mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-29 17:04:20 +03:00
Improved login screen, Mesh server directory handling
This commit is contained in:
parent
8e835fcbb2
commit
789e48a5c1
33
meshuser.js
33
meshuser.js
@ -398,8 +398,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
var sendUpdate = true, path = meshPathToRealPath(command.path, user); // This will also check access rights
|
||||
if (path == null) break;
|
||||
|
||||
if ((command.fileop == 'createfolder') && (obj.common.IsFilenameValid(command.newfolder) == true)) { try { obj.fs.mkdirSync(path + "/" + command.newfolder); } catch (e) { } } // Create a new folder
|
||||
else if (command.fileop == 'delete') { // Delete
|
||||
if ((command.fileop == 'createfolder') && (obj.common.IsFilenameValid(command.newfolder) == true)) {
|
||||
// Create a new folder
|
||||
try { obj.fs.mkdirSync(path + "/" + command.newfolder); } catch (e) {
|
||||
try { obj.fs.mkdirSync(path); } catch (e) { }
|
||||
try { obj.fs.mkdirSync(path + "/" + command.newfolder); } catch (e) { }
|
||||
}
|
||||
}
|
||||
else if (command.fileop == 'delete') {
|
||||
// Delete a file
|
||||
if (obj.common.validateArray(command.delfiles, 1) == false) return;
|
||||
for (i in command.delfiles) {
|
||||
if (obj.common.IsFilenameValid(command.delfiles[i]) == true) {
|
||||
@ -412,16 +419,20 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
}
|
||||
|
||||
// If the entire mesh folder is empty, remove it.
|
||||
// TODO: Should only check this when we deleted something in the mesh root folder.
|
||||
try {
|
||||
if (command.path[0].startsWith('mesh//')) {
|
||||
path = meshPathToRealPath([command.path[0]], user);
|
||||
obj.fs.readdir(path, function (err, dir) { if ((err == null) && (dir.length == 0)) { obj.fs.rmdir(path, function (err) { }); } });
|
||||
}
|
||||
} catch (ex) { }
|
||||
// If we deleted something in the mesh root folder and the entire mesh folder is empty, remove it.
|
||||
if (command.path.length == 1) {
|
||||
try {
|
||||
if (command.path[0].startsWith('mesh//')) {
|
||||
path = meshPathToRealPath([command.path[0]], user);
|
||||
obj.fs.readdir(path, function (err, dir) { if ((err == null) && (dir.length == 0)) { obj.fs.rmdir(path, function (err) { }); } });
|
||||
}
|
||||
} catch (ex) { }
|
||||
}
|
||||
}
|
||||
else if ((command.fileop == 'rename') && (obj.common.IsFilenameValid(command.oldname) == true) && (obj.common.IsFilenameValid(command.newname) == true)) {
|
||||
// Rename
|
||||
try { obj.fs.renameSync(path + "/" + command.oldname, path + "/" + command.newname); } catch (e) { }
|
||||
}
|
||||
else if ((command.fileop == 'rename') && (obj.common.IsFilenameValid(command.oldname) == true) && (obj.common.IsFilenameValid(command.newname) == true)) { try { obj.fs.renameSync(path + "/" + command.oldname, path + "/" + command.newname); } catch (e) { } } // Rename
|
||||
else if ((command.fileop == 'copy') || (command.fileop == 'move')) {
|
||||
if (obj.common.validateArray(command.names, 1) == false) return;
|
||||
var scpath = meshPathToRealPath(command.scpath, user); // This will also check access rights
|
||||
|
File diff suppressed because one or more lines are too long
@ -2624,7 +2624,7 @@
|
||||
|
||||
function groupActionFunction() {
|
||||
var x = "Select an operation to perform on all selected devices. Actions will be performed only with proper rights.<br /><br />";
|
||||
x += addHtmlValue('Operation', '<select id=d2groupop style=float:right;width:250px><option value=100>Wake-up devices</option><option value=4>Sleep devices</option><option value=3>Reset devices</option><option value=2>Power off devices</option><option value=102>Move group</option><option value=101>Delete devices</option></select>');
|
||||
x += addHtmlValue('Operation', '<select id=d2groupop style=float:right;width:250px><option value=100>Wake-up devices</option><option value=4>Sleep devices</option><option value=3>Reset devices</option><option value=2>Power off devices</option><option value=102>Move to device group</option><option value=101>Delete devices</option></select>');
|
||||
setDialogMode(2, "Group Action", 3, groupActionFunctionEx, x);
|
||||
}
|
||||
|
||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -73,7 +73,7 @@
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
<div id=createpanel style="display:none">
|
||||
<div id=createpanel style="position:relative;display:none">
|
||||
<div style="background-color: #979797;border-radius:16px;width:260px;padding:16px;text-align:center;clear:both">
|
||||
<form action=createaccount method=post>
|
||||
<div id=message2>
|
||||
@ -82,6 +82,7 @@
|
||||
<div>
|
||||
<b>Account Creation</b>
|
||||
</div>
|
||||
<div id="passwordPolicyCallout" style="left:-5px;top:10px;width:100px;position:absolute;background-color:#FFC;border-radius:5px;padding:5px;box-shadow:0px 0px 15px #666;font-size:10px"></div>
|
||||
<table>
|
||||
<tr>
|
||||
<td align=right width=100>Username:</td>
|
||||
@ -173,7 +174,7 @@
|
||||
<tr>
|
||||
<td align=right width=100>Login token:</td>
|
||||
<td>
|
||||
<input id=resetTokenInput type=text name=token maxlength=50 onchange=resetCheckToken(event) onkeyup=resetCheckToken(event) onkeydown=resetCheckToken(event) />
|
||||
<input id=resetTokenInput type=text name=token maxlength=50 onchange=resetCheckToken(event) onpaste=resetCheckToken(event) onkeyup=resetCheckToken(event) onkeydown=resetCheckToken(event) />
|
||||
<input id=resetHwtokenInput type=text name=hwtoken style="display:none" />
|
||||
</td>
|
||||
</tr>
|
||||
@ -318,6 +319,7 @@
|
||||
if ((newAccountPass == 1) && (Q('anewaccountpass').value.length == 0)) { ok = false; }
|
||||
if (Q('apassword1').value == '') {
|
||||
QH('passWarning', '');
|
||||
QV('passwordPolicyCallout', false);
|
||||
} else {
|
||||
if (passRequirements == null || passRequirements == '') {
|
||||
// No password requirements, display password strength
|
||||
@ -333,8 +335,11 @@
|
||||
//QS('nuPass1').color = '#7b241c';
|
||||
//QS('nuPass2').color = '#7b241c';
|
||||
QH('passWarning', '<span style=color:red><b>Password Policy</b><span>'); // TODO: Display problem hint
|
||||
QV('passwordPolicyCallout', true);
|
||||
QH('passwordPolicyCallout', passwordPolicyText(Q('apassword1').value));
|
||||
} else {
|
||||
QH('passWarning', '');
|
||||
QV('passwordPolicyCallout', false);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -360,6 +365,19 @@
|
||||
if (e != null) { haltEvent(e); }
|
||||
}
|
||||
|
||||
function passwordPolicyText(pass) {
|
||||
var policy = '<div style=text-align:left>';
|
||||
var counts = strCount(pass);
|
||||
if (passRequirements.min && ((pass == null) || (pass.length < passRequirements.min))) { policy += 'Minimum length of ' + passRequirements.min + '<br />'; }
|
||||
if (passRequirements.max && ((pass == null) || (pass.length > passRequirements.max))) { policy += 'Maximum length of ' + passRequirements.max + '<br />'; }
|
||||
if (passRequirements.upper && ((pass == null) || (counts.upper < passRequirements.upper))) { policy += '' + passRequirements.upper + ' upper case<br />'; }
|
||||
if (passRequirements.lower && ((pass == null) || (counts.lower < passRequirements.lower))) { policy += '' + passRequirements.lower + ' lower case<br />'; }
|
||||
if (passRequirements.numeric && ((pass == null) || (counts.numeric < passRequirements.numeric))) { policy += '' + passRequirements.numeric + ' numeric<br />'; }
|
||||
if (passRequirements.nonalpha && ((pass == null) || (counts.nonalpha < passRequirements.nonalpha))) { policy += passRequirements.nonalpha + ' non-alphanumeric<br />'; }
|
||||
policy += '</div>';
|
||||
return policy;
|
||||
}
|
||||
|
||||
// Return a password strength score
|
||||
function checkPasswordStrength(password) {
|
||||
var r = 0, letters = {}, varCount = 0, variations = { digits: /\d/.test(password), lower: /[a-z]/.test(password), upper: /[A-Z]/.test(password), nonWords: /\W/.test(password) }
|
||||
@ -374,20 +392,26 @@
|
||||
if ((requirements == null) || (requirements == '') || (typeof requirements != 'object')) return true;
|
||||
if (requirements.min) { if (password.length < requirements.min) return false; }
|
||||
if (requirements.max) { if (password.length > requirements.max) return false; }
|
||||
var num = 0, lower = 0, upper = 0, nonalpha = 0;
|
||||
for (var i = 0; i < password.length; i++) {
|
||||
if (/\d/.test(password[i])) { num++; }
|
||||
if (/[a-z]/.test(password[i])) { lower++; }
|
||||
if (/[A-Z]/.test(password[i])) { upper++; }
|
||||
if (/\W/.test(password[i])) { nonalpha++; }
|
||||
}
|
||||
if (requirements.num && (num < requirements.num)) return false;
|
||||
if (requirements.lower && (lower < requirements.lower)) return false;
|
||||
if (requirements.upper && (upper < requirements.upper)) return false;
|
||||
if (requirements.nonalpha && (nonalpha < requirements.nonalpha)) return false;
|
||||
var counts = strCount(password);
|
||||
if (requirements.numeric && (counts.numeric < requirements.numeric)) return false;
|
||||
if (requirements.lower && (counts.lower < requirements.lower)) return false;
|
||||
if (requirements.upper && (counts.upper < requirements.upper)) return false;
|
||||
if (requirements.nonalpha && (counts.nonalpha < requirements.nonalpha)) return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
function strCount(password) {
|
||||
var counts = { numeric: 0, lower: 0, upper: 0, nonalpha: 0 };
|
||||
if (typeof password != 'string') return counts;
|
||||
for (var i = 0; i < password.length; i++) {
|
||||
if (/\d/.test(password[i])) { counts.numeric++; }
|
||||
if (/[a-z]/.test(password[i])) { counts.lower++; }
|
||||
if (/[A-Z]/.test(password[i])) { counts.upper++; }
|
||||
if (/\W/.test(password[i])) { counts.nonalpha++; }
|
||||
}
|
||||
return counts;
|
||||
}
|
||||
|
||||
function checkToken() {
|
||||
var t1 = Q('tokenInput').value;
|
||||
var t2 = t1.split(' ').join('');
|
||||
|
@ -147,7 +147,7 @@
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
<div id=createpanel style="background-color: #979797;border-radius:16px;width:300px;padding:16px;text-align:center;display:none">
|
||||
<div id=createpanel style="position:relative;background-color:#979797;border-radius:16px;width:300px;padding:16px;text-align:center;display:none">
|
||||
<form action=createaccount method=post>
|
||||
<div id=message2>
|
||||
{{{message}}}
|
||||
@ -155,6 +155,7 @@
|
||||
<div>
|
||||
<b>Account Creation</b>
|
||||
</div>
|
||||
<div id="passwordPolicyCallout" style="left:-10px;width:100px;display:none;position:absolute;background-color:#FFC;border-radius:5px;padding:5px;box-shadow:0px 0px 15px #666;font-size:10px"></div>
|
||||
<table>
|
||||
<tr>
|
||||
<td id="nuUser" align=right width=100>Username:</td>
|
||||
@ -222,7 +223,7 @@
|
||||
<tr>
|
||||
<td align=right width=100>Login token:</td>
|
||||
<td>
|
||||
<input id=tokenInput type=text name=token maxlength=50 onchange=checkToken(event) onkeyup=checkToken(event) onkeydown=checkToken(event) />
|
||||
<input id=tokenInput type=text name=token maxlength=50 onchange=checkToken(event) onpaste=resetCheckToken(event) onkeyup=checkToken(event) onkeydown=checkToken(event) />
|
||||
<input id=hwtokenInput type=text name=hwtoken style="display:none" />
|
||||
</td>
|
||||
</tr>
|
||||
@ -415,6 +416,7 @@
|
||||
|
||||
if (Q('apassword1').value == '') {
|
||||
QH('passWarning', '');
|
||||
QV('passwordPolicyCallout', false);
|
||||
} else {
|
||||
if (passRequirements == null || passRequirements == '') {
|
||||
// No password requirements, display password strength
|
||||
@ -430,8 +432,11 @@
|
||||
QS('nuPass1').color = '#7b241c';
|
||||
QS('nuPass2').color = '#7b241c';
|
||||
QH('passWarning', '<div style=color:red;cursor:pointer onclick=showPasswordPolicy()><b>Password Policy</b><div>'); // This is also a link to the password policy
|
||||
QV('passwordPolicyCallout', true);
|
||||
QH('passwordPolicyCallout', passwordPolicyText(Q('apassword1').value));
|
||||
} else {
|
||||
QH('passWarning', '');
|
||||
QV('passwordPolicyCallout', false);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -447,16 +452,21 @@
|
||||
QE('createButton', ok);
|
||||
}
|
||||
|
||||
function showPasswordPolicy() {
|
||||
function passwordPolicyText(pass) {
|
||||
var policy = '<div style=text-align:left>';
|
||||
if (passRequirements.min) { policy += 'Minimum length: ' + passRequirements.min + '<br />'; }
|
||||
if (passRequirements.max) { policy += 'Maximum length: ' + passRequirements.max + '<br />'; }
|
||||
if (passRequirements.upper) { policy += 'Upper case: ' + passRequirements.upper + '<br />'; }
|
||||
if (passRequirements.lower) { policy += 'Lower case: ' + passRequirements.lower + '<br />'; }
|
||||
if (passRequirements.numeric) { policy += 'Numeric: ' + passRequirements.numeric + '<br />'; }
|
||||
if (passRequirements.nonalpha) { policy += 'Non-alphanumeric: ' + passRequirements.nonalpha + '<br />'; }
|
||||
var counts = strCount(pass);
|
||||
if (passRequirements.min && ((pass == null) || (pass.length < passRequirements.min))) { policy += 'Minimum length of ' + passRequirements.min + '<br />'; }
|
||||
if (passRequirements.max && ((pass == null) || (pass.length > passRequirements.max))) { policy += 'Maximum length of ' + passRequirements.max + '<br />'; }
|
||||
if (passRequirements.upper && ((pass == null) || (counts.upper < passRequirements.upper))) { policy += '' + passRequirements.upper + ' upper case<br />'; }
|
||||
if (passRequirements.lower && ((pass == null) || (counts.lower < passRequirements.lower))) { policy += '' + passRequirements.lower + ' lower case<br />'; }
|
||||
if (passRequirements.numeric && ((pass == null) || (counts.numeric < passRequirements.numeric))) { policy += '' + passRequirements.numeric + ' numeric<br />'; }
|
||||
if (passRequirements.nonalpha && ((pass == null) || (counts.nonalpha < passRequirements.nonalpha))) { policy += passRequirements.nonalpha + ' non-alphanumeric<br />'; }
|
||||
policy += '</div>';
|
||||
messagebox("Password Policy", policy);
|
||||
return policy;
|
||||
}
|
||||
|
||||
function showPasswordPolicy() {
|
||||
messagebox("Password Policy", passwordPolicyText());
|
||||
}
|
||||
|
||||
function validateReset(e) {
|
||||
@ -483,20 +493,26 @@
|
||||
if ((requirements == null) || (requirements == '') || (typeof requirements != 'object')) return true;
|
||||
if (requirements.min) { if (password.length < requirements.min) return false; }
|
||||
if (requirements.max) { if (password.length > requirements.max) return false; }
|
||||
var num = 0, lower = 0, upper = 0, nonalpha = 0;
|
||||
for (var i = 0; i < password.length; i++) {
|
||||
if (/\d/.test(password[i])) { num++; }
|
||||
if (/[a-z]/.test(password[i])) { lower++; }
|
||||
if (/[A-Z]/.test(password[i])) { upper++; }
|
||||
if (/\W/.test(password[i])) { nonalpha++; }
|
||||
}
|
||||
if (requirements.num && (num < requirements.num)) return false;
|
||||
if (requirements.lower && (lower < requirements.lower)) return false;
|
||||
if (requirements.upper && (upper < requirements.upper)) return false;
|
||||
if (requirements.nonalpha && (nonalpha < requirements.nonalpha)) return false;
|
||||
var counts = strCount(password);
|
||||
if (requirements.numeric && (counts.numeric < requirements.numeric)) return false;
|
||||
if (requirements.lower && (counts.lower < requirements.lower)) return false;
|
||||
if (requirements.upper && (counts.upper < requirements.upper)) return false;
|
||||
if (requirements.nonalpha && (counts.nonalpha < requirements.nonalpha)) return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
function strCount(password) {
|
||||
var counts = { numeric: 0, lower: 0, upper: 0, nonalpha: 0 };
|
||||
if (typeof password != 'string') return counts;
|
||||
for (var i = 0; i < password.length; i++) {
|
||||
if (/\d/.test(password[i])) { counts.numeric++; }
|
||||
if (/[a-z]/.test(password[i])) { counts.lower++; }
|
||||
if (/[A-Z]/.test(password[i])) { counts.upper++; }
|
||||
if (/\W/.test(password[i])) { counts.nonalpha++; }
|
||||
}
|
||||
return counts;
|
||||
}
|
||||
|
||||
function checkToken() {
|
||||
var t1 = Q('tokenInput').value;
|
||||
var t2 = t1.split(' ').join('');
|
||||
|
24
webserver.js
24
webserver.js
@ -1410,15 +1410,15 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
// Get total bytes in the path
|
||||
var totalsize = readTotalFileSize(xfile.fullpath);
|
||||
if ((xfile.quota == null) || (totalsize < xfile.quota)) { // Check if the quota is not already broken
|
||||
|
||||
// See if we need to create the folder
|
||||
var domainx = 'domain';
|
||||
if (domain.id.length > 0) { domainx = 'domain-' + usersplit[1]; }
|
||||
try { obj.fs.mkdirSync(obj.parent.filespath); } catch (e) { }
|
||||
try { obj.fs.mkdirSync(obj.parent.path.join(obj.parent.filespath, domainx)); } catch (e) { }
|
||||
try { obj.fs.mkdirSync(xfile.fullpath); } catch (e) { }
|
||||
|
||||
if (fields.name != null) {
|
||||
|
||||
// See if we need to create the folder
|
||||
var domainx = 'domain';
|
||||
if (domain.id.length > 0) { domainx = 'domain-' + usersplit[1]; }
|
||||
try { obj.fs.mkdirSync(obj.parent.filespath); } catch (e) { }
|
||||
try { obj.fs.mkdirSync(obj.parent.path.join(obj.parent.filespath, domainx)); } catch (e) { }
|
||||
try { obj.fs.mkdirSync(xfile.fullpath); } catch (e) { }
|
||||
|
||||
// Upload method where all the file data is within the fields.
|
||||
var names = fields.name[0].split('*'), sizes = fields.size[0].split('*'), types = fields.type[0].split('*'), datas = fields.data[0].split('*');
|
||||
if ((names.length == sizes.length) && (types.length == datas.length) && (names.length == types.length)) {
|
||||
@ -1443,6 +1443,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
for (var i in files.files) {
|
||||
var file = files.files[i], fpath = obj.path.join(xfile.fullpath, file.originalFilename);
|
||||
if (obj.common.IsFilenameValid(file.originalFilename) && ((xfile.quota == null) || ((totalsize + file.size) < xfile.quota))) { // Check if quota would not be broken if we add this file
|
||||
|
||||
// See if we need to create the folder
|
||||
var domainx = 'domain';
|
||||
if (domain.id.length > 0) { domainx = 'domain-' + usersplit[1]; }
|
||||
try { obj.fs.mkdirSync(obj.parent.filespath); } catch (e) { }
|
||||
try { obj.fs.mkdirSync(obj.parent.path.join(obj.parent.filespath, domainx)); } catch (e) { }
|
||||
try { obj.fs.mkdirSync(xfile.fullpath); } catch (e) { }
|
||||
|
||||
obj.fs.rename(file.path, fpath, function () {
|
||||
obj.parent.DispatchEvent([user._id], obj, 'updatefiles'); // Fire an event causing this user to update this files
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user