fix web-rdp/web-ssh save creds per user

Signed-off-by: si458 <simonsmith5521@gmail.com>

meshcentral-config-schema.json

@@ -1754,7 +1754,7 @@
           },
           "mstsc": {
             "type": "boolean",
-            "default": false,
+            "default": true,
             "description": "When enabled, activates the built-in web-based RDP client."
           },
           "ssh": {

sample-config-advanced.json

@@ -318,7 +318,7 @@
       "_geoLocation": true,
       "_ipLocation": true,
       "_novnc": false,
-      "_mstsc": true,
+      "_mstsc": false,
       "_ssh": true,
       "_WebEmailsPath": "/myserver/email-templates",
       "_consentMessages": {

webserver.js

@@ -2105,6 +2105,24 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
         var features = 0;
         if (domain.allowsavingdevicecredentials === false) { features |= 1; }
 
+        // Get the logged in user if present
+        var user = null;
+
+        // If there is a login token, use that
+        if (req.query.login != null) {
+            var ucookie = parent.decodeCookie(req.query.login, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
+            if ((ucookie != null) && (ucookie.a === 3) && (typeof ucookie.u == 'string')) { user = obj.users[ucookie.u]; }
+        }
+
+        // If no token, see if we have an active session
+        if ((user == null) && (req.session.userid != null)) { user = obj.users[req.session.userid]; }
+
+        // If still no user, see if we have a default user
+        if ((user == null) && (obj.args.user)) { user = obj.users['user/' + domain.id + '/' + obj.args.user.toLowerCase()]; }
+
+        // No user login, exit now
+        if (user == null) { res.sendStatus(401); return; }
+
         if (req.query.ws != null) {
             // This is a query with a websocket relay cookie, check that the cookie is valid and use it.
             var rcookie = parent.decodeCookie(req.query.ws, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
@@ -2122,8 +2140,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                             if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password
                             else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password
                             else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password.
+                            else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].u == 'string') && (typeof node.ssh[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
+                            else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string') && (typeof node.ssh[user._id].kp == 'string')) { serverCredentials = 2; } // Username, key and password in per user format
+                            else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string')) { serverCredentials = 3; } // Username and key. No password. in per user format
                         } else {
-                            if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password
+                            if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password in legacy format
+                            if ((typeof node.rdp == 'object') && (typeof node.rdp[user._id] == 'object') && (typeof node.rdp[user._id].d == 'string') && (typeof node.rdp[user._id].u == 'string') && (typeof node.rdp[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
                         }
                     }
 
@@ -2134,24 +2156,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
             }
         }
 
-        // Get the logged in user if present
-        var user = null;
-
-        // If there is a login token, use that
-        if (req.query.login != null) {
-            var ucookie = parent.decodeCookie(req.query.login, parent.loginCookieEncryptionKey, 60); // Cookie with 1 hour timeout
-            if ((ucookie != null) && (ucookie.a === 3) && (typeof ucookie.u == 'string')) { user = obj.users[ucookie.u]; }
-        }
-
-        // If no token, see if we have an active session
-        if ((user == null) && (req.session.userid != null)) { user = obj.users[req.session.userid]; }
-
-        // If still no user, see if we have a default user
-        if ((user == null) && (obj.args.user)) { user = obj.users['user/' + domain.id + '/' + obj.args.user.toLowerCase()]; }
-
-        // No user login, exit now
-        if (user == null) { res.sendStatus(401); return; }
-
         // Check the nodeid
         if (req.query.node != null) {
             var nodeidsplit = req.query.node.split('/');
@@ -2187,6 +2191,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                     if ((typeof node.ssh == 'object') && (typeof node.ssh.u == 'string') && (typeof node.ssh.p == 'string')) { serverCredentials = 1; } // Username and password
                     else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string') && (typeof node.ssh.kp == 'string')) { serverCredentials = 2; } // Username, key and password
                     else if ((typeof node.ssh == 'object') && (typeof node.ssh.k == 'string')) { serverCredentials = 3; } // Username and key. No password.
+                    else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].u == 'string') && (typeof node.ssh[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
+                    else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string') && (typeof node.ssh[user._id].kp == 'string')) { serverCredentials = 2; } // Username, key and password in per user format
+                    else if ((typeof node.ssh == 'object') && (typeof node.ssh[user._id] == 'object') && (typeof node.ssh[user._id].k == 'string')) { serverCredentials = 3; } // Username and key. No password. in per user format
                 }
             } else {
                 // RDP port
@@ -2196,6 +2203,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                 // Check if we have RDP credentials for this device
                 if (domain.allowsavingdevicecredentials !== false) {
                     if ((typeof node.rdp == 'object') && (typeof node.rdp.d == 'string') && (typeof node.rdp.u == 'string') && (typeof node.rdp.p == 'string')) { serverCredentials = 1; } // Username and password
+                    if ((typeof node.rdp == 'object') && (typeof node.rdp[user._id] == 'object') && (typeof node.rdp[user._id].d == 'string') && (typeof node.rdp[user._id].u == 'string') && (typeof node.rdp[user._id].p == 'string')) { serverCredentials = 1; } // Username and password in per user format
                 }
             }
             if (req.query.port != null) { var qport = 0; try { qport = parseInt(req.query.port); } catch (ex) { } if ((typeof qport == 'number') && (qport > 0) && (qport < 65536)) { port = qport; } }