diff --git a/app/classes/models/users.py b/app/classes/models/users.py
index f959a5bb..d6bd1607 100644
--- a/app/classes/models/users.py
+++ b/app/classes/models/users.py
@@ -70,7 +70,7 @@ class helper_users:
@staticmethod
def get_all_users():
- query = Users.select()
+ query = Users.select().where(Users.username != "system")
return query
@staticmethod
@@ -79,8 +79,6 @@ class helper_users:
@staticmethod
def get_user_id_by_name(username):
- if username == "SYSTEM":
- return 0
try:
return (Users.get(Users.username == username)).user_id
except DoesNotExist:
@@ -108,14 +106,14 @@ class helper_users:
if user_id == 0:
return {
'user_id': 0,
- 'created': None,
- 'last_login': None,
- 'last_update': None,
+ 'created': '10/24/2019, 11:34:00',
+ 'last_login': '10/24/2019, 11:34:00',
+ 'last_update': '10/24/2019, 11:34:00',
'last_ip': "127.27.23.89",
'username': "SYSTEM",
'password': None,
'enabled': True,
- 'superuser': False,
+ 'superuser': True,
'api_token': None,
'roles': [],
'servers': [],
@@ -130,6 +128,13 @@ class helper_users:
#logger.debug("user: ({}) {}".format(user_id, {}))
return {}
+ def check_system_user(user_id):
+ try:
+ Users.get(Users.user_id == user_id).user_id == user_id
+ return True
+ except:
+ return False
+
@staticmethod
def add_user(username, password=None, api_token=None, enabled=True, superuser=False):
if password is not None:
diff --git a/app/classes/shared/main_controller.py b/app/classes/shared/main_controller.py
index 11edcf2f..e9c7750f 100644
--- a/app/classes/shared/main_controller.py
+++ b/app/classes/shared/main_controller.py
@@ -3,6 +3,7 @@ import pathlib
import time
import logging
import sys
+from app.classes.models.users import helper_users
from peewee import DoesNotExist
import schedule
import yaml
@@ -120,6 +121,17 @@ class Controller:
server_obj = self.get_server_obj(server_id)
server_obj.reload_server_settings()
+ @staticmethod
+ def check_system_user():
+ if helper_users.get_user_id_by_name("system") is not None:
+ return True
+ else:
+ return False
+
+ @staticmethod
+ def add_system_user():
+ helper_users.add_user("system", helper.random_string_generator(64), helper_users.new_api_token(), False, False)
+
def get_server_settings(self, server_id):
for s in self.servers_list:
if int(s['server_id']) == int(server_id):
@@ -319,8 +331,11 @@ class Controller:
path_list = test.split('/')
root_path = path_list[0]
if len(path_list) > 1:
- for i in range(len(path_list)-2):
- root_path = os.path.join(root_path, path_list[i+1])
+ for i in range(len(path_list)-1):
+ try:
+ root_path = os.path.join(root_path, path_list[i+1])
+ except:
+ root_path = root_path
full_root_path = os.path.join(tempDir, root_path)
diff --git a/app/classes/shared/tasks.py b/app/classes/shared/tasks.py
index 47e390b9..927d4947 100644
--- a/app/classes/shared/tasks.py
+++ b/app/classes/shared/tasks.py
@@ -73,8 +73,9 @@ class TasksManager:
logger.info("Loading schedule ID#{i}: '{a}' every {n} {t} at {s}".format(
i=j.schedule_id, a=j.action, n=j.interval, t=j.interval_type, s=j.start_time))
try:
+ print(self.controller.users.get_id_by_name('system'))
getattr(schedule.every(j.interval), j.interval_type).at(j.start_time).do(
- self.controller.management.send_command, 0, j.server_id, "127.27.23.89", j.action)
+ self.controller.management.send_command, self.controller.users.get_id_by_name('system'), j.server_id, "127.27.23.89", j.action)
except schedule.ScheduleValueError as e:
logger.critical("Scheduler value error occurred: {} on ID#{}".format(e, j.schedule_id))
else:
diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index 5847741d..7f0c1d1c 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -818,6 +818,8 @@ class PanelHandler(BaseHandler):
self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))
elif page == "edit_user":
+ if bleach.clean(self.get_argument('username', None)) == 'system':
+ self.redirect("/panel/error?error=Unauthorized access: system user is not editable")
user_id = bleach.clean(self.get_argument('id', None))
username = bleach.clean(self.get_argument('username', None))
password0 = bleach.clean(self.get_argument('password0', None))
@@ -914,6 +916,8 @@ class PanelHandler(BaseHandler):
elif page == "add_user":
+ if bleach.clean(self.get_argument('username', None)):
+ self.redirect("/panel/error?error=Unauthorized access: username system is reserved for the Crafty system. Please choose a different username.")
username = bleach.clean(self.get_argument('username', None))
password0 = bleach.clean(self.get_argument('password0', None))
password1 = bleach.clean(self.get_argument('password1', None))
diff --git a/app/frontend/templates/panel/server_files.html b/app/frontend/templates/panel/server_files.html
index 3f16e8c2..377a7355 100644
--- a/app/frontend/templates/panel/server_files.html
+++ b/app/frontend/templates/panel/server_files.html
@@ -139,7 +139,7 @@
{{ translate('serverFiles', 'files', data['lang']) }}
-
+
- {{ translate('serverFiles', 'error', data['lang']) }}
@@ -647,7 +647,7 @@
document.getElementById("fileList").innerHTML = list;
}, false);
});
- }
+ }
function getTreeView() {
$.ajax({
type: "GET",
@@ -898,6 +898,8 @@
target.classList.add('btn-primary');
}
+ window.onload = getTreeView();
+
{% end %}
\ No newline at end of file
diff --git a/main.py b/main.py
index 0762e7e3..4526dc1d 100644
--- a/main.py
+++ b/main.py
@@ -6,6 +6,7 @@ import time
import argparse
import logging.config
import signal
+from app.classes.controllers.management_controller import Management_Controller
""" Our custom classes / pip packages """
from app.classes.shared.console import console
@@ -146,6 +147,9 @@ if __name__ == '__main__':
console.warning("We have detected Crafty's port, {} may not be open on the host network or a firewall is blocking it. Remote client connections to Crafty may be limited.".format(helper.get_setting('https_port')))
console.help("If you are not forwarding ports from your public IP or your router does not support hairpin NAT you can safely disregard the previous message.")
+ if not controller.check_system_user():
+ controller.add_system_user()
+
Crafty = MainPrompt(tasks_manager, migration_manager)
def sigterm_handler(signum, current_stack_frame):