prevent login and password reset for system accounts
This commit is contained in:
parent
126a2fcf15
commit
cd9bce3072
|
@ -638,6 +638,8 @@ userSuspended: "This user has been suspended."
|
||||||
userSilenced: "This user is being silenced."
|
userSilenced: "This user is being silenced."
|
||||||
yourAccountSuspendedTitle: "This account is suspended"
|
yourAccountSuspendedTitle: "This account is suspended"
|
||||||
yourAccountSuspendedDescription: "This account has been suspended due to breaking the server's terms of services or similar. Contact the administrator if you would like to know a more detailed reason. Please do not create a new account."
|
yourAccountSuspendedDescription: "This account has been suspended due to breaking the server's terms of services or similar. Contact the administrator if you would like to know a more detailed reason. Please do not create a new account."
|
||||||
|
systemAccountTitle: "This is a system account"
|
||||||
|
systemAccountDescription: "This account is created and managed automatically by the system, and cannot be logged into."
|
||||||
tokenRevoked: "Invalid token"
|
tokenRevoked: "Invalid token"
|
||||||
tokenRevokedDescription: "This token has expired. Please log in again."
|
tokenRevokedDescription: "This token has expired. Please log in again."
|
||||||
accountDeleted: "Account deleted"
|
accountDeleted: "Account deleted"
|
||||||
|
|
|
@ -2568,6 +2568,14 @@ export interface Locale extends ILocale {
|
||||||
* このアカウントは、サーバーの利用規約に違反したなどの理由により、凍結されています。詳細については管理者までお問い合わせください。新しいアカウントを作らないでください。
|
* このアカウントは、サーバーの利用規約に違反したなどの理由により、凍結されています。詳細については管理者までお問い合わせください。新しいアカウントを作らないでください。
|
||||||
*/
|
*/
|
||||||
"yourAccountSuspendedDescription": string;
|
"yourAccountSuspendedDescription": string;
|
||||||
|
/**
|
||||||
|
* This is a system account
|
||||||
|
*/
|
||||||
|
"systemAccountTitle": string;
|
||||||
|
/**
|
||||||
|
* This account is created and managed automatically by the system, and cannot be logged into.
|
||||||
|
*/
|
||||||
|
"systemAccountDescription": string;
|
||||||
/**
|
/**
|
||||||
* トークンが無効です
|
* トークンが無効です
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -638,6 +638,8 @@ userSuspended: "このユーザーは凍結されています。"
|
||||||
userSilenced: "このユーザーはサイレンスされています。"
|
userSilenced: "このユーザーはサイレンスされています。"
|
||||||
yourAccountSuspendedTitle: "アカウントが凍結されています"
|
yourAccountSuspendedTitle: "アカウントが凍結されています"
|
||||||
yourAccountSuspendedDescription: "このアカウントは、サーバーの利用規約に違反したなどの理由により、凍結されています。詳細については管理者までお問い合わせください。新しいアカウントを作らないでください。"
|
yourAccountSuspendedDescription: "このアカウントは、サーバーの利用規約に違反したなどの理由により、凍結されています。詳細については管理者までお問い合わせください。新しいアカウントを作らないでください。"
|
||||||
|
systemAccountTitle: "This is a system account"
|
||||||
|
systemAccountDescription: "This account is created and managed automatically by the system, and cannot be logged into."
|
||||||
tokenRevoked: "トークンが無効です"
|
tokenRevoked: "トークンが無効です"
|
||||||
tokenRevokedDescription: "ログイントークンが失効しています。ログインし直してください。"
|
tokenRevokedDescription: "ログイントークンが失効しています。ログインし直してください。"
|
||||||
accountDeleted: "アカウントは削除されています"
|
accountDeleted: "アカウントは削除されています"
|
||||||
|
|
|
@ -26,6 +26,7 @@ import { RateLimiterService } from './RateLimiterService.js';
|
||||||
import { SigninService } from './SigninService.js';
|
import { SigninService } from './SigninService.js';
|
||||||
import type { AuthenticationResponseJSON } from '@simplewebauthn/types';
|
import type { AuthenticationResponseJSON } from '@simplewebauthn/types';
|
||||||
import type { FastifyReply, FastifyRequest } from 'fastify';
|
import type { FastifyReply, FastifyRequest } from 'fastify';
|
||||||
|
import { isSystemAccount } from '@/misc/is-system-account.js';
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export class SigninApiService {
|
export class SigninApiService {
|
||||||
|
@ -125,6 +126,12 @@ export class SigninApiService {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isSystemAccount(user)) {
|
||||||
|
return error(403, {
|
||||||
|
id: 's8dhsj9s-a93j-493j-ja9k-kas9sj20aml2',
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });
|
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });
|
||||||
|
|
||||||
if (!user.approved && instance.approvalRequiredForSignup) {
|
if (!user.approved && instance.approvalRequiredForSignup) {
|
||||||
|
|
|
@ -11,6 +11,7 @@ import type { UsersRepository, UserProfilesRepository } from '@/models/_.js';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
import { ModerationLogService } from '@/core/ModerationLogService.js';
|
import { ModerationLogService } from '@/core/ModerationLogService.js';
|
||||||
|
import { isSystemAccount } from '@/misc/is-system-account.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
tags: ['admin'],
|
tags: ['admin'],
|
||||||
|
@ -63,6 +64,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||||
throw new Error('cannot reset password of root');
|
throw new Error('cannot reset password of root');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isSystemAccount(user)) {
|
||||||
|
throw new Error('cannot reset password of system account');
|
||||||
|
}
|
||||||
|
|
||||||
const passwd = secureRndstr(8);
|
const passwd = secureRndstr(8);
|
||||||
|
|
||||||
// Generate hash of password
|
// Generate hash of password
|
||||||
|
|
|
@ -77,6 +77,7 @@ import { misskeyApi } from '@/scripts/misskey-api.js';
|
||||||
import { query, extractDomain } from '@/scripts/url.js';
|
import { query, extractDomain } from '@/scripts/url.js';
|
||||||
import { login } from '@/account.js';
|
import { login } from '@/account.js';
|
||||||
import { i18n } from '@/i18n.js';
|
import { i18n } from '@/i18n.js';
|
||||||
|
import { showSystemAccountDialog } from '@/scripts/show-system-account-dialog.js';
|
||||||
|
|
||||||
const signing = ref(false);
|
const signing = ref(false);
|
||||||
const user = ref<Misskey.entities.UserDetailed | null>(null);
|
const user = ref<Misskey.entities.UserDetailed | null>(null);
|
||||||
|
@ -204,6 +205,10 @@ function loginFailed(err: any): void {
|
||||||
showSuspendedDialog();
|
showSuspendedDialog();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
case 's8dhsj9s-a93j-493j-ja9k-kas9sj20aml2': {
|
||||||
|
showSystemAccountDialog();
|
||||||
|
break;
|
||||||
|
}
|
||||||
case '22d05606-fbcf-421a-a2db-b32610dcfd1b': {
|
case '22d05606-fbcf-421a-a2db-b32610dcfd1b': {
|
||||||
os.alert({
|
os.alert({
|
||||||
type: 'error',
|
type: 'error',
|
||||||
|
|
|
@ -83,7 +83,7 @@ SPDX-License-Identifier: AGPL-3.0-only
|
||||||
<MkSwitch v-model="markedAsNSFW" @update:modelValue="toggleNSFW">{{ i18n.ts.markAsNSFW }}</MkSwitch>
|
<MkSwitch v-model="markedAsNSFW" @update:modelValue="toggleNSFW">{{ i18n.ts.markAsNSFW }}</MkSwitch>
|
||||||
|
|
||||||
<div>
|
<div>
|
||||||
<MkButton v-if="user.host == null" inline style="margin-right: 8px;" @click="resetPassword"><i class="ti ti-key"></i> {{ i18n.ts.resetPassword }}</MkButton>
|
<MkButton v-if="user.host == null && !isSystem" inline style="margin-right: 8px;" @click="resetPassword"><i class="ti ti-key"></i> {{ i18n.ts.resetPassword }}</MkButton>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<MkFolder>
|
<MkFolder>
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
/*
|
||||||
|
* SPDX-FileCopyrightText: hazelnoot and other Sharkey contributors
|
||||||
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
*/
|
||||||
|
|
||||||
|
import * as os from '@/os.js';
|
||||||
|
import { i18n } from '@/i18n.js';
|
||||||
|
|
||||||
|
export function showSystemAccountDialog(): Promise<void> {
|
||||||
|
return os.alert({
|
||||||
|
type: 'error',
|
||||||
|
title: i18n.ts.systemAccountTitle,
|
||||||
|
text: i18n.ts.systemAccountDescription,
|
||||||
|
});
|
||||||
|
}
|
Loading…
Reference in New Issue