mirror of
https://github.com/unslothai/unsloth.git
synced 2026-07-10 00:08:58 +00:00
* Studio: set the admin password before exposing it on the network On first run Studio seeds the default `unsloth` admin with a random bootstrap password and embeds it into index.html (window.__UNSLOTH_BOOTSTRAP__) so the local user can change it without typing it. A request with no Origin header counts as same-origin, which is what a normal top-level GET sends, so the page hands out the password to whoever loads it. That is harmless on the default 127.0.0.1 bind, but `--secure` (public Cloudflare tunnel) and `--host 0.0.0.0` (raw port reachable on the network) would serve the plaintext admin password to remote visitors during the bootstrap window. Fix this at the source: when launching a network-exposed web UI, prompt the operator in the terminal for a real admin password (with confirmation) before the socket binds or the tunnel opens, and persist it via update_password (which clears must_change_password and deletes the .bootstrap_password file). After that there is no bootstrap secret to leak. Non-interactive launches can supply it via UNSLOTH_STUDIO_ADMIN_PASSWORD. The masked reader echoes '*' per character and works on Linux, macOS, and Windows (PowerShell/cmd). Loopback binds, --api-only (no web UI), and Colab are unaffected. As defense in depth, the index handler now embeds the bootstrap object only for a direct local navigation: same-origin AND a loopback TCP peer with no proxy/tunnel forwarding headers (cf-ray, cf-connecting-ip, x-forwarded-for, x-forwarded-host, x-real-ip, forwarded). Colab stays exempt. This keeps the password off the wire even when the prompt is skipped (no TTY and no env var). Adds unit coverage for the prompt/confirm/decision logic, an integration test that provisioning clears the bootstrap state, and regression tests for the local-direct gate (loopback/IPv6/mapped/localhost peers, LAN/public peers, missing client, each forwarding header, spoofed XFF, and the Colab exemption). * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Studio: fail fast on an explicitly empty admin-password env var resolve_admin_password_source treated UNSLOTH_STUDIO_ADMIN_PASSWORD="" like the var was unset and fell back to the bootstrap backstop. Treat any set value (including empty) as the env source so it reaches the minimum-length guard and refuses to expose the server instead of silently keeping the seeded password. * Studio: apply repo kwarg-spacing format to the secure-admin-password files * Studio: drop the pre-exposure password prompt; keep the local-direct gate Per review, the blocking prompt added friction for --secure / 0.0.0.0 first-run launches without extra security: the local-direct injection gate in main.py already keeps the bootstrap password off the network for any remote request. Remove the prompt module and its tests; the gate plus the existing must_change_password first-login flow are the fix. * Studio: shut down an exposed first-run instance if the admin password is never changed The local-direct gate keeps the seeded bootstrap password off the network, but it stays a valid credential until first login changes it. For an exposed web UI (--secure / 0.0.0.0, not --api-only, not Colab), arm a daemon timer: if the password is still the seeded one after the deadline (UNSLOTH_STUDIO_BOOTSTRAP_TIMEOUT, default 3600s, 0 disables), print a message and shut Studio down via the existing graceful-shutdown path; if it was changed, leave Studio running. * Studio: revert the local-direct injection gate; keep the 1-hour auto-shutdown Per maintainer decision, keep the first-run auto-fill behavior unchanged (the bootstrap password still seeds the login form for convenience) and rely on the exposed-instance auto-shutdown to bound the window: an exposed web UI that never changes the seeded admin password is torn down after UNSLOTH_STUDIO_BOOTSTRAP_TIMEOUT (default 1h). Restores studio/backend/main.py and its origin test to upstream. * Studio: render the bootstrap-timeout shutdown message with a human duration The message hardcoded 'minute(s)' via timeout//60, so a sub-minute timeout (e.g. a 30s test value) printed 'within 1 minute(s)'. Add _format_duration so it reads '30 seconds' / '1 minute 30 seconds' / '60 minutes' as appropriate. The default 3600s still renders '60 minutes'. * Studio: drop stale local-direct gate reference from bootstrap_timeout docstring The gate was reverted (timer-only), so the module docstring should not describe a main.py gate that no longer exists. --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
185 lines
5.6 KiB
Python
185 lines
5.6 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-only
|
|
# Copyright 2026-present the Unsloth AI Inc. team. All rights reserved. See /studio/LICENSE.AGPL-3.0
|
|
|
|
"""Coverage for the exposed-first-run auto-shutdown deadline.
|
|
|
|
Tests the env parsing, the pure arm/no-arm decision matrix, and the deadline
|
|
handler (shut down iff the seeded admin password is still unchanged). The
|
|
threading.Timer itself is not exercised; the handler is invoked directly.
|
|
"""
|
|
|
|
from types import SimpleNamespace
|
|
|
|
from auth.bootstrap_timeout import (
|
|
DEFAULT_BOOTSTRAP_TIMEOUT_SECONDS,
|
|
_format_duration,
|
|
bootstrap_timeout_seconds,
|
|
enforce_bootstrap_password_deadline,
|
|
should_arm_bootstrap_timeout,
|
|
)
|
|
|
|
|
|
# ── bootstrap_timeout_seconds ───────────────────────────────────────
|
|
|
|
|
|
def test_default_when_unset():
|
|
assert bootstrap_timeout_seconds(env = {}) == DEFAULT_BOOTSTRAP_TIMEOUT_SECONDS
|
|
|
|
|
|
def test_default_when_empty():
|
|
assert bootstrap_timeout_seconds(env = {"UNSLOTH_STUDIO_BOOTSTRAP_TIMEOUT": " "}) == (
|
|
DEFAULT_BOOTSTRAP_TIMEOUT_SECONDS
|
|
)
|
|
|
|
|
|
def test_explicit_value_parsed():
|
|
assert bootstrap_timeout_seconds(env = {"UNSLOTH_STUDIO_BOOTSTRAP_TIMEOUT": "1800"}) == 1800
|
|
|
|
|
|
def test_zero_disables():
|
|
assert bootstrap_timeout_seconds(env = {"UNSLOTH_STUDIO_BOOTSTRAP_TIMEOUT": "0"}) == 0
|
|
|
|
|
|
def test_negative_disables():
|
|
assert bootstrap_timeout_seconds(env = {"UNSLOTH_STUDIO_BOOTSTRAP_TIMEOUT": "-5"}) == 0
|
|
|
|
|
|
def test_invalid_falls_back_to_default():
|
|
# A typo must keep the protection, not silently disable it.
|
|
assert bootstrap_timeout_seconds(env = {"UNSLOTH_STUDIO_BOOTSTRAP_TIMEOUT": "abc"}) == (
|
|
DEFAULT_BOOTSTRAP_TIMEOUT_SECONDS
|
|
)
|
|
|
|
|
|
# ── should_arm_bootstrap_timeout matrix ─────────────────────────────
|
|
|
|
|
|
def _arm_kwargs(**overrides):
|
|
kwargs = dict(
|
|
host = "0.0.0.0",
|
|
secure = False,
|
|
api_only = False,
|
|
frontend_served = True,
|
|
is_colab = False,
|
|
requires_change = True,
|
|
timeout_seconds = 3600,
|
|
)
|
|
kwargs.update(overrides)
|
|
return kwargs
|
|
|
|
|
|
def test_arm_exposed_wildcard_web_ui():
|
|
assert should_arm_bootstrap_timeout(**_arm_kwargs()) is True
|
|
|
|
|
|
def test_arm_secure_loopback_bind():
|
|
# --secure forces a loopback bind but exposes a public tunnel.
|
|
assert should_arm_bootstrap_timeout(**_arm_kwargs(host = "127.0.0.1", secure = True)) is True
|
|
|
|
|
|
def test_no_arm_loopback_bind():
|
|
assert should_arm_bootstrap_timeout(**_arm_kwargs(host = "127.0.0.1", secure = False)) is False
|
|
|
|
|
|
def test_no_arm_api_only():
|
|
assert should_arm_bootstrap_timeout(**_arm_kwargs(api_only = True)) is False
|
|
|
|
|
|
def test_no_arm_no_frontend():
|
|
assert should_arm_bootstrap_timeout(**_arm_kwargs(frontend_served = False)) is False
|
|
|
|
|
|
def test_no_arm_colab():
|
|
assert should_arm_bootstrap_timeout(**_arm_kwargs(is_colab = True)) is False
|
|
|
|
|
|
def test_no_arm_password_already_changed():
|
|
assert should_arm_bootstrap_timeout(**_arm_kwargs(requires_change = False)) is False
|
|
|
|
|
|
def test_no_arm_timeout_disabled():
|
|
assert should_arm_bootstrap_timeout(**_arm_kwargs(timeout_seconds = 0)) is False
|
|
|
|
|
|
# ── enforce_bootstrap_password_deadline ─────────────────────────────
|
|
|
|
|
|
def _fake_storage(requires_change: bool):
|
|
return SimpleNamespace(
|
|
DEFAULT_ADMIN_USERNAME = "unsloth",
|
|
requires_password_change = lambda _username: requires_change,
|
|
)
|
|
|
|
|
|
def test_deadline_shuts_down_when_password_unchanged():
|
|
calls = []
|
|
result = enforce_bootstrap_password_deadline(
|
|
_fake_storage(requires_change = True),
|
|
lambda: calls.append("shutdown"),
|
|
timeout_seconds = 3600,
|
|
)
|
|
assert result is True
|
|
assert calls == ["shutdown"]
|
|
|
|
|
|
def test_deadline_keeps_running_when_password_changed():
|
|
calls = []
|
|
result = enforce_bootstrap_password_deadline(
|
|
_fake_storage(requires_change = False),
|
|
lambda: calls.append("shutdown"),
|
|
timeout_seconds = 3600,
|
|
)
|
|
assert result is False
|
|
assert calls == []
|
|
|
|
|
|
def test_deadline_swallows_shutdown_errors():
|
|
def _boom():
|
|
raise RuntimeError("shutdown failed")
|
|
|
|
# A failing shutdown must not propagate out of the timer thread.
|
|
result = enforce_bootstrap_password_deadline(
|
|
_fake_storage(requires_change = True),
|
|
_boom,
|
|
timeout_seconds = 3600,
|
|
)
|
|
assert result is True
|
|
|
|
|
|
# ── _format_duration ────────────────────────────────────────────────
|
|
|
|
|
|
def test_format_duration_sub_minute_uses_seconds():
|
|
assert _format_duration(30) == "30 seconds"
|
|
|
|
|
|
def test_format_duration_singular_second():
|
|
assert _format_duration(1) == "1 second"
|
|
|
|
|
|
def test_format_duration_exact_minutes():
|
|
assert _format_duration(60) == "1 minute"
|
|
assert _format_duration(3600) == "60 minutes"
|
|
|
|
|
|
def test_format_duration_minutes_and_seconds():
|
|
assert _format_duration(90) == "1 minute 30 seconds"
|
|
|
|
|
|
def test_shutdown_message_uses_formatted_duration():
|
|
# The deadline message must reflect the real timeout, not a rounded
|
|
# "minute(s)" placeholder. Capture the warning via a fake logger.
|
|
logged = []
|
|
|
|
class _Logger:
|
|
def warning(self, msg, *args):
|
|
logged.append(msg)
|
|
|
|
enforce_bootstrap_password_deadline(
|
|
_fake_storage(requires_change = True),
|
|
lambda: None,
|
|
timeout_seconds = 3600,
|
|
logger = _Logger(),
|
|
)
|
|
assert any("60 minutes" in m for m in logged)
|
|
assert not any("minute(s)" in m for m in logged)
|