Merge pull request #405 from josephdadams/fix_auth

Fix JWT auth
josephdadams · Apr 2, 2022 · b16ecff · b16ecff
2 parents 59526f2 + 5370be8
commit b16ecff
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 14 deletions.
diff --git a/UI/src/app/_services/socket.service.ts b/UI/src/app/_services/socket.service.ts
@@ -318,7 +318,8 @@ export class SocketService {
     this.socket.on('error', (message: string) => {
       console.error(message);
       if(message.includes("Access") || message.includes("JWT") || message.includes("jwt")) {
-        alert(message);
+        console.error("JWT requested after server reconnection. This should not happen.");
+        window.location.reload(); //tmp fix while we figure out how to handle server reconnection
       }
     });
 

diff --git a/src/_helpers/config.ts b/src/_helpers/config.ts
@@ -3,6 +3,7 @@ import { Config } from "../_models/Config";
 import { ConfigTSLClient } from "../_models/ConfigTSLClient";
 import fs from "fs-extra";
 import path from "path";
+import { randomBytes } from "crypto";
 import { clone } from "./clone";
 import { uuidv4 } from "./uuid";
 import { addUser } from "./auth";
@@ -20,7 +21,7 @@ const config_file = getConfigFilePath();
 
 export const ConfigDefaults: Config = {
 	security: {
-		jwt_private_key: require('crypto').randomBytes(256).toString('base64'),
+		jwt_private_key: "",
 	},
 	users: [],
     cloud_destinations: [],
@@ -39,7 +40,7 @@ export const ConfigDefaults: Config = {
     ],
     externalAddress: "http://0.0.0.0:4455/#/tally",
 	remoteErrorReporting: false,
-	uuid: uuidv4()
+	uuid: ""
 }
 
 export let currentConfig: Config = clone(ConfigDefaults);
@@ -87,17 +88,17 @@ export function readConfig(): void {
         ...clone(ConfigDefaults),
         ...loadedConfig,
     };
-	if(!loadedConfig.users || loadedConfig.users.length === 0) {
+	if(!loadedConfig.users || typeof loadedConfig.users !== "object" || loadedConfig.users.length === 0) {
 		logger('Migrating user configs to the new format.', 'info-quiet');
 		currentConfig.users = [];
 		addUser({
-			username: currentConfig.security.username_producer || "producer",
-			password: currentConfig.security.password_producer || "12345",
+			username: loadedConfig.security.username_producer || "producer",
+			password: loadedConfig.security.password_producer || "12345",
 			roles: "producer"
 		});
 		addUser({
-			username: currentConfig.security.username_settings || "admin",
-			password: currentConfig.security.password_settings || "12345",
+			username: loadedConfig.security.username_settings || "admin",
+			password: loadedConfig.security.password_settings || "12345",
 			roles: "admin"
 		});
 		delete currentConfig.security.username_producer;
@@ -106,12 +107,14 @@ export function readConfig(): void {
 		delete currentConfig.security.password_settings;
 		SaveConfig();
 	}
-	if(!loadedConfig.uuid) {
+	if(!loadedConfig.uuid || typeof loadedConfig.uuid !== "string") {
 		logger('Adding an uuid identifier to this server for using MDNS.', 'info-quiet');
+		currentConfig.uuid = uuidv4();
 		SaveConfig(); //uuid added if missing on config save
 	}
-	if(!loadedConfig.security.jwt_private_key) {
+	if(!loadedConfig.security.jwt_private_key || typeof loadedConfig.security.jwt_private_key !== "string") {
 		logger('Adding a private key for JWT authentication.', 'info-quiet');
+		currentConfig.security.jwt_private_key = randomBytes(256).toString('base64');
 		SaveConfig(); //uuid added if missing on config save
 	}
 }

diff --git a/src/index.ts b/src/index.ts
@@ -249,10 +249,9 @@ function initialSetup() {
 
 		socket.on('login', (username: string, password: string) => {
 			authenticate(username, password).then((result) => {
-                socket.emit('login_result', true); //old response, for compatibility with old UI clients
 				socket.emit('login_response', { loginOk: true, message: "", accessToken: result.access_token });
 			}).catch((error) => {
-				logger(`User ${username} (ip addr ${ipAddr}) has attempted a login: wrong username or password.`);
+				logger(`User ${username} (ip addr ${ipAddr}) has attempted a login (${error})`);
                 //wrong credentials
 				Promise.all([
 					limiterConsecutiveFailsByUsernameAndIP.consume(ipAddr),
@@ -264,11 +263,9 @@ function initialSetup() {
 					if(points < 4) {
 						message += " Remaining attemps:"+points;
 					}
-					socket.emit('login_result', false); //old response, for compatibility with old UI clients
 					socket.emit('login_response', { loginOk: false, message: message, access_token: "" });
 				}).catch((error) => {
 					//rate limits exceeded
-                    socket.emit('login_result', false); //old response, for compatibility with old UI clients
                     let retrySecs = 1;
 					try{
 						retrySecs = Math.round(error.msBeforeNext / 1000) || 1;