Added batch account addition.

This commit is contained in:
Ylian Saint-Hilaire 2019-05-14 14:39:26 -07:00
parent f7cbbb69ed
commit 980ab3b4a6
8 changed files with 130 additions and 31 deletions

View File

@ -96,7 +96,7 @@ function CreateMeshCentralServer(config, args) {
// Start the Meshcentral server // Start the Meshcentral server
obj.Start = function () { obj.Start = function () {
var i; var i;
try { require('./pass').hash('test', function () { }); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not. try { require('./pass').hash('test', function () { }, 0); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not.
// Check for invalid arguments // Check for invalid arguments
var validArguments = ['_', 'notls', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbmerge', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'swarmdebug', 'logintoken', 'logintokenkey', 'logintokengen', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles', 'configkey', 'loadconfigfromdb', 'npmpath', 'memorytracking']; var validArguments = ['_', 'notls', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbmerge', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'swarmdebug', 'logintoken', 'logintokenkey', 'logintokengen', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles', 'configkey', 'loadconfigfromdb', 'npmpath', 'memorytracking'];

View File

@ -952,6 +952,68 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// TODO: Notify all sessions on other peers. // TODO: Notify all sessions on other peers.
break;
}
case 'adduserbatch':
{
// Add many new user accounts
if ((user.siteadmin & 2) == 0) break;
if (!Array.isArray(command.users)) break;
var userCount = 0;
for (var i in command.users) {
if (common.validateUsername(command.users[i].user, 1, 64) == false) break; // Username is between 1 and 64 characters, no spaces
if ((command.users[i].user == '~') || (command.users[i].user.indexOf('/') >= 0)) break; // This is a reserved user name
if (common.validateString(command.users[i].pass, 1, 256) == false) break; // Password is between 1 and 256 characters
if (common.checkPasswordRequirements(command.users[i].pass, domain.passwordrequirements) == false) break; // Password does not meet requirements
if ((command.email != null) && (common.validateEmail(command.users[i].email, 1, 256) == false)) break; // Check if this is a valid email address
userCount++;
}
// Check if we exceed the maximum number of user accounts
db.isMaxType(domain.limits.maxuseraccounts + userCount, 'user', domain.id, function (maxExceed) {
if (maxExceed) {
// Account count exceed, do notification
// Create the notification message
var notification = { action: "msg", type: "notify", value: "Account limit reached.", title: "Server Limit", userid: user._id, username: user.name, domain: domain.id };
// Get the list of sessions for this user
var sessions = parent.wssessions[user._id];
if (sessions != null) { for (i in sessions) { try { if (sessions[i].domainid == domain.id) { sessions[i].send(JSON.stringify(notification)); } } catch (ex) { } } }
// TODO: Notify all sessions on other peers.
} else {
for (var i in command.users) {
// Check if this is an existing user
var newuserid = 'user/' + domain.id + '/' + command.users[i].user.toLowerCase();
var newuser = { type: 'user', _id: newuserid, name: command.users[i].user, creation: Math.floor(Date.now() / 1000), domain: domain.id };
if (domain.newaccountsrights) { newuser.siteadmin = domain.newaccountsrights; }
if (command.users[i].email != null) { newuser.email = command.users[i].email; } // Email
if (command.users[i].resetNextLogin === true) { newuser.passchange = -1; } else { newuser.passchange = Math.floor(Date.now() / 1000); }
if ((command.users[i].groups != null) && (common.validateStrArray(command.users[i].groups, 1, 32))) { newuser.groups = command.users[i].groups; } // New account are automatically part of our groups.
if (parent.users[newuserid] == null) {
parent.users[newuserid] = newuser;
// Create a user, generate a salt and hash the password
require('./pass').hash(command.users[i].pass, function (err, salt, hash, newuser) {
if (err) throw err;
newuser.salt = salt;
newuser.hash = hash;
db.SetUser(newuser);
var targets = ['*', 'server-users'];
if (newuser.groups) { for (var i in newuser.groups) { targets.push('server-users:' + i); } }
if (newuser.email == null) {
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newuser.name, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, username is ' + newuser.name, domain: domain.id });
} else {
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newuser.name, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, email is ' + newuser.email, domain: domain.id });
}
}, newuser);
}
}
}
});
break; break;
} }
case 'adduser': case 'adduser':
@ -960,6 +1022,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if ((user.siteadmin & 2) == 0) break; if ((user.siteadmin & 2) == 0) break;
if (common.validateUsername(command.username, 1, 64) == false) break; // Username is between 1 and 64 characters, no spaces if (common.validateUsername(command.username, 1, 64) == false) break; // Username is between 1 and 64 characters, no spaces
if (common.validateString(command.pass, 1, 256) == false) break; // Password is between 1 and 256 characters if (common.validateString(command.pass, 1, 256) == false) break; // Password is between 1 and 256 characters
if (command.username.indexOf('/') >= 0) break; // Usernames can't have '/'
if (common.checkPasswordRequirements(command.pass, domain.passwordrequirements) == false) break; // Password does not meet requirements if (common.checkPasswordRequirements(command.pass, domain.passwordrequirements) == false) break; // Password does not meet requirements
if ((command.email != null) && (common.validateEmail(command.email, 1, 256) == false)) break; // Check if this is a valid email address if ((command.email != null) && (common.validateEmail(command.email, 1, 256) == false)) break; // Check if this is a valid email address
var newusername = command.username, newuserid = 'user/' + domain.id + '/' + command.username.toLowerCase(); var newusername = command.username, newuserid = 'user/' + domain.id + '/' + command.username.toLowerCase();
@ -988,7 +1051,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
parent.users[newuserid] = newuser; parent.users[newuserid] = newuser;
// Create a user, generate a salt and hash the password // Create a user, generate a salt and hash the password
require('./pass').hash(command.pass, function (err, salt, hash) { require('./pass').hash(command.pass, function (err, salt, hash, tag) {
if (err) throw err; if (err) throw err;
newuser.salt = salt; newuser.salt = salt;
newuser.hash = hash; newuser.hash = hash;
@ -996,8 +1059,12 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
var targets = ['*', 'server-users']; var targets = ['*', 'server-users'];
if (newuser.groups) { for (var i in newuser.groups) { targets.push('server-users:' + i); } } if (newuser.groups) { for (var i in newuser.groups) { targets.push('server-users:' + i); } }
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newusername, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, email is ' + command.email, domain: domain.id }); if (command.email == null) {
}); parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newusername, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, username is ' + command.user, domain: domain.id });
} else {
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newusername, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, email is ' + command.email, domain: domain.id });
}
}, 0);
} }
}); });
break; break;
@ -1083,7 +1150,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
parent.checkUserPassword(domain, user, command.oldpass, function (result) { parent.checkUserPassword(domain, user, command.oldpass, function (result) {
if (result == true) { if (result == true) {
// Update the password // Update the password
require('./pass').hash(command.newpass, function (err, salt, hash) { require('./pass').hash(command.newpass, function (err, salt, hash, tag) {
if (err) { if (err) {
// Send user notification of error // Send user notification of error
displayNotificationMessage('Error, password not changed.', 'Account Settings', 'ServerNotify'); displayNotificationMessage('Error, password not changed.', 'Account Settings', 'ServerNotify');
@ -1107,7 +1174,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Send user notification of password change // Send user notification of password change
displayNotificationMessage('Password changed.', 'Account Settings', 'ServerNotify'); displayNotificationMessage('Password changed.', 'Account Settings', 'ServerNotify');
} }
}); }, 0);
} else { } else {
// Send user notification of error // Send user notification of error
displayNotificationMessage('Current password not correct.', 'Account Settings', 'ServerNotify'); displayNotificationMessage('Current password not correct.', 'Account Settings', 'ServerNotify');
@ -1131,7 +1198,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if ((user.groups != null) && (user.groups.length > 0) && ((chguser.groups == null) || (findOne(chguser.groups, user.groups) == false))) break; if ((user.groups != null) && (user.groups.length > 0) && ((chguser.groups == null) || (findOne(chguser.groups, user.groups) == false))) break;
// Compute the password hash & save it // Compute the password hash & save it
require('./pass').hash(command.pass, function (err, salt, hash) { require('./pass').hash(command.pass, function (err, salt, hash, tag) {
if (!err) { if (!err) {
chguser.salt = salt; chguser.salt = salt;
chguser.hash = hash; chguser.hash = hash;
@ -1156,7 +1223,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Report that the password change failed // Report that the password change failed
// TODO // TODO
} }
}); }, 0);
} }
break; break;
} }

View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.3.4-h", "version": "0.3.4-i",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

13
pass.js
View File

@ -25,24 +25,25 @@ const iterations = 12000;
* @param {Function} callback * @param {Function} callback
* @api public * @api public
*/ */
exports.hash = function (pwd, salt, fn) { exports.hash = function (pwd, salt, fn, tag) {
if (3 == arguments.length) { if (4 == arguments.length) {
try { try {
crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { fn(err, hash.toString('base64')); }); crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { fn(err, hash.toString('base64'), tag); });
} catch (e) { } catch (e) {
// If this previous call fails, it's probably because older pbkdf2 did not specify the hashing function, just use the default. // If this previous call fails, it's probably because older pbkdf2 did not specify the hashing function, just use the default.
crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { fn(err, hash.toString('base64')); }); crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { fn(err, hash.toString('base64'), tag); });
} }
} else { } else {
tag = fn;
fn = salt; fn = salt;
crypto.randomBytes(len, function (err, salt) { crypto.randomBytes(len, function (err, salt) {
if (err) return fn(err); if (err) return fn(err);
salt = salt.toString('base64'); salt = salt.toString('base64');
try { try {
crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64')); }); crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64'), tag); });
} catch (e) { } catch (e) {
// If this previous call fails, it's probably because older pbkdf2 did not specify the hashing function, just use the default. // If this previous call fails, it's probably because older pbkdf2 did not specify the hashing function, just use the default.
crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64')); }); crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64'), tag); });
} }
}); });
} }

BIN
public/images/link6.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 198 B

File diff suppressed because one or more lines are too long

View File

@ -302,6 +302,7 @@
<div style="float:right"> <div style="float:right">
<input type=button onclick=showUserBroadcastDialog() style=margin-right:6px value="Broadcast" /> <input type=button onclick=showUserBroadcastDialog() style=margin-right:6px value="Broadcast" />
<img onclick=p4downloadUserInfo() style="cursor:pointer" title="Download user information" src="images/link4.png" /> <img onclick=p4downloadUserInfo() style="cursor:pointer" title="Download user information" src="images/link4.png" />
<img onclick=p4batchAccountCreate() style="cursor:pointer" title="batch create many user accounts" src="images/link6.png" />
</div> </div>
<div> <div>
<input id=UserNewAccountButton type=button style=margin-left:6px onclick=showCreateNewAccountDialog() value="New Account..." /> <input id=UserNewAccountButton type=button style=margin-left:6px onclick=showCreateNewAccountDialog() value="New Account..." />
@ -6846,6 +6847,36 @@
return false; return false;
} }
function p4batchAccountCreate() {
if (xxdialogMode) return;
var x = 'Create many accounts at once by importing a JSON file with the following format:<br /><pre>[\r\n {"user":"x1","pass":"x","email":"x1@x"},\r\n {"user":"x2","pass":"x","resetNextLogin":true}\r\n]</pre><input style=width:370px type=file id=d4importFile accept=".json" onchange=p4batchAccountCreateValidate() />';
setDialogMode(2, "User Account Import", 3, p4batchAccountCreateEx, x);
QE('idx_dlgOkButton', false);
}
function p4batchAccountCreateValidate() {
QE('idx_dlgOkButton', Q('d4importFile').value != null);
}
function p4batchAccountCreateEx() {
var fr = new FileReader();
fr.onload = function (r) {
var j = null;
try { j = JSON.parse(r.target.result); } catch (ex) { setDialogMode(2, "User Account Import", 1, null, "Invalid JSON file: " + ex + "."); return; }
if ((j != null) && (Array.isArray(j))) {
var ok = true;
for (var i in j) {
if ((typeof j[i].user != 'string') || (j[i].user.length < 1) || (j[i].user.length > 64)) { ok = false; }
if ((typeof j[i].pass != 'string') || (j[i].pass.length < 1) || (j[i].pass.length > 256)) { ok = false; }
if (checkPasswordRequirements(j[i].pass, passRequirements) == false) { ok = false; }
if ((j[i].email != null) && ((typeof j[i].email != 'string') || (j[i].email.length < 1) || (j[i].email.length > 128))) { ok = false; }
}
if (ok == false) { setDialogMode(2, "User Account Import", 1, null, "Invalid JSON file format."); } else { meshserver.send({ action: 'adduserbatch', users: j }); }
} else { setDialogMode(2, "User Account Import", 1, null, "Invalid JSON file format."); }
};
fr.readAsText(Q('d4importFile').files[0]);
}
function p4downloadUserInfo() { function p4downloadUserInfo() {
if (xxdialogMode) return; if (xxdialogMode) return;
var x = 'Download the list of users with one of the file formats below.<br /><br />'; var x = 'Download the list of users with one of the file formats below.<br /><br />';

View File

@ -388,7 +388,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (err) return fn(err); if (err) return fn(err);
if (hash == user.hash) { if (hash == user.hash) {
// Update the password to the stronger format. // Update the password to the stronger format.
require('./pass').hash(pass, function (err, salt, hash) { if (err) throw err; user.salt = salt; user.hash = hash; delete user.passtype; obj.db.SetUser(user); }); require('./pass').hash(pass, function (err, salt, hash, tag) { if (err) throw err; user.salt = salt; user.hash = hash; delete user.passtype; obj.db.SetUser(user); }, 0);
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; } if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
return fn(null, user._id); return fn(null, user._id);
} }
@ -396,14 +396,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}); });
} else { } else {
// Default strong password hashing (pbkdf2 SHA384) // Default strong password hashing (pbkdf2 SHA384)
require('./pass').hash(pass, user.salt, function (err, hash) { require('./pass').hash(pass, user.salt, function (err, hash, tag) {
if (err) return fn(err); if (err) return fn(err);
if (hash == user.hash) { if (hash == user.hash) {
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; } if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
return fn(null, user._id); return fn(null, user._id);
} }
fn(new Error('invalid password'), null, user.passhint); fn(new Error('invalid password'), null, user.passhint);
}); }, 0);
} }
} }
} }
@ -844,7 +844,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
req.session.userid = user._id; req.session.userid = user._id;
req.session.domainid = domain.id; req.session.domainid = domain.id;
// Create a user, generate a salt and hash the password // Create a user, generate a salt and hash the password
require('./pass').hash(req.body.password1, function (err, salt, hash) { require('./pass').hash(req.body.password1, function (err, salt, hash, tag) {
if (err) throw err; if (err) throw err;
user.salt = salt; user.salt = salt;
user.hash = hash; user.hash = hash;
@ -853,7 +853,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Send the verification email // Send the verification email
if ((obj.parent.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (obj.common.validateEmail(user.email, 1, 256) == true)) { obj.parent.mailserver.sendAccountCheckMail(domain, user.name, user.email); } if ((obj.parent.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (obj.common.validateEmail(user.email, 1, 256) == true)) { obj.parent.mailserver.sendAccountCheckMail(domain, user.name, user.email); }
}); }, 0);
obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', username: user.name, account: obj.CloneSafeUser(user), action: 'accountcreate', msg: 'Account created, email is ' + req.body.email, domain: domain.id }); obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', username: user.name, account: obj.CloneSafeUser(user), action: 'accountcreate', msg: 'Account created, email is ' + req.body.email, domain: domain.id });
} }
res.redirect(domain.url); res.redirect(domain.url);
@ -898,7 +898,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} }
// Check if the password is the same as the previous one // Check if the password is the same as the previous one
require('./pass').hash(req.body.rpassword1, user.salt, function (err, hash) { require('./pass').hash(req.body.rpassword1, user.salt, function (err, hash, tag) {
if (user.hash == hash) { if (user.hash == hash) {
// This is the same password, request a password change again // This is the same password, request a password change again
req.session.loginmode = '6'; req.session.loginmode = '6';
@ -906,7 +906,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
res.redirect(domain.url); res.redirect(domain.url);
} else { } else {
// Update the password, use a different salt. // Update the password, use a different salt.
require('./pass').hash(req.body.rpassword1, function (err, salt, hash) { require('./pass').hash(req.body.rpassword1, function (err, salt, hash, tag) {
if (err) throw err; if (err) throw err;
user.salt = salt; user.salt = salt;
user.hash = hash; user.hash = hash;
@ -920,9 +920,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
req.session.userid = userid; req.session.userid = userid;
req.session.domainid = domain.id; req.session.domainid = domain.id;
completeLoginRequest(req, res, domain, obj.users[userid], userid, req.session.tokenusername, req.session.tokenpassword); completeLoginRequest(req, res, domain, obj.users[userid], userid, req.session.tokenusername, req.session.tokenpassword);
}); }, 0);
} }
}); }, 0);
} else { } else {
// Failed, error out. // Failed, error out.
delete req.session.loginmode; delete req.session.loginmode;
@ -1057,7 +1057,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Set a temporary password // Set a temporary password
obj.crypto.randomBytes(16, function (err, buf) { obj.crypto.randomBytes(16, function (err, buf) {
var newpass = buf.toString('base64').split('=').join('').split('/').join(''); var newpass = buf.toString('base64').split('=').join('').split('/').join('');
require('./pass').hash(newpass, function (err, salt, hash) { require('./pass').hash(newpass, function (err, salt, hash, tag) {
var userinfo = null; var userinfo = null;
if (err) throw err; if (err) throw err;
@ -1076,7 +1076,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Send the new password // Send the new password
res.render(obj.path.join(obj.parent.webViewsPath, 'message'), { title: domain.title, title2: domain.title2, title3: 'Account Verification', message: '<div>Password for account <b>' + EscapeHtml(user.name) + '</b> has been reset to:</div><div style=padding:14px;font-size:18px><b>' + EscapeHtml(newpass) + '</b></div>Login and go to the \"My Account\" tab to update your password. <a href="' + domain.url + '">Go to login page</a>.' }); res.render(obj.path.join(obj.parent.webViewsPath, 'message'), { title: domain.title, title2: domain.title2, title3: 'Account Verification', message: '<div>Password for account <b>' + EscapeHtml(user.name) + '</b> has been reset to:</div><div style=padding:14px;font-size:18px><b>' + EscapeHtml(newpass) + '</b></div>Login and go to the \"My Account\" tab to update your password. <a href="' + domain.url + '">Go to login page</a>.' });
}); }, 0);
}); });
} }
} else { } else {
@ -1151,14 +1151,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}); });
} else { } else {
// Default strong password hashing (pbkdf2 SHA384) // Default strong password hashing (pbkdf2 SHA384)
require('./pass').hash(password, user.salt, function (err, hash) { require('./pass').hash(password, user.salt, function (err, hash, tag) {
if (err) return func(false); if (err) return func(false);
if (hash == user.hash) { if (hash == user.hash) {
if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { return func(false); } // Account is locked if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { return func(false); } // Account is locked
return func(true); // Allow password change return func(true); // Allow password change
} }
func(false); func(false);
}); }, 0);
} }
} }
@ -1178,7 +1178,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.checkUserPassword(domain, user, req.body.apassword0, function (result) { obj.checkUserPassword(domain, user, req.body.apassword0, function (result) {
if (result == true) { if (result == true) {
// Update the password // Update the password
require('./pass').hash(req.body.apassword1, function (err, salt, hash) { require('./pass').hash(req.body.apassword1, function (err, salt, hash, tag) {
if (err) throw err; if (err) throw err;
user.salt = salt; user.salt = salt;
user.hash = hash; user.hash = hash;
@ -1189,7 +1189,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
req.session.viewmode = 2; req.session.viewmode = 2;
res.redirect(domain.url); res.redirect(domain.url);
obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', username: user.name, action: 'passchange', msg: 'Account password changed: ' + user.name, domain: domain.id }); obj.parent.DispatchEvent(['*', 'server-users'], obj, { etype: 'user', username: user.name, action: 'passchange', msg: 'Account password changed: ' + user.name, domain: domain.id });
}); }, 0);
} }
}); });
} }