switch to login token auth for meshcentral

2019-12-13 23:31:54 +00:00 · 2019-12-13 23:31:54 +00:00 · fdbb49de33
parent 659721cae7
commit fdbb49de33
4 changed files with 20 additions and 10 deletions
--- a/api/djangormm/agents/views.py
+++ b/api/djangormm/agents/views.py
@ -1,4 +1,5 @@
 from loguru import logger
+import subprocess

 from django.conf import settings
 from django.shortcuts import get_object_or_404
@ -110,9 +111,16 @@ def edit_agent(request):
@api_view()
 def meshcentral_tabs(request, pk):
    agent = get_object_or_404(Agent, pk=pk)
-    node = agent.mesh_node_id
-    terminalurl = f"{settings.MESH_SITE}/?user={settings.MESH_USERNAME}&pass={settings.MESH_PASSWORD}&node={node}&viewmode=12&hide=31"
-    fileurl = f"{settings.MESH_SITE}/?user={settings.MESH_USERNAME}&pass={settings.MESH_PASSWORD}&node={node}&viewmode=13&hide=31"
+    r = subprocess.run([
+        "node", 
+        "/meshcentral/node_modules/meshcentral/meshcentral", 
+        "--logintoken", 
+        f"user//{settings.MESH_USERNAME}"], 
+        capture_output=True
+    )
+    token = r.stdout.decode().splitlines()[0]
+    terminalurl = f"{settings.MESH_SITE}/?viewmode=12&hide=31&login={token}&node={agent.mesh_node_id}"
+    fileurl = f"{settings.MESH_SITE}/?viewmode=13&hide=31&login={token}&node={agent.mesh_node_id}"
    return Response({
        "hostname": agent.hostname,
        "terminalurl": terminalurl,
@ -123,8 +131,15 @@ def meshcentral_tabs(request, pk):
@api_view()
 def take_control(request, pk):
    agent = get_object_or_404(Agent, pk=pk)
-    node = agent.mesh_node_id
-    url = f"{settings.MESH_SITE}/?user={settings.MESH_USERNAME}&pass={settings.MESH_PASSWORD}&node={node}&viewmode=11&hide=31"
+    r = subprocess.run([
+        "node", 
+        "/meshcentral/node_modules/meshcentral/meshcentral", 
+        "--logintoken", 
+        f"user//{settings.MESH_USERNAME}"], 
+        capture_output=True
+    )
+    token = r.stdout.decode().splitlines()[0]
+    url = f"{settings.MESH_SITE}/?viewmode=11&hide=31&login={token}&node={agent.mesh_node_id}"
    return Response(url)


--- a/api/djangormm/djangormm/local_settings.py.example
+++ b/api/djangormm/djangormm/local_settings.py.example
@ -45,6 +45,5 @@ EMAIL_ALERT_RECIPIENTS = ["example@gmail.com",]
 SALT_USERNAME = "changeme"
 SALT_PASSWORD = "changeme"
 MESH_USERNAME = "changeme"
-MESH_PASSWORD = "changeme"
 MESH_SITE = "https://mesh.example.com"
 TWO_FACTOR_OTP = "changeme"
--- a/api/djangormm/djangormm/settings.py
+++ b/api/djangormm/djangormm/settings.py
@ -149,6 +149,5 @@ if 'TRAVIS' in os.environ:
    SALT_USERNAME = "travis"
    SALT_PASSWORD = "travis"
    MESH_USERNAME = "travis"
-    MESH_PASSWORD = "travis"
    MESH_SITE = "https://example.com"
    TWO_FACTOR_OTP = "TRAVIS"
--- a/install.sh
+++ b/install.sh
@ -42,8 +42,6 @@ echo -ne "${YELLOW}Enter the domain for meshcentral${NC}: "
 read meshdomain
 echo -ne "${YELLOW}Enter your username for meshcentral${NC}: "
 read meshusername
-echo -ne "${YELLOW}Enter your password for meshcentral${NC}: "
-read meshpassword
 echo -ne "${YELLOW}Enter your email address for let's encrypt renewal notifications${NC}: "
 read letsemail
 echo -ne "${YELLOW}Please use google authenticator and enter TOTP code${NC}: "
@ -311,7 +309,6 @@ EMAIL_ALERT_RECIPIENTS = ["jsmith@example.com",]
 SALT_USERNAME = "${USER}"
 SALT_PASSWORD = "${linuxpw}"
 MESH_USERNAME = "${meshusername}"
-MESH_PASSWORD = "${meshpassword}"
 MESH_SITE = "https://${meshdomain}"
 TWO_FACTOR_OTP = "${twofactor}"
 EOF