Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-08-16 04:00:28 +03:00
Code Issues Packages Projects Releases Wiki Activity

User inner authentication improvements.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-04-02 17:26:17 -07:00
parent 72799f0346
commit fc23237fe4
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
webserver.js
View File

@ -5263,7 +5263,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { ws.close(); return; } // Check 3FA URL key
PerformWSSessionAuth(ws, req, true, function (ws1, req1, domain, user, cookie) {
if (user == null) { // User is not authenticated, perform inner server authentication
PerformWSSessionInnerAuth(ws, req, domain, function (ws1, req1, domain, user) { obj.meshUserHandler.CreateMeshUser(obj, obj.db, ws1, req1, obj.args, domain, user); }); // User is authenticated
if (req.headers['x-meshauth'] === '*') {
PerformWSSessionInnerAuth(ws, req, domain, function (ws1, req1, domain, user) { obj.meshUserHandler.CreateMeshUser(obj, obj.db, ws1, req1, obj.args, domain, user); }); // User is authenticated
} else {
try { ws.close(); } catch (ex) { } // user is not authenticated and inner authentication was not requested, disconnect now.
}
} else {
obj.meshUserHandler.CreateMeshUser(obj, obj.db, ws1, req1, obj.args, domain, user); // User is authenticated
}
@ -5882,6 +5886,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (domain == null) { parent.debug('web', 'WSERROR: Got no domain, user auth required.'); return; }
}
// Check if inner authentication is requested
if (req.headers['x-meshauth'] === '*') { func(ws, req, domain, null); return; }
var emailcheck = ((domain.mailserver != null) && (obj.parent.certificates.CommonName != null) && (obj.parent.certificates.CommonName.indexOf('.') != -1) && (obj.args.lanonly != true) && (domain.auth != 'sspi') && (domain.auth != 'ldap'))
// A web socket session can be authenticated in many ways (Default user, session, user/pass and cookie). Check authentication here.