Added new account invitation system.

2025-03-09 15:40:18 +00:00 · 2019-07-22 16:00:43 -07:00 · 2019-07-22 16:00:43 -07:00 · bbb98c6c6d
commit bbb98c6c6d
parent 7292fa116b
5 changed files with 51 additions and 9 deletions
--- a/meshuser.js
+++ b/meshuser.js
@ -1139,6 +1139,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                    // If the email is the username, set this here.
                    if (domain.usernameisemail) { if (command.email) { command.username = command.email; } else { command.email = command.username; } }

+                    // Randomize the password if needed
+                    if (command.randomPassword === true) { command.pass = getRandomPassword(); }
+
                    // Add a new user account
                    var err = null, newusername, newuserid;
                    try {
@ -1147,7 +1150,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                        else if (common.validateUsername(command.username, 1, 256) == false) { err = 'Invalid username'; } // Username is between 1 and 64 characters, no spaces
                        else if (common.validateString(command.pass, 1, 256) == false) { err = 'Invalid password'; } // Password is between 1 and 256 characters
                        else if (command.username.indexOf('/') >= 0) { err = 'Invalid username'; } // Usernames can't have '/'
-                        else if (common.checkPasswordRequirements(command.pass, domain.passwordrequirements) == false) { err = 'Invalid password'; } // Password does not meet requirements
+                        else if ((command.randomPassword !== true) && (common.checkPasswordRequirements(command.pass, domain.passwordrequirements) == false)) { err = 'Invalid password'; } // Password does not meet requirements
                        else if ((command.email != null) && (common.validateEmail(command.email, 1, 1024) == false)) { err = 'Invalid email'; } // Check if this is a valid email address
                        else {
                            newusername = command.username;
@ -1210,6 +1213,11 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                                    if (parent.db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to create the user. Another event will come.
                                    parent.parent.DispatchEvent(targets, obj, event);

+                                    // Perform email invitation
+                                    if ((command.emailInvitation == true) && (command.emailVerified == true) && command.email && parent.parent.mailserver) {
+                                        parent.parent.mailserver.sendAccountInviteMail(domain, user.name, newusername, command.email.toLowerCase(), command.pass);
+                                    }
+
                                    // OK Response
                                    if (command.responseid != null) { try { ws.send(JSON.stringify({ action: 'adduser', responseid: command.responseid, result: 'ok' })); } catch (ex) { } }
                                } else {
@ -2857,6 +2865,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use

    // Clean a IPv6 address that encodes a IPv4 address
    function cleanRemoteAddr(addr) { if (addr.startsWith('::ffff:')) { return addr.substring(7); } else { return addr; } }
+    function getRandomPassword() { return Buffer.from(parent.crypto.randomBytes(9), 'binary').toString('base64').split('/').join('@'); }

    return obj;
 };