Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-12 00:06:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2e8d9d5e8e58eb4c76e7dc0ba1a56bc9accdc2cc
CyberPanel/test_api_key_fix.sh
usmannasir 2cd361a837 Fix backup file operation failures for API key authentication 
Problem: "Failed to backup file before replacement" error when using API key authentication.

Root Cause:
- The externalApp field (which contains the system user for file operations) was sometimes None
- When using API key authentication, the code couldn't determine which user to run commands as

Solution:
- Added fallback logic to ensure we always have a valid user for file operations:
  1. First try wp_site.owner.externalApp
  2. If not set, try Websites.objects.get(domain).externalApp
  3. If still not set, fall back to admin username
- Added detailed error messages and logging throughout backup operations
- Enhanced error reporting to include user context and operation details
- Added validation for backup directory creation with proper error handling

Changes:
- Modified validate_access_token() OPTION 2 and OPTION 3 to ensure external_app is always set
- Enhanced backup and replace operations with better error messages
- Added detailed logging for debugging file operation failures
- Include user context in error messages for easier troubleshooting

This ensures file operations work correctly even when externalApp field is not properly configured.
2025-10-27 14:16:01 +05:00

74 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Test script to verify API key validation fix
# Configuration - adjust these values
# For remote testing, replace with your CyberPanel server URL
SERVER="${CYBERPANEL_SERVER:-http://localhost:8001}"
API_KEY="${CYBERPANEL_API_KEY:-cp_GrHf3ysP0SKhrEiazmqt3kRJA5KwOFQW8VJKcDQ8B5Bg}" # Your actual API key
SCAN_ID="${CYBERPANEL_SCAN_ID:-550e8400-e29b-41d4-a716-446655440000}" # A valid scan ID from your system
echo "Using server: $SERVER"
echo "Using API key: ${API_KEY:0:20}..."
echo "Using scan ID: $SCAN_ID"
echo ""
echo "=========================================="
echo "Testing CyberPanel API Key Validation Fix"
echo "=========================================="
echo ""
# Test 1: List API keys in the system
echo "1. Listing API keys in system..."
echo "---------------------------------"
curl -s "$SERVER/api/ai-scanner/list-api-keys/" | python3 -m json.tool
echo ""
# Test 2: Test authentication with X-API-Key header
echo "2. Testing X-API-Key authentication..."
echo "---------------------------------------"
curl -s -X POST "$SERVER/api/ai-scanner/test-auth/" \
-H "X-API-Key: $API_KEY" \
-H "X-Scan-ID: $SCAN_ID" \
-H "Content-Type: application/json" \
-d "{\"scan_id\": \"$SCAN_ID\"}" | python3 -m json.tool
echo ""
# Test 3: Test actual file operation with X-API-Key
echo "3. Testing file operation with X-API-Key..."
echo "--------------------------------------------"
RESPONSE=$(curl -s -w "\n%{http_code}" "$SERVER/api/scanner/get-file?file_path=wp-content/test.php" \
-H "X-API-Key: $API_KEY" \
-H "X-Scan-ID: $SCAN_ID")
HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
BODY=$(echo "$RESPONSE" | head -n-1)
echo "HTTP Status: $HTTP_CODE"
echo "Response body:"
echo "$BODY" | python3 -m json.tool 2>/dev/null || echo "$BODY"
echo ""
# Test 4: Test with Bearer token (backward compatibility)
echo "4. Testing Bearer token (backward compatibility)..."
echo "----------------------------------------------------"
RESPONSE=$(curl -s -w "\n%{http_code}" "$SERVER/api/scanner/get-file?file_path=wp-content/test.php" \
-H "Authorization: Bearer $API_KEY" \
-H "X-Scan-ID: $SCAN_ID")
HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
BODY=$(echo "$RESPONSE" | head -n-1)
echo "HTTP Status: $HTTP_CODE"
echo "Response body:"
echo "$BODY" | python3 -m json.tool 2>/dev/null || echo "$BODY"
echo ""
echo "=========================================="
echo "Test complete!"
echo ""
echo "Expected results:"
echo "- Test 1: Should show API keys in system"
echo "- Test 2: Should show validation success with detailed steps"
echo "- Test 3: Should return 200 or 404 (not 401)"
echo "- Test 4: Should also work with Bearer token"
echo "=========================================="
Reference in New Issue View Git Blame Copy Permalink