From 725f9923e7d3328a8435443b1a9ede0cad13fbeb Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 25 Nov 2021 10:09:11 -0800 Subject: [PATCH] Fix for login token with SSO, #3293 --- package.json | 17 +++++++++++++++-- webserver.js | 14 ++++++++------ 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 906b2dc7..473b83fc 100644 --- a/package.json +++ b/package.json @@ -36,6 +36,8 @@ "sample-config-advanced.json" ], "dependencies": { + "@yetzt/nedb": "^1.8.0", + "archiver": "^4.0.2", "body-parser": "^1.19.0", "cbor": "~5.2.0", "compression": "^1.7.4", @@ -43,13 +45,24 @@ "express": "^4.17.0", "express-handlebars": "^3.1.0", "express-ws": "^4.0.0", + "image-size": "^1.0.0", "ipcheck": "^0.1.0", + "ldapauth-fork": "^5.0.1", + "loadavg-windows": "^1.1.1", "minimist": "^1.2.5", "multiparty": "^4.2.1", - "@yetzt/nedb": "^1.8.0", "node-forge": "^0.10.0", + "node-rdpjs-2": "^0.3.5", + "node-windows": "^0.1.4", + "nodemailer": "^6.7.1", + "otplib": "^10.2.3", + "pg": "^8.7.1", + "pgtools": "^0.3.2", + "ssh2": "^1.5.0", + "web-push": "^3.4.5", "ws": "^5.2.3", - "yauzl": "^2.10.0" + "yauzl": "^2.10.0", + "yubikeyotp": "^0.2.0" }, "engines": { "node": ">=10.0.0" diff --git a/webserver.js b/webserver.js index b79c8b36..4f9a46f3 100644 --- a/webserver.js +++ b/webserver.js @@ -6407,7 +6407,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } else { // We are authenticated with 2nd factor. // Check email verification - if (emailcheck && (user.email != null) && (user.emailVerified !== true)) { + if (emailcheck && (user.email != null) && (!(user._id.split('/')[2].startsWith('~'))) && (user.emailVerified !== true)) { parent.debug('web', 'Invalid login, asking for email validation'); try { ws.send(JSON.stringify({ action: 'close', cause: 'emailvalidation', msg: 'emailvalidationrequired', email2fa: email2fa, sms2fa: sms2fa, email2fasent: true })); ws.close(); } catch (e) { } } else { @@ -6421,7 +6421,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } } else { // Check email verification - if (emailcheck && (user.email != null) && (user.emailVerified !== true)) { + if (emailcheck && (user.email != null) && (!(user._id.split('/')[2].startsWith('~'))) && (user.emailVerified !== true)) { parent.debug('web', 'Invalid login, asking for email validation'); var email2fa = (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.email2factor != false)) && (domain.mailserver != null) && (user.otpekey != null)); var sms2fa = (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.sms2factor != false)) && (parent.smsserver != null) && (user.phone != null)); @@ -6554,7 +6554,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } else { // We are authenticated with 2nd factor. // Check email verification - if (emailcheck && (user.email != null) && (user.emailVerified !== true)) { + if (emailcheck && (user.email != null) && (!(user._id.split('/')[2].startsWith('~'))) && (user.emailVerified !== true)) { parent.debug('web', 'Invalid login, asking for email validation'); try { ws.send(JSON.stringify({ action: 'close', cause: 'emailvalidation', msg: 'emailvalidationrequired', email2fa: email2fa, sms2fa: sms2fa, email2fasent: true })); ws.close(); } catch (e) { } } else { @@ -6565,7 +6565,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } } else { // Check email verification - if (emailcheck && (user.email != null) && (user.emailVerified !== true)) { + if (emailcheck && (user.email != null) && (!(user._id.split('/')[2].startsWith('~'))) && (user.emailVerified !== true)) { parent.debug('web', 'Invalid login, asking for email validation'); var email2fa = (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.email2factor != false)) && (domain.mailserver != null) && (user.otpekey != null)); var sms2fa = (((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.sms2factor != false)) && (parent.smsserver != null) && (user.phone != null)); @@ -6668,7 +6668,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } else { // We are authenticated with 2nd factor. // Check email verification - if (emailcheck && (user.email != null) && (user.emailVerified !== true)) { + if (emailcheck && (user.email != null) && (!(user._id.split('/')[2].startsWith('~'))) && (user.emailVerified !== true)) { + parent.debug('web', 'Invalid login, asking for email validation'); try { ws.send(JSON.stringify({ action: 'close', cause: 'emailvalidation', msg: 'emailvalidationrequired', email2fa: email2fa, email2fasent: true, twoFactorCookieDays: twoFactorCookieDays })); ws.close(); } catch (e) { } } else { func(ws, req, domain, user); @@ -6679,7 +6680,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { } else { // We are authenticated // Check email verification - if (emailcheck && (user.email != null) && (user.emailVerified !== true)) { + if (emailcheck && (user.email != null) && (!(user._id.split('/')[2].startsWith('~'))) && (user.emailVerified !== true)) { + parent.debug('web', 'Invalid login, asking for email validation'); try { ws.send(JSON.stringify({ action: 'close', cause: 'emailvalidation', msg: 'emailvalidationrequired', email2fa: email2fa, email2fasent: true })); ws.close(); } catch (e) { } } else { func(ws, req, domain, user);