Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-08-15 19:50:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added authCookie to all multiparty forms

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2019-09-30 14:50:28 -07:00
parent 1270c3fbd5
commit 947f6327fc
4 changed files with 36 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.4.1-m",
"version": "0.4.1-n",
"keywords": [
"Remote Management",
"Intel AMT",

2
views/default-min.handlebars
View File

File diff suppressed because one or more lines are too long

3
views/default.handlebars
View File

@ -873,6 +873,7 @@
<div id=d3localmode style="display:none">
<div>Upload File</div>
<form id=d3localmodeform method=post enctype=multipart/form-data action=uploadfile.ashx target=fileUploadFrame>
<input type=text id=d3auth name=auth style="display:none" />
<input type=text id=d3attrib name=attrib style="display:none" />
<input type=file id=d3localFile name=files onchange=d3setActions() />
<input type=submit id=d3submit style="display:none" />
@ -6491,6 +6492,7 @@
function p15uploadCore2() {
if (xxdialogMode) return;
Q('d3localmodeform').action = 'uploadmeshcorefile.ashx';
Q('d3auth').value = authCookie;
Q('d3attrib').value = currentNode._id;
setDialogMode(3, "Upload Mesh Agent Core", 3, p15uploadCoreEx2);
d3init();
@ -6836,6 +6838,7 @@
if (xxdialogMode) return false;
var x = 'Restore the server using a backup, <span style=color:red>this will delete the existing server data</span>. Only do this if you know what you are doing.<br /><br />';
x += '<form action="/restoreserver.ashx" enctype="multipart/form-data" method="post"><div>';
x += '<input type=hidden name=auth value=' + authCookie + '>';
x += '<input id=account_dlgFileInput type=file name=datafile style=width:100% accept=".zip,application/octet-stream,application/zip,application/x-zip,application/x-zip-compressed" onchange=account_validateServerRestore()>';
x += '<input id=account_dlgCancelButton type=button value=Cancel style=float:right;width:80px;margin-left:5px onclick=dialogclose(0)>';
x += '<input id=account_dlgOkButton type=submit value=OK style=float:right;width:80px onclick=dialogclose(1)>';

38
webserver.js
View File

@ -1974,13 +1974,26 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
function handleUploadMeshCoreFile(req, res) {
const domain = checkUserIpAddress(req, res);
if (domain == null) { res.sendStatus(404); return; }
if ((domain.id !== '') || (!req.session) || (req.session == null) || (!req.session.userid)) { res.sendStatus(401); return; }
const user = obj.users[req.session.userid];
if (user.siteadmin != 0xFFFFFFFF) { res.sendStatus(401); return; } // Check if we have mesh core upload rights (Full admin only)
if (domain.id !== '') { res.sendStatus(401); return; }
var authUserid = null;
if ((req.session != null) && (typeof req.session.userid == 'string')) { authUserid = req.session.userid; }
const multiparty = require('multiparty');
const form = new multiparty.Form();
form.parse(req, function (err, fields, files) {
// If an authentication cookie is embedded in the form, use that.
if ((fields != null) && (fields.auth != null) && (fields.auth.length == 1) && (typeof fields.auth[0] == 'string')) {
var loginCookie = obj.parent.decodeCookie(fields.auth[0], obj.parent.loginCookieEncryptionKey, 60); // 60 minute timeout
if ((loginCookie != null) && (loginCookie.ip != null) && (loginCookie.ip != cleanRemoteAddr(req.ip))) { loginCookie = null; } // Check cookie IP binding.
if ((loginCookie != null) && (domain.id == loginCookie.domainid)) { authUserid = loginCookie.userid; } // Use cookie authentication
}
if (authUserid == null) { res.sendStatus(401); return; }
// Get the user
const user = obj.users[authUserid];
if (user.siteadmin != 0xFFFFFFFF) { res.sendStatus(401); return; } // Check if we have mesh core upload rights (Full admin only)
if ((fields == null) || (fields.attrib == null) || (fields.attrib.length != 1)) { res.sendStatus(404); return; }
for (var i in files.files) {
var file = files.files[i];
@ -2785,13 +2798,24 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
function handleRestoreRequest(req, res) {
const domain = checkUserIpAddress(req, res);
if (domain == null) { res.sendStatus(404); return; }
if ((!req.session) || (req.session == null) || (!req.session.userid) || (obj.parent.args.noserverbackup == 1)) { res.sendStatus(401); return; }
const user = obj.users[req.session.userid];
if ((user == null) || ((user.siteadmin & 4) == 0)) { res.sendStatus(401); return; } // Check if we have server restore rights
if (obj.parent.args.noserverbackup == 1) { res.sendStatus(401); return; }
var authUserid = null;
if ((req.session != null) && (typeof req.session.userid == 'string')) { authUserid = req.session.userid; }
const multiparty = require('multiparty');
const form = new multiparty.Form();
form.parse(req, function (err, fields, files) {
// If an authentication cookie is embedded in the form, use that.
if ((fields != null) && (fields.auth != null) && (fields.auth.length == 1) && (typeof fields.auth[0] == 'string')) {
var loginCookie = obj.parent.decodeCookie(fields.auth[0], obj.parent.loginCookieEncryptionKey, 60); // 60 minute timeout
if ((loginCookie != null) && (loginCookie.ip != null) && (loginCookie.ip != cleanRemoteAddr(req.ip))) { loginCookie = null; } // Check cookie IP binding.
if ((loginCookie != null) && (domain.id == loginCookie.domainid)) { authUserid = loginCookie.userid; } // Use cookie authentication
}
if (authUserid == null) { res.sendStatus(401); return; }
// Get the user
const user = obj.users[req.session.userid];
if ((user == null) || ((user.siteadmin & 4) == 0)) { res.sendStatus(401); return; } // Check if we have server restore rights
res.send('Server must be restarted, <a href="' + domain.url + '">click here to login</a>.');
parent.Stop(files.datafile[0].path);
});