search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.09k stars 549 forks source link

Non-Admin Users see usernames as ~google:UID for google accounts #5854

Closed cullorblind closed 6 months ago

cullorblind commented 7 months ago

Describe the bug User Authorizations for a non-admin user are showing up as Google UIDs instead of friendly usernames.

To Reproduce Steps to reproduce the behavior:

  1. Login as admin
  2. Go to Device and Add google user under User Authorizations
  3. Give Remote Control access to user
  4. Login as user and go to Device
  5. User Authorizations shows user as google ID image

If I give the user "Server Rights / Manage Users", they can then see the usernames. image

Expected behavior A user should be able to see who has access or is connected to their devices by name without user admin priviledges.

Screenshots If applicable, add screenshots to help explain your problem.

Server Software (please complete the following information):

Client Device (please complete the following information):

Remote Device (please complete the following information):

Additional context This also shows when a user is looking to see who is connected to the device via the blue connection indicator. Shown here without and with user admin rights. image image

Your config.json file

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "cert": "meshcentral.xxxx.net",
    "WANonly": true,
    "_LANonly": true,
    "_sessionKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "_port": 443,
    "_aliasPort": 443,
    "_redirPort": 80,
    "_redirAliasPort": 80
  },
  "domains": {
    "": {
      "title": "AW",
      "title2": "MeshCentral",
      "ipkvm": true,
      "agentCustomization": {
        "displayName": "AW Support Agent",
        "description": "AW Support Agent for remote monitoring, management, and assistance of company owned equipment.",
        "companyName": "AW",
        "serviceName": "AWAgent",
        "fileName": "AWAgent",
        "image": "awlogo.png",
        "installText": "This is the application for the AW Support Agent.",
        "foregroundColor": "#85C3F7",
        "backgroundColor": "#004387"
      },
      "_minify": true,
      "ManageAllDeviceGroups": [ "awadmin", "masseyd-admin" ],
      "newAccounts": false,
      "agentInviteCodes": true,
      "_userNameIsEmail": true,
      "authStrategies": {
        "google": {
          "_callbackurl": "https://meshcentral.xxxx.net/auth-google-callback",
          "newAccounts": true,
          "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
          "clientid": "xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
          "clientsecret": "xxxxxx-xxxxxxxx-xxxxxxxxxxxxxxxxxxx"
        }
      }
    },
    "adair": {
      "dns": "meshadair.xxxx.net",
      "title": "Adair",
      "title2": "MeshCentral",
      "agentInviteCodes": true,
      "_minify": true,
      "_newAccounts": true,
      "_userNameIsEmail": true
    },
    "damon": {
      "dns": "meshcentral.yyyy.net",
      "title": "YYYY",
      "title2": "MeshCentral",
      "agentInviteCodes": true,
      "_minify": true,
      "_newAccounts": true,
      "_userNameIsEmail": true
    }
  },
  "letsencrypt": {
    "email": "admin@xxxx.net",
    "names": "meshcentral.xxxx.net,meshadair.xxxx.net,meshcentral.yyyy.net",
    "skipChallengeVerification": true,
    "production": true
  },
  "messaging": {
    "ntfy": true,
      "ntfy": {
        "host": "ntfy.sh",
        "userurl": "https://ntfy.sh"
    }
  }
}
si458 commented 7 months ago

daft one, do u have any docs/guides how you setup google auth? then i can try replicate it and fix it for you 👍

cullorblind commented 6 months ago

I created a project on our google workspace https://console.cloud.google.com/apis/dashboard and added the following info: This should be pretty close.. It's been a while since I set it up. I don't remember anything special about it.

Enabled APIs & services: Nothing changed from defaults

Credentials Page: Name: Meshcentral Authorized Javascript origins: https://meshcentral.xxxx.net Authorized Redirect origins: https://meshcentral.xxxx.net, https://meshcentral.xxxx.net/auth-google, https://meshcentral.xxxx.net/auth-google-callback

OAuth consent screen User type: Internal

si458 commented 6 months ago

all fixed for you! took me a while to figure out the oauth setup with google. need to do some docs (remind me plz someone) bug was because the node devices dont seem to pass the name in the links where as the mesh groups do? so patched it to pass names over in the links, then it searches everywhere it can to get a name, including ur name haha

P.S: dont forget to donate ❤️ or look at my amazon wish list! https://www.si458.co.uk/2024/01/05/donation/