simplified super admin creation

This commit is contained in:
Simon Pirkelmann 2022-02-04 22:40:56 +01:00
parent 4470d2fb82
commit e8c1effd15

View File

@ -12,54 +12,62 @@ db = SQLAlchemy()
# create admin users (only if they don't exists already) # create admin users (only if they don't exists already)
def create_super_admins(app, db, user_datastore, logger): def create_super_admins(app, user_datastore):
admin_file = Path(app.config.get('ADMIN_FILE'))
# setup user database when starting the app # setup user database when starting the app
with app.app_context(): new_admin_data = []
new_admin_data = [] if not admin_file.exists():
if app.config['ADMIN_FILE'] is not None: app.logger.warning(
if not Path(app.config['ADMIN_FILE']).exists(): f"Admin user creation file not found at path "
logger.warning( f"{admin_file.absolute()}."
f"Admin user creation file not found at {app.config['ADMIN_FILE']}") f"No super admins have been created in the datastore."
else: )
# store data for new admins in memory s.t. the file can be deleted afterwards else:
with open(app.config['ADMIN_FILE']) as f: # store data for new admins in memory s.t. the file can be deleted
for i, line in enumerate(f.readlines()): # afterwards
if not line.strip().startswith('#'): admin_data = admin_file.read_text().split('\n')
try: for i, line in enumerate(admin_data):
user, email, pw = line.split() if not line.strip().startswith('#'):
validate_email(email) try:
new_admin_data.append( user, email, pw = line.split()
{'username': user, 'email': email, validate_email(email)
'password': pw}) new_admin_data.append(
except Exception as e: {'username': user, 'email': email,
print( 'password': pw})
f"Error while parsing line {i} in admin config file. Config file should contain lines of " except Exception as e:
f"'<username> <email> <password>\\n'\n Exception: {e}\nAdmin account could not be created.") app.logger.error(
f"Error while parsing line {i} in admin config file. Config file should contain lines of "
f"'<username> <email> <password>\\n'\n Exception: {e}\nAdmin account could not be created."
)
db.create_all() with app.app_context():
super_admin_role = user_datastore.find_or_create_role( db.create_all()
'super_admin') # root admin = can create other admins super_admin_role = user_datastore.find_or_create_role(
admin_role = user_datastore.find_or_create_role( 'super_admin') # root admin = can create other admins
'admin') # 'normal' admin admin_role = user_datastore.find_or_create_role(
local_role = user_datastore.find_or_create_role( 'admin') # 'normal' admin
'local') # LDAP user or local user local_role = user_datastore.find_or_create_role(
'local') # LDAP user or local user
for d in new_admin_data: for d in new_admin_data:
if user_datastore.find_user(email=d['email'], if user_datastore.find_user(email=d['email'],
username=d['username']) is None: username=d['username']) is None:
roles = [super_admin_role, admin_role] roles = [super_admin_role, admin_role]
if not d['password'] == 'LDAP': if not d['password'] == 'LDAP':
roles.append(local_role) roles.append(local_role)
logger.info(
f"New super admin user created with username '{d['username']}' and email '{d['email']}', roles = {[r.name for r in roles]}") # create new admin (only if admin does not already exist)
new_admin = user_datastore.create_user(
email=d['email'], username=d['username'],
password=hash_password(d['password']), roles=roles
)
app.logger.info(
f"New super admin user created with username "
f"'{new_admin.username}' and email '{new_admin.email}'"
f", roles = {[r.name for r in new_admin.roles]}"
)
# create new admin (only if admin does not already exist)
new_admin = user_datastore.create_user(email=d['email'],
username=d[
'username'],
password=hash_password(
d['password']),
roles=roles)
db.session.commit() db.session.commit()
@ -99,6 +107,6 @@ def create_app():
user_datastore = SQLAlchemyUserDatastore(db, User, Role) user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security.init_app(app, user_datastore, login_form=ExtendedLoginForm) security.init_app(app, user_datastore, login_form=ExtendedLoginForm)
create_super_admins(app, db, user_datastore, logger) create_super_admins(app, user_datastore)
return app return app