simplified super admin creation

2022-02-04 22:40:56 +01:00 · 2022-02-04 22:40:56 +01:00 · e8c1effd15
parent 4470d2fb82
commit e8c1effd15
1 changed files with 53 additions and 45 deletions
--- a/imaginaerraum_door_admin/init.py
+++ b/imaginaerraum_door_admin/init.py
@ -12,54 +12,62 @@ db = SQLAlchemy()


 # create admin users (only if they don't exists already)
-def create_super_admins(app, db, user_datastore, logger):
+def create_super_admins(app, user_datastore):
+    admin_file = Path(app.config.get('ADMIN_FILE'))
+
    # setup user database when starting the app
-    with app.app_context():
-        new_admin_data = []
-        if app.config['ADMIN_FILE'] is not None:
-            if not Path(app.config['ADMIN_FILE']).exists():
-                logger.warning(
-                    f"Admin user creation file not found at {app.config['ADMIN_FILE']}")
-            else:
-                # store data for new admins in memory s.t. the file can be deleted afterwards
-                with open(app.config['ADMIN_FILE']) as f:
-                    for i, line in enumerate(f.readlines()):
-                        if not line.strip().startswith('#'):
-                            try:
-                                user, email, pw = line.split()
-                                validate_email(email)
-                                new_admin_data.append(
-                                    {'username': user, 'email': email,
-                                     'password': pw})
-                            except Exception as e:
-                                print(
-                                    f"Error while parsing line {i} in admin config file. Config file should contain lines of "
-                                    f"'<username> <email> <password>\\n'\n Exception: {e}\nAdmin account could not be created.")
+    new_admin_data = []
+    if not admin_file.exists():
+        app.logger.warning(
+            f"Admin user creation file not found at path "
+            f"{admin_file.absolute()}."
+            f"No super admins have been created in the datastore."
+        )
+    else:
+        # store data for new admins in memory s.t. the file can be deleted
+        # afterwards
+        admin_data = admin_file.read_text().split('\n')
+        for i, line in enumerate(admin_data):
+            if not line.strip().startswith('#'):
+                try:
+                    user, email, pw = line.split()
+                    validate_email(email)
+                    new_admin_data.append(
+                        {'username': user, 'email': email,
+                         'password': pw})
+                except Exception as e:
+                    app.logger.error(
+                        f"Error while parsing line {i} in admin config file. Config file should contain lines of "
+                        f"'<username> <email> <password>\\n'\n Exception: {e}\nAdmin account could not be created."
+                    )

-        db.create_all()
-        super_admin_role = user_datastore.find_or_create_role(
-            'super_admin')  # root admin = can create other admins
-        admin_role = user_datastore.find_or_create_role(
-            'admin')  # 'normal' admin
-        local_role = user_datastore.find_or_create_role(
-            'local')  # LDAP user or local user
+        with app.app_context():
+            db.create_all()
+            super_admin_role = user_datastore.find_or_create_role(
+                'super_admin')  # root admin = can create other admins
+            admin_role = user_datastore.find_or_create_role(
+                'admin')  # 'normal' admin
+            local_role = user_datastore.find_or_create_role(
+                'local')  # LDAP user or local user

-        for d in new_admin_data:
-            if user_datastore.find_user(email=d['email'],
-                                        username=d['username']) is None:
-                roles = [super_admin_role, admin_role]
-                if not d['password'] == 'LDAP':
-                    roles.append(local_role)
-                logger.info(
-                    f"New super admin user created with username '{d['username']}' and email '{d['email']}', roles = {[r.name for r in roles]}")
+            for d in new_admin_data:
+                if user_datastore.find_user(email=d['email'],
+                                            username=d['username']) is None:
+                    roles = [super_admin_role, admin_role]
+                    if not d['password'] == 'LDAP':
+                        roles.append(local_role)
+
+                    # create new admin (only if admin does not already exist)
+                    new_admin = user_datastore.create_user(
+                        email=d['email'], username=d['username'],
+                        password=hash_password(d['password']), roles=roles
+                    )
+                    app.logger.info(
+                        f"New super admin user created with username "
+                        f"'{new_admin.username}' and email '{new_admin.email}'"
+                        f", roles = {[r.name for r in new_admin.roles]}"
+                    )

-                # create new admin (only if admin does not already exist)
-                new_admin = user_datastore.create_user(email=d['email'],
-                                                       username=d[
-                                                           'username'],
-                                                       password=hash_password(
-                                                           d['password']),
-                                                       roles=roles)
        db.session.commit()


@ -99,6 +107,6 @@ def create_app():
    user_datastore = SQLAlchemyUserDatastore(db, User, Role)
    security.init_app(app, user_datastore, login_form=ExtendedLoginForm)

-    create_super_admins(app, db, user_datastore, logger)
+    create_super_admins(app, user_datastore)

    return app