Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/authentication-return' into 'dev'

Browse Source 
Fix API authentication stack

See merge request crafty-controller/crafty-4!759
This commit is contained in:
Iain Powrie 2024-05-11 22:41:58 +00:00
commit 9f4e48deec
16 changed files with 45 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -1,7 +1,7 @@
# Changelog # Changelog
## --- [4.4.0] - 2024/05/10 ## --- [4.4.0] - 2024/05/11
### Refactor ### Refactor
- Refactor API keys "super user" to "full access" ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/731)) - Refactor API keys "super user" to "full access" ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/731) | [Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/759))
- Refactor SBuilder to use Big Bucket Svc ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/755)) - Refactor SBuilder to use Big Bucket Svc ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/755))
### Bug fixes ### Bug fixes
- Reset query arguments on login if `?next` is not available ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/750)) - Reset query arguments on login if `?next` is not available ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/750))

2
app/classes/web/routes/api/crafty/announcements/index.py
View File

@ -26,6 +26,7 @@ class ApiAnnounceIndexHandler(BaseApiHandler):
_, _,
_, _,
_user, _user,
_,
) = auth_data ) = auth_data
data = self.helper.get_announcements() data = self.helper.get_announcements()
@ -72,6 +73,7 @@ class ApiAnnounceIndexHandler(BaseApiHandler):
_, _,
_, _,
_user, _user,
_,
) = auth_data ) = auth_data
try: try:
data = json.loads(self.request.body) data = json.loads(self.request.body)

1
app/classes/web/routes/api/crafty/clogs/index.py
View File

@ -14,6 +14,7 @@ class ApiCraftyLogIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
_, _,
_,
) = auth_data ) = auth_data
if not superuser: if not superuser:

11
app/classes/web/routes/api/crafty/config/index.py
View File

@ -68,6 +68,7 @@ class ApiCraftyConfigIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
_, _,
_,
) = auth_data ) = auth_data
# GET /api/v2/roles?ids=true # GET /api/v2/roles?ids=true
@ -94,13 +95,7 @@ class ApiCraftyConfigIndexHandler(BaseApiHandler):
auth_data = self.authenticate_user() auth_data = self.authenticate_user()
if not auth_data: if not auth_data:
return return
( (_, _, _, superuser, user, _) = auth_data
_,
_,
_,
superuser,
user,
) = auth_data
if not superuser: if not superuser:
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
@ -150,6 +145,7 @@ class ApiCraftyCustomizeIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
_, _,
_,
) = auth_data ) = auth_data
# GET /api/v2/roles?ids=true # GET /api/v2/roles?ids=true
@ -182,6 +178,7 @@ class ApiCraftyCustomizeIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
user, user,
_,
) = auth_data ) = auth_data
if not superuser: if not superuser:
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})

2
app/classes/web/routes/api/crafty/config/server_dir.py
View File

@ -24,6 +24,7 @@ class ApiCraftyConfigServerDirHandler(BaseApiHandler):
_, _,
superuser, superuser,
_, _,
_,
) = auth_data ) = auth_data
# GET /api/v2/roles?ids=true # GET /api/v2/roles?ids=true
@ -56,6 +57,7 @@ class ApiCraftyConfigServerDirHandler(BaseApiHandler):
_, _,
_, _,
_, _,
_,
) = auth_data ) = auth_data
if not auth_data: if not auth_data:

1
app/classes/web/routes/api/crafty/exe_cache.py
View File

@ -12,6 +12,7 @@ class ApiCraftyJarCacheIndexHandler(BaseApiHandler):
_, _,
_, _,
_, _,
_,
) = auth_data ) = auth_data
if not auth_data[4]["superuser"]: if not auth_data[4]["superuser"]:

2
app/classes/web/routes/api/roles/index.py
View File

@ -75,6 +75,7 @@ class ApiRolesIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
_, _,
_,
) = auth_data ) = auth_data
# GET /api/v2/roles?ids=true # GET /api/v2/roles?ids=true
@ -107,6 +108,7 @@ class ApiRolesIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
user, user,
_,
) = auth_data ) = auth_data
if not superuser: if not superuser:

15
app/classes/web/routes/api/roles/role/index.py
View File

@ -74,6 +74,7 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
_, _,
_,
) = auth_data ) = auth_data
if not superuser: if not superuser:
@ -97,6 +98,7 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
user, user,
_,
) = auth_data ) = auth_data
if not superuser: if not superuser:
@ -126,10 +128,19 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
user, user,
_,
) = auth_data ) = auth_data
if not superuser: role = self.controller.roles.get_role(role_id)
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) if not superuser and user["user_id"] != role["manager"]:
return self.finish_json(
400,
{
"status": "error",
"error": "NOT_AUTHORIZED",
"error_data": "Not Authorized",
},
)
try: try:
data = orjson.loads(self.request.body) data = orjson.loads(self.request.body)

1
app/classes/web/routes/api/roles/role/servers.py
View File

@ -13,6 +13,7 @@ class ApiRolesRoleServersHandler(BaseApiHandler):
_, _,
superuser, superuser,
_, _,
_,
) = auth_data ) = auth_data
# GET /api/v2/roles/role/servers?ids=true # GET /api/v2/roles/role/servers?ids=true

1
app/classes/web/routes/api/roles/role/users.py
View File

@ -12,6 +12,7 @@ class ApiRolesRoleUsersHandler(BaseApiHandler):
_, _,
superuser, superuser,
_, _,
_,
) = auth_data ) = auth_data
if not superuser: if not superuser:

1
app/classes/web/routes/api/servers/index.py
View File

@ -685,6 +685,7 @@ class ApiServersIndexHandler(BaseApiHandler):
_, _,
_superuser, _superuser,
user, user,
_,
) = auth_data ) = auth_data
if EnumPermissionsCrafty.SERVER_CREATION not in exec_user_crafty_permissions: if EnumPermissionsCrafty.SERVER_CREATION not in exec_user_crafty_permissions:

7
app/classes/web/routes/api/users/index.py
View File

@ -21,6 +21,7 @@ class ApiUsersIndexHandler(BaseApiHandler):
_, _,
_, _,
user, user,
_,
) = auth_data ) = auth_data
# GET /api/v2/users?ids=true # GET /api/v2/users?ids=true
@ -70,6 +71,7 @@ class ApiUsersIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
user, user,
_,
) = auth_data ) = auth_data
if EnumPermissionsCrafty.USER_CONFIG not in exec_user_crafty_permissions: if EnumPermissionsCrafty.USER_CONFIG not in exec_user_crafty_permissions:
@ -149,8 +151,9 @@ class ApiUsersIndexHandler(BaseApiHandler):
400, {"status": "error", "error": "INVALID_SUPERUSER_CREATE"} 400, {"status": "error", "error": "INVALID_SUPERUSER_CREATE"}
) )
if len(roles) != 0 and not superuser: for role in roles:
# HACK: This should check if the user has the roles or something role = self.controller.roles.get_role(role)
if int(role["manager"]) != int(auth_data[4]["user_id"]) and not superuser:
return self.finish_json( return self.finish_json(
400, {"status": "error", "error": "INVALID_ROLES_CREATE"} 400, {"status": "error", "error": "INVALID_ROLES_CREATE"}
) )

2
app/classes/web/routes/api/users/user/api.py
View File

@ -113,6 +113,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
_, _,
_superuser, _superuser,
user, user,
_,
) = auth_data ) = auth_data
try: try:
@ -188,6 +189,7 @@ class ApiUsersUserKeyHandler(BaseApiHandler):
_, _,
_, _,
_user, _user,
_,
) = auth_data ) = auth_data
if key_id: if key_id:
key = self.controller.users.get_user_api_key(key_id) key = self.controller.users.get_user_api_key(key_id)

3
app/classes/web/routes/api/users/user/index.py
View File

@ -24,6 +24,7 @@ class ApiUsersUserIndexHandler(BaseApiHandler):
_, _,
_, _,
user, user,
_,
) = auth_data ) = auth_data
if user_id in ["@me", user["user_id"]]: if user_id in ["@me", user["user_id"]]:
@ -72,6 +73,7 @@ class ApiUsersUserIndexHandler(BaseApiHandler):
_, _,
_, _,
user, user,
_,
) = auth_data ) = auth_data
if (user_id in ["@me", user["user_id"]]) and self.helper.get_setting( if (user_id in ["@me", user["user_id"]]) and self.helper.get_setting(
@ -121,6 +123,7 @@ class ApiUsersUserIndexHandler(BaseApiHandler):
_, _,
superuser, superuser,
user, user,
_,
) = auth_data ) = auth_data
try: try:

1
app/classes/web/routes/api/users/user/permissions.py
View File

@ -27,6 +27,7 @@ class ApiUsersUserPermissionsHandler(BaseApiHandler):
_, _,
_, _,
user, user,
_,
) = auth_data ) = auth_data
if user_id in ["@me", user["user_id"]]: if user_id in ["@me", user["user_id"]]:

1
app/classes/web/routes/api/users/user/public.py
View File

@ -17,6 +17,7 @@ class ApiUsersUserPublicHandler(BaseApiHandler):
_, _,
_, _,
user, user,
_,
) = auth_data ) = auth_data
if user_id == "@me": if user_id == "@me":