Skip to content

Commit

Permalink
Added batch account addition.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ylianst
Ylianst committed May 14, 2019
1 parent 4ddeca1 commit 27b9cfe
Show file tree
Hide file tree
Showing 8 changed files with 130 additions and 31 deletions.
2 changes: 1 addition & 1 deletion meshcentral.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ function CreateMeshCentralServer(config, args) {
// Start the Meshcentral server
obj.Start = function () {
var i;
try { require('./pass').hash('test', function () { }); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not.
try { require('./pass').hash('test', function () { }, 0); } catch (e) { console.log('Old version of node, must upgrade.'); return; } // TODO: Not sure if this test works or not.

// Check for invalid arguments
var validArguments = ['_', 'notls', 'user', 'port', 'aliasport', 'mpsport', 'mpsaliasport', 'redirport', 'cert', 'mpscert', 'deletedomain', 'deletedefaultdomain', 'showall', 'showusers', 'shownodes', 'showmeshes', 'showevents', 'showpower', 'clearpower', 'showiplocations', 'help', 'exactports', 'install', 'uninstall', 'start', 'stop', 'restart', 'debug', 'filespath', 'datapath', 'noagentupdate', 'launch', 'noserverbackup', 'mongodb', 'mongodbcol', 'wanonly', 'lanonly', 'nousers', 'mpsdebug', 'mpspass', 'ciralocalfqdn', 'dbexport', 'dbexportmin', 'dbimport', 'dbmerge', 'dbencryptkey', 'selfupdate', 'tlsoffload', 'userallowedip', 'userblockedip', 'swarmallowedip', 'agentallowedip', 'agentblockedip', 'fastcert', 'swarmport', 'swarmdebug', 'logintoken', 'logintokenkey', 'logintokengen', 'logintokengen', 'mailtokengen', 'admin', 'unadmin', 'sessionkey', 'sessiontime', 'minify', 'minifycore', 'dblistconfigfiles', 'dbshowconfigfile', 'dbpushconfigfiles', 'dbpullconfigfiles', 'dbdeleteconfigfiles', 'configkey', 'loadconfigfromdb', 'npmpath', 'memorytracking'];
Expand Down
81 changes: 74 additions & 7 deletions meshuser.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -952,6 +952,68 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use

// TODO: Notify all sessions on other peers.

break;
}
case 'adduserbatch':
{
// Add many new user accounts
if ((user.siteadmin & 2) == 0) break;
if (!Array.isArray(command.users)) break;
var userCount = 0;
for (var i in command.users) {
if (common.validateUsername(command.users[i].user, 1, 64) == false) break; // Username is between 1 and 64 characters, no spaces
if ((command.users[i].user == '~') || (command.users[i].user.indexOf('/') >= 0)) break; // This is a reserved user name
if (common.validateString(command.users[i].pass, 1, 256) == false) break; // Password is between 1 and 256 characters
if (common.checkPasswordRequirements(command.users[i].pass, domain.passwordrequirements) == false) break; // Password does not meet requirements
if ((command.email != null) && (common.validateEmail(command.users[i].email, 1, 256) == false)) break; // Check if this is a valid email address
userCount++;
}

// Check if we exceed the maximum number of user accounts
db.isMaxType(domain.limits.maxuseraccounts + userCount, 'user', domain.id, function (maxExceed) {
if (maxExceed) {
// Account count exceed, do notification

// Create the notification message
var notification = { action: "msg", type: "notify", value: "Account limit reached.", title: "Server Limit", userid: user._id, username: user.name, domain: domain.id };

// Get the list of sessions for this user
var sessions = parent.wssessions[user._id];
if (sessions != null) { for (i in sessions) { try { if (sessions[i].domainid == domain.id) { sessions[i].send(JSON.stringify(notification)); } } catch (ex) { } } }
// TODO: Notify all sessions on other peers.
} else {
for (var i in command.users) {
// Check if this is an existing user
var newuserid = 'user/' + domain.id + '/' + command.users[i].user.toLowerCase();
var newuser = { type: 'user', _id: newuserid, name: command.users[i].user, creation: Math.floor(Date.now() / 1000), domain: domain.id };
if (domain.newaccountsrights) { newuser.siteadmin = domain.newaccountsrights; }
if (command.users[i].email != null) { newuser.email = command.users[i].email; } // Email
if (command.users[i].resetNextLogin === true) { newuser.passchange = -1; } else { newuser.passchange = Math.floor(Date.now() / 1000); }
if ((command.users[i].groups != null) && (common.validateStrArray(command.users[i].groups, 1, 32))) { newuser.groups = command.users[i].groups; } // New account are automatically part of our groups.

if (parent.users[newuserid] == null) {
parent.users[newuserid] = newuser;

// Create a user, generate a salt and hash the password
require('./pass').hash(command.users[i].pass, function (err, salt, hash, newuser) {
if (err) throw err;
newuser.salt = salt;
newuser.hash = hash;
db.SetUser(newuser);

var targets = ['*', 'server-users'];
if (newuser.groups) { for (var i in newuser.groups) { targets.push('server-users:' + i); } }
if (newuser.email == null) {
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newuser.name, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, username is ' + newuser.name, domain: domain.id });
} else {
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newuser.name, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, email is ' + newuser.email, domain: domain.id });
}
}, newuser);
}
}
}
});

break;
}
case 'adduser':
Expand All @@ -960,6 +1022,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if ((user.siteadmin & 2) == 0) break;
if (common.validateUsername(command.username, 1, 64) == false) break; // Username is between 1 and 64 characters, no spaces
if (common.validateString(command.pass, 1, 256) == false) break; // Password is between 1 and 256 characters
if (command.username.indexOf('/') >= 0) break; // Usernames can't have '/'
if (common.checkPasswordRequirements(command.pass, domain.passwordrequirements) == false) break; // Password does not meet requirements
if ((command.email != null) && (common.validateEmail(command.email, 1, 256) == false)) break; // Check if this is a valid email address
var newusername = command.username, newuserid = 'user/' + domain.id + '/' + command.username.toLowerCase();
Expand Down Expand Up @@ -988,16 +1051,20 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
parent.users[newuserid] = newuser;

// Create a user, generate a salt and hash the password
require('./pass').hash(command.pass, function (err, salt, hash) {
require('./pass').hash(command.pass, function (err, salt, hash, tag) {
if (err) throw err;
newuser.salt = salt;
newuser.hash = hash;
db.SetUser(newuser);

var targets = ['*', 'server-users'];
if (newuser.groups) { for (var i in newuser.groups) { targets.push('server-users:' + i); } }
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newusername, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, email is ' + command.email, domain: domain.id });
});
if (command.email == null) {
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newusername, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, username is ' + command.user, domain: domain.id });
} else {
parent.parent.DispatchEvent(targets, obj, { etype: 'user', username: newusername, account: parent.CloneSafeUser(newuser), action: 'accountcreate', msg: 'Account created, email is ' + command.email, domain: domain.id });
}
}, 0);
}
});
break;
Expand Down Expand Up @@ -1083,7 +1150,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
parent.checkUserPassword(domain, user, command.oldpass, function (result) {
if (result == true) {
// Update the password
require('./pass').hash(command.newpass, function (err, salt, hash) {
require('./pass').hash(command.newpass, function (err, salt, hash, tag) {
if (err) {
// Send user notification of error
displayNotificationMessage('Error, password not changed.', 'Account Settings', 'ServerNotify');
Expand All @@ -1107,7 +1174,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Send user notification of password change
displayNotificationMessage('Password changed.', 'Account Settings', 'ServerNotify');
}
});
}, 0);
} else {
// Send user notification of error
displayNotificationMessage('Current password not correct.', 'Account Settings', 'ServerNotify');
Expand All @@ -1131,7 +1198,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if ((user.groups != null) && (user.groups.length > 0) && ((chguser.groups == null) || (findOne(chguser.groups, user.groups) == false))) break;

// Compute the password hash & save it
require('./pass').hash(command.pass, function (err, salt, hash) {
require('./pass').hash(command.pass, function (err, salt, hash, tag) {
if (!err) {
chguser.salt = salt;
chguser.hash = hash;
Expand All @@ -1156,7 +1223,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Report that the password change failed
// TODO
}
});
}, 0);
}
break;
}
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.3.4-h",
"version": "0.3.4-i",
"keywords": [
"Remote Management",
"Intel AMT",
Expand Down
13 changes: 7 additions & 6 deletions pass.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,24 +25,25 @@ const iterations = 12000;
* @param {Function} callback
* @api public
*/
exports.hash = function (pwd, salt, fn) {
if (3 == arguments.length) {
exports.hash = function (pwd, salt, fn, tag) {
if (4 == arguments.length) {
try {
crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { fn(err, hash.toString('base64')); });
crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { fn(err, hash.toString('base64'), tag); });
} catch (e) {
// If this previous call fails, it's probably because older pbkdf2 did not specify the hashing function, just use the default.
crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { fn(err, hash.toString('base64')); });
crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { fn(err, hash.toString('base64'), tag); });
}
} else {
tag = fn;
fn = salt;
crypto.randomBytes(len, function (err, salt) {
if (err) return fn(err);
salt = salt.toString('base64');
try {
crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64')); });
crypto.pbkdf2(pwd, salt, iterations, len, 'sha384', function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64'), tag); });
} catch (e) {
// If this previous call fails, it's probably because older pbkdf2 did not specify the hashing function, just use the default.
crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64')); });
crypto.pbkdf2(pwd, salt, iterations, len, function (err, hash) { if (err) { return fn(err); } fn(null, salt, hash.toString('base64'), tag); });
}
});
}
Expand Down
Binary file added public/images/link6.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion views/default-min.handlebars
View file

Large diffs are not rendered by default.

31 changes: 31 additions & 0 deletions views/default.handlebars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@
<div style="float:right">
<input type=button onclick=showUserBroadcastDialog() style=margin-right:6px value="Broadcast" />
<img onclick=p4downloadUserInfo() style="cursor:pointer" title="Download user information" src="images/link4.png" />
<img onclick=p4batchAccountCreate() style="cursor:pointer" title="batch create many user accounts" src="images/link6.png" />
</div>
<div>
<input id=UserNewAccountButton type=button style=margin-left:6px onclick=showCreateNewAccountDialog() value="New Account..." />
Expand Down Expand Up @@ -6846,6 +6847,36 @@
return false;
}

function p4batchAccountCreate() {
if (xxdialogMode) return;
var x = 'Create many accounts at once by importing a JSON file with the following format:<br /><pre>[\r\n {"user":"x1","pass":"x","email":"x1@x"},\r\n {"user":"x2","pass":"x","resetNextLogin":true}\r\n]</pre><input style=width:370px type=file id=d4importFile accept=".json" onchange=p4batchAccountCreateValidate() />';
setDialogMode(2, "User Account Import", 3, p4batchAccountCreateEx, x);
QE('idx_dlgOkButton', false);
}

function p4batchAccountCreateValidate() {
QE('idx_dlgOkButton', Q('d4importFile').value != null);
}

function p4batchAccountCreateEx() {
var fr = new FileReader();
fr.onload = function (r) {
var j = null;
try { j = JSON.parse(r.target.result); } catch (ex) { setDialogMode(2, "User Account Import", 1, null, "Invalid JSON file: " + ex + "."); return; }
if ((j != null) && (Array.isArray(j))) {
var ok = true;
for (var i in j) {
if ((typeof j[i].user != 'string') || (j[i].user.length < 1) || (j[i].user.length > 64)) { ok = false; }
if ((typeof j[i].pass != 'string') || (j[i].pass.length < 1) || (j[i].pass.length > 256)) { ok = false; }
if (checkPasswordRequirements(j[i].pass, passRequirements) == false) { ok = false; }
if ((j[i].email != null) && ((typeof j[i].email != 'string') || (j[i].email.length < 1) || (j[i].email.length > 128))) { ok = false; }
}
if (ok == false) { setDialogMode(2, "User Account Import", 1, null, "Invalid JSON file format."); } else { meshserver.send({ action: 'adduserbatch', users: j }); }
} else { setDialogMode(2, "User Account Import", 1, null, "Invalid JSON file format."); }
};
fr.readAsText(Q('d4importFile').files[0]);
}

function p4downloadUserInfo() {
if (xxdialogMode) return;
var x = 'Download the list of users with one of the file formats below.<br /><br />';
Expand Down
Loading

0 comments on commit 27b9cfe

Please sign in to comment.