external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Added 2FA lock feature.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-02-01 09:11:11 -08:00
parent c492f2366e
commit 8e8192a8cd
5 changed files with 80 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

14
views/default-mobile.handlebars
View file

@ -1299,9 +1299,9 @@
applyDesktopSettings();
// Arrange the user interface
QV('manageEmail2FA', features & 0x00800000);
QV('managePhoneNumber1', (features & 0x02000000) && (features & 0x04000000));
QV('managePhoneNumber2', (features & 0x02000000) && !(features & 0x04000000));
QV('manageEmail2FA', (features & 0x00800000) && (serverinfo.lock2factor != true));
QV('managePhoneNumber1', (features & 0x02000000) && (features & 0x04000000) && (serverinfo.lock2factor != true));
QV('managePhoneNumber2', (features & 0x02000000) && !(features & 0x04000000) && (serverinfo.lock2factor != true));
//attemptWebRTC = false; // For now, default WebRTC off unless we set it in the URL.
if (args.webrtc != null) { attemptWebRTC = (args.webrtc == 1); }
@ -1371,8 +1371,8 @@
QV('p2AccountSecurity', ((features & 4) == 0) && (serverinfo.domainauth == false) && ((features & 4096) != 0) && (accountSettingsLocked == false)); // Hide Account Security if in single user mode or domain authentication, 2 factor auth not supported.
QV('p2AccountImage', !accountSettingsLocked);
QV('verifyEmailId', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true));
QV('manageAuthApp', (features & 4096) && ((userinfo.otpsecret == 1) || ((features2 & 0x00020000) == 0)));
QV('manageOtp', (features & 4096) && ((userinfo.otpsecret == 1) || (userinfo.otphkeys > 0)));
QV('manageAuthApp', (serverinfo.lock2factor != true) && (features & 4096) && ((userinfo.otpsecret == 1) || ((features2 & 0x00020000) == 0)));
QV('manageOtp', (serverinfo.lock2factor != true) && (features & 4096) && ((userinfo.otpsecret == 1) || (userinfo.otphkeys > 0)));
QV('authPhoneNumberCheck', (userinfo.phone != null));
QV('authEmailSetupCheck', (userinfo.otpekey == 1) && (userinfo.email != null) && (userinfo.emailVerified == true));
QV('authAppSetupCheck', userinfo.otpsecret == 1);
@ -1685,6 +1685,10 @@
*/
if (message.event.noact) break; // Take no action on this event
switch (message.event.action) {
case 'serverinfochange': {
if (message.event.lock2factor != null) { serverinfo.lock2factor = message.event.lock2factor; updateSelf(); }
break;
}
case 'userWebState': {
// New user web state, update the web page as needed
if (localStorage != null) {

17
views/default.handlebars
View file

@ -2027,9 +2027,9 @@
// Update account actions
QV('p2AccountSecurity', ((features & 4) == 0) && (serverinfo.domainauth == false) && ((features & 4096) != 0) && (accountSettingsLocked == false)); // Hide Account Security if in single user mode or domain authentication, 2 factor auth not supported.
QV('p2AccountActions', !accountSettingsLocked)
QV('managePhoneNumber1', (features & 0x02000000) && (features & 0x04000000));
QV('managePhoneNumber2', (features & 0x02000000) && !(features & 0x04000000));
QV('manageEmail2FA', features & 0x00800000);
QV('managePhoneNumber1', (features & 0x02000000) && (features & 0x04000000) && (serverinfo.lock2factor != true));
QV('managePhoneNumber2', (features & 0x02000000) && !(features & 0x04000000) && (serverinfo.lock2factor != true));
QV('manageEmail2FA', (features & 0x00800000) && (serverinfo.lock2factor != true));
QV('p2AccountPassActions', ((features & 4) == 0) && (serverinfo.domainauth == false) && (userinfo != null) && (userinfo._id.split('/')[2].startsWith('~') == false)); // Hide Account Actions if in single user mode or domain authentication
//QV('p2AccountImage', ((features & 4) == 0) && (serverinfo.domainauth == false)); // If account actions are not visible, also remove the image on that panel
QV('accountCreateLoginTokenSpan', features2 & 0x00000080);
@ -2126,15 +2126,16 @@
var accountSettingsLocked = ((userinfo.siteadmin != 0xFFFFFFFF) && ((userinfo.siteadmin & 1024) != 0));
QV('verifyEmailId', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true));
QV('verifyEmailId2', (userinfo.emailVerified !== true) && (userinfo.email != null) && (serverinfo.emailcheck == true) && (accountSettingsLocked == false));
QV('manageOtp', authFactorCount > 0);
QV('manageOtp', (serverinfo.lock2factor != true) && (authFactorCount > 0));
QV('authPhoneNumberCheck', (userinfo.phone != null));
QV('authEmailSetupCheck', (userinfo.otpekey == 1) && (userinfo.email != null) && (userinfo.emailVerified == true));
QV('authAppSetupCheck', userinfo.otpsecret == 1);
QV('manageAuthApp', (userinfo.otpsecret == 1) || ((features2 & 0x00020000) == 0));
QV('manageAuthApp', (serverinfo.lock2factor != true) && ((userinfo.otpsecret == 1) || ((features2 & 0x00020000) == 0)));
QV('authKeySetupCheck', userinfo.otphkeys > 0);
QV('authPushAuthDevCheck', (userinfo.otpdev > 0) && ((features2 & 0x40) != 0));
QV('authCodesSetupCheck', userinfo.otpkeys > 0);
QV('managePushAuthDev', (features2 & 0x40) && (authFactorCount > 0));
QV('managePushAuthDev', (serverinfo.lock2factor != true) && (features2 & 0x40) && (authFactorCount > 0));
QV('manageHardwareOtp', (serverinfo.lock2factor != true));
mainUpdate(4 + 128 + 4096);
// Check if none or at least 2 factors are enabled.
@ -2838,6 +2839,10 @@
if (message.event.noact) break; // Take no action on this event
switch (message.event.action) {
case 'serverinfochange': {
if (message.event.lock2factor != null) { serverinfo.lock2factor = message.event.lock2factor; updateSelf(); updateSiteAdmin(); }
break;
}
case 'deviceShareUpdate': {
if (message.event.nodeid != deviceSharesReq) break;
deviceSharesNode = message.event.nodeid;