From f4c363e36cfa796f354b8dab2fb06a2f08edaa3b Mon Sep 17 00:00:00 2001 From: Matteo Gheza <matteo.gheza07@gmail.com> Date: Mon, 21 Mar 2022 22:51:51 +0100 Subject: [PATCH 1/4] Log auth errors --- src/index.ts | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/index.ts b/src/index.ts index 810229fc..fafedf3a 100644 --- a/src/index.ts +++ b/src/index.ts @@ -249,10 +249,9 @@ function initialSetup() { socket.on('login', (username: string, password: string) => { authenticate(username, password).then((result) => { - socket.emit('login_result', true); //old response, for compatibility with old UI clients socket.emit('login_response', { loginOk: true, message: "", accessToken: result.access_token }); }).catch((error) => { - logger(`User ${username} (ip addr ${ipAddr}) has attempted a login: wrong username or password.`); + logger(`User ${username} (ip addr ${ipAddr}) has attempted a login (${error})`); //wrong credentials Promise.all([ limiterConsecutiveFailsByUsernameAndIP.consume(ipAddr), @@ -264,11 +263,9 @@ function initialSetup() { if(points < 4) { message += " Remaining attemps:"+points; } - socket.emit('login_result', false); //old response, for compatibility with old UI clients socket.emit('login_response', { loginOk: false, message: message, access_token: "" }); }).catch((error) => { //rate limits exceeded - socket.emit('login_result', false); //old response, for compatibility with old UI clients let retrySecs = 1; try{ retrySecs = Math.round(error.msBeforeNext / 1000) || 1; From b5d96099a4b928f34ed3babc9d72155439cc1e74 Mon Sep 17 00:00:00 2001 From: Matteo Gheza <matteo.gheza07@gmail.com> Date: Mon, 21 Mar 2022 22:57:27 +0100 Subject: [PATCH 2/4] tmp ui fix --- UI/src/app/_services/socket.service.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UI/src/app/_services/socket.service.ts b/UI/src/app/_services/socket.service.ts index 08a10f68..4e2e786a 100644 --- a/UI/src/app/_services/socket.service.ts +++ b/UI/src/app/_services/socket.service.ts @@ -318,7 +318,8 @@ export class SocketService { this.socket.on('error', (message: string) => { console.error(message); if(message.includes("Access") || message.includes("JWT") || message.includes("jwt")) { - alert(message); + console.error("JWT requested after server reconnection. This should not happen."); + window.location.reload(); //tmp fix while we figure out how to handle server reconnection } }); From f8b49bae5e669263cdbea584d3797437260dcbd8 Mon Sep 17 00:00:00 2001 From: Matteo Gheza <matteo.gheza07@gmail.com> Date: Mon, 21 Mar 2022 23:46:45 +0100 Subject: [PATCH 3/4] replace currentConfig with loadedConfig --- src/_helpers/config.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/_helpers/config.ts b/src/_helpers/config.ts index bf4e92ea..bb0b229b 100644 --- a/src/_helpers/config.ts +++ b/src/_helpers/config.ts @@ -91,13 +91,13 @@ export function readConfig(): void { logger('Migrating user configs to the new format.', 'info-quiet'); currentConfig.users = []; addUser({ - username: currentConfig.security.username_producer || "producer", - password: currentConfig.security.password_producer || "12345", + username: loadedConfig.security.username_producer || "producer", + password: loadedConfig.security.password_producer || "12345", roles: "producer" }); addUser({ - username: currentConfig.security.username_settings || "admin", - password: currentConfig.security.password_settings || "12345", + username: loadedConfig.security.username_settings || "admin", + password: loadedConfig.security.password_settings || "12345", roles: "admin" }); delete currentConfig.security.username_producer; From 5370be8e42d3239c4323d2e2411214af5fd8c65a Mon Sep 17 00:00:00 2001 From: Matteo Gheza <matteo.gheza07@gmail.com> Date: Tue, 22 Mar 2022 00:00:58 +0100 Subject: [PATCH 4/4] Fix jwt_private_key not added after migration --- src/_helpers/config.ts | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/_helpers/config.ts b/src/_helpers/config.ts index bb0b229b..455ca471 100644 --- a/src/_helpers/config.ts +++ b/src/_helpers/config.ts @@ -3,6 +3,7 @@ import { Config } from "../_models/Config"; import { ConfigTSLClient } from "../_models/ConfigTSLClient"; import fs from "fs-extra"; import path from "path"; +import { randomBytes } from "crypto"; import { clone } from "./clone"; import { uuidv4 } from "./uuid"; import { addUser } from "./auth"; @@ -20,7 +21,7 @@ const config_file = getConfigFilePath(); export const ConfigDefaults: Config = { security: { - jwt_private_key: require('crypto').randomBytes(256).toString('base64'), + jwt_private_key: "", }, users: [], cloud_destinations: [], @@ -39,7 +40,7 @@ export const ConfigDefaults: Config = { ], externalAddress: "http://0.0.0.0:4455/#/tally", remoteErrorReporting: false, - uuid: uuidv4() + uuid: "" } export let currentConfig: Config = clone(ConfigDefaults); @@ -87,7 +88,7 @@ export function readConfig(): void { ...clone(ConfigDefaults), ...loadedConfig, }; - if(!loadedConfig.users || loadedConfig.users.length === 0) { + if(!loadedConfig.users || typeof loadedConfig.users !== "object" || loadedConfig.users.length === 0) { logger('Migrating user configs to the new format.', 'info-quiet'); currentConfig.users = []; addUser({ @@ -106,12 +107,14 @@ export function readConfig(): void { delete currentConfig.security.password_settings; SaveConfig(); } - if(!loadedConfig.uuid) { + if(!loadedConfig.uuid || typeof loadedConfig.uuid !== "string") { logger('Adding an uuid identifier to this server for using MDNS.', 'info-quiet'); + currentConfig.uuid = uuidv4(); SaveConfig(); //uuid added if missing on config save } - if(!loadedConfig.security.jwt_private_key) { + if(!loadedConfig.security.jwt_private_key || typeof loadedConfig.security.jwt_private_key !== "string") { logger('Adding a private key for JWT authentication.', 'info-quiet'); + currentConfig.security.jwt_private_key = randomBytes(256).toString('base64'); SaveConfig(); //uuid added if missing on config save } }