moved creation of initial admin user to separate function
This commit is contained in:
parent
38164aca4b
commit
ff9d21bcd5
|
|
@ -2,7 +2,8 @@ import logging
|
||||||
from flask import Flask
|
from flask import Flask
|
||||||
from flask_sqlalchemy import SQLAlchemy
|
from flask_sqlalchemy import SQLAlchemy
|
||||||
from flask_security.models import fsqla_v2 as fsqla
|
from flask_security.models import fsqla_v2 as fsqla
|
||||||
from flask_security import Security, SQLAlchemyUserDatastore
|
from flask_security import Security, SQLAlchemyUserDatastore, hash_password
|
||||||
|
from email_validator import validate_email
|
||||||
|
|
||||||
import ldap3
|
import ldap3
|
||||||
|
|
||||||
|
|
@ -15,6 +16,57 @@ from .auth import ExtendedLoginForm
|
||||||
security = Security()
|
security = Security()
|
||||||
|
|
||||||
|
|
||||||
|
# create admin users (only if they don't exists already)
|
||||||
|
def create_super_admins(app, db, user_datastore, logger):
|
||||||
|
# setup user database when starting the app
|
||||||
|
with app.app_context():
|
||||||
|
new_admin_data = []
|
||||||
|
if app.config['ADMIN_FILE'] is not None:
|
||||||
|
if not Path(app.config['ADMIN_FILE']).exists():
|
||||||
|
logger.warning(
|
||||||
|
f"Admin user creation file not found at {app.config['ADMIN_FILE']}")
|
||||||
|
else:
|
||||||
|
# store data for new admins in memory s.t. the file can be deleted afterwards
|
||||||
|
with open(app.config['ADMIN_FILE']) as f:
|
||||||
|
for i, line in enumerate(f.readlines()):
|
||||||
|
if not line.strip().startswith('#'):
|
||||||
|
try:
|
||||||
|
user, email, pw = line.split()
|
||||||
|
validate_email(email)
|
||||||
|
new_admin_data.append(
|
||||||
|
{'username': user, 'email': email,
|
||||||
|
'password': pw})
|
||||||
|
except Exception as e:
|
||||||
|
print(
|
||||||
|
f"Error while parsing line {i} in admin config file. Config file should contain lines of "
|
||||||
|
f"'<username> <email> <password>\\n'\n Exception: {e}\nAdmin account could not be created.")
|
||||||
|
|
||||||
|
db.create_all()
|
||||||
|
super_admin_role = user_datastore.find_or_create_role(
|
||||||
|
'super_admin') # root admin = can create other admins
|
||||||
|
admin_role = user_datastore.find_or_create_role(
|
||||||
|
'admin') # 'normal' admin
|
||||||
|
local_role = user_datastore.find_or_create_role(
|
||||||
|
'local') # LDAP user or local user
|
||||||
|
|
||||||
|
for d in new_admin_data:
|
||||||
|
if user_datastore.find_user(email=d['email'],
|
||||||
|
username=d['username']) is None:
|
||||||
|
roles = [super_admin_role, admin_role]
|
||||||
|
if not d['password'] == 'LDAP':
|
||||||
|
roles.append(local_role)
|
||||||
|
logger.info(
|
||||||
|
f"New super admin user created with username '{d['username']}' and email '{d['email']}', roles = {[r.name for r in roles]}")
|
||||||
|
|
||||||
|
# create new admin (only if admin does not already exist)
|
||||||
|
new_admin = user_datastore.create_user(email=d['email'],
|
||||||
|
username=d[
|
||||||
|
'username'],
|
||||||
|
password=hash_password(
|
||||||
|
d['password']),
|
||||||
|
roles=roles)
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
def setup_logging(app):
|
def setup_logging(app):
|
||||||
# set up logging for the web app
|
# set up logging for the web app
|
||||||
logger = logging.getLogger('webapp')
|
logger = logging.getLogger('webapp')
|
||||||
|
|
@ -108,63 +160,12 @@ def create_app():
|
||||||
|
|
||||||
app.register_blueprint(door_app)
|
app.register_blueprint(door_app)
|
||||||
|
|
||||||
# setup user database when starting the app
|
|
||||||
# with app.app_context():
|
|
||||||
# new_admin_data = []
|
|
||||||
# if config.admin_file is not None:
|
|
||||||
# if not Path(config.admin_file).exists():
|
|
||||||
# logger.warning(
|
|
||||||
# f"Admin user creation file not found at {config.admin_file}")
|
|
||||||
# else:
|
|
||||||
# # store data for new admins in memory s.t. the file can be deleted afterwards
|
|
||||||
# with open(config.admin_file) as f:
|
|
||||||
# for i, line in enumerate(f.readlines()):
|
|
||||||
# if not line.strip().startswith('#'):
|
|
||||||
# try:
|
|
||||||
# user, email, pw = line.split()
|
|
||||||
# validate_email(email)
|
|
||||||
# new_admin_data.append(
|
|
||||||
# {'username': user, 'email': email,
|
|
||||||
# 'password': pw})
|
|
||||||
# except Exception as e:
|
|
||||||
# print(
|
|
||||||
# f"Error while parsing line {i} in admin config file. Config file should contain lines of "
|
|
||||||
# f"'<username> <email> <password>\\n'\n Exception: {e}\nAdmin account could not be created.")
|
|
||||||
#
|
|
||||||
# # create admin users (only if they don't exists already)
|
|
||||||
# def create_super_admins(new_admin_data):
|
|
||||||
# db.create_all()
|
|
||||||
# super_admin_role = user_datastore.find_or_create_role(
|
|
||||||
# 'super_admin') # root admin = can create other admins
|
|
||||||
# admin_role = user_datastore.find_or_create_role(
|
|
||||||
# 'admin') # 'normal' admin
|
|
||||||
# local_role = user_datastore.find_or_create_role(
|
|
||||||
# 'local') # LDAP user or local user
|
|
||||||
#
|
|
||||||
# for d in new_admin_data:
|
|
||||||
# if user_datastore.find_user(email=d['email'],
|
|
||||||
# username=d['username']) is None:
|
|
||||||
# roles = [super_admin_role, admin_role]
|
|
||||||
# if not d['password'] == 'LDAP':
|
|
||||||
# roles.append(local_role)
|
|
||||||
# logger.info(
|
|
||||||
# f"New super admin user created with username '{d['username']}' and email '{d['email']}', roles = {[r.name for r in roles]}")
|
|
||||||
#
|
|
||||||
# # create new admin (only if admin does not already exist)
|
|
||||||
# new_admin = user_datastore.create_user(email=d['email'],
|
|
||||||
# username=d[
|
|
||||||
# 'username'],
|
|
||||||
# password=hash_password(
|
|
||||||
# d['password']),
|
|
||||||
# roles=roles)
|
|
||||||
# db.session.commit()
|
|
||||||
#
|
|
||||||
# create_super_admins(new_admin_data)
|
|
||||||
|
|
||||||
ldap_server = ldap3.Server(app.config['LDAP_URL'])
|
ldap_server = ldap3.Server(app.config['LDAP_URL'])
|
||||||
|
|
||||||
# Setup Flask-Security
|
# Setup Flask-Security
|
||||||
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
|
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
|
||||||
security.init_app(app, user_datastore, login_form=ExtendedLoginForm)
|
security.init_app(app, user_datastore, login_form=ExtendedLoginForm)
|
||||||
|
|
||||||
|
create_super_admins(app, db, user_datastore, logger)
|
||||||
|
|
||||||
return app
|
return app
|
||||||
Loading…
Reference in New Issue
Block a user