Set initial admin password if configured

Resolves #806 (Allow admins to configure the initial password of the admin user) Closes #809 PR (Allow to configure initial admin pw)
2021-05-23 11:24:01 +02:00 · 2021-05-23 11:24:01 +02:00 · 3912b4e93e
parent d7eb3b9c5b
commit 3912b4e93e
6 changed files with 63 additions and 5 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -313,11 +313,12 @@ deploy:
    - export CI_INGRESS_DOMAIN=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?\K([^/]+)' | head -n1)
    - export CI_INGRESS_PATH=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?(?:[^/])+\K(.*)')
    - export CI_KUBE_NAMESPACE=$KUBE_NAMESPACE
-    # Any available storage class like longhorn
+    # Any available storage class like default, local-path (if you know what you are doing ;), longhorn etc.
    - export CI_PVC_SC=${CI_PVC_SC:-"${CI_PVC_SC_LOCAL:-local-path}"}
    - export CI_REPLICAS=${CI_REPLICAS_REVIEW:-${CI_REPLICAS:-2}}
    - export CI_APP_NAME=${CI_APP_NAME:-Engelsystem}
    - export CI_CLUSTER_ISSUER=${CI_CLUSTER_ISSUER:-letsencrypt}
+    - export CI_SETUP_ADMIN_PASSWORD=${CI_SETUP_ADMIN_PASSWORD}

    - cp deployment.tpl.yaml deployment.yaml
    - for env in ${!CI_*}; do sed -i "s#<${env}>#$(echo "${!env}"|head -n1)#g" deployment.yaml; done
--- a/config/config.default.php
+++ b/config/config.default.php
@ -66,6 +66,9 @@ return [
        'sendmail'   => env('MAIL_SENDMAIL', '/usr/sbin/sendmail -bs'),
    ],

+    // Initial admin password
+    'setup_admin_password'    => env('SETUP_ADMIN_PASSWORD', null),
+
    'oauth'                   => [
        // '[name]' => [config]
        /*
@ -231,7 +234,7 @@ return [
    // Shifts overview
    // Set max number of hours that can be shown at once
    // 0 means no limit
-    'filter_max_duration' => env('FILTER_MAX_DURATION', 0),
+    'filter_max_duration'     => env('FILTER_MAX_DURATION', 0),

    // Session config
    'session'                 => [
@ -266,7 +269,7 @@ return [
    ],

    // var dump server
-    'var_dump_server' => [
+    'var_dump_server'         => [
        'host' => '127.0.0.1',
        'port' => '9912',
        'enable' => false,
--- a/db/migrations/2021_05_23_000000_set_admin_password.php
+++ b/db/migrations/2021_05_23_000000_set_admin_password.php
@ -0,0 +1,48 @@
+<?php
+
+namespace Engelsystem\Migrations;
+
+use Engelsystem\Config\Config;
+use Engelsystem\Database\Migration\Migration;
+use Engelsystem\Helpers\Authenticator;
+use Engelsystem\Models\User\User;
+use Illuminate\Database\Schema\Builder as SchemaBuilder;
+
+class SetAdminPassword extends Migration
+{
+    use Reference;
+
+    /** @var Authenticator */
+    protected $auth;
+
+    /** @var Config */
+    protected $config;
+
+    /**
+     * @param SchemaBuilder $schemaBuilder
+     * @param Authenticator $auth
+     * @param Config        $config
+     */
+    public function __construct(SchemaBuilder $schemaBuilder, Authenticator $auth, Config $config)
+    {
+        parent::__construct($schemaBuilder);
+
+        $this->auth = $auth;
+        $this->config = $config;
+    }
+
+    /**
+     * Run the migration
+     */
+    public function up()
+    {
+        /** @var User $admin */
+        $admin = $this->auth->authenticate('admin', 'asdfasdf');
+        $setupPassword = $this->config->get('setup_admin_password');
+        if (!$admin || !$setupPassword) {
+            return;
+        }
+
+        $this->auth->setPassword($admin, $setupPassword);
+    }
+}
--- a/deployment.tpl.yaml
+++ b/deployment.tpl.yaml
@ -127,6 +127,8 @@ spec:
              value: engelsystem
            - name: MYSQL_PASSWORD
              value: engelsystem
+            - name: SETUP_ADMIN_PASSWORD
+              value: '<CI_SETUP_ADMIN_PASSWORD>'
      containers:
        - image: <CI_IMAGE>
          name: engelsystem-fpm
--- a/src/Helpers/Authenticator.php
+++ b/src/Helpers/Authenticator.php
@ -175,8 +175,8 @@ class Authenticator
    }

    /**
-     * @param UserRepository $user
-     * @param string         $password
+     * @param User   $user
+     * @param string $password
     */
    public function setPassword(User $user, string $password)
    {
--- a/tests/Unit/HasDatabase.php
+++ b/tests/Unit/HasDatabase.php
@ -5,8 +5,10 @@ namespace Engelsystem\Test\Unit;
 use Engelsystem\Database\Database;
 use Engelsystem\Database\Migration\Migrate;
 use Engelsystem\Database\Migration\MigrationServiceProvider;
+use Engelsystem\Http\Request;
 use Illuminate\Database\Capsule\Manager as CapsuleManager;
 use PDO;
+use Psr\Http\Message\ServerRequestInterface;

 trait HasDatabase
 {
@ -29,6 +31,8 @@ trait HasDatabase
        $this->app->instance(Database::class, $this->database);
        $this->app->register(MigrationServiceProvider::class);

+        $this->app->instance(ServerRequestInterface::class, new Request());
+
        /** @var Migrate $migration */
        $migration = $this->app->get('db.migration');
        $migration->initMigration();