external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

Second fix for mesh link escaping.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2020-12-30 22:18:29 -08:00
parent e879e44713
commit 333c7c7876
2 changed files with 86 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

173
db.js
View file

@ -108,105 +108,104 @@ module.exports.CreateDB = function (parent, func) {
// Add this as a valid user identifier // Add this as a valid user identifier
validIdentifiers[docs[i]._id] = 1; validIdentifiers[docs[i]._id] = 1;
} }
}
// Fix all of the creating & login to ticks by seconds, not milliseconds.
obj.GetAllType('user', function (err, docs) {
if (err != null) { parent.debug('db', 'ERROR (GetAll user): ' + err); }
if ((err == null) && (docs.length > 0)) {
for (var i in docs) {
var fixed = false;
// Fix all of the creating & login to ticks by seconds, not milliseconds. // Add this as a valid user identifier
obj.GetAllType('user', function (err, docs) { validIdentifiers[docs[i]._id] = 1;
if (err != null) { parent.debug('db', 'ERROR (GetAll user): ' + err); }
if ((err == null) && (docs.length > 0)) {
for (var i in docs) {
var fixed = false;
// Add this as a valid user identifier // Fix email address capitalization
validIdentifiers[docs[i]._id] = 1; if (docs[i].email && (docs[i].email != docs[i].email.toLowerCase())) {
docs[i].email = docs[i].email.toLowerCase(); fixed = true;
// Fix email address capitalization
if (docs[i].email && (docs[i].email != docs[i].email.toLowerCase())) {
docs[i].email = docs[i].email.toLowerCase(); fixed = true;
}
// Fix account creation
if (docs[i].creation) {
if (docs[i].creation > 1300000000000) { docs[i].creation = Math.floor(docs[i].creation / 1000); fixed = true; }
if ((docs[i].creation % 1) != 0) { docs[i].creation = Math.floor(docs[i].creation); fixed = true; }
}
// Fix last account login
if (docs[i].login) {
if (docs[i].login > 1300000000000) { docs[i].login = Math.floor(docs[i].login / 1000); fixed = true; }
if ((docs[i].login % 1) != 0) { docs[i].login = Math.floor(docs[i].login); fixed = true; }
}
// Fix last password change
if (docs[i].passchange) {
if (docs[i].passchange > 1300000000000) { docs[i].passchange = Math.floor(docs[i].passchange / 1000); fixed = true; }
if ((docs[i].passchange % 1) != 0) { docs[i].passchange = Math.floor(docs[i].passchange); fixed = true; }
}
// Fix subscriptions
if (docs[i].subscriptions != null) { delete docs[i].subscriptions; fixed = true; }
// Save the user if needed
if (fixed) { obj.Set(docs[i]); }
} }
// Remove all objects that have a "meshid" that no longer points to a valid mesh. // Fix account creation
// Fix any incorrectly escaped user identifiers if (docs[i].creation) {
obj.GetAllType('mesh', function (err, docs) { if (docs[i].creation > 1300000000000) { docs[i].creation = Math.floor(docs[i].creation / 1000); fixed = true; }
if (err != null) { parent.debug('db', 'ERROR (GetAll mesh): ' + err); } if ((docs[i].creation % 1) != 0) { docs[i].creation = Math.floor(docs[i].creation); fixed = true; }
var meshlist = []; }
if ((err == null) && (docs.length > 0)) {
for (var i in docs) {
var meshChange = false;
docs[i] = common.unEscapeLinksFieldName(docs[i]);
meshlist.push(docs[i]._id);
// Make sure all mesh types are number type, if not, fix it. // Fix last account login
if (typeof docs[i].mtype == 'string') { docs[i].mtype = parseInt(docs[i].mtype); meshChange = true; } if (docs[i].login) {
if (docs[i].login > 1300000000000) { docs[i].login = Math.floor(docs[i].login / 1000); fixed = true; }
if ((docs[i].login % 1) != 0) { docs[i].login = Math.floor(docs[i].login); fixed = true; }
}
// Take a look at the links // Fix last password change
if (docs[i].links != null) { if (docs[i].passchange) {
for (var j in docs[i].links) { if (docs[i].passchange > 1300000000000) { docs[i].passchange = Math.floor(docs[i].passchange / 1000); fixed = true; }
if (validIdentifiers[j] == null) { if ((docs[i].passchange % 1) != 0) { docs[i].passchange = Math.floor(docs[i].passchange); fixed = true; }
// This identifier is not known, let see if we can fix it. }
var xid = j, xid2 = common.unEscapeFieldName(xid);
while ((xid != xid2) && (validIdentifiers[xid2] == null)) { xid = xid2; xid2 = common.unEscapeFieldName(xid2); } // Fix subscriptions
if (validIdentifiers[xid2] == 1) { if (docs[i].subscriptions != null) { delete docs[i].subscriptions; fixed = true; }
//console.log('Fixing id: ' + j + ' to ' + common.escapeFieldName(xid2));
docs[i].links[xid2] = docs[i].links[j]; // Save the user if needed
delete docs[i].links[j]; if (fixed) { obj.Set(docs[i]); }
meshChange = true; }
} else {
// TODO: here, we may want to clean up links to users and user groups that do not exist anymore. // Remove all objects that have a "meshid" that no longer points to a valid mesh.
//console.log('Unknown id: ' + j); // Fix any incorrectly escaped user identifiers
} obj.GetAllType('mesh', function (err, docs) {
if (err != null) { parent.debug('db', 'ERROR (GetAll mesh): ' + err); }
var meshlist = [];
if ((err == null) && (docs.length > 0)) {
for (var i in docs) {
var meshChange = false;
docs[i] = common.unEscapeLinksFieldName(docs[i]);
meshlist.push(docs[i]._id);
// Make sure all mesh types are number type, if not, fix it.
if (typeof docs[i].mtype == 'string') { docs[i].mtype = parseInt(docs[i].mtype); meshChange = true; }
// Take a look at the links
if (docs[i].links != null) {
for (var j in docs[i].links) {
if (validIdentifiers[j] == null) {
// This identifier is not known, let see if we can fix it.
var xid = j, xid2 = common.unEscapeFieldName(xid);
while ((xid != xid2) && (validIdentifiers[xid2] == null)) { xid = xid2; xid2 = common.unEscapeFieldName(xid2); }
if (validIdentifiers[xid2] == 1) {
//console.log('Fixing id: ' + j + ' to ' + xid2);
docs[i].links[xid2] = docs[i].links[j];
delete docs[i].links[j];
meshChange = true;
} else {
// TODO: here, we may want to clean up links to users and user groups that do not exist anymore.
//console.log('Unknown id: ' + j);
} }
} }
} }
// Save the updated device group if needed
if (meshChange) { obj.Set(docs[i]); }
} }
}
if ((obj.databaseType == 4) || (obj.databaseType == 5)) {
// MariaDB
sqlDbQuery('DELETE FROM MeshCentral.Main WHERE (extra LIKE ("mesh/%") AND (extra NOT IN ?)', [meshlist], func);
} else if (obj.databaseType == 3) {
// MongoDB
obj.file.deleteMany({ meshid: { $exists: true, $nin: meshlist } }, { multi: true });
} else {
// NeDB or MongoJS
obj.file.remove({ meshid: { $exists: true, $nin: meshlist } }, { multi: true });
}
// We are done // Save the updated device group if needed
validIdentifiers = null; if (meshChange) { obj.Set(docs[i]); }
if (func) { func(); } }
}); }
} if ((obj.databaseType == 4) || (obj.databaseType == 5)) {
}); // MariaDB
} sqlDbQuery('DELETE FROM MeshCentral.Main WHERE (extra LIKE ("mesh/%") AND (extra NOT IN ?)', [meshlist], func);
} else if (obj.databaseType == 3) {
// MongoDB
obj.file.deleteMany({ meshid: { $exists: true, $nin: meshlist } }, { multi: true });
} else {
// NeDB or MongoJS
obj.file.remove({ meshid: { $exists: true, $nin: meshlist } }, { multi: true });
}
// We are done
validIdentifiers = null;
if (func) { func(); }
});
}
});
}); });
}; };
// Get encryption key // Get encryption key

2
meshuser.js
View file

@ -2765,8 +2765,6 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
case 'createmesh': case 'createmesh':
{ {
console.log(command);
var err = null; var err = null;
try { try {
// Check if we have new group restriction // Check if we have new group restriction