external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

Update webserver.js - allow saml relaystate in POST request (#6685)

Browse source 
added check for relaystate saml and regex check

added in rest of allowed params

correct formatting on regex string - now evaluates correctly

set relaystate on get request

check for ipv6
This commit is contained in:
nmmclwhitehead 2025-01-26 09:42:48 -05:00 committed by GitHub
parent b46ddf2f70
commit 3ee06abfe8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 36 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
webserver.js
View file

@ -2837,6 +2837,38 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
res.set('Content-Type', 'text/html'); res.set('Content-Type', 'text/html');
let url = domain.url; let url = domain.url;
if (Object.keys(req.query).length > 0) { url += "?" + Object.keys(req.query).map(function(key) { return encodeURIComponent(key) + "=" + encodeURIComponent(req.query[key]); }).join("&"); } if (Object.keys(req.query).length > 0) { url += "?" + Object.keys(req.query).map(function(key) { return encodeURIComponent(key) + "=" + encodeURIComponent(req.query[key]); }).join("&"); }
// check for relaystate is set, test against configured server name and accepted query params
if(req.body.RelayState !== undefined){
var relayState = decodeURIComponent(req.body.RelayState);
var serverName = (obj.getWebServerName(domain, req)).replaceAll('.','\\.');
var regexstr = `(?<=https:\\/\\/(?:.+?\\.)?${serverName}\\/?)` +
`.*((?<=([\\?&])gotodevicename=(.{64})|` +
`gotonode=(.{64})|` +
`gotodeviceip=(((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4})|` +
`gotodeviceip=(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|::([0-9a-fA-F]{1,4}:){1,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:)` +
`lang=(.{5})|` +
`sitestyle=(\\d+)|` +
`user=(.{64})|` +
`pass=(.{256})|` +
`key=|` +
`locale=|` +
`gotomesh=(.{64})|` +
`gotouser=(.{0,64})|` +
`gotougrp=(.{64})|` +
`debug=|` +
`filter=|` +
`webrtc=|` +
`hide=|` +
`viewmode=(\\d+)(?=[\\&]|\\b)))`;
var regex = new RegExp(regexstr);
if(regex.test(relayState)){
url = relayState;
}
}
res.end('<html><head><meta http-equiv="refresh" content=0;url="' + url + '"></head><body></body></html>'); res.end('<html><head><meta http-equiv="refresh" content=0;url="' + url + '"></head><body></body></html>');
} }
@ -6913,6 +6945,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
obj.app.get(url + 'auth-saml', function (req, res, next) { obj.app.get(url + 'auth-saml', function (req, res, next) {
var domain = getDomain(req); var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
//set RelayState when queries are passed
if (Object.keys(req.query).length != 0){
req.query.RelayState = encodeURIComponent(`${req.protocol}://${req.hostname}${req.originalUrl}`.replace('auth-saml/',''))
}
domain.passport.authenticate('saml-' + domain.id, { failureRedirect: domain.url, failureFlash: true })(req, res, next); domain.passport.authenticate('saml-' + domain.id, { failureRedirect: domain.url, failureFlash: true })(req, res, next);
}); });
obj.app.post(url + 'auth-saml-callback', obj.bodyParser.urlencoded({ extended: false }), function (req, res, next) { obj.app.post(url + 'auth-saml-callback', obj.bodyParser.urlencoded({ extended: false }), function (req, res, next) {