external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Fixed Duo 2FA security.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2024-12-31 10:37:09 -08:00
parent 5da849063b
commit f80ba62cfc
3 changed files with 113 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

5
meshuser.js
View file

@ -3645,14 +3645,13 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1024) != 0)) return; // If this account is settings locked, return here.
// Check input
if (typeof command.enabled != 'boolean') return;
if ((typeof command.enabled != 'boolean') || (command.enabled != false)) return;
// See if we really need to change the state
if ((command.enabled === true) && (user.otpduo != null)) return;
if ((command.enabled === false) && (user.otpduo == null)) return;
// Change the duo 2FA of this user
if (command.enabled === true) { user.otpduo = {}; } else { delete user.otpduo; }
delete user.otpduo;
parent.db.SetUser(user);
ws.send(JSON.stringify({ action: 'otpduo', success: true, enabled: command.enabled })); // Report success