jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Support ghost password expiration in ghost file

Browse Source
This commit is contained in:
Johannes Zellner
2021-09-17 11:48:56 +02:00
parent ac59a7dcc2
commit 8fde4e959c
1 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/users.js
+22 -4
View File
@@ -59,6 +59,8 @@ const ORDERED_ROLES = [ exports.ROLE_USER, exports.ROLE_USER_MANAGER, exports.RO
const USERS_FIELDS = [ 'id', 'username', 'email', 'fallbackEmail', 'password', 'salt', 'creationTime', 'resetToken', 'displayName', const USERS_FIELDS = [ 'id', 'username', 'email', 'fallbackEmail', 'password', 'salt', 'creationTime', 'resetToken', 'displayName',
'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'active', 'source', 'role', 'resetTokenCreationTime', 'loginLocationsJson' ].join(','); 'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'active', 'source', 'role', 'resetTokenCreationTime', 'loginLocationsJson' ].join(',');
const GHOST_LIFETIME = 6 * 60 * 60 * 1000; // 6 hours
const appPasswords = require('./apppasswords.js'), const appPasswords = require('./apppasswords.js'),
assert = require('assert'), assert = require('assert'),
BoxError = require('./boxerror.js'), BoxError = require('./boxerror.js'),
@@ -250,10 +252,26 @@ function verifyGhost(username, password) {
var ghostData = safe.JSON.parse(safe.fs.readFileSync(paths.GHOST_USER_FILE, 'utf8')); var ghostData = safe.JSON.parse(safe.fs.readFileSync(paths.GHOST_USER_FILE, 'utf8'));
if (!ghostData) return false; if (!ghostData) return false;
if (username in ghostData && ghostData[username] === password) { // either the username is an object with { password, expiresAt } or a string with the password which will expire on first match
debug('verifyGhost: matched ghost user'); if (username in ghostData) {
safe.fs.unlinkSync(paths.GHOST_USER_FILE); if (typeof ghostData[username] === 'object') {
return true; if (ghostData[username].expiresAt < Date.now()) {
debug('verifyGhost: password expired');
delete ghostData[username];
safe.fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghostData, null, 4), 'utf8');
return false;
} else if (ghostData[username].password === password) {
debug('verifyGhost: matched ghost user');
return true;
} else {
return false;
}
} else if(ghostData[username] === password) {
debug('verifyGhost: matched ghost user');
delete ghostData[username];
safe.fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghostData, null, 4), 'utf8');
return true;
}
} }
return false; return false;