From e8c1effd15bb0da26c8d51a97174169766ee211d Mon Sep 17 00:00:00 2001 From: Simon Pirkelmann Date: Fri, 4 Feb 2022 22:40:56 +0100 Subject: [PATCH] simplified super admin creation --- imaginaerraum_door_admin/__init__.py | 98 +++++++++++++++------------- 1 file changed, 53 insertions(+), 45 deletions(-) diff --git a/imaginaerraum_door_admin/__init__.py b/imaginaerraum_door_admin/__init__.py index d2805b2..d99f067 100644 --- a/imaginaerraum_door_admin/__init__.py +++ b/imaginaerraum_door_admin/__init__.py @@ -12,54 +12,62 @@ db = SQLAlchemy() # create admin users (only if they don't exists already) -def create_super_admins(app, db, user_datastore, logger): +def create_super_admins(app, user_datastore): + admin_file = Path(app.config.get('ADMIN_FILE')) + # setup user database when starting the app - with app.app_context(): - new_admin_data = [] - if app.config['ADMIN_FILE'] is not None: - if not Path(app.config['ADMIN_FILE']).exists(): - logger.warning( - f"Admin user creation file not found at {app.config['ADMIN_FILE']}") - else: - # store data for new admins in memory s.t. the file can be deleted afterwards - with open(app.config['ADMIN_FILE']) as f: - for i, line in enumerate(f.readlines()): - if not line.strip().startswith('#'): - try: - user, email, pw = line.split() - validate_email(email) - new_admin_data.append( - {'username': user, 'email': email, - 'password': pw}) - except Exception as e: - print( - f"Error while parsing line {i} in admin config file. Config file should contain lines of " - f"' \\n'\n Exception: {e}\nAdmin account could not be created.") + new_admin_data = [] + if not admin_file.exists(): + app.logger.warning( + f"Admin user creation file not found at path " + f"{admin_file.absolute()}." + f"No super admins have been created in the datastore." + ) + else: + # store data for new admins in memory s.t. the file can be deleted + # afterwards + admin_data = admin_file.read_text().split('\n') + for i, line in enumerate(admin_data): + if not line.strip().startswith('#'): + try: + user, email, pw = line.split() + validate_email(email) + new_admin_data.append( + {'username': user, 'email': email, + 'password': pw}) + except Exception as e: + app.logger.error( + f"Error while parsing line {i} in admin config file. Config file should contain lines of " + f"' \\n'\n Exception: {e}\nAdmin account could not be created." + ) - db.create_all() - super_admin_role = user_datastore.find_or_create_role( - 'super_admin') # root admin = can create other admins - admin_role = user_datastore.find_or_create_role( - 'admin') # 'normal' admin - local_role = user_datastore.find_or_create_role( - 'local') # LDAP user or local user + with app.app_context(): + db.create_all() + super_admin_role = user_datastore.find_or_create_role( + 'super_admin') # root admin = can create other admins + admin_role = user_datastore.find_or_create_role( + 'admin') # 'normal' admin + local_role = user_datastore.find_or_create_role( + 'local') # LDAP user or local user - for d in new_admin_data: - if user_datastore.find_user(email=d['email'], - username=d['username']) is None: - roles = [super_admin_role, admin_role] - if not d['password'] == 'LDAP': - roles.append(local_role) - logger.info( - f"New super admin user created with username '{d['username']}' and email '{d['email']}', roles = {[r.name for r in roles]}") + for d in new_admin_data: + if user_datastore.find_user(email=d['email'], + username=d['username']) is None: + roles = [super_admin_role, admin_role] + if not d['password'] == 'LDAP': + roles.append(local_role) + + # create new admin (only if admin does not already exist) + new_admin = user_datastore.create_user( + email=d['email'], username=d['username'], + password=hash_password(d['password']), roles=roles + ) + app.logger.info( + f"New super admin user created with username " + f"'{new_admin.username}' and email '{new_admin.email}'" + f", roles = {[r.name for r in new_admin.roles]}" + ) - # create new admin (only if admin does not already exist) - new_admin = user_datastore.create_user(email=d['email'], - username=d[ - 'username'], - password=hash_password( - d['password']), - roles=roles) db.session.commit() @@ -99,6 +107,6 @@ def create_app(): user_datastore = SQLAlchemyUserDatastore(db, User, Role) security.init_app(app, user_datastore, login_form=ExtendedLoginForm) - create_super_admins(app, db, user_datastore, logger) + create_super_admins(app, user_datastore) return app