Release 0.12.3

amidaware · Apr 11, 2022 · f82b589 · f82b589
2 parents ec2663a + cddac4d
commit f82b589
Show file tree

Hide file tree

Showing 24 changed files with 271 additions and 879 deletions.
diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml
@@ -41,7 +41,10 @@ jobs:
         run: |
           cd api/tacticalrmm
           source ../env/bin/activate
-          coverage run manage.py test -v 2
+          rm -f .coverage coverage.lcov
+          coverage run --concurrency=multiprocessing manage.py test -v 2 --parallel
+          coverage combine
+          coverage lcov
           if [ $? -ne 0 ]; then
               exit 1
           fi
@@ -54,3 +57,10 @@ jobs:
           if [ $? -ne 0 ]; then
               exit 1
           fi
+
+      - name: Coveralls
+        uses: coverallsapp/github-action@master
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          path-to-lcov: ./api/tacticalrmm/coverage.lcov
+          base-path: ./api/tacticalrmm
diff --git a/.gitignore b/.gitignore
@@ -51,3 +51,4 @@ reset_db.sh
 run_go_cmd.py
 nats-api.conf
 ignore/
+coverage.lcov
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # Tactical RMM
 
-![](https://github.com/amidaware/tacticalrmm/actions/workflows/ci-tests.yml/badge.svg?branch=develop)
-[![Coverage Status](https://coveralls.io/repos/github/wh1te909/tacticalrmm/badge.png?branch=develop&kill_cache=1)](https://coveralls.io/github/wh1te909/tacticalrmm?branch=develop)
+![CI Tests](https://github.com/amidaware/tacticalrmm/actions/workflows/ci-tests.yml/badge.svg?branch=develop)
+[![Coverage Status](https://coveralls.io/repos/github/amidaware/tacticalrmm/badge.svg?branch=develop)](https://coveralls.io/github/amidaware/tacticalrmm?branch=develop)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black)
 
 Tactical RMM is a remote monitoring & management tool, built with Django and Vue.\

diff --git a/SECURITY.md b/SECURITY.md
@@ -4,8 +4,8 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.12.0   | :white_check_mark: |
-| < 0.12.0 | :x:                |
+| 0.12.2   | :white_check_mark: |
+| < 0.12.2 | :x:                |
 
 ## Reporting a Vulnerability
 

diff --git a/api/tacticalrmm/agents/models.py b/api/tacticalrmm/agents/models.py
@@ -1,7 +1,5 @@
 import asyncio
-import base64
 import re
-import time
 from collections import Counter
 from distutils.version import LooseVersion
 from typing import Any
@@ -11,10 +9,6 @@
 import validators
 from asgiref.sync import sync_to_async
 from core.models import TZ_CHOICES, CoreSettings
-from Crypto.Cipher import AES
-from Crypto.Hash import SHA3_384
-from Crypto.Random import get_random_bytes
-from Crypto.Util.Padding import pad
 from django.conf import settings
 from django.contrib.postgres.fields import ArrayField
 from django.db import models
@@ -219,7 +213,8 @@ def graphics(self):
             try:
                 if not self.wmi_detail["gpus"]:
                     return "No graphics cards"
-                return self.wmi_detail["gpus"]
+
+                return ", ".join(self.wmi_detail["gpus"])
             except:
                 return "Error getting graphics cards"
 
@@ -613,30 +608,6 @@ def generate_tasks_from_policies(self):
         # Generate tasks based on policies
         Policy.generate_policy_tasks(self)
 
-    # https://github.com/Ylianst/MeshCentral/issues/59#issuecomment-521965347
-    def get_login_token(self, key, user, action=3):
-        try:
-            key = bytes.fromhex(key)
-            key1 = key[0:48]
-            key2 = key[48:]
-            msg = '{{"a":{}, "u":"{}","time":{}}}'.format(
-                action, user.lower(), int(time.time())
-            )
-            iv = get_random_bytes(16)
-
-            # sha
-            h = SHA3_384.new()
-            h.update(key1)
-            hashed_msg = h.digest() + msg.encode()
-
-            # aes
-            cipher = AES.new(key2, AES.MODE_CBC, iv)
-            msg = cipher.encrypt(pad(hashed_msg, 16))
-
-            return base64.b64encode(iv + msg, altchars=b"@$").decode("utf-8")
-        except Exception:
-            return "err"
-
     def _do_nats_debug(self, agent, message):
         DebugLog.error(agent=agent, log_type="agent_issues", message=message)
 

diff --git a/api/tacticalrmm/agents/tests.py b/api/tacticalrmm/agents/tests.py
@@ -519,7 +519,7 @@ def test_install_agent(self):
 
         self.check_not_authenticated("post", url)
 
-    @patch("agents.models.Agent.get_login_token")
+    @patch("meshctrl.utils.get_auth_token")
     def test_meshcentral_tabs(self, mock_token):
         url = f"{base_url}/{self.agent.agent_id}/meshcentral/"
         mock_token.return_value = "askjh1k238uasdhk487234jadhsajksdhasd"
@@ -547,10 +547,6 @@ def test_meshcentral_tabs(self, mock_token):
 
         self.assertEqual(r.status_code, 200)
 
-        mock_token.return_value = "err"
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 400)
-
         self.check_not_authenticated("get", url)
 
     @patch("agents.models.Agent.nats_cmd")

diff --git a/api/tacticalrmm/agents/views.py b/api/tacticalrmm/agents/views.py
@@ -4,6 +4,7 @@
 import random
 import string
 import time
+from meshctrl.utils import get_auth_token
 
 from core.models import CodeSignToken, CoreSettings
 from core.utils import get_mesh_ws_url, remove_mesh_agent, send_command_with_mesh
@@ -208,13 +209,7 @@ def get(self, request, agent_id):
         agent = get_object_or_404(Agent, agent_id=agent_id)
         core = CoreSettings.objects.first()
 
-        token = agent.get_login_token(
-            key=core.mesh_token,
-            user=f"user//{core.mesh_username.lower()}",  # type:ignore
-        )
-
-        if token == "err":
-            return notify_error("Invalid mesh token")
+        token = get_auth_token(user=core.mesh_username, key=core.mesh_token)
 
         control = f"{core.mesh_site}/?login={token}&gotonode={agent.mesh_node_id}&viewmode=11&hide=31"  # type:ignore
         terminal = f"{core.mesh_site}/?login={token}&gotonode={agent.mesh_node_id}&viewmode=12&hide=31"  # type:ignore

diff --git a/api/tacticalrmm/core/management/commands/check_mesh.py b/api/tacticalrmm/core/management/commands/check_mesh.py
@@ -1,9 +1,10 @@
 import asyncio
+from meshctrl.utils import get_auth_token
 
 from django.core.management.base import BaseCommand
 
 from core.models import CoreSettings
-from core.utils import get_auth_token, get_mesh_device_id, get_mesh_ws_url
+from core.utils import get_mesh_device_id, get_mesh_ws_url
 
 
 class Command(BaseCommand):

diff --git a/api/tacticalrmm/core/management/commands/create_natsapi_conf.py b/api/tacticalrmm/core/management/commands/create_natsapi_conf.py
@@ -12,6 +12,13 @@ def handle(self, *args, **kwargs):
 
         self.stdout.write("Creating configuration for nats-api...")
         db = settings.DATABASES["default"]
+        if hasattr(settings, "DB_SSL"):
+            ssl = settings.DB_SSL
+        elif "DB_SSL" in os.environ:
+            ssl = os.getenv("DB_SSL")
+        else:
+            ssl = "disable"
+
         config = {
             "key": settings.SECRET_KEY,
             "natsurl": f"tls://{settings.ALLOWED_HOSTS[0]}:4222",
@@ -20,6 +27,7 @@ def handle(self, *args, **kwargs):
             "host": db["HOST"],
             "port": int(db["PORT"]),
             "dbname": db["NAME"],
+            "sslmode": ssl,
         }
         conf = os.path.join(settings.BASE_DIR, "nats-api.conf")
         with open(conf, "w") as f:

diff --git a/api/tacticalrmm/core/management/commands/initial_mesh_setup.py b/api/tacticalrmm/core/management/commands/initial_mesh_setup.py
@@ -45,9 +45,9 @@ def handle(self, *args, **kwargs):
             # Check for Mesh Username
             if (
                 not mesh_settings.mesh_username
-                or settings.MESH_USERNAME != mesh_settings.mesh_username
+                or settings.MESH_USERNAME.lower() != mesh_settings.mesh_username
             ):
-                mesh_settings.mesh_username = settings.MESH_USERNAME
+                mesh_settings.mesh_username = settings.MESH_USERNAME.lower()
 
             # Check for Mesh Site
             if (

diff --git a/api/tacticalrmm/core/models.py b/api/tacticalrmm/core/models.py
@@ -97,7 +97,7 @@ def save(self, *args, **kwargs):
         if not self.pk:
             try:
                 self.mesh_site = settings.MESH_SITE
-                self.mesh_username = settings.MESH_USERNAME
+                self.mesh_username = settings.MESH_USERNAME.lower()
                 self.mesh_token = settings.MESH_TOKEN_KEY
             except:
                 pass

diff --git a/api/tacticalrmm/core/utils.py b/api/tacticalrmm/core/utils.py
@@ -1,30 +1,14 @@
 import json
 import tempfile
-import time
 from base64 import b64encode
+from meshctrl.utils import get_auth_token
 
 import requests
 import websockets
-from Crypto.Cipher import AES
-from Crypto.Random import get_random_bytes
 from django.conf import settings
 from django.http import FileResponse
 
 
-def get_auth_token(user, key):
-    key = bytes.fromhex(key)
-    key1 = key[0:32]
-    msg = '{{"userid":"{}", "domainid":"{}", "time":{}}}'.format(
-        f"user//{user}", "", int(time.time())
-    )
-    iv = get_random_bytes(12)
-
-    a = AES.new(key1, AES.MODE_GCM, iv)
-    msg, tag = a.encrypt_and_digest(bytes(msg, "utf-8"))  # type: ignore
-
-    return b64encode(iv + tag + msg, altchars=b"@$").decode("utf-8")
-
-
 def get_mesh_ws_url() -> str:
     from core.models import CoreSettings
 

diff --git a/api/tacticalrmm/requirements-test.txt b/api/tacticalrmm/requirements-test.txt
@@ -1,4 +1,5 @@
 coverage
 coveralls
 model_bakery
-black
+black
+tblib
diff --git a/api/tacticalrmm/requirements.txt b/api/tacticalrmm/requirements.txt
@@ -1,5 +1,5 @@
 asgiref==3.5.0
-celery==5.2.3
+celery==5.2.6
 certifi==2021.10.8
 cffi==1.15.0
 channels==3.0.4
@@ -14,24 +14,24 @@ django-rest-knox==4.2.0
 djangorestframework==3.13.1
 future==0.18.2
 msgpack==1.0.3
-nats-py==2.0.0
-packaging==21.3
+nats-py==2.1.0
 psycopg2-binary==2.9.3
 pycparser==2.21
 pycryptodome==3.14.1
 pyotp==2.6.0
 pyparsing==3.0.7
 pytz==2022.1
 qrcode==7.3.1
-redis==4.1.4
+redis==4.2.2
 requests==2.27.1
 six==1.16.0
 sqlparse==0.4.2
-twilio==7.8.0
+twilio==7.8.1
 urllib3==1.26.9
 uWSGI==2.0.20
 validators==0.18.2
 vine==5.0.0
 websockets==10.2
-zipp==3.7.0
-drf_spectacular==0.21.2
+zipp==3.8.0
+drf_spectacular==0.21.2
+meshctrl==0.1.13
diff --git a/api/tacticalrmm/tacticalrmm/settings.py b/api/tacticalrmm/tacticalrmm/settings.py
@@ -17,11 +17,11 @@
 AUTH_USER_MODEL = "accounts.User"
 
 # latest release
-TRMM_VERSION = "0.12.2"
+TRMM_VERSION = "0.12.3"
 
 # bump this version everytime vue code is changed
 # to alert user they need to manually refresh their browser
-APP_VER = "0.0.159"
+APP_VER = "0.0.160"
 
 # https://github.com/amidaware/rmmagent
 LATEST_AGENT_VER = "2.0.2"
@@ -31,8 +31,8 @@
 NATS_SERVER_VER = "2.7.4"
 
 # for the update script, bump when need to recreate venv or npm install
-PIP_VER = "27"
-NPM_VER = "30"
+PIP_VER = "28"
+NPM_VER = "31"
 
 SETUPTOOLS_VER = "59.6.0"
 WHEEL_VER = "0.37.1"

diff --git a/install.sh b/install.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-SCRIPT_VERSION="60"
+SCRIPT_VERSION="61"
 SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/install.sh'
 
 sudo apt install -y curl wget dirmngr gnupg lsb-release
@@ -658,7 +658,7 @@ CELERY_APP="tacticalrmm"
 
 CELERYD_MULTI="multi"
 
-CELERYD_OPTS="--time-limit=86400 --autoscale=50,3"
+CELERYD_OPTS="--time-limit=86400 --autoscale=20,2"
 
 CELERYD_PID_FILE="/rmm/api/tacticalrmm/%n.pid"
 CELERYD_LOG_FILE="/var/log/celery/%n%I.log"

diff --git a/main.go b/main.go
@@ -11,7 +11,7 @@ import (
 )
 
 var (
-	version = "3.0.1"
+	version = "3.0.2"
 	log     = logrus.New()
 )
 

diff --git a/natsapi/bin/nats-api b/natsapi/bin/nats-api
diff --git a/natsapi/types.go b/natsapi/types.go
@@ -13,4 +13,5 @@ type DjangoConfig struct {
 	Host    string `json:"host"`
 	Port    int    `json:"port"`
 	DBName  string `json:"dbname"`
+	SSLMode string `json:"sslmode"`
 }
diff --git a/natsapi/utils.go b/natsapi/utils.go
@@ -41,8 +41,8 @@ func GetConfig(cfg string) (db *sqlx.DB, r DjangoConfig, err error) {
 	}
 
 	psqlInfo := fmt.Sprintf("host=%s port=%d user=%s "+
-		"password=%s dbname=%s sslmode=disable",
-		r.Host, r.Port, r.User, r.Pass, r.DBName)
+		"password=%s dbname=%s sslmode=%s",
+		r.Host, r.Port, r.User, r.Pass, r.DBName, r.SSLMode)
 
 	db, err = sqlx.Connect("postgres", psqlInfo)
 	if err != nil {

diff --git a/update.sh b/update.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-SCRIPT_VERSION="132"
+SCRIPT_VERSION="133"
 SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/update.sh'
 LATEST_SETTINGS_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/api/tacticalrmm/tacticalrmm/settings.py'
 YELLOW='\033[1;33m'
@@ -258,6 +258,11 @@ sudo chown ${USER}:${USER} -R /etc/conf.d/
 sudo chown ${USER}:${USER} -R /etc/letsencrypt
 sudo chmod 775 -R /etc/letsencrypt
 
+CHECK_CELERY_CONFIG=$(grep "autoscale=20,2" /etc/conf.d/celery.conf)
+if ! [[ $CHECK_CELERY_CONFIG ]]; then
+  sed -i 's/CELERYD_OPTS=.*/CELERYD_OPTS="--time-limit=86400 --autoscale=20,2"/g' /etc/conf.d/celery.conf
+fi
+
 CHECK_ADMIN_ENABLED=$(grep ADMIN_ENABLED /rmm/api/tacticalrmm/tacticalrmm/local_settings.py)
 if ! [[ $CHECK_ADMIN_ENABLED ]]; then
 adminenabled="$(cat << EOF