* Add the ability to set TLS cipher suites
Added config option to set the TLS ciphers instead of relying on a hardcoded list of ciphers determined by meshcentral.
* Added option to use default node ciphers
This allows the ciphers used to be set to the recommended ciphers by nodejs, as well as allowing the user to override the ciphers using the "--tls-cipher-list" command line switch for node.
* Updated validArguments array to include "usenodedefaulttlsciphers" and "tlsciphers" as options
* Create forksync.yml
* update oidc to use openid-client
* update oidc module requirements
* working oidc+
includes all oauth2 clients automatically migrated. azure will need some kind of fix for the uid
* update openid-client install checks
* created overarching schema for OIDC
* bug fixs for azure login
* update schema
prepare schema for unified oidc module
* update 'oidc' to strategy variable
* working azure+ groups
groups from azure are in,
you can use memberOf or transitiveMemberOf in config (Graphs API)
* clean up old config import + working google oidc
previous config map was recursive nonsense, changed to multiple IFs
* added convertStrArray
* de-expanded scope
put all other auth strategies back to normal and fixed oidc strategy
* swap back to using authlog debugger
* Update meshcentral-config-schema.json
* working google oidc + groups
* working azure+groups (again)
* init oidc docs
very incomplete but basic config is present
* add oidc
* more work on docs
* add scope and claim options
plus fixed a few bugs and faults in my logic
used logs correctly
* further cleanup debug
* more debug cleanup
* continue documentation push
fixed minor debug bugs also
* more work on docs
missing links, need to get azure preset docs, probably more.
* done with docs
its good enough for now
* minor fix + presets get correct icon
* fix google oidc not visible at login
* fix bug with emailVerified property
* fix logout bug + debug cleanup
* fix strategy logout bug +cleanup
* fixed preset login icon
* fix alert + fix schema
* terminate lines
* Dutch language update 1.0.85
line up polish translation
* Fixed guest web relay session revocation (#4667)
* Updated French translation.
* Add hook to allow adding custom api endpoints to Express routing
* Updated German translation.
* Update meshcentral-config-schema.json (change formatting)
This way it is easier to edit and maintain
* Fixed schema.
* fix meshcentral-config-schema.json
* add language selector to login (#5648)
* add language selector to login
* add showLanguageSelect to pick top or bottom boxe
* remove additionalProperties: false in schema to allow comments #5697
Signed-off-by: si458 <simonsmith5521@gmail.com>
* fix notes in docs
* Fix web relay session handling and redirection due to bad merge
* Added option to check HTTP origin.
* add links and fix typo
* move groups after strategy
* Update version split in docs
* Fix preset issuer URL in OIDC strategy
* Update clientid and clientsecret to client_id and client_secret
* Update meshcentral-config-schema.json and fix bad rebase
* Update meshcentral-config-schema.json
* fix bad rebase
* fix bad rebase
* Add 'connect-flash' to passport dependencies
* Remove unnecessary passport dependencies - fix bad rebase
* Fix auth strategy bug and remove console.log statement
* Set groupType to the preset name if it exists, otherwise use the strategy name
* remove finally block from
* Refactor authentication logging in handleStrategyLogin to include strategy name
---------
Signed-off-by: si458 <simonsmith5521@gmail.com>
Co-authored-by: petervanv <58996467+petervanv@users.noreply.github.com>
Co-authored-by: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Co-authored-by: Martin Mädler <martin.maedler@gmail.com>
Co-authored-by: Fausto Gutierrez <28719096+faustogut@users.noreply.github.com>
Co-authored-by: Simon Smith <simonsmith5521@gmail.com>
* allow setting meshcentral assistant type for agentinvites
Signed-off-by: si458 <simonsmith5521@gmail.com>
* forgot webserver for assistantTypeAgentInvite
Signed-off-by: si458 <simonsmith5521@gmail.com>
* dont use capital letters with domain args
Signed-off-by: si458 <simonsmith5521@gmail.com>
---------
Signed-off-by: si458 <simonsmith5521@gmail.com>
* add android apk to web ui
Signed-off-by: Simon Smith <simonsmith5521@gmail.com>
* add amazon and google buttons instead
Signed-off-by: Simon Smith <simonsmith5521@gmail.com>
* add android link and brand icons to agentinvite
Signed-off-by: Simon Smith <simonsmith5521@gmail.com>
* oops change mysql back
Signed-off-by: Simon Smith <simonsmith5521@gmail.com>
* add android to agentinvite selector
Signed-off-by: Simon Smith <simonsmith5521@gmail.com>
* forgot paragraph begin
Signed-off-by: Simon Smith <simonsmith5521@gmail.com>
---------
Signed-off-by: Simon Smith <simonsmith5521@gmail.com>
- fix: ensure TLS is used when TLS is enabled
- add constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION for TLS client connection for newer Nodejs
- ensure nc of AMT redirection Digest authentication to have at 8 bytes length
passport-openidconnect adds the 'openid' scope to the request, regardless of if its already there.
removed 'openid' scope
removed unused 'groups' scope
