diff --git a/api/src/unraid-api/cli/sso/add-sso-user.command.ts b/api/src/unraid-api/cli/sso/add-sso-user.command.ts index a9640d1f4..148e8d27f 100644 --- a/api/src/unraid-api/cli/sso/add-sso-user.command.ts +++ b/api/src/unraid-api/cli/sso/add-sso-user.command.ts @@ -28,13 +28,21 @@ export class AddSSOUserCommand extends CommandRunner { } async run(_input: string[], options: AddSSOUserCommandOptions): Promise { - options = await this.inquirerService.prompt(AddSSOUserQuestionSet.name, options); + try { + options = await this.inquirerService.prompt(AddSSOUserQuestionSet.name, options); - if (options.disclaimer === 'y') { - await store.dispatch(loadConfigFile()); - store.dispatch(addSsoUser(options.username)); - writeConfigSync('flash'); - this.logger.info('User added ' + options.username); + if (options.disclaimer === 'y' && options.username) { + await store.dispatch(loadConfigFile()); + store.dispatch(addSsoUser(options.username)); + writeConfigSync('flash'); + this.logger.info('User added ' + options.username); + } + } catch (e: unknown) { + if (e instanceof Error) { + this.logger.error('Error adding user: ' + e.message); + } else { + this.logger.error('Error adding user'); + } } } diff --git a/api/src/unraid-api/cli/sso/add-sso-user.questions.ts b/api/src/unraid-api/cli/sso/add-sso-user.questions.ts index c9228349d..2e3d6c37a 100644 --- a/api/src/unraid-api/cli/sso/add-sso-user.questions.ts +++ b/api/src/unraid-api/cli/sso/add-sso-user.questions.ts @@ -1,4 +1,5 @@ import { Question, QuestionSet } from 'nest-commander'; +import { v4 as uuidv4 } from 'uuid'; @@ -9,7 +10,12 @@ export class AddSSOUserQuestionSet { static name = 'add-user'; @Question({ - message: 'Are you sure you wish to add a user for SSO - this will enable single sign on in Unraid and has certain security implications? (y/n)', + message: `Enabling Single Sign-On (SSO) will simplify authentication by centralizing access to your Unraid server. However, this comes with certain security considerations: if your SSO account is compromised, unauthorized access to your server could occur. + +Please note: your existing username and password will continue to work alongside SSO. + +Are you sure you want to proceed with adding a user for SSO? (y/n) +`, name: 'disclaimer', validate(input) { if (!input) { @@ -29,14 +35,17 @@ export class AddSSOUserQuestionSet { } @Question({ - message: 'What is the cognito username (NOT YOUR UNRAID USERNAME)? Find it in your Unraid Account at https://account.unraid.net', + message: + "What is your Unique Unraid Account ID? Find it in your Unraid Account at https://account.unraid.net/settings\n", name: 'username', validate(input) { if (!input) { return 'Username is required'; } - if (!/^[a-zA-Z0-9-]+$/.test(input)) { - return 'Username must be alphanumeric and can include dashes.'; + const randomUUID = uuidv4(); + + if (!/^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/.test(input)) { + return `Username must be in the format of a UUID (e.g., ${randomUUID}).`; } return true; }, diff --git a/plugin/plugins/dynamix.unraid.net.plg b/plugin/plugins/dynamix.unraid.net.plg index f3e5a64d3..50a2a395e 100755 --- a/plugin/plugins/dynamix.unraid.net.plg +++ b/plugin/plugins/dynamix.unraid.net.plg @@ -759,10 +759,6 @@ if ([[ -n "${email}" && (-z "${apikey}" || "${#apikey}" -ne "64") ]]); then }' "${CFG}">"${CFG}-new" && mv "${CFG}-new" "${CFG}" CFG_CLEANED=1 echo "⚠️ Automatically signed out of Unraid.net" fi -# if there wasn't an email or the CFG was cleaned -if [[ -z "${email}" ]] || [[ CFG_CLEANED -eq 1 ]]; then - echo "✨ Sign In to Unraid.net to use Unraid Connect ✨" -fi # configure flash backup to stop when the system starts shutting down [[ ! -d /etc/rc.d/rc6.d ]] && mkdir /etc/rc.d/rc6.d