initial SysTray api PR

.devcontainer/entrypoint.sh

@@ -69,6 +69,7 @@ ALLOWED_HOSTS = ['${API_HOST}', '*']
 ADMIN_URL = 'admin/'
 
 CORS_ORIGIN_ALLOW_ALL = True
+CORS_ORIGIN_WHITELIST = ['https://${API_HOST}']
 
 DATABASES = {
  'default': {

.vscode/settings.json

@@ -5,7 +5,8 @@
  "python.analysis.diagnosticSeverityOverrides": {
  "reportUnusedImport": "error",
  "reportDuplicateImport": "error",
- "reportGeneralTypeIssues": "none"
+ "reportGeneralTypeIssues": "none",
+ "reportOptionalMemberAccess": "none",
  },
  "python.analysis.typeCheckingMode": "basic",
  "editor.bracketPairColorization.enabled": true,

README.md

@@ -8,6 +8,7 @@ Tactical RMM is a remote monitoring & management tool, built with Django and Vue
 It uses an [agent](https://github.com/amidaware/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)
 
 # [LIVE DEMO](https://demo.tacticalrmm.com/)
+
 Demo database resets every hour. A lot of features are disabled for obvious reasons due to the nature of this app.
 
 ### [Discord Chat](https://discord.gg/upGTkWp)
@@ -23,7 +24,7 @@ Demo database resets every hour. A lot of features are disabled for obvious reas
 - Event log viewer
 - Services management
 - Windows patch management
-- Automated checks with email/SMS alerting (cpu, disk, memory, services, scripts, event logs)
+- Automated checks with email/SMS/Webhook alerting (cpu, disk, memory, services, scripts, event logs)
 - Automated task runner (run scripts on a schedule)
 - Remote software installation via chocolatey
 - Software and hardware inventory
@@ -33,9 +34,11 @@ Demo database resets every hour. A lot of features are disabled for obvious reas
 - Windows 7, 8.1, 10, 11, Server 2008R2, 2012R2, 2016, 2019, 2022
 
 ## Linux agent versions supported
+
 - Any distro with systemd which includes but is not limited to: Debian (10, 11), Ubuntu x86_64 (18.04, 20.04, 22.04), Synology 7, centos, freepbx and more!
 
 ## Mac agent versions supported
+
 - 64 bit Intel and Apple Silicon (M1, M2)
 
 ## Installation / Backup / Restore / Usage

ansible/roles/trmm_dev/tasks/main.yml

@@ -329,7 +329,7 @@
  tags: nginx
  become: yes
  ansible.builtin.apt_key:
- url: https://nginx.org/packages/keys/nginx_signing.key
+ url: https://nginx.org/keys/nginx_signing.key
  state: present
 
 - name: add nginx repo

api/tacticalrmm/accounts/migrations/0037_role_can_run_server_scripts_role_can_use_webterm.py

@@ -0,0 +1,23 @@
+# Generated by Django 4.2.13 on 2024-06-28 20:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ("accounts", "0036_remove_role_can_ping_agents"),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name="role",
+ name="can_run_server_scripts",
+ field=models.BooleanField(default=False),
+ ),
+ migrations.AddField(
+ model_name="role",
+ name="can_use_webterm",
+ field=models.BooleanField(default=False),
+ ),
+ ]

api/tacticalrmm/accounts/models.py

@@ -129,6 +129,8 @@ class Role(BaseAuditModel):
  can_run_urlactions = models.BooleanField(default=False)
  can_view_customfields = models.BooleanField(default=False)
  can_manage_customfields = models.BooleanField(default=False)
+ can_run_server_scripts = models.BooleanField(default=False)
+ can_use_webterm = models.BooleanField(default=False)
 
  # checks
  can_list_checks = models.BooleanField(default=False)

api/tacticalrmm/accounts/tests.py

@@ -17,13 +17,13 @@ def setUp(self):
  self.bob.save()
 
  def test_check_creds(self):
- url = "/checkcreds/"
+ url = "/v2/checkcreds/"
 
  data = {"username": "bob", "password": "hunter2"}
  r = self.client.post(url, data, format="json")
  self.assertEqual(r.status_code, 200)
  self.assertIn("totp", r.data.keys())
- self.assertEqual(r.data["totp"], "totp not set")
+ self.assertEqual(r.data["totp"], False)
 
  data = {"username": "bob", "password": "a3asdsa2314"}
  r = self.client.post(url, data, format="json")
@@ -40,7 +40,7 @@ def test_check_creds(self):
  data = {"username": "bob", "password": "hunter2"}
  r = self.client.post(url, data, format="json")
  self.assertEqual(r.status_code, 200)
- self.assertEqual(r.data, "ok")
+ self.assertEqual(r.data["totp"], True)
 
  # test user set to block dashboard logins
  self.bob.block_dashboard_login = True
@@ -50,7 +50,7 @@ def test_check_creds(self):
 
  @patch("pyotp.TOTP.verify")
  def test_login_view(self, mock_verify):
- url = "/login/"
+ url = "/v2/login/"
 
  mock_verify.return_value = True
  data = {"username": "bob", "password": "hunter2", "twofactor": "123456"}
@@ -404,7 +404,7 @@ def test_post_totp_set(self):
 
  r = self.client.post(url)
  self.assertEqual(r.status_code, 200)
- self.assertEqual(r.data, "totp token already set")
+ self.assertEqual(r.data, False)
 
 
 class TestAPIAuthentication(TacticalTestCase):

api/tacticalrmm/accounts/views.py

@@ -1,3 +1,5 @@
+import datetime
+
 import pyotp
 from django.conf import settings
 from django.contrib.auth import login
@@ -26,7 +28,87 @@
 )
 
 
+class CheckCredsV2(KnoxLoginView):
+ permission_classes = (AllowAny,)
+
+ # restrict time on tokens issued by this view to 3 min
+ def get_token_ttl(self):
+ return datetime.timedelta(seconds=180)
+
+ def post(self, request, format=None):
+ # check credentials
+ serializer = AuthTokenSerializer(data=request.data)
+ if not serializer.is_valid():
+ AuditLog.audit_user_failed_login(
+ request.data["username"], debug_info={"ip": request._client_ip}
+ )
+ return notify_error("Bad credentials")
+
+ user = serializer.validated_data["user"]
+
+ if user.block_dashboard_login:
+ return notify_error("Bad credentials")
+
+ # if totp token not set modify response to notify frontend
+ if not user.totp_key:
+ login(request, user)
+ response = super().post(request, format=None)
+ response.data["totp"] = False
+ return response
+
+ return Response({"totp": True})
+
+
+class LoginViewV2(KnoxLoginView):
+ permission_classes = (AllowAny,)
+
+ def post(self, request, format=None):
+ valid = False
+
+ serializer = AuthTokenSerializer(data=request.data)
+ serializer.is_valid(raise_exception=True)
+ user = serializer.validated_data["user"]
+
+ if user.block_dashboard_login:
+ return notify_error("Bad credentials")
+
+ token = request.data["twofactor"]
+ totp = pyotp.TOTP(user.totp_key)
+
+ if settings.DEBUG and token == "sekret":
+ valid = True
+ elif getattr(settings, "DEMO", False):
+ valid = True
+ elif totp.verify(token, valid_window=10):
+ valid = True
+
+ if valid:
+ login(request, user)
+
+ # save ip information
+ ipw = IpWare()
+ client_ip, _ = ipw.get_client_ip(request.META)
+ if client_ip:
+ user.last_login_ip = str(client_ip)
+ user.save()
+
+ AuditLog.audit_user_login_successful(
+ request.data["username"], debug_info={"ip": request._client_ip}
+ )
+ response = super().post(request, format=None)
+ response.data["username"] = request.user.username
+ return Response(response.data)
+ else:
+ AuditLog.audit_user_failed_twofactor(
+ request.data["username"], debug_info={"ip": request._client_ip}
+ )
+ return notify_error("Bad credentials")
+
+
 class CheckCreds(KnoxLoginView):
+ # TODO
+ # This view is deprecated as of 0.19.0
+ # Needed for the initial update to 0.19.0 so frontend code doesn't break on login
  permission_classes = (AllowAny,)
 
  def post(self, request, format=None):
@@ -54,6 +136,9 @@ def post(self, request, format=None):
 
 
 class LoginView(KnoxLoginView):
+ # TODO
+ # This view is deprecated as of 0.19.0
+ # Needed for the initial update to 0.19.0 so frontend code doesn't break on login
  permission_classes = (AllowAny,)
 
  def post(self, request, format=None):
@@ -207,7 +292,7 @@ def post(self, request):
  user.save(update_fields=["totp_key"])
  return Response(TOTPSetupSerializer(user).data)
 
- return Response("totp token already set")
+ return Response(False)
 
 
 class UserUI(APIView):

api/tacticalrmm/agents/models.py

@@ -40,7 +40,7 @@
  PAAction,
  PAStatus,
 )
-from tacticalrmm.helpers import setup_nats_options
+from tacticalrmm.helpers import has_script_actions, has_webhook, setup_nats_options
 from tacticalrmm.models import PermissionQuerySet
 
 if TYPE_CHECKING:
@@ -135,7 +135,12 @@ def save(self, *args, **kwargs):
  orig = Agent.objects.get(pk=self.pk)
  mon_type_changed = self.monitoring_type != orig.monitoring_type
  site_changed = self.site_id != orig.site_id
- if mon_type_changed or site_changed:
+ policy_changed = self.policy != orig.policy
+ block_inherit = (
+ self.block_policy_inheritance != orig.block_policy_inheritance
+ )
+
+ if mon_type_changed or site_changed or policy_changed or block_inherit:
  self._processing_set_alert_template = True
  self.set_alert_template()
  self._processing_set_alert_template = False
@@ -950,18 +955,22 @@ def delete_superseded_updates(self) -> None:
  def should_create_alert(
  self, alert_template: "Optional[AlertTemplate]" = None
  ) -> bool:
- return bool(
+ has_agent_notification = (
  self.overdue_dashboard_alert
  or self.overdue_email_alert
  or self.overdue_text_alert
- or (
- alert_template
- and (
- alert_template.agent_always_alert
- or alert_template.agent_always_email
- or alert_template.agent_always_text
- )
- )
+ )
+ has_alert_template_notification = alert_template and (
+ alert_template.agent_always_alert
+ or alert_template.agent_always_email
+ or alert_template.agent_always_text
+ )
+
+ return bool(
+ has_agent_notification
+ or has_alert_template_notification
+ or has_webhook(alert_template, "agent")
+ or has_script_actions(alert_template, "agent")
  )
 
  def send_outage_email(self) -> None:

api/tacticalrmm/agents/tasks.py

@@ -175,7 +175,7 @@ def run_script_email_results_task(
  return
 
  CORE = get_core_settings()
- subject = f"{agent.hostname} {script.name} Results"
+ subject = f"{agent.client.name}, {agent.site.name}, {agent.hostname} {script.name} Results"
  exec_time = "{:.4f}".format(r["execution_time"])
  body = (
  subject

api/tacticalrmm/agents/views.py

@@ -987,6 +987,8 @@ def bulk(request):
  debug_info={"ip": request._client_ip},
  )
 
+ ht = "Check the History tab on the agent to view the results."
+
  if request.data["mode"] == "command":
  if request.data["shell"] == "custom" and request.data["custom_shell"]:
  shell = request.data["custom_shell"]
@@ -1001,7 +1003,7 @@ def bulk(request):
  username=request.user.username[:50],
  run_as_user=request.data["run_as_user"],
  )
- return Response(f"Command will now be run on {len(agents)} agents")
+ return Response(f"Command will now be run on {len(agents)} agents. {ht}")
 
  elif request.data["mode"] == "script":
  script = get_object_or_404(Script, pk=request.data["script"])
@@ -1016,7 +1018,7 @@ def bulk(request):
  env_vars=request.data["env_vars"],
  )
 
- return Response(f"{script.name} will now be run on {len(agents)} agents")
+ return Response(f"{script.name} will now be run on {len(agents)} agents. {ht}")
 
  elif request.data["mode"] == "patch":
  if request.data["patchMode"] == "install":

api/tacticalrmm/alerts/migrations/0014_alerttemplate_action_rest_alerttemplate_action_type_and_more.py

@@ -0,0 +1,55 @@
+# Generated by Django 4.2.13 on 2024-06-28 20:21
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ("core", "0045_coresettings_enable_server_scripts_and_more"),
+ ("alerts", "0013_alerttemplate_action_env_vars_and_more"),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name="alerttemplate",
+ name="action_rest",
+ field=models.ForeignKey(
+ blank=True,
+ null=True,
+ on_delete=django.db.models.deletion.SET_NULL,
+ related_name="url_action_alert_template",
+ to="core.urlaction",
+ ),
+ ),
+ migrations.AddField(
+ model_name="alerttemplate",
+ name="action_type",
+ field=models.CharField(
+ choices=[("script", "Script"), ("server", "Server"), ("rest", "Rest")],
+ default="script",
+ max_length=10,
+ ),
+ ),
+ migrations.AddField(
+ model_name="alerttemplate",
+ name="resolved_action_rest",
+ field=models.ForeignKey(
+ blank=True,
+ null=True,
+ on_delete=django.db.models.deletion.SET_NULL,
+ related_name="resolved_url_action_alert_template",
+ to="core.urlaction",
+ ),
+ ),
+ migrations.AddField(
+ model_name="alerttemplate",
+ name="resolved_action_type",
+ field=models.CharField(
+ choices=[("script", "Script"), ("server", "Server"), ("rest", "Rest")],
+ default="script",
+ max_length=10,
+ ),
+ ),
+ ]