From 101bb4158730d9bacbaa20dda6ecaed015da37e8 Mon Sep 17 00:00:00 2001
From: Chaim Lev-Ari <chiptus@users.noreply.github.com>
Date: Tue, 4 Dec 2018 05:50:41 +0200
Subject: [PATCH] feat(security): shutdown instance after 5minutes if no admin
 account created (#2500)

* feat(security): skip admin check if --no-auth

* fix(security): change error message
---
 api/cmd/portainer/main.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/api/cmd/portainer/main.go b/api/cmd/portainer/main.go
index f7890c2c4..5cf99b3d7 100644
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -468,6 +468,21 @@ func initJobService(dockerClientFactory *docker.ClientFactory) portainer.JobServ
 	return docker.NewJobService(dockerClientFactory)
 }
 
+func terminateIfNoAdminCreated(userService portainer.UserService) {
+	timer1 := time.NewTimer(5 * time.Minute)
+	<-timer1.C
+
+	users, err := userService.UsersByRole(portainer.AdministratorRole)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if len(users) == 0 {
+		log.Fatal("No administrator account was created after 5 min. Shutting down the Portainer instance for security reasons.")
+		return
+	}
+}
+
 func main() {
 	flags := initCLI()
 
@@ -586,6 +601,10 @@ func main() {
 		}
 	}
 
+	if !*flags.NoAuth {
+		go terminateIfNoAdminCreated(store.UserService)
+	}
+
 	var server portainer.Server = &http.Server{
 		Status:                 applicationStatus,
 		BindAddress:            *flags.Addr,