Fixed root login and superUser Password setup for UDS

2025-03-13 08:58:35 +03:00 · 2023-12-13 16:39:14 +01:00 · 2023-12-13 16:39:14 +01:00 · 0093cd8056
commit 0093cd8056
parent df5496d0e4
7 changed files with 28 additions and 9 deletions
--- a/server/src/uds/core/auths/auth.py
+++ b/server/src/uds/core/auths/auth.py
@ -132,9 +132,9 @@ def getRootUser() -> models.User:
    user.manager = models.Authenticator()  # type: ignore
    # Fake overwrite some methods, a bit cheating? maybe? :)
    user.getGroups = lambda: []  # type: ignore
-    user.updateLastAccess = lambda: None
+    user.updateLastAccess = lambda: None  # type: ignore
    # Override logout method to do nothing for this user
-    user.logout = lambda request: types.auth.SUCCESS_AUTH
+    user.logout = lambda request: types.auth.SUCCESS_AUTH  # type: ignore
    return user


--- a/server/src/uds/core/auths/authenticator.py
+++ b/server/src/uds/core/auths/authenticator.py
@ -207,6 +207,8 @@ class Authenticator(Module):
        from uds.models import Authenticator  # pylint: disable=import-outside-toplevel

        if self._dbObj is None:
+            if not self._uuid:
+                return Authenticator.nullAuthenticator()
            self._dbObj = Authenticator.objects.get(uuid=self._uuid)
        return self._dbObj

@ -365,6 +367,9 @@ class Authenticator(Module):
        """
        Used by the login interface to determine if the authenticator is visible on the login page.
        """
+        # Maybe "internal for root", if this is the case, it is valid for all ips
+        if not self.dbObj().id:
+            return True
        return self.dbObj().state != consts.auth.DISABLED and self.dbObj().isValidForIp(
            typing.cast('types.request.ExtendedHttpRequest', request).ip
        )
--- a/server/src/uds/core/util/config.py
+++ b/server/src/uds/core/util/config.py
@ -117,7 +117,7 @@ class Config:
            return self._sectionName

    class Value:
-        _section: 'Config.Section'  # type: ignore  # mypy bug?
+        _section: 'Config.Section'  # type: ignore  # mypy complains??
        _type: int
        _key: str
        _crypt: bool
@ -446,7 +446,7 @@ class GlobalConfig:
        'superUser', 'root', type=Config.FieldType.TEXT, help=_('Superuser username')
    )
    # Superuser password (do not need to be at database!!!)
-    SUPER_USER_PASS: Config.Value = Config.section(Config.SectionType.SECURITY).value(
+    SUPER_USER_PASS: Config.Value = Config.section(Config.SectionType.SECURITY).valueCrypt(
        'rootPass', 'udsmam0', type=Config.FieldType.PASSWORD, help=_('Superuser password')
    )
    SUPER_USER_ALLOW_WEBACCESS: Config.Value = Config.section(Config.SectionType.SECURITY).value(
--- a/server/src/uds/management/commands/config.py
+++ b/server/src/uds/management/commands/config.py
@ -44,6 +44,10 @@ class Command(BaseCommand):

    def add_arguments(self, parser) -> None:
        parser.add_argument('name_value', nargs='+', type=str)
+        # if force crypt is specified, we will force crypting of passwords
+        parser.add_argument('--force-crypt', action='store_true', default=False, help='Force crypting of passwords')
+        
+        

    def handle(self, *args, **options) -> None:
        logger.debug("Handling settings")
@ -60,7 +64,10 @@ class Command(BaseCommand):
                if (
                    Config.update(mod, name, value) is False
                ):  # If not exists, try to store value without any special parameters
-                    Config.section(mod).value(name, value).get()
+                    if options['force_crypt']:
+                        value = Config.section(mod).valueCrypt(name, value).get()
+                    else:
+                        Config.section(mod).value(name, value).get()
        except Exception as e:
            self.stderr.write(f'The command could not be processed: {e}')
            logger.exception('Exception processing %s', args)
--- a/server/src/uds/models/authenticator.py
+++ b/server/src/uds/models/authenticator.py
@ -231,6 +231,13 @@ class Authenticator(ManagedObjectModel, TaggingMixin):
            return exists
        # Deny, must not be in any network
        return not exists
+    
+    @staticmethod
+    def nullAuthenticator() -> 'Authenticator':
+        """
+        Returns a null authenticator, that is, an authenticator that does nothing
+        """
+        return Authenticator(uuid='')

    @staticmethod
    def all() -> 'models.QuerySet[Authenticator]':
--- a/server/src/uds/web/util/authentication.py
+++ b/server/src/uds/web/util/authentication.py
@ -94,7 +94,7 @@ def checkLogin(  # pylint: disable=too-many-branches, too-many-statements
                uuid=processUuid(form.cleaned_data['authenticator'])
            )
        except Exception:
-            authenticator = Authenticator()
+            authenticator = Authenticator.nullAuthenticator()
        userName = form.cleaned_data['user']
        if GlobalConfig.LOWERCASE_USERNAME.getBool(True) is True:
            userName = userName.lower()
--- a/server/src/uds/web/views/main.py
+++ b/server/src/uds/web/views/main.py
@ -78,9 +78,9 @@ def index(request: HttpRequest) -> HttpResponse:
        csrf_token = str(csrf_token)

    response = render(
-        request,
-        'uds/modern/index.html',
-        {'csrf_field': CSRF_FIELD, 'csrf_token': csrf_token},
+        request=request,
+        template_name='uds/modern/index.html',
+        context={'csrf_field': CSRF_FIELD, 'csrf_token': csrf_token},
    )

    # Ensure UDS cookie is present