From 3912b4e93eae464404fddcb94575671d13b90b06 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Sun, 23 May 2021 11:24:01 +0200
Subject: [PATCH] Set initial admin password if configured

Resolves #806 (Allow admins to configure the initial password of the admin user)
Closes #809 PR (Allow to configure initial admin pw)
---
 .gitlab-ci.yml                                |  3 +-
 config/config.default.php                     |  7 ++-
 .../2021_05_23_000000_set_admin_password.php  | 48 +++++++++++++++++++
 deployment.tpl.yaml                           |  2 +
 src/Helpers/Authenticator.php                 |  4 +-
 tests/Unit/HasDatabase.php                    |  4 ++
 6 files changed, 63 insertions(+), 5 deletions(-)
 create mode 100644 db/migrations/2021_05_23_000000_set_admin_password.php

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5abc7dec..365cd7c8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -313,11 +313,12 @@ deploy:
     - export CI_INGRESS_DOMAIN=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?\K([^/]+)' | head -n1)
     - export CI_INGRESS_PATH=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?(?:[^/])+\K(.*)')
     - export CI_KUBE_NAMESPACE=$KUBE_NAMESPACE
-    # Any available storage class like longhorn
+    # Any available storage class like default, local-path (if you know what you are doing ;), longhorn etc.
     - export CI_PVC_SC=${CI_PVC_SC:-"${CI_PVC_SC_LOCAL:-local-path}"}
     - export CI_REPLICAS=${CI_REPLICAS_REVIEW:-${CI_REPLICAS:-2}}
     - export CI_APP_NAME=${CI_APP_NAME:-Engelsystem}
     - export CI_CLUSTER_ISSUER=${CI_CLUSTER_ISSUER:-letsencrypt}
+    - export CI_SETUP_ADMIN_PASSWORD=${CI_SETUP_ADMIN_PASSWORD}
 
     - cp deployment.tpl.yaml deployment.yaml
     - for env in ${!CI_*}; do sed -i "s#<${env}>#$(echo "${!env}"|head -n1)#g" deployment.yaml; done
diff --git a/config/config.default.php b/config/config.default.php
index b42c11c8..1cea89ff 100644
--- a/config/config.default.php
+++ b/config/config.default.php
@@ -66,6 +66,9 @@ return [
         'sendmail'   => env('MAIL_SENDMAIL', '/usr/sbin/sendmail -bs'),
     ],
 
+    // Initial admin password
+    'setup_admin_password'    => env('SETUP_ADMIN_PASSWORD', null),
+
     'oauth'                   => [
         // '[name]' => [config]
         /*
@@ -231,7 +234,7 @@ return [
     // Shifts overview
     // Set max number of hours that can be shown at once
     // 0 means no limit
-    'filter_max_duration' => env('FILTER_MAX_DURATION', 0),
+    'filter_max_duration'     => env('FILTER_MAX_DURATION', 0),
 
     // Session config
     'session'                 => [
@@ -266,7 +269,7 @@ return [
     ],
 
     // var dump server
-    'var_dump_server' => [
+    'var_dump_server'         => [
         'host' => '127.0.0.1',
         'port' => '9912',
         'enable' => false,
diff --git a/db/migrations/2021_05_23_000000_set_admin_password.php b/db/migrations/2021_05_23_000000_set_admin_password.php
new file mode 100644
index 00000000..cf9efaf1
--- /dev/null
+++ b/db/migrations/2021_05_23_000000_set_admin_password.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Engelsystem\Migrations;
+
+use Engelsystem\Config\Config;
+use Engelsystem\Database\Migration\Migration;
+use Engelsystem\Helpers\Authenticator;
+use Engelsystem\Models\User\User;
+use Illuminate\Database\Schema\Builder as SchemaBuilder;
+
+class SetAdminPassword extends Migration
+{
+    use Reference;
+
+    /** @var Authenticator */
+    protected $auth;
+
+    /** @var Config */
+    protected $config;
+
+    /**
+     * @param SchemaBuilder $schemaBuilder
+     * @param Authenticator $auth
+     * @param Config        $config
+     */
+    public function __construct(SchemaBuilder $schemaBuilder, Authenticator $auth, Config $config)
+    {
+        parent::__construct($schemaBuilder);
+
+        $this->auth = $auth;
+        $this->config = $config;
+    }
+
+    /**
+     * Run the migration
+     */
+    public function up()
+    {
+        /** @var User $admin */
+        $admin = $this->auth->authenticate('admin', 'asdfasdf');
+        $setupPassword = $this->config->get('setup_admin_password');
+        if (!$admin || !$setupPassword) {
+            return;
+        }
+
+        $this->auth->setPassword($admin, $setupPassword);
+    }
+}
diff --git a/deployment.tpl.yaml b/deployment.tpl.yaml
index 7cae375e..fcfae841 100644
--- a/deployment.tpl.yaml
+++ b/deployment.tpl.yaml
@@ -127,6 +127,8 @@ spec:
               value: engelsystem
             - name: MYSQL_PASSWORD
               value: engelsystem
+            - name: SETUP_ADMIN_PASSWORD
+              value: '<CI_SETUP_ADMIN_PASSWORD>'
       containers:
         - image: <CI_IMAGE>
           name: engelsystem-fpm
diff --git a/src/Helpers/Authenticator.php b/src/Helpers/Authenticator.php
index 28e48500..ffead0bd 100644
--- a/src/Helpers/Authenticator.php
+++ b/src/Helpers/Authenticator.php
@@ -175,8 +175,8 @@ class Authenticator
     }
 
     /**
-     * @param UserRepository $user
-     * @param string         $password
+     * @param User   $user
+     * @param string $password
      */
     public function setPassword(User $user, string $password)
     {
diff --git a/tests/Unit/HasDatabase.php b/tests/Unit/HasDatabase.php
index 584d6c23..be48038b 100644
--- a/tests/Unit/HasDatabase.php
+++ b/tests/Unit/HasDatabase.php
@@ -5,8 +5,10 @@ namespace Engelsystem\Test\Unit;
 use Engelsystem\Database\Database;
 use Engelsystem\Database\Migration\Migrate;
 use Engelsystem\Database\Migration\MigrationServiceProvider;
+use Engelsystem\Http\Request;
 use Illuminate\Database\Capsule\Manager as CapsuleManager;
 use PDO;
+use Psr\Http\Message\ServerRequestInterface;
 
 trait HasDatabase
 {
@@ -29,6 +31,8 @@ trait HasDatabase
         $this->app->instance(Database::class, $this->database);
         $this->app->register(MigrationServiceProvider::class);
 
+        $this->app->instance(ServerRequestInterface::class, new Request());
+
         /** @var Migrate $migration */
         $migration = $this->app->get('db.migration');
         $migration->initMigration();