One Time Passwords", 8, null, x, 'otpauth-manage');
break;
}
case 'otp-hkey-get': {
if (xxdialogMode && (xxdialogTag != 'otpauth-hardware-manage')) return;
var start = "<div style='border-radius:6px;border: 2px solid #CCC;background-color:#BBB;width:100%;margin-top:8px'><div style='padding:8px;font-family:Arial, Helvetica, sans-serif;font-size:16px;font-weight:bold'><table style=width:100%;text-align:left>";
var end = "</table></div></div>";
var x = "<a href='https://www.yubico.com/' rel='noreferrer noopener' target='_blank'>Hardware keys</a> are used as secondary login authentication.";
x += "";
if (message.keys && message.keys.length > 0) {
for (var i in message.keys) {
var key = message.keys[i];
x += start + '<tr style=margin:5px><td style=width:30px><img src="images/hardware-key-24.png"><td style=width:250px>' + key.name + "<td><input type=button value='Remove' onclick=account_removehkey(" + key.i + ")></input>" + end;
}
} else {
x += start + '<tr style=text-align:center><td>No Hardware Keys Configured' + end;
}
x += "<br />";
x += "<div><input type=button value='Close' onclick=setDialogMode(0) style=float:right></input>";
//x += "<input type=button value='Add YubiKey' onclick='account_addYubiKey();'></input>";
if (window.u2f) {
x += "<input type=button value='Add Key' onclick='account_addhkey();'></input>";
} else {
x += "No hardware key support on this browser.";
}
x += "</div><br />";
setDialogMode(2, "Manage Hardware Login Keys", 8, null, x, 'otpauth-hardware-manage');
break;
}
case 'otp-hkey-setup-request': {
if (xxdialogMode && (xxdialogTag != 'otpauth-hardware-manage')) return;
var x = "Press the key button now.<br /><br /><div style=width:100%;text-align:center><img src='images/hardware-keypress-120.png' /></div><input id=dp1keyname style=display:none value=" + message.name + " />";
setDialogMode(2, "Add Hardware Login Key", 2, null, x);
window.u2f.register(message.request.appId, [message.request], [], function (registrationResponse) {
if (registrationResponse.errorCode == 0) {
meshserver.send({ action: 'otp-hkey-setup-response', request: message.request, response: registrationResponse, name: Q('dp1keyname').value });
setDialogMode(2, "Add Hardware Login Key", 0, null, '<br />Checking...<br /><br /><br />', 'otpauth-hardware-manage');
} else {
setDialogMode(0);
}
});
break;
}
case 'otp-hkey-setup-response': {
if (xxdialogMode && (xxdialogTag != 'otpauth-hardware-manage')) return;
if (message.result == true) {
meshserver.send({ action: 'otp-hkey-get' }); // Success, ask for the full list of keys.
} else {
setDialogMode(2, "Add Hardware Login Key", 1, null, '<br />ERROR: Unable to add key.<br /><br />', 'otpauth-hardware-manage');
}
break;
}
case 'event': {
if (!message.event.nolog) {
events.unshift(message.event);
@ -5174,8 +5225,8 @@
// Called then user presses the "Change Core" button
function p15uploadCore(e) {
if (xxdialogMode) return;
if (e.shiftKey == true) { meshserver.send({ action: 'uploadagentcore', nodeid: consoleNode._id, path:'*' }); } // Upload default core
else if (e.altKey == true) { meshserver.send({ action: 'uploadagentcore', nodeid: consoleNode._id }); } // Clear the core
if (e.shiftKey == true) { meshserver.send({ action: 'uploadagentcore', nodeid: consoleNode._id, type: 'default' }); } // Upload default core
else if (e.altKey == true) { meshserver.send({ action: 'uploadagentcore', nodeid: consoleNode._id, type: 'clear' }); } // Clear the core
else if (e.ctrlKey == true) { p15uploadCore2(); } // Upload the core from a file
else { setDialogMode(2, "Change Mesh Agent Core", 3, p15uploadCoreEx, '<select id=d3coreMode style=float:right;width:260px><option value=1>Upload default server core</option><option value=2>Clear the core</option><option value=6>Upload recovery core</option><option value=3>Upload a core file</option><option value=4>Soft disconnect agent</option><option value=5>Hard disconnect agent</option></select><div>Change Core</div>'); }
}
@ -5250,6 +5301,49 @@
meshserver.send({ action: 'otpauth-getpasswords', subaction: action });
}
function account_manageHardwareOtp() {
if ((xxdialogMode == 2) && (xxdialogTag == 'otpauth-hardware-manage')) { dialogclose(0); }
if (xxdialogMode || ((features & 4096) == 0)) return;
meshserver.send({ action: 'otp-hkey-get' });
}
function account_addhkey() {
var x = "Type in the name of the key to add.<br /><br />";
x += addHtmlValue('Key Name', '<input id=dp1keyname style=width:230px maxlength=20 autocomplete=off onchange=account_addhkeyValidate() onkeyup=account_addhkeyValidate() />');
setDialogMode(2, "Add Hardware Login Key", 3, account_addhkeyEx, x);
account_addhkeyValidate();
}
function account_addhkeyValidate() {
QE('idx_dlgOkButton', (Q('dp1keyname').value.length > 0));
}
function account_addhkeyEx() {
meshserver.send({ action: 'otp-hkey-setup-request', name: Q('dp1keyname').value });
}
function account_addYubiKey() {
if (xxdialogMode && (xxdialogTag != 'otpauth-hardware-manage')) return;
var x = "Type in a name for the key and press button on the key to register the new hardware key.<br /><br />";
x += addHtmlValue('Key Name', '<input id=dp1keyname style=width:230px maxlength=20 autocomplete=off onchange=account_addYubiKeyValidate() onkeyup=account_addYubiKeyValidate() />');
x += addHtmlValue('Key Token', '<input id=dp1keytoken style=width:230px maxlength=2048 autocomplete=off onchange=account_addYubiKeyValidate() onkeyup=account_addYubiKeyValidate() />');
setDialogMode(2, "Add Yubikey", 3, account_addYubiKeyEx, x);
account_addYubiKeyValidate();
}
function account_addYubiKeyValidate() {
QE('idx_dlgOkButton', (Q('dp1keyname').value.length > 0) && (Q('dp1keytoken').value.length > 0));
}
function account_addYubiKeyEx() {
meshserver.send({ action: 'otp-hkey-yubikey-add', name: Q('dp1keyname').value, otp: Q('dp1keytoken').value });
}
function account_removehkey(index) {
meshserver.send({ action: 'otp-hkey-remove', index: index });
meshserver.send({ action: 'otp-hkey-get' });
}
function account_showVerifyEmail() {
if (xxdialogMode || (userinfo.emailVerified == true) || (serverinfo.emailcheck != true)) return;
var x = "Click ok to send a verification mail to:<br /><div style=padding:8px><b>" + EscapeHtml(userinfo.email) + "</b></div>Please wait a few minute to receive the verification.";