paulmataruso/tacticalrmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

disable password/mfa reset views if block_local_logon is enabled

Browse Source
This commit is contained in:
sadnub
2024-10-29 11:17:42 -04:00
parent 0d021a800a
commit 0f86bbfad8
4 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api/tacticalrmm/accounts/permissions.py
View File

@@ -1,7 +1,7 @@
from rest_framework import permissions from rest_framework import permissions
from tacticalrmm.permissions import _has_perm from tacticalrmm.permissions import _has_perm
from tacticalrmm.utils import get_core_settings
class AccountsPerms(permissions.BasePermission): class AccountsPerms(permissions.BasePermission):
def has_permission(self, r, view) -> bool: def has_permission(self, r, view) -> bool:
@@ -40,3 +40,9 @@ class APIKeyPerms(permissions.BasePermission):
return _has_perm(r, "can_list_api_keys") return _has_perm(r, "can_list_api_keys")
return _has_perm(r, "can_manage_api_keys") return _has_perm(r, "can_manage_api_keys")
class LocalUserPerms(permissions.BasePermission):
def has_permission(self, r, view) -> bool:
settings = get_core_settings()
return not settings.block_local_user_logon

8
api/tacticalrmm/accounts/views.py
View File

@@ -25,7 +25,7 @@ from tacticalrmm.helpers import notify_error
from tacticalrmm.utils import get_core_settings from tacticalrmm.utils import get_core_settings
from .models import APIKey, Role, User from .models import APIKey, Role, User
from .permissions import AccountsPerms, APIKeyPerms, RolesPerms from .permissions import AccountsPerms, APIKeyPerms, RolesPerms, LocalUserPerms
from .serializers import ( from .serializers import (
APIKeySerializer, APIKeySerializer,
RoleSerializer, RoleSerializer,
@@ -381,7 +381,7 @@ class GetUpdateDeleteUser(APIView):
class UserActions(APIView): class UserActions(APIView):
permission_classes = [IsAuthenticated, AccountsPerms] permission_classes = [IsAuthenticated, AccountsPerms, LocalUserPerms]
# reset password # reset password
def post(self, request): def post(self, request):
@@ -507,7 +507,7 @@ class GetUpdateDeleteAPIKey(APIView):
class ResetPass(APIView): class ResetPass(APIView):
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticated, LocalUserPerms]
def put(self, request): def put(self, request):
user = request.user user = request.user
@@ -517,7 +517,7 @@ class ResetPass(APIView):
class Reset2FA(APIView): class Reset2FA(APIView):
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticated, LocalUserPerms]
def put(self, request): def put(self, request):
user = request.user user = request.user

7
api/tacticalrmm/core/models.py
View File

@@ -130,6 +130,13 @@ class CoreSettings(BaseAuditModel):
self.mesh_token = settings.MESH_TOKEN_KEY self.mesh_token = settings.MESH_TOKEN_KEY
old_settings = type(self).objects.get(pk=self.pk) if self.pk else None old_settings = type(self).objects.get(pk=self.pk) if self.pk else None
print(old_settings.__dict__)
# fail safe to not lock out user logons
if not old_settings.sso_enabled and old_settings.block_local_user_logon:
self.block_local_user_logon = False
print("I'm Here!")
super().save(*args, **kwargs) super().save(*args, **kwargs)
if old_settings: if old_settings:

2
api/tacticalrmm/core/views.py
View File

@@ -137,6 +137,8 @@ def dashboard_info(request):
"run_cmd_placeholder_text": runcmd_placeholder_text(), "run_cmd_placeholder_text": runcmd_placeholder_text(),
"server_scripts_enabled": core_settings.server_scripts_enabled, "server_scripts_enabled": core_settings.server_scripts_enabled,
"web_terminal_enabled": core_settings.web_terminal_enabled, "web_terminal_enabled": core_settings.web_terminal_enabled,
"block_local_user_logon": core_settings.block_local_user_logon,
"sso_enabled": core_settings.sso_enabled,
} }
) )