Commit Graph

970 Commits

Author SHA1 Message Date
Ylian Saint-Hilaire
d0014b3f8b Removed cleanReqQuery() 2024-09-26 21:13:55 -07:00
Josiah Baldwin
04c96eb2ff
Fix/xss (#6403)
* Fixed filenames not being escaped when editing files

This allowed a possible XSS by naming a file in a particular way on your device.

* Fixed HTML generation in webserver not escaping most things from req.query

This would allow XSS through a very simple phishing attack

* Added HtmlEscape to Mobile default as well

* Added sanitization to SAML redirect and Twitter/Azure
2024-09-26 21:09:34 -07:00
si458
0bee2be3cf generate manifest.json from domain and add pwalogo
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-09-24 19:09:14 +01:00
si458
ac0d805378 fix webrtcconfig and allow stun servers #6309
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-09-03 13:42:06 +01:00
si458
ea6682e06a fix passport failure url
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-08-30 16:31:54 +01:00
si458
4e37455471 fix agentdownload on agentonly port #3282
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-08-30 13:17:14 +01:00
si458
fa39f8a105 fix meshctrl with key=xxx and loginkey #6328
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-08-16 16:02:21 +01:00
Ylian Saint-Hilaire
a6acb35a31 Fixed typo. 2024-08-04 22:31:17 -07:00
Ylian Saint-Hilaire
fc29e60939 Improved configuration file encryption in the database, added testing. 2024-08-04 22:00:37 -07:00
si458
b0d9b17e36 fix external auth with loginkey passthrough #4883
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-07-17 15:19:05 +01:00
si458
707982a71b fix Localization Settings not saving server side #2164
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-07-16 12:06:06 +01:00
Joel Roth
9fd3e4c569
Check agent IP address instead of user IP address for agent file downloads. (#6155) 2024-06-28 14:50:57 +01:00
Simon Smith
602eb3c64a
add encoding options to remote desktop (#6198)
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-23 21:00:30 +01:00
Simon Smith
46ebadf440
fix mac mpkg agent again (#6194)
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-20 12:36:24 +01:00
Simon Smith
482e79f913
fix meshcentral-web-domain translate displaying (#6180)
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-17 09:48:21 +01:00
Simon Smith
0a89d07937
add userSessionsSort for session sorting (#6177)
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-14 09:56:02 +01:00
si458
5950b2c829 make sure to clear flash errors after display to avoid showing again #6154
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-11 20:46:45 +01:00
si458
42a07e9d74 fix passport failureRedirect for subdomain paths
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-11 20:38:09 +01:00
si458
d7341ab153 display flash errors for external auths like saml or oidc on the login screen #6154
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-11 20:06:19 +01:00
si458
6976992735 fix oidc paths with aliasport #6148
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-04 10:26:29 +01:00
si458
c67a76bcc2 fix oidc reauth #6132
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-01 20:31:25 +01:00
si458
62199d8057 fix handleStrategyLogin invalid token/user
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-01 17:13:22 +01:00
si458
52a2194116 require connect-flash for oidc #6132
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-05-28 20:00:33 +01:00
si458
26ac23c80d fix web-rdp/web-ssh save creds per user
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-05-24 17:27:22 +01:00
si458
bc6451fee5 migrate groups.enabled in oidc #6104
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-05-21 19:04:43 +01:00
si458
5c13f178be fix oidc sync groups
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-05-21 16:05:00 +01:00
si458
1c8d664962 fix oidc groups.claim undefined
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-05-17 20:01:12 +01:00
Simon Smith
f5891f2946
fix custom public folders for dns domains (#6018)
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-04-12 10:43:06 +01:00
Simon Smith
1da33f0ade
add nice404 to invite and fix invite with dns use #6017
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-04-11 18:51:54 +01:00
Simon Smith
e025e9558b
fix authStrategyFlags using wrong domain (#6015)
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-04-11 17:43:08 +01:00
Ylian Saint-Hilaire
8775b7dcf7 Set login autocomplete to off when set to false in config.json. 2024-03-24 11:03:33 -07:00
si458
4b6da03d2f fix crash caused my oidc merge
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-03-10 11:54:55 +00:00
mstrhakr
05fca6cb36
Fix formatting issues from merging (#5909)
* fix formatting issues in webserver.js

* fix formatting issues is meshcentral.js
2024-03-09 23:46:01 -08:00
Josiah Baldwin
150e2337f5
Add options for overriding TLS ciphers used (#5915)
* Add the ability to set TLS cipher suites

Added config option to set the TLS ciphers instead of relying on a hardcoded list of ciphers determined by meshcentral.

* Added option to use default node ciphers

This allows the ciphers used to be set to the recommended ciphers by nodejs, as well as allowing the user to override the ciphers using the "--tls-cipher-list" command line switch for node.

* Updated validArguments array to include "usenodedefaulttlsciphers" and "tlsciphers" as options
2024-03-09 23:45:10 -08:00
mstrhakr
dfc08b05a9
Login/logout bugfix for OIDC strategy. (#5920)
* add extra logging

* fix how strategy is saved
2024-03-09 23:44:18 -08:00
si458
2d75bbde33 add osx mpkg customized filename
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-03-07 10:19:31 +00:00
si458
c1bec67839 allow multiple osx mpkg installs now and update uninstall.command
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-03-04 16:34:41 +00:00
si458
234acd3347 add displayname to macos pkg
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-03-04 12:50:22 +00:00
si458
473b9d0265 add osx custom filename to zip
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-03-04 11:17:43 +00:00
Ylian Saint-Hilaire
bab35e7bca Removed Reddit auth strategy since it never worked well. 2024-03-03 16:34:01 -08:00
mstrhakr
4be5b7273e
Migrate to openid client (#5856)
* Create forksync.yml

* update oidc to use openid-client

* update oidc module requirements

* working oidc+

includes all oauth2 clients automatically migrated. azure will need some kind of fix for the uid

* update openid-client install checks

* created overarching schema for OIDC

* bug fixs for azure login

* update schema

prepare schema for unified oidc module

* update 'oidc' to strategy variable

* working azure+ groups

groups from azure are in,
you can use memberOf or transitiveMemberOf in config (Graphs API)

* clean up old config import + working google oidc

previous config map was recursive nonsense, changed to multiple IFs

* added convertStrArray

* de-expanded scope

put all other auth strategies back to normal and fixed oidc strategy

* swap back to using authlog debugger

* Update meshcentral-config-schema.json

* working google oidc + groups

* working azure+groups (again)

* init oidc docs

very incomplete but basic config is present

* add oidc

* more work on docs

* add scope and claim options

plus fixed a few bugs and faults in my logic
used logs correctly

* further cleanup debug

* more debug cleanup

* continue documentation push

fixed minor debug bugs also

* more work on docs

missing links, need to get azure preset docs, probably more.

* done with docs

its good enough for now

* minor fix + presets get correct icon

* fix google oidc not visible at login

* fix bug with emailVerified property

* fix logout bug + debug cleanup

* fix strategy logout bug +cleanup

* fixed preset login icon

* fix alert + fix schema

* terminate lines

* Dutch language update 1.0.85

line up polish translation

* Fixed guest web relay session revocation (#4667)

* Updated French translation.

* Add hook to allow adding custom api endpoints to Express routing

* Updated German translation.

* Update meshcentral-config-schema.json (change formatting)

This way it is easier to edit and maintain

* Fixed schema.

* fix meshcentral-config-schema.json

* add language selector to login (#5648)

* add language selector to login

* add showLanguageSelect to pick top or bottom boxe

* remove additionalProperties: false in schema to allow comments #5697

Signed-off-by: si458 <simonsmith5521@gmail.com>

* fix notes in docs

* Fix web relay session handling and redirection due to bad merge

* Added option to check HTTP origin.

* add links and fix typo

* move groups after strategy

* Update version split in docs

* Fix preset issuer URL in OIDC strategy

* Update clientid and clientsecret to client_id and client_secret

* Update meshcentral-config-schema.json and fix bad rebase

* Update meshcentral-config-schema.json

* fix bad rebase

* fix bad rebase

* Add 'connect-flash' to passport dependencies

* Remove unnecessary passport dependencies - fix bad rebase

* Fix auth strategy bug and remove console.log statement

* Set groupType to the preset name if it exists, otherwise use the strategy name

* remove finally block from

* Refactor authentication logging in handleStrategyLogin to include strategy name

---------

Signed-off-by: si458 <simonsmith5521@gmail.com>
Co-authored-by: petervanv <58996467+petervanv@users.noreply.github.com>
Co-authored-by: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Co-authored-by: Martin Mädler <martin.maedler@gmail.com>
Co-authored-by: Fausto Gutierrez <28719096+faustogut@users.noreply.github.com>
Co-authored-by: Simon Smith <simonsmith5521@gmail.com>
2024-03-03 16:03:27 -08:00
Ylian Saint-Hilaire
9e9cd821bf Use userid instead of username when username is null in authlog, #5870 2024-03-03 12:21:21 -08:00
si458
aa87fd61bb maybe fix weird undefined user login accepted #5870
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-03-01 15:45:39 +00:00
Ylian Saint-Hilaire
f2e43cc6da Added option to check HTTP origin. 2024-02-17 11:22:38 -08:00
si458
0b0f2999db fix meshcentral assistant downloads
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-01-14 16:45:04 +00:00
Simon Smith
7c2eea68b6
Fix meshcentral assistant monitor mode always using direct connect mode (#5693)
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-01-13 10:52:17 -08:00
si458
c248eada46 add blob to frame-src csp for intel amt #5678
Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-01-09 13:00:24 +00:00
Simon Smith
e967f00977
allow setting meshcentral assistant type for agentinvites (#5672)
* allow setting meshcentral assistant type for agentinvites

Signed-off-by: si458 <simonsmith5521@gmail.com>

* forgot webserver for assistantTypeAgentInvite

Signed-off-by: si458 <simonsmith5521@gmail.com>

* dont use capital letters with domain args

Signed-off-by: si458 <simonsmith5521@gmail.com>

---------

Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-01-07 22:21:54 -08:00
Simon Smith
e4001e67ef
add language selector to login (#5648)
* add language selector to login

* add showLanguageSelect to pick top or bottom boxe
2024-01-04 02:17:27 +00:00
jrf280
bc0550a791
Added device group name to search results as config option (#5544) 2023-11-12 15:18:00 -08:00