Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-08-15 19:50:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bugfix: accessing user before declaration

Browse Source
This commit is contained in:
Noah Zalev 2021-06-22 22:18:20 -04:00
parent c39cd2bf39
commit e4c08dedf8
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
webserver.js
View File

@ -6287,6 +6287,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// A user/pass is provided in URL arguments
obj.authenticate(req.query.user, req.query.pass, domain, function (err, userid, passhint, loginOptions) {
var user = obj.users[userid];
// Check if user as the "notools" site right. If so, deny this connection as tools are not allowed to connect.
if ((user != null) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & SITERIGHT_NOMESHCMD)) {
// No tools allowed, close the websocket connection
@ -6299,7 +6301,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
var twoFactorCookieDays = 30;
if (typeof domain.twofactorcookiedurationdays == 'number') { twoFactorCookieDays = domain.twofactorcookiedurationdays; }
var user = obj.users[userid];
if ((err == null) && (user)) {
// Check if a 2nd factor is needed
if (checkUserOneTimePasswordRequired(domain, user, req, loginOptions) == true) {