diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py index 0f0cdb4c..4f98d98f 100644 --- a/app/classes/web/ajax_handler.py +++ b/app/classes/web/ajax_handler.py @@ -48,7 +48,7 @@ class AjaxHandler(BaseHandler): if server_id is None: logger.warning("Server ID not found in server_log ajax call") self.redirect("/panel/error?error=Server ID Not Found") - return False + return server_id = bleach.clean(server_id) @@ -86,14 +86,14 @@ class AjaxHandler(BaseHandler): file_path = self.get_argument('file_path', None) server_id = self.get_argument('id', None) - if not self.check_server_id(server_id, 'get_file'): return False + if not self.check_server_id(server_id, 'get_file'): return else: server_id = bleach.clean(server_id) if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path)\ or not helper.check_file_exists(os.path.abspath(file_path)): logger.warning("Invalid path in get_file ajax call ({})".format(file_path)) console.warning("Invalid path in get_file ajax call ({})".format(file_path)) - return False + return error = None @@ -114,7 +114,7 @@ class AjaxHandler(BaseHandler): elif page == "get_tree": server_id = self.get_argument('id', None) - if not self.check_server_id(server_id, 'get_tree'): return False + if not self.check_server_id(server_id, 'get_tree'): return else: server_id = bleach.clean(server_id) self.write(db_helper.get_server_data_by_id(server_id)['path'] + '\n' + @@ -152,14 +152,14 @@ class AjaxHandler(BaseHandler): server_id = self.get_argument('id', None) print(server_id) - if not self.check_server_id(server_id, 'create_file'): return False + if not self.check_server_id(server_id, 'create_file'): return else: server_id = bleach.clean(server_id) if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path) \ or helper.check_file_exists(os.path.abspath(file_path)): logger.warning("Invalid path in create_file ajax call ({})".format(file_path)) console.warning("Invalid path in create_file ajax call ({})".format(file_path)) - return False + return # Create the file by opening it with open(file_path, 'w') as file_object: @@ -172,14 +172,14 @@ class AjaxHandler(BaseHandler): server_id = self.get_argument('id', None) print(server_id) - if not self.check_server_id(server_id, 'create_dir'): return False + if not self.check_server_id(server_id, 'create_dir'): return else: server_id = bleach.clean(server_id) if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], dir_path) \ or helper.check_path_exists(os.path.abspath(dir_path)): logger.warning("Invalid path in create_dir ajax call ({})".format(dir_path)) console.warning("Invalid path in create_dir ajax call ({})".format(dir_path)) - return False + return # Create the directory os.mkdir(dir_path) @@ -192,7 +192,7 @@ class AjaxHandler(BaseHandler): console.warning("delete {} for server {}".format(file_path, server_id)) - if not self.check_server_id(server_id, 'del_file'): return False + if not self.check_server_id(server_id, 'del_file'): return else: server_id = bleach.clean(server_id) server_info = db_helper.get_server_data_by_id(server_id) @@ -201,7 +201,7 @@ class AjaxHandler(BaseHandler): or not helper.check_file_exists(os.path.abspath(file_path)): logger.warning("Invalid path in del_file ajax call ({})".format(file_path)) console.warning("Invalid path in del_file ajax call ({})".format(file_path)) - return False + return # Delete the file os.remove(file_path) @@ -213,7 +213,7 @@ class AjaxHandler(BaseHandler): console.warning("delete {} for server {}".format(file_path, server_id)) - if not self.check_server_id(server_id, 'del_dir'): return False + if not self.check_server_id(server_id, 'del_dir'): return else: server_id = bleach.clean(server_id) server_info = db_helper.get_server_data_by_id(server_id) @@ -221,7 +221,7 @@ class AjaxHandler(BaseHandler): or not helper.check_path_exists(os.path.abspath(dir_path)): logger.warning("Invalid path in del_file ajax call ({})".format(dir_path)) console.warning("Invalid path in del_file ajax call ({})".format(dir_path)) - return False + return # Delete the directory # os.rmdir(dir_path) # Would only remove empty directories @@ -237,14 +237,14 @@ class AjaxHandler(BaseHandler): print(file_path) print(server_id) - if not self.check_server_id(server_id, 'save_file'): return False + if not self.check_server_id(server_id, 'save_file'): return else: server_id = bleach.clean(server_id) if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path)\ or not helper.check_file_exists(os.path.abspath(file_path)): logger.warning("Invalid path in save_file ajax call ({})".format(file_path)) console.warning("Invalid path in save_file ajax call ({})".format(file_path)) - return False + return # Open the file in write mode and store the content in file_object with open(file_path, 'w') as file_object: @@ -256,19 +256,19 @@ class AjaxHandler(BaseHandler): server_id = self.get_argument('id', None) print(server_id) - if not self.check_server_id(server_id, 'rename_item'): return False + if not self.check_server_id(server_id, 'rename_item'): return else: server_id = bleach.clean(server_id) if item_path is None or new_item_name is None: logger.warning("Invalid path(s) in rename_item ajax call") console.warning("Invalid path(s) in rename_item ajax call") - return False + return if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], item_path) \ or not helper.check_path_exists(os.path.abspath(item_path)): logger.warning("Invalid old name path in rename_item ajax call ({})".format(server_id)) console.warning("Invalid old name path in rename_item ajax call ({})".format(server_id)) - return False + return new_item_path = os.path.join(os.path.split(item_path)[0], new_item_name) @@ -276,7 +276,7 @@ class AjaxHandler(BaseHandler): or helper.check_path_exists(os.path.abspath(new_item_path)): logger.warning("Invalid new name path in rename_item ajax call ({})".format(server_id)) console.warning("Invalid new name path in rename_item ajax call ({})".format(server_id)) - return False + return # RENAME os.rename(item_path, new_item_path) @@ -284,7 +284,7 @@ class AjaxHandler(BaseHandler): if server_id is None: logger.warning("Server ID not defined in {} ajax call ({})".format(page_name, server_id)) console.warning("Server ID not defined in {} ajax call ({})".format(page_name, server_id)) - return False + return else: server_id = bleach.clean(server_id) @@ -292,5 +292,5 @@ class AjaxHandler(BaseHandler): if not db_helper.server_id_exists(server_id): logger.warning("Server ID not found in {} ajax call ({})".format(page_name, server_id)) console.warning("Server ID not found in {} ajax call ({})".format(page_name, server_id)) - return False + return return True diff --git a/app/classes/web/api_handler.py b/app/classes/web/api_handler.py index 933b6235..50035c9f 100644 --- a/app/classes/web/api_handler.py +++ b/app/classes/web/api_handler.py @@ -41,11 +41,11 @@ class ApiHandler(BaseHandler): else: logging.debug("Auth unsuccessful") self.access_denied("unknown", "the user provided an invalid token") - return False + return except Exception as e: log.warning("An error occured while authenticating an API user: %s", e) self.access_denied("unknown"), "an error occured while authenticating the user" - return False + return class ServersStats(ApiHandler): diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index 98a0b4a1..aade9b2e 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -140,7 +140,7 @@ class PanelHandler(BaseHandler): #if not db_helper.server_id_authorized(server_id, exec_user_id): if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): self.redirect("/panel/error?error=Invalid Server ID") - return False + return valid_subpages = ['term', 'logs', 'backup', 'config', 'files', 'admin_controls'] @@ -200,7 +200,7 @@ class PanelHandler(BaseHandler): #if not db_helper.server_id_authorized(server_id, exec_user_id): if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): self.redirect("/panel/error?error=Invalid Server ID") - return False + return server_info = db_helper.get_server_data_by_id(server_id) backup_file = os.path.abspath(os.path.join(server_info["backup_path"], file)) @@ -249,7 +249,7 @@ class PanelHandler(BaseHandler): #if not db_helper.server_id_authorized(server_id, exec_user_id): if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): self.redirect("/panel/error?error=Invalid Server ID") - return False + return server = self.controller.get_server_obj(server_id).backup_server() self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id)) diff --git a/app/classes/web/public_handler.py b/app/classes/web/public_handler.py index 3e9913db..4388f909 100644 --- a/app/classes/web/public_handler.py +++ b/app/classes/web/public_handler.py @@ -37,9 +37,6 @@ class PublicHandler(BaseHandler): def get(self, page=None): - self.clear_cookie("user") - self.clear_cookie("user_data") - error = bleach.clean(self.get_argument('error', "Invalid Login!")) page_data = { @@ -59,9 +56,16 @@ class PublicHandler(BaseHandler): elif page == "error": template = "public/error.html" + elif page == "logout": + self.clear_cookie("user") + self.clear_cookie("user_data") + self.redirect('/public/login') + return + # if we have no page, let's go to login else: self.redirect('/public/login') + return self.render( template, @@ -82,14 +86,18 @@ class PublicHandler(BaseHandler): # if we don't have a user if not user_data: next_page = "/public/error?error=Login Failed" + self.clear_cookie("user") + self.clear_cookie("user_data") self.redirect(next_page) - return False + return # if they are disabled if not user_data.enabled: next_page = "/public/error?error=Login Failed" + self.clear_cookie("user") + self.clear_cookie("user_data") self.redirect(next_page) - return False + return login_result = helper.verify_pass(entered_password, user_data.password) @@ -118,6 +126,8 @@ class PublicHandler(BaseHandler): next_page = "/panel/dashboard" self.redirect(next_page) else: + self.clear_cookie("user") + self.clear_cookie("user_data") # log this failed login attempt db_helper.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip()) self.redirect('/public/error?error=Login Failed') diff --git a/app/classes/web/server_handler.py b/app/classes/web/server_handler.py index 7768280d..f89fc1e2 100644 --- a/app/classes/web/server_handler.py +++ b/app/classes/web/server_handler.py @@ -96,7 +96,7 @@ class ServerHandler(BaseHandler): for server in db_helper.get_all_defined_servers(): if server['server_name'] == name: return True - return False + return server_data = db_helper.get_server_data_by_id(server_id) server_uuid = server_data.get('server_uuid') @@ -165,14 +165,14 @@ class ServerHandler(BaseHandler): if not server_name: self.redirect("/panel/error?error=Server name cannot be empty!") - return False + return if import_type == 'import_jar': good_path = self.controller.verify_jar_server(import_server_path, import_server_jar) if not good_path: self.redirect("/panel/error?error=Server path or Server Jar not found!") - return False + return new_server_id = self.controller.import_jar_server(server_name, import_server_path,import_server_jar, min_mem, max_mem, port) db_helper.add_to_audit_log(exec_user_data['user_id'], @@ -184,12 +184,12 @@ class ServerHandler(BaseHandler): good_path = self.controller.verify_zip_server(import_server_path) if not good_path: self.redirect("/panel/error?error=Zip file not found!") - return False + return new_server_id = self.controller.import_zip_server(server_name, import_server_path,import_server_jar, min_mem, max_mem, port) if new_server_id == "false": self.redirect("/panel/error?error=Zip file not accessible! You can fix this permissions issue with sudo chown -R crafty:crafty {} And sudo chmod 2775 -R {}".format(import_server_path, import_server_path)) - return False + return db_helper.add_to_audit_log(exec_user_data['user_id'], "imported a zip server named \"{}\"".format(server_name), # Example: Admin imported a server named "old creative" new_server_id, @@ -197,7 +197,7 @@ class ServerHandler(BaseHandler): else: if len(server_parts) != 2: self.redirect("/panel/error?error=Invalid server data") - return False + return server_type, server_version = server_parts # todo: add server type check here and call the correct server add functions if not a jar new_server_id = self.controller.create_jar_server(server_type, server_version, server_name, min_mem, max_mem, port) diff --git a/app/frontend/templates/notify.html b/app/frontend/templates/notify.html index 09e6c7da..5cafcacd 100644 --- a/app/frontend/templates/notify.html +++ b/app/frontend/templates/notify.html @@ -29,7 +29,7 @@ {% end %} Activity - Sign Out + Sign Out \ No newline at end of file