mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-04 03:56:10 +03:00
More work on login tokens.
This commit is contained in:
parent
0f73af9534
commit
4231f4071b
@ -10444,7 +10444,6 @@
|
|||||||
QV('p2noMeshFound', count == 0);
|
QV('p2noMeshFound', count == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function updateLoginTokens() {
|
function updateLoginTokens() {
|
||||||
var x = '', count = 1;
|
var x = '', count = 1;
|
||||||
if ((loginTokens != null) && (loginTokens.length > 0)) {
|
if ((loginTokens != null) && (loginTokens.length > 0)) {
|
||||||
|
25
webserver.js
25
webserver.js
@ -570,6 +570,31 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
} else if (name.startsWith('~t:')) {
|
||||||
|
// Login token, try to fetch the token from the database
|
||||||
|
obj.db.Get('logintoken-' + name, function (err, docs) {
|
||||||
|
if (err != null) { fn(err); return; }
|
||||||
|
if ((docs == null) || (docs.length != 1)) { fn(new Error('login token not found')); return; }
|
||||||
|
const loginToken = docs[0];
|
||||||
|
if ((loginToken.expire != 0) && (loginToken.expire < Date.now())) { fn(new Error('login token expired')); return; }
|
||||||
|
|
||||||
|
// Default strong password hashing (pbkdf2 SHA384)
|
||||||
|
require('./pass').hash(pass, loginToken.salt, function (err, hash, tag) {
|
||||||
|
if (err) return fn(err);
|
||||||
|
if (hash == loginToken.hash) {
|
||||||
|
// Login username and password are valid.
|
||||||
|
var user = obj.users[loginToken.userid];
|
||||||
|
if (!user) { fn(new Error('cannot find user')); return; }
|
||||||
|
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
|
||||||
|
|
||||||
|
// Succesful login token authentication
|
||||||
|
var loginOptions = { logintoken: 1 };
|
||||||
|
if (loginToken.expire != 0) { loginOptions.expire = loginToken.expire; }
|
||||||
|
return fn(null, user._id, loginOptions);
|
||||||
|
}
|
||||||
|
fn(new Error('invalid password'));
|
||||||
|
}, 0);
|
||||||
|
});
|
||||||
} else {
|
} else {
|
||||||
// Regular login
|
// Regular login
|
||||||
var user = obj.users['user/' + domain.id + '/' + name.toLowerCase()];
|
var user = obj.users['user/' + domain.id + '/' + name.toLowerCase()];
|
||||||
|
Loading…
Reference in New Issue
Block a user