mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-22 22:17:31 +03:00
More OAuth work.
This commit is contained in:
parent
55f7ba89b1
commit
23f087c460
@ -2555,6 +2555,7 @@ function mainStart() {
|
||||
if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.apikey == 'string') && (typeof config.domains[i].authstrategies.twitter.apisecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
|
||||
if ((typeof config.domains[i].authstrategies.google == 'object') && (typeof config.domains[i].authstrategies.google.clientid == 'string') && (typeof config.domains[i].authstrategies.google.clientsecret == 'string') && (passport.indexOf('passport-google-oauth20') == -1)) { passport.push('passport-google-oauth20'); }
|
||||
if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); }
|
||||
if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); }
|
||||
}
|
||||
if ((config.domains[i].sessionrecording != null) && (config.domains[i].sessionrecording.index == true)) { recordingIndex = true; }
|
||||
}
|
||||
|
BIN
public/images/login/intel32.png
Normal file
BIN
public/images/login/intel32.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.0 KiB |
BIN
public/images/login/intel64.png
Normal file
BIN
public/images/login/intel64.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.2 KiB |
BIN
public/images/login/reddit32.png
Normal file
BIN
public/images/login/reddit32.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.5 KiB |
BIN
public/images/login/reddit64.png
Normal file
BIN
public/images/login/reddit64.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 4.4 KiB |
@ -1891,7 +1891,7 @@
|
||||
"ru": "Действия учетной записи",
|
||||
"zh-chs": "帳戶動作",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->0"
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->0"
|
||||
]
|
||||
},
|
||||
{
|
||||
@ -1948,7 +1948,7 @@
|
||||
"default-mobile.handlebars->9->154",
|
||||
"default-mobile.handlebars->9->62",
|
||||
"default-mobile.handlebars->9->64",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->1->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->1->0",
|
||||
"default.handlebars->25->1115",
|
||||
"default.handlebars->25->1117",
|
||||
"default.handlebars->25->461",
|
||||
@ -5066,7 +5066,7 @@
|
||||
"ru": "Смена email",
|
||||
"zh-chs": "更改電子郵件地址",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->5->changeEmailId->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->5->changeEmailId->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->p2AccountPassActions->accountChangeEmailAddressSpan->0"
|
||||
]
|
||||
},
|
||||
@ -5084,7 +5084,7 @@
|
||||
"ru": "Смена пароля",
|
||||
"zh-chs": "更改密碼",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->7->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->7->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->p2AccountPassActions->3"
|
||||
]
|
||||
},
|
||||
@ -7630,7 +7630,7 @@
|
||||
"ru": "Удалить учетную запись",
|
||||
"zh-chs": "刪除帳戶",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->9->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->9->0",
|
||||
"default.handlebars->25->1442",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->p2AccountPassActions->7"
|
||||
]
|
||||
@ -15495,6 +15495,13 @@
|
||||
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->7->1->4->3"
|
||||
]
|
||||
},
|
||||
{
|
||||
"en": "Log in using an existing account",
|
||||
"xloc": [
|
||||
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->3",
|
||||
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->3"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cs": "Log-X",
|
||||
"de": "Logarithmische Skala",
|
||||
@ -16157,7 +16164,7 @@
|
||||
"ru": "Управление приложением для проверки подлинности",
|
||||
"zh-chs": "管理身份驗證器應用",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageAuthApp->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageAuthApp->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageAuthApp->1->0"
|
||||
]
|
||||
},
|
||||
@ -16175,7 +16182,7 @@
|
||||
"ru": "Управление резервными кодами",
|
||||
"zh-chs": "管理備用碼",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageOtp->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageOtp->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageOtp->1->0"
|
||||
]
|
||||
},
|
||||
@ -16193,7 +16200,7 @@
|
||||
"ru": "Управление аутентификацией электронной почты",
|
||||
"zh-chs": "管理電子郵件身份驗證",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageEmail2FA->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageEmail2FA->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageEmail2FA->1->0"
|
||||
]
|
||||
},
|
||||
@ -16207,8 +16214,8 @@
|
||||
"nl": "Beheer telefoonnummer",
|
||||
"zh-chs": "管理电话号码",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->managePhoneNumber1->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->1->managePhoneNumber2->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->1->managePhoneNumber2->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->managePhoneNumber1->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->managePhoneNumber2->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->managePhoneNumber1->1->0"
|
||||
]
|
||||
@ -23900,6 +23907,40 @@
|
||||
"default.handlebars->container->column_l->p6->p6info->p2ServerActions->3->p2ServerActionsErrors->0"
|
||||
]
|
||||
},
|
||||
{
|
||||
"en": "Sign-in using GitHub",
|
||||
"xloc": [
|
||||
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-github",
|
||||
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-github"
|
||||
]
|
||||
},
|
||||
{
|
||||
"en": "Sign-in using Google",
|
||||
"xloc": [
|
||||
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-google",
|
||||
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-google"
|
||||
]
|
||||
},
|
||||
{
|
||||
"en": "Sign-in using Intel",
|
||||
"xloc": [
|
||||
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-intel"
|
||||
]
|
||||
},
|
||||
{
|
||||
"en": "Sign-in using Reddit",
|
||||
"xloc": [
|
||||
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-reddit",
|
||||
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-reddit"
|
||||
]
|
||||
},
|
||||
{
|
||||
"en": "Sign-in using Twitter",
|
||||
"xloc": [
|
||||
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-twitter",
|
||||
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-twitter"
|
||||
]
|
||||
},
|
||||
{
|
||||
"cs": "Jednoduchý režim řízený správcem (ACM)",
|
||||
"de": "Einfacher Admin Control Mode (ACM)",
|
||||
@ -27958,7 +27999,7 @@
|
||||
"ru": "Подтвердить email",
|
||||
"zh-chs": "驗證郵件",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->3->verifyEmailId->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->3->verifyEmailId->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->verifyEmailId->0"
|
||||
]
|
||||
},
|
||||
@ -30992,10 +31033,10 @@
|
||||
"ru": "✓",
|
||||
"ko": "✓",
|
||||
"xloc": [
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageAuthApp->authAppSetupCheck->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageEmail2FA->authEmailSetupCheck->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageOtp->authCodesSetupCheck->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->managePhoneNumber1->authPhoneNumberCheck->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageAuthApp->authAppSetupCheck->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageEmail2FA->authEmailSetupCheck->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageOtp->authCodesSetupCheck->0",
|
||||
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->managePhoneNumber1->authPhoneNumberCheck->0",
|
||||
"default.handlebars->container->column_l->p13->p13filetable->p13bigok->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageAuthApp->0->authAppSetupCheck->0",
|
||||
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageEmail2FA->0->authEmailSetupCheck->0",
|
||||
|
@ -295,12 +295,14 @@
|
||||
<div id=p3info style="overflow-y:scroll;position:absolute;top:55px;bottom:0px;width:100%">
|
||||
<div style="margin-left:8px">
|
||||
<div id="p3AccountActions">
|
||||
<div id="p2AccountSecurity" style="display:none">
|
||||
<p><strong>Account Security</strong></p>
|
||||
<div style="margin-left:9px;margin-bottom:8px">
|
||||
<div id="managePhoneNumber1" style="margin-top:5px;display:none"><a onclick="account_managePhone()" style="cursor:pointer">Manage phone number</a> <span id="authPhoneNumberCheck"><strong>✓</strong></span></div>
|
||||
<div id="manageEmail2FA" style="margin-top:5px;display:none"><a onclick="account_manageAuthEmail()" style="cursor:pointer">Manage email authentication</a> <span id="authEmailSetupCheck"><strong>✓</strong></span></div>
|
||||
<div id="manageAuthApp" style="margin-top:5px;display:none"><a onclick="account_manageAuthApp()" style="cursor:pointer">Manage authenticator app</a> <span id="authAppSetupCheck"><strong>✓</strong></span></div>
|
||||
<div id="manageOtp" style="margin-top:5px;display:none"><a onclick="account_manageOtp(0)" style="cursor:pointer">Manage backup codes</a> <span id="authCodesSetupCheck"><strong>✓</strong></span></div>
|
||||
<div style="margin-left:9px;margin-bottom:8px">
|
||||
<div id="managePhoneNumber1" style="margin-top:5px;display:none"><a onclick="account_managePhone()" style="cursor:pointer">Manage phone number</a> <span id="authPhoneNumberCheck"><strong>✓</strong></span></div>
|
||||
<div id="manageEmail2FA" style="margin-top:5px;display:none"><a onclick="account_manageAuthEmail()" style="cursor:pointer">Manage email authentication</a> <span id="authEmailSetupCheck"><strong>✓</strong></span></div>
|
||||
<div id="manageAuthApp" style="margin-top:5px;display:none"><a onclick="account_manageAuthApp()" style="cursor:pointer">Manage authenticator app</a> <span id="authAppSetupCheck"><strong>✓</strong></span></div>
|
||||
<div id="manageOtp" style="margin-top:5px;display:none"><a onclick="account_manageOtp(0)" style="cursor:pointer">Manage backup codes</a> <span id="authCodesSetupCheck"><strong>✓</strong></span></div>
|
||||
</div>
|
||||
</div>
|
||||
<p><strong>Account Actions</strong></p>
|
||||
<div style="margin-left:9px;margin-bottom:8px">
|
||||
@ -791,6 +793,7 @@
|
||||
if (serverinfo.timeout) { setInterval(checkIdleSessionTimeout, 10000); checkIdleSessionTimeout(); }
|
||||
QV('p3AccountActions', ((features & 4) == 0) && (serverinfo.domainauth == false)); // Hide Account Actions if in single user mode or domain authentication
|
||||
QV('logoutMenuOption', ((features & 4) == 0) && (serverinfo.domainauth == false)); // Hide logout if in single user mode or domain authentication
|
||||
QV('p2AccountSecurity', ((features & 4) == 0) && (serverinfo.domainauth == false) && ((features & 4096) != 0)); // Hide Account Security if in single user mode or domain authentication, 2 factor auth not supported.
|
||||
break;
|
||||
}
|
||||
case 'authcookie': {
|
||||
|
@ -72,6 +72,15 @@
|
||||
Don't have an account? <a onclick=xgo(2) style=cursor:pointer>Create one</a>.
|
||||
</div>
|
||||
<input id=loginformargs name="urlargs" type="hidden" value="" />
|
||||
<div id="authStrategies" style="display:none">
|
||||
<hr />
|
||||
<div style="margin-bottom:8px">Log in using an existing account</div>
|
||||
<a id="auth-twitter" href="auth-twitter" style="display:none"><img src="images/login/twitter32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Twitter" /></a>
|
||||
<a id="auth-google" href="auth-google" style="display:none"><img src="images/login/google32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Google" /></a>
|
||||
<a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
|
||||
<a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
|
||||
<a id="auth-intel" href="auth-intel" style="display:none"><img src="images/login/intel32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Intel" /></a>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
<div id=createpanel style="display:none">
|
||||
@ -303,6 +312,7 @@
|
||||
var otpemail = ('{{{otpemail}}}' === 'true');
|
||||
var otpsms = ('{{{otpsms}}}' === 'true');
|
||||
var twoFactorCookieDays = parseInt('{{{twoFactorCookieDays}}}');
|
||||
var authStrategies = '{{{authStrategies}}}'.split(',');
|
||||
|
||||
// Display the right server message
|
||||
var messageid = parseInt('{{{messageid}}}');
|
||||
@ -354,6 +364,16 @@
|
||||
QV('createPanelHint', passRequirements.hint === true);
|
||||
QV('resetpasswordpanelHint', passRequirements.hint === true);
|
||||
|
||||
// Setup authentication strategies
|
||||
if (authStrategies != '') {
|
||||
QV('authStrategies', true);
|
||||
if (authStrategies.indexOf('twitter') >= 0) { QV('auth-twitter', true); }
|
||||
if (authStrategies.indexOf('google') >= 0) { QV('auth-google', true); }
|
||||
if (authStrategies.indexOf('github') >= 0) { QV('auth-github', true); }
|
||||
if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
|
||||
if (authStrategies.indexOf('intel') >= 0) { QV('auth-intel', true); }
|
||||
}
|
||||
|
||||
window.onresize = center;
|
||||
center();
|
||||
validateLogin();
|
||||
|
@ -76,6 +76,7 @@
|
||||
<a id="auth-twitter" href="auth-twitter" style="display:none"><img src="images/login/twitter32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Twitter" /></a>
|
||||
<a id="auth-google" href="auth-google" style="display:none"><img src="images/login/google32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Google" /></a>
|
||||
<a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
|
||||
<a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
@ -382,6 +383,7 @@
|
||||
if (authStrategies.indexOf('twitter') >= 0) { QV('auth-twitter', true); }
|
||||
if (authStrategies.indexOf('google') >= 0) { QV('auth-google', true); }
|
||||
if (authStrategies.indexOf('github') >= 0) { QV('auth-github', true); }
|
||||
if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
|
||||
}
|
||||
|
||||
// Display the welcome text
|
||||
|
117
webserver.js
117
webserver.js
@ -1678,6 +1678,44 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
});
|
||||
}
|
||||
|
||||
// Called when a strategy login occured
|
||||
// This is called after a succesful Oauth to Twitter, Google, GitHub...
|
||||
function handleStrategyLogin(req, res) {
|
||||
const domain = checkUserIpAddress(req, res);
|
||||
if (domain == null) { return; }
|
||||
parent.debug('web', 'handleStrategyLogin: ' + JSON.stringify(req.user));
|
||||
if ((req.user != null) && (req.user.id != null) && (domain.id == req.user.id.split('/')[1])) {
|
||||
const userid = req.user.id;
|
||||
var user = obj.users[userid];
|
||||
if (user == null) {
|
||||
// Create the user
|
||||
parent.debug('web', 'handleStrategyLogin: creating new user: ' + userid);
|
||||
user = { type: 'user', _id: userid, name: req.user.name, email: req.user.email, domain: domain.id };
|
||||
if (req.user.email != null) { user.email = req.user.email; user.emailVerified = true; }
|
||||
obj.users[userid] = user;
|
||||
obj.db.SetUser(user);
|
||||
// TODO: Event user creation
|
||||
req.session.userid = req.user.id;
|
||||
req.session.domainid = domain.id;
|
||||
} else {
|
||||
// Login success
|
||||
var userChange = false;
|
||||
if ((req.user.name != null) && (req.user.name != user.name)) { user.name = req.user.name; userChange = true; }
|
||||
if ((req.user.email != null) && (req.user.email != user.email)) { user.email = req.user.email; user.emailVerified = true; userChange = true; }
|
||||
if (userChange) {
|
||||
obj.db.SetUser(user);
|
||||
// TODO: Event user change
|
||||
}
|
||||
parent.debug('web', 'handleStrategyLogin: succesful login: ' + userid);
|
||||
req.session.userid = req.user.id;
|
||||
req.session.domainid = domain.id;
|
||||
}
|
||||
}
|
||||
//res.redirect(domain.url); // This does not handle cookie correctly.
|
||||
res.set('Content-Type', 'text/html');
|
||||
res.end('<html><head><meta http-equiv="refresh" content=0;url="' + domain.url + '"></head><body></body></html>');
|
||||
}
|
||||
|
||||
// Indicates that any request to "/" should render "default" or "login" depending on login state
|
||||
function handleRootRequest(req, res, direct) {
|
||||
const domain = checkUserIpAddress(req, res);
|
||||
@ -1865,7 +1903,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if (obj.args.allowhighqualitydesktop !== false) { features += 0x00000200; } // Enable AllowHighQualityDesktop (Default true)
|
||||
if (obj.args.lanonly == true || obj.args.mpsport == 0) { features += 0x00000400; } // No CIRA
|
||||
if ((obj.parent.serverSelfWriteAllowed == true) && (user != null) && (user.siteadmin == 0xFFFFFFFF)) { features += 0x00000800; } // Server can self-write (Allows self-update)
|
||||
if ((parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (obj.parent.certificates.CommonName.indexOf('.') != -1) && (obj.args.nousers !== true)) { features += 0x00001000; } // 2-step login supported
|
||||
if ((parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (obj.parent.certificates.CommonName.indexOf('.') != -1) && (obj.args.nousers !== true) && (user._id.split('/')[2][0] != '~')) { features += 0x00001000; } // 2FA login supported
|
||||
if (domain.agentnoproxy === true) { features += 0x00002000; } // Indicates that agents should be installed without using a HTTP proxy
|
||||
if ((parent.config.settings.no2factorauth !== true) && domain.yubikey && domain.yubikey.id && domain.yubikey.secret) { features += 0x00004000; } // Indicates Yubikey support
|
||||
if (domain.geolocation == true) { features += 0x00008000; } // Enable geo-location features
|
||||
@ -1997,6 +2035,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.apikey == 'string') && (typeof domain.authstrategies.twitter.apisecret == 'string')) { authStrategies.push('twitter'); }
|
||||
if ((typeof domain.authstrategies.google == 'object') && (typeof domain.authstrategies.google.clientid == 'string') && (typeof domain.authstrategies.google.clientsecret == 'string')) { authStrategies.push('google'); }
|
||||
if ((typeof domain.authstrategies.github == 'object') && (typeof domain.authstrategies.github.clientid == 'string') && (typeof domain.authstrategies.github.clientsecret == 'string')) { authStrategies.push('github'); }
|
||||
if ((typeof domain.authstrategies.reddit == 'object') && (typeof domain.authstrategies.reddit.clientid == 'string') && (typeof domain.authstrategies.reddit.clientsecret == 'string')) { authStrategies.push('reddit'); }
|
||||
if ((typeof domain.authstrategies.intel == 'object') && (typeof domain.authstrategies.intel.clientid == 'string') && (typeof domain.authstrategies.intel.clientsecret == 'string')) { authStrategies.push('intel'); }
|
||||
}
|
||||
|
||||
// Render the login page
|
||||
@ -3997,19 +4037,17 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
obj.app.get(url + 'pluginHandler.js', obj.handlePluginJS);
|
||||
}
|
||||
|
||||
// Setup passport if needed
|
||||
// Setup auth strategies using passport if needed
|
||||
if (typeof domain.authstrategies == 'object') {
|
||||
const passport = domain.passport = require('passport');
|
||||
passport.serializeUser(function (user, done) { done(null, user.id); });
|
||||
passport.deserializeUser(function (id, done) { done(null, { id: id }); });
|
||||
obj.app.use(passport.initialize());
|
||||
|
||||
// Twitter
|
||||
if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.apikey == 'string') && (typeof domain.authstrategies.twitter.apisecret == 'string')) {
|
||||
const TwitterStrategy = require('passport-twitter');
|
||||
passport.use(new TwitterStrategy({
|
||||
consumerKey: domain.authstrategies.twitter.apikey,
|
||||
consumerSecret: domain.authstrategies.twitter.apisecret,
|
||||
callbackURL: url + 'auth-twitter-callback'
|
||||
},
|
||||
passport.use(new TwitterStrategy({ consumerKey: domain.authstrategies.twitter.apikey, consumerSecret: domain.authstrategies.twitter.apisecret, callbackURL: url + 'auth-twitter-callback' },
|
||||
function (token, tokenSecret, profile, cb) {
|
||||
var user = { id: 'user/' + domain.id + '/~twitter:' + profile.id, name: profile.displayName };
|
||||
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
|
||||
@ -4017,21 +4055,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
));
|
||||
obj.app.get(url + 'auth-twitter', domain.passport.authenticate('twitter'));
|
||||
obj.app.get(url + 'auth-twitter-callback',
|
||||
domain.passport.authenticate('twitter', { failureRedirect: '/' }),
|
||||
function (req, res) {
|
||||
// Successful authentication, redirect home.
|
||||
console.log('Twitter', req.session, req.user);
|
||||
res.redirect('/');
|
||||
});
|
||||
obj.app.get(url + 'auth-twitter-callback', domain.passport.authenticate('twitter', { failureRedirect: '/' }), handleStrategyLogin);
|
||||
}
|
||||
|
||||
// Google
|
||||
if ((typeof domain.authstrategies.google == 'object') && (typeof domain.authstrategies.google.clientid == 'string') && (typeof domain.authstrategies.google.clientsecret == 'string')) {
|
||||
const GoogleStrategy = require('passport-google-oauth20');
|
||||
passport.use(new GoogleStrategy({
|
||||
clientID: domain.authstrategies.google.clientid,
|
||||
clientSecret: domain.authstrategies.google.clientsecret,
|
||||
callbackURL: url + 'auth-google-callback'
|
||||
},
|
||||
passport.use(new GoogleStrategy({ clientID: domain.authstrategies.google.clientid, clientSecret: domain.authstrategies.google.clientsecret, callbackURL: url + 'auth-google-callback' },
|
||||
function (token, tokenSecret, profile, cb) {
|
||||
var user = { id: 'user/' + domain.id + '/~google:' + profile.id, name: profile.displayName };
|
||||
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string') && (profile.emails[0].verified == true)) { user.email = profile.emails[0].value; }
|
||||
@ -4039,21 +4069,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
));
|
||||
obj.app.get(url + 'auth-google', domain.passport.authenticate('google', { scope: ['profile', 'email'] }));
|
||||
obj.app.get(url + 'auth-google-callback',
|
||||
domain.passport.authenticate('google', { failureRedirect: '/' }),
|
||||
function (req, res) {
|
||||
// Successful authentication, redirect home.
|
||||
console.log('Google', req.session, req.user);
|
||||
res.redirect('/');
|
||||
});
|
||||
obj.app.get(url + 'auth-google-callback', domain.passport.authenticate('google', { failureRedirect: '/' }), handleStrategyLogin);
|
||||
}
|
||||
|
||||
// Github
|
||||
if ((typeof domain.authstrategies.github == 'object') && (typeof domain.authstrategies.github.clientid == 'string') && (typeof domain.authstrategies.github.clientsecret == 'string')) {
|
||||
const GitHubStrategy = require('passport-github2');
|
||||
passport.use(new GitHubStrategy({
|
||||
clientID: domain.authstrategies.github.clientid,
|
||||
clientSecret: domain.authstrategies.github.clientsecret,
|
||||
callbackURL: url + 'auth-github-callback'
|
||||
},
|
||||
passport.use(new GitHubStrategy({ clientID: domain.authstrategies.github.clientid, clientSecret: domain.authstrategies.github.clientsecret, callbackURL: url + 'auth-github-callback' },
|
||||
function (token, tokenSecret, profile, cb) {
|
||||
var user = { id: 'user/' + domain.id + '/~github:' + profile.id, name: profile.displayName };
|
||||
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
|
||||
@ -4061,13 +4083,32 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
}
|
||||
));
|
||||
obj.app.get(url + 'auth-github', domain.passport.authenticate('github', { scope: ['user:email'] }));
|
||||
obj.app.get(url + 'auth-github-callback',
|
||||
domain.passport.authenticate('github', { failureRedirect: '/' }),
|
||||
function (req, res) {
|
||||
// Successful authentication, redirect home.
|
||||
console.log('GitHub', req.session, req.user);
|
||||
res.redirect('/');
|
||||
});
|
||||
obj.app.get(url + 'auth-github-callback', domain.passport.authenticate('github', { failureRedirect: '/' }), handleStrategyLogin);
|
||||
}
|
||||
|
||||
// Reddit
|
||||
if ((typeof domain.authstrategies.reddit == 'object') && (typeof domain.authstrategies.reddit.clientid == 'string') && (typeof domain.authstrategies.reddit.clientsecret == 'string')) {
|
||||
const RedditStrategy = require('passport-reddit');
|
||||
passport.use(new RedditStrategy.Strategy({ clientID: domain.authstrategies.reddit.clientid, clientSecret: domain.authstrategies.reddit.clientsecret, callbackURL: url + 'auth-reddit-callback' },
|
||||
function (token, tokenSecret, profile, cb) {
|
||||
var user = { id: 'user/' + domain.id + '/~reddit:' + profile.id, name: profile.name };
|
||||
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
|
||||
return cb(null, user);
|
||||
}
|
||||
));
|
||||
obj.app.get(url + 'auth-reddit', function(req, res, next) {
|
||||
domain.passport.authenticate('reddit', { state: 'rcookie', duration: 'permanent' })(req, res, next); // TODO: Replace 'rcookie' with a time-limited cookie
|
||||
});
|
||||
obj.app.get(url + 'auth-reddit-callback',
|
||||
function(req, res, next) {
|
||||
if (req.query.state == 'rcookie') {
|
||||
delete req.session.rstate;
|
||||
domain.passport.authenticate('reddit', { failureRedirect: '/' })(req, res, next);
|
||||
} else {
|
||||
delete req.session.rstate;
|
||||
next(new Error(403));
|
||||
}
|
||||
}, handleStrategyLogin);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user