external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Fix for #2773.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2021-06-14 14:36:00 -07:00
parent 8668a4449c
commit b926196d0a
2 changed files with 27 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

52
webserver.js
View file

@ -408,7 +408,32 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Authenticate the user
obj.authenticate = function (name, pass, domain, fn) {
if ((typeof (name) != 'string') || (typeof (pass) != 'string') || (typeof (domain) != 'object')) { fn(new Error('invalid fields')); return; }
if (domain.auth == 'ldap') {
if (name.startsWith('~t:')) {
// Login token, try to fetch the token from the database
obj.db.Get('logintoken-' + name, function (err, docs) {
if (err != null) { fn(err); return; }
if ((docs == null) || (docs.length != 1)) { fn(new Error('login token not found')); return; }
const loginToken = docs[0];
if ((loginToken.expire != 0) && (loginToken.expire < Date.now())) { fn(new Error('login token expired')); return; }
// Default strong password hashing (pbkdf2 SHA384)
require('./pass').hash(pass, loginToken.salt, function (err, hash, tag) {
if (err) return fn(err);
if (hash == loginToken.hash) {
// Login username and password are valid.
var user = obj.users[loginToken.userid];
if (!user) { fn(new Error('cannot find user')); return; }
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
// Succesful login token authentication
var loginOptions = { tokenName: loginToken.name, tokenUser: loginToken.tokenUser };
if (loginToken.expire != 0) { loginOptions.expire = loginToken.expire; }
return fn(null, user._id, null, loginOptions);
}
fn(new Error('invalid password'));
}, 0);
});
} else if (domain.auth == 'ldap') {
if (domain.ldapoptions.url == 'test') {
// Fake LDAP login
var xxuser = domain.ldapoptions[name.toLowerCase()];
@ -633,31 +658,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
});
}
} else if (name.startsWith('~t:')) {
// Login token, try to fetch the token from the database
obj.db.Get('logintoken-' + name, function (err, docs) {
if (err != null) { fn(err); return; }
if ((docs == null) || (docs.length != 1)) { fn(new Error('login token not found')); return; }
const loginToken = docs[0];
if ((loginToken.expire != 0) && (loginToken.expire < Date.now())) { fn(new Error('login token expired')); return; }
// Default strong password hashing (pbkdf2 SHA384)
require('./pass').hash(pass, loginToken.salt, function (err, hash, tag) {
if (err) return fn(err);
if (hash == loginToken.hash) {
// Login username and password are valid.
var user = obj.users[loginToken.userid];
if (!user) { fn(new Error('cannot find user')); return; }
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
// Succesful login token authentication
var loginOptions = { tokenName: loginToken.name, tokenUser: loginToken.tokenUser };
if (loginToken.expire != 0) { loginOptions.expire = loginToken.expire; }
return fn(null, user._id, null, loginOptions);
}
fn(new Error('invalid password'));
}, 0);
});
} else {
// Regular login
var user = obj.users['user/' + domain.id + '/' + name.toLowerCase()];