corteza icon indicating copy to clipboard operation
corteza copied to clipboard

Published 20 hours ago verified publisher icon cortezaproject

Add support for helper env-variable that creates a user and logs you in

Open darh opened this issue 2 years ago • 1 comments

When a user sets AUTH_PROVISION_SUPER_USER, Corteza creates one or more users with the configured values using provided email as a password. It skips existing (email, handle). All new users are assigned to all bypass roles.

Value format:

<users> = <user>[;<user>]
<user> = <email>[,<handle>[,<name>]
<email> valid email string
<handle> valid handle

Examples:

[email protected];[email protected];[email protected]
[email protected];name,[email protected];name2,Foo Bar,[email protected]

All actions (created, existing-skipped) must be logged as warnings.

If the command is used with ENVIRONMENT=production Corteza should stop and report an error.

darh avatar Nov 17 '22 12:11 darh

@KinyaElGrande reach out before you start, we can chat on the implementation details.

darh avatar Nov 25 '22 10:11 darh

I tested this and found a couple of issues:

  • if I set ENVIRONMENT=production, the user isn't created which is what's expected but shouldn't the error message be structured like so <time> ERROR <error message>? Currently, it looks like so:

Image

Also, should the error stop the server from running?

  • if the email contains a dash, dot or underscore the handle doesn't look good. Example: for the email [email protected], I get the handle b.B; for the email [email protected], I get the handle bv-Abv and so on

Image

  • if I create a new db, add a super user through the AUTH_PROVISION_SUPER_USER, start my server and try to login with the super user, I don't think he has the role of super admin because I get this:

Image

  • after successfully logging in with one of the newly created super users
    • I am unable to visit admin; don't have access
    • my first user (the one I created when registering for the first time) isn't a super admin anymore

Upgrades for the future:

  • provide a way to create a user with email and username (skip adding a handle before providing the username)
  • if ; is added after a user config and noting follows, a new 'blank' user is added

Image

Besides these issues, I can successfully add a user or multiple users with an email, username and a handle

katrinDY avatar Jan 05 '23 12:01 katrinDY

I have updated my Implementation to reflect the following:

  • if the environment is set to production ENVIRONMENT=production, a warning log message is reported, no user is created and the server doesn't stop.
  • When you add a super user through the AUTH_PROVISION_SUPER_USER env variable on a fresh database his email is authorized and he can access the web apps including admin as a super admin.
  • When an invalid email address is passed to AUTH_PROVISION_SUPER_USER, a warning message Email is invalid is reported.

KinyaElGrande avatar Jan 06 '23 14:01 KinyaElGrande

Two more issues and a question:

  • if ENVIRONMENT=production, there is a typo in the warning message. It should be ... you cannot provision super users. Currently, provision and super words are joined into one word

Image

  • if I provide a handle and username, the username value will be appended as handle and username

Questions:

  • when creating a user should we display a warning message? Example: after setting [email protected], I get

Image

katrinDY avatar Jan 06 '23 15:01 katrinDY

  • I have fixed the first issue on the typo warning message.
  • handle is a generated value from either the name, username or email.
  • Yes , when a user is created a warning message with the user is supposed to appear on the console .

KinyaElGrande avatar Jan 06 '23 21:01 KinyaElGrande

Two more things to be addressed:

  • show less info when generating a user
  • currently, if I provide email, handle and user, the value of user is appended to the user and handle. We shouldn't append it to the handle. If I don't provide a name, the value for name should be generated. But if I do provide a value for name, it should be respected. [email protected],handle11,user22 generates

Image

katrinDY avatar Jan 09 '23 13:01 katrinDY

I have addressed both issues on the latest changes in the https://github.com/cortezaproject/corteza/pull/632 PR:

  • When a user is created, only the userID and Email is logged out.
  • Changed the logic for preparing a user [ if a user provides more than one argument, the second argument will be the handle and the third argument will be the name].

KinyaElGrande avatar Jan 10 '23 10:01 KinyaElGrande

Question:

  • after creating a user, in the 'warn' message do we want Email to be capitalized?

Apart from that everything else is working as it should.

katrinDY avatar Jan 11 '23 10:01 katrinDY

I have addressed the issue on the warn log message, when a user is created the word Email is now in lowercase.

KinyaElGrande avatar Jan 12 '23 13:01 KinyaElGrande

Can confirm that the message is as it should be. This task can be considered done.

katrinDY avatar Jan 12 '23 14:01 katrinDY

CL

Added

What: An env-variable AUTH_PROVISION_SUPER_USER that creates super user(s). Why: To give users an option of creating super user(s) directly from env-variable.

KinyaElGrande avatar Jan 13 '23 07:01 KinyaElGrande