Added support for banning common passwords.

2025-03-09 15:40:18 +00:00 · 2020-08-16 13:44:54 -07:00 · 2020-08-16 13:44:54 -07:00 · 29a0392df3
commit 29a0392df3
parent 23e3293aa6
5 changed files with 36 additions and 11 deletions
--- a/meshcentral.js
+++ b/meshcentral.js
@ -2646,6 +2646,9 @@ function mainStart() {
        // Lowercase the auth value if present
        for (var i in config.domains) { if (typeof config.domains[i].auth == 'string') { config.domains[i].auth = config.domains[i].auth.toLowerCase(); } }

+        // Get the current node version
+        var nodeVersion = Number(process.version.match(/^v(\d+\.\d+)/)[1]);
+
        // Check if Windows SSPI, LDAP, Passport and YubiKey OTP will be used
        var sspi = false;
        var ldap = false;
@ -2655,6 +2658,7 @@ function mainStart() {
        var mstsc = false;
        var recordingIndex = false;
        var domainCount = 0;
+        var wildleek = false;
        if (require('os').platform() == 'win32') { for (var i in config.domains) { domainCount++; if (config.domains[i].auth == 'sspi') { sspi = true; } else { allsspi = false; } } } else { allsspi = false; }
        if (domainCount == 0) { allsspi = false; }
        for (var i in config.domains) {
@ -2672,11 +2676,9 @@ function mainStart() {
                if ((typeof config.domains[i].authstrategies.saml == 'object') || (typeof config.domains[i].authstrategies.jumpcloud == 'object')) { passport.push('passport-saml'); }
            }
            if ((config.domains[i].sessionrecording != null) && (config.domains[i].sessionrecording.index == true)) { recordingIndex = true; }
+            if ((config.domains[i].passwordrequirements != null) && (config.domains[i].passwordrequirements.bancommonpasswords == true)) { if (nodeVersion < 8) { config.domains[i].passwordrequirements = false; addServerWarning('Common password checking requires NodeJS v8 or above.'); } else { wildleek = true; } }
        }

-        // Get the current node version
-        var nodeVersion = Number(process.version.match(/^v(\d+\.\d+)/)[1]);
-
        // Build the list of required modules
        var modules = ['ws', 'cbor', 'nedb', 'https', 'yauzl', 'xmldom', 'ipcheck', 'express', 'archiver@4.0.2', 'multiparty', 'node-forge', 'express-ws', 'compression', 'body-parser', 'connect-redis', 'cookie-session', 'express-handlebars'];
        if (require('os').platform() == 'win32') { modules.push('node-windows@0.1.14'); if (sspi == true) { modules.push('node-sspi'); } } // Add Windows modules
@ -2702,6 +2704,9 @@ function mainStart() {
        // Setup encrypted zip support if needed
        if (config.settings.autobackup && config.settings.autobackup.zippassword) { modules.push('archiver-zip-encrypted'); }

+        // Setup common password blocking
+        if (wildleek == true) { modules.push('wildleek@2.0.0'); }
+
        // Setup 2nd factor authentication
        if (config.settings.no2factorauth !== true) {
            // Setup YubiKey OTP if configured