Removed SSPI auth retrieveGroups to reduce cookie size.

2025-02-12 11:01:52 +00:00 · 2021-09-02 17:52:37 -07:00 · 2021-09-02 17:52:37 -07:00 · 8b93655638
commit 8b93655638
parent 2bdf6ce6af
2 changed files with 7 additions and 4 deletions
--- a/views/default-mobile.handlebars
+++ b/views/default-mobile.handlebars
@ -6168,7 +6168,8 @@
                else if (n.tag == 'console') gotoDevice(n.nodeid, 15); // Files
                else gotoDevice(n.nodeid, 10); // General
            } else {
-                if ((n.tag != null) && n.tag.startsWith('meshmessenger/')) {
+                if ((n.tag == 'backupcodes') && !xxdialogMode) { account_manageOtp(0); notificationDelete(id); } // 2FA backup codes
                else if ((n.tag != null) && n.tag.startsWith('meshmessenger/')) {
                    safeNewWindow('/messenger?id=' + n.tag + '&title=' + encodeURIComponentEx(n.username), n.tag.split('/')[2]);
                    notificationDelete(id);
                } else if (n.url != null) {
--- a/webserver.js
+++ b/webserver.js
@ -125,7 +125,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
    // Setup SSPI authentication if needed
    if ((obj.parent.platform == 'win32') && (obj.args.nousers != true) && (obj.parent.config != null) && (obj.parent.config.domains != null)) {
-        for (i in obj.parent.config.domains) { if (obj.parent.config.domains[i].auth == 'sspi') { var nodeSSPI = require('node-sspi'); obj.parent.config.domains[i].sspi = new nodeSSPI({ retrieveGroups: true, offerBasic: false }); } }
+        for (i in obj.parent.config.domains) { if (obj.parent.config.domains[i].auth == 'sspi') { var nodeSSPI = require('node-sspi'); obj.parent.config.domains[i].sspi = new nodeSSPI({ retrieveGroups: false, offerBasic: false }); } }
    }
    // Perform hash on web certificate and agent certificate
@ -2454,7 +2454,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
        } else if (req.query.user && req.query.pass) {
            // User credentials are being passed in the URL. WARNING: Putting credentials in a URL is bad security... but people are requesting this option.
            obj.authenticate(req.query.user, req.query.pass, domain, function (err, userid, passhint, loginOptions) {
-                if (obj.parent.authlog) { obj.parent.authLog('https', 'Accepted password for ' + req.connection.user + ' from ' + req.clientIp + ' port ' + req.connection.remotePort); }
+                if (obj.parent.authlog) { obj.parent.authLog('https', 'Accepted password for ' + userid + ' from ' + req.clientIp + ' port ' + req.connection.remotePort); }
                parent.debug('web', 'handleRootRequest: user/pass in URL auth ok.');
                req.session.userid = userid;
                delete req.session.currentNode;
@ -4869,8 +4869,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                if (user == null) { try { res.sendStatus(404); } catch (ex) { } return; }
            }
            if ((req.query.meshaction == 'route') && (req.query.nodeid != null)) {
                var nodeIdSplit = req.query.nodeid.split('/');
                if ((nodeIdSplit[0] != 'node') || (nodeIdSplit[1] != domain.id)) { try { res.sendStatus(401); } catch (ex) { } return; }
                obj.db.Get(req.query.nodeid, function (err, nodes) {
-                    if (nodes.length != 1) { try { res.sendStatus(401); } catch (ex) { } return; }
+                    if ((err != null) || (nodes.length != 1)) { try { res.sendStatus(401); } catch (ex) { } return; }
                    var node = nodes[0];
                    // Create the meshaction.txt file for meshcmd.exe