webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-10-29 16:09:29 +03:00
Code Activity

Merge pull request #5749 from BookStackApp/admin_command_updates

Browse Source 
Create Admin Command: New Flags
This commit is contained in:
Dan Brown
2025-08-30 10:47:14 +01:00
committed by GitHub
parent 481f356068 f36e6fb929
commit d6296ac7a5
3 changed files with 287 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
app/Console/Commands/CreateAdminCommand.php
View File

@@ -8,7 +8,6 @@ use Illuminate\Console\Command;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Str; use Illuminate\Support\Str;
use Illuminate\Validation\Rules\Password; use Illuminate\Validation\Rules\Password;
use Illuminate\Validation\Rules\Unique;
class CreateAdminCommand extends Command class CreateAdminCommand extends Command
{ {
@@ -21,7 +20,9 @@ class CreateAdminCommand extends Command
{--email= : The email address for the new admin user} {--email= : The email address for the new admin user}
{--name= : The name of the new admin user} {--name= : The name of the new admin user}
{--password= : The password to assign to the new admin user} {--password= : The password to assign to the new admin user}
{--external-auth-id= : The external authentication system id for the new admin user (SAML2/LDAP/OIDC)}'; {--external-auth-id= : The external authentication system id for the new admin user (SAML2/LDAP/OIDC)}
{--generate-password : Generate a random password for the new admin user}
{--initial : Indicate if this should set/update the details of the initial admin user}';
/** /**
* The console command description. * The console command description.
@@ -35,26 +36,12 @@ class CreateAdminCommand extends Command
*/ */
public function handle(UserRepo $userRepo): int public function handle(UserRepo $userRepo): int
{ {
$details = $this->snakeCaseOptions(); $initialAdminOnly = $this->option('initial');
$shouldGeneratePassword = $this->option('generate-password');
if (empty($details['email'])) { $details = $this->gatherDetails($shouldGeneratePassword, $initialAdminOnly);
$details['email'] = $this->ask('Please specify an email address for the new admin user');
}
if (empty($details['name'])) {
$details['name'] = $this->ask('Please specify a name for the new admin user');
}
if (empty($details['password'])) {
if (empty($details['external_auth_id'])) {
$details['password'] = $this->ask('Please specify a password for the new admin user (8 characters min)');
} else {
$details['password'] = Str::random(32);
}
}
$validator = Validator::make($details, [ $validator = Validator::make($details, [
'email' => ['required', 'email', 'min:5', new Unique('users', 'email')], 'email' => ['required', 'email', 'min:5'],
'name' => ['required', 'min:2'], 'name' => ['required', 'min:2'],
'password' => ['required_without:external_auth_id', Password::default()], 'password' => ['required_without:external_auth_id', Password::default()],
'external_auth_id' => ['required_without:password'], 'external_auth_id' => ['required_without:password'],
@@ -68,16 +55,101 @@ class CreateAdminCommand extends Command
return 1; return 1;
} }
$adminRole = Role::getSystemRole('admin');
if ($initialAdminOnly) {
$handled = $this->handleInitialAdminIfExists($userRepo, $details, $shouldGeneratePassword, $adminRole);
if ($handled !== null) {
return $handled;
}
}
$emailUsed = $userRepo->getByEmail($details['email']) !== null;
if ($emailUsed) {
$this->error("Could not create admin account.");
$this->error("An account with the email address \"{$details['email']}\" already exists.");
return 1;
}
$user = $userRepo->createWithoutActivity($validator->validated()); $user = $userRepo->createWithoutActivity($validator->validated());
$user->attachRole(Role::getSystemRole('admin')); $user->attachRole($adminRole);
$user->email_confirmed = true; $user->email_confirmed = true;
$user->save(); $user->save();
$this->info("Admin account with email \"{$user->email}\" successfully created!"); if ($shouldGeneratePassword) {
$this->line($details['password']);
} else {
$this->info("Admin account with email \"{$user->email}\" successfully created!");
}
return 0; return 0;
} }
/**
* Handle updates to the original admin account if it exists.
* Returns an int return status if handled, otherwise returns null if not handled (new user to be created).
*/
protected function handleInitialAdminIfExists(UserRepo $userRepo, array $data, bool $generatePassword, Role $adminRole): int|null
{
$defaultAdmin = $userRepo->getByEmail('admin@admin.com');
if ($defaultAdmin && $defaultAdmin->hasSystemRole('admin')) {
if ($defaultAdmin->email !== $data['email'] && $userRepo->getByEmail($data['email']) !== null) {
$this->error("Could not create admin account.");
$this->error("An account with the email address \"{$data['email']}\" already exists.");
return 1;
}
$userRepo->updateWithoutActivity($defaultAdmin, $data, true);
if ($generatePassword) {
$this->line($data['password']);
} else {
$this->info("The default admin user has been updated with the provided details!");
}
return 0;
} else if ($adminRole->users()->count() > 0) {
$this->warn('Non-default admin user already exists. Skipping creation of new admin user.');
return 2;
}
return null;
}
protected function gatherDetails(bool $generatePassword, bool $initialAdmin): array
{
$details = $this->snakeCaseOptions();
if (empty($details['email'])) {
if ($initialAdmin) {
$details['email'] = 'admin@example.com';
} else {
$details['email'] = $this->ask('Please specify an email address for the new admin user');
}
}
if (empty($details['name'])) {
if ($initialAdmin) {
$details['name'] = 'Admin';
} else {
$details['name'] = $this->ask('Please specify a name for the new admin user');
}
}
if (empty($details['password'])) {
if (empty($details['external_auth_id'])) {
if ($generatePassword) {
$details['password'] = Str::random(32);
} else {
$details['password'] = $this->ask('Please specify a password for the new admin user (8 characters min)');
}
} else {
$details['password'] = Str::random(32);
}
}
return $details;
}
protected function snakeCaseOptions(): array protected function snakeCaseOptions(): array
{ {
$returnOpts = []; $returnOpts = [];

19
app/Users/UserRepo.php
View File

@@ -100,13 +100,13 @@ class UserRepo
} }
/** /**
* Update the given user with the given data. * Update the given user with the given data, but do not create an activity.
* *
* @param array{name: ?string, email: ?string, external_auth_id: ?string, password: ?string, roles: ?array<int>, language: ?string} $data * @param array{name: ?string, email: ?string, external_auth_id: ?string, password: ?string, roles: ?array<int>, language: ?string} $data
* *
* @throws UserUpdateException * @throws UserUpdateException
*/ */
public function update(User $user, array $data, bool $manageUsersAllowed): User public function updateWithoutActivity(User $user, array $data, bool $manageUsersAllowed): User
{ {
if (!empty($data['name'])) { if (!empty($data['name'])) {
$user->name = $data['name']; $user->name = $data['name'];
@@ -134,6 +134,21 @@ class UserRepo
} }
$user->save(); $user->save();
return $user;
}
/**
* Update the given user with the given data.
*
* @param array{name: ?string, email: ?string, external_auth_id: ?string, password: ?string, roles: ?array<int>, language: ?string} $data
*
* @throws UserUpdateException
*/
public function update(User $user, array $data, bool $manageUsersAllowed): User
{
$user = $this->updateWithoutActivity($user, $data, $manageUsersAllowed);
Activity::add(ActivityType::USER_UPDATE, $user); Activity::add(ActivityType::USER_UPDATE, $user);
return $user; return $user;

185
tests/Commands/CreateAdminCommandTest.php
View File

@@ -2,8 +2,11 @@
namespace Tests\Commands; namespace Tests\Commands;
use BookStack\Users\Models\Role;
use BookStack\Users\Models\User; use BookStack\Users\Models\User;
use Illuminate\Support\Facades\Artisan;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Tests\TestCase; use Tests\TestCase;
class CreateAdminCommandTest extends TestCase class CreateAdminCommandTest extends TestCase
@@ -11,14 +14,14 @@ class CreateAdminCommandTest extends TestCase
public function test_standard_command_usage() public function test_standard_command_usage()
{ {
$this->artisan('bookstack:create-admin', [ $this->artisan('bookstack:create-admin', [
'--email' => 'admintest@example.com', '--email' => 'admintest@example.com',
'--name' => 'Admin Test', '--name' => 'Admin Test',
'--password' => 'testing-4', '--password' => 'testing-4',
])->assertExitCode(0); ])->assertExitCode(0);
$this->assertDatabaseHas('users', [ $this->assertDatabaseHas('users', [
'email' => 'admintest@example.com', 'email' => 'admintest@example.com',
'name' => 'Admin Test', 'name' => 'Admin Test',
]); ]);
/** @var User $user */ /** @var User $user */
@@ -30,14 +33,14 @@ class CreateAdminCommandTest extends TestCase
public function test_providing_external_auth_id() public function test_providing_external_auth_id()
{ {
$this->artisan('bookstack:create-admin', [ $this->artisan('bookstack:create-admin', [
'--email' => 'admintest@example.com', '--email' => 'admintest@example.com',
'--name' => 'Admin Test', '--name' => 'Admin Test',
'--external-auth-id' => 'xX_admin_Xx', '--external-auth-id' => 'xX_admin_Xx',
])->assertExitCode(0); ])->assertExitCode(0);
$this->assertDatabaseHas('users', [ $this->assertDatabaseHas('users', [
'email' => 'admintest@example.com', 'email' => 'admintest@example.com',
'name' => 'Admin Test', 'name' => 'Admin Test',
'external_auth_id' => 'xX_admin_Xx', 'external_auth_id' => 'xX_admin_Xx',
]); ]);
@@ -50,14 +53,178 @@ class CreateAdminCommandTest extends TestCase
{ {
$this->artisan('bookstack:create-admin', [ $this->artisan('bookstack:create-admin', [
'--email' => 'admintest@example.com', '--email' => 'admintest@example.com',
'--name' => 'Admin Test', '--name' => 'Admin Test',
])->expectsQuestion('Please specify a password for the new admin user (8 characters min)', 'hunter2000') ])->expectsQuestion('Please specify a password for the new admin user (8 characters min)', 'hunter2000')
->assertExitCode(0); ->assertExitCode(0);
$this->assertDatabaseHas('users', [ $this->assertDatabaseHas('users', [
'email' => 'admintest@example.com', 'email' => 'admintest@example.com',
'name' => 'Admin Test', 'name' => 'Admin Test',
]); ]);
$this->assertTrue(Auth::attempt(['email' => 'admintest@example.com', 'password' => 'hunter2000'])); $this->assertTrue(Auth::attempt(['email' => 'admintest@example.com', 'password' => 'hunter2000']));
} }
public function test_generate_password_option()
{
$this->withoutMockingConsoleOutput()
->artisan('bookstack:create-admin', [
'--email' => 'admintest@example.com',
'--name' => 'Admin Test',
'--generate-password' => true,
]);
$output = trim(Artisan::output());
$this->assertMatchesRegularExpression('/^[a-zA-Z0-9]{32}$/', $output);
$user = User::query()->where('email', '=', 'admintest@example.com')->first();
$this->assertTrue(Hash::check($output, $user->password));
}
public function test_initial_option_updates_default_admin()
{
$defaultAdmin = User::query()->where('email', '=', 'admin@admin.com')->first();
$this->artisan('bookstack:create-admin', [
'--email' => 'firstadmin@example.com',
'--name' => 'Admin Test',
'--password' => 'testing-7',
'--initial' => true,
])->expectsOutput('The default admin user has been updated with the provided details!')
->assertExitCode(0);
$defaultAdmin->refresh();
$this->assertEquals('firstadmin@example.com', $defaultAdmin->email);
}
public function test_initial_option_does_not_update_if_only_non_default_admin_exists()
{
$defaultAdmin = User::query()->where('email', '=', 'admin@admin.com')->first();
$defaultAdmin->email = 'testadmin@example.com';
$defaultAdmin->save();
$this->artisan('bookstack:create-admin', [
'--email' => 'firstadmin@example.com',
'--name' => 'Admin Test',
'--password' => 'testing-7',
'--initial' => true,
])->expectsOutput('Non-default admin user already exists. Skipping creation of new admin user.')
->assertExitCode(2);
$defaultAdmin->refresh();
$this->assertEquals('testadmin@example.com', $defaultAdmin->email);
}
public function test_initial_option_updates_creates_new_admin_if_none_exists()
{
$adminRole = Role::getSystemRole('admin');
$adminRole->users()->delete();
$this->assertEquals(0, $adminRole->users()->count());
$this->artisan('bookstack:create-admin', [
'--email' => 'firstadmin@example.com',
'--name' => 'My initial admin',
'--password' => 'testing-7',
'--initial' => true,
])->expectsOutput("Admin account with email \"firstadmin@example.com\" successfully created!")
->assertExitCode(0);
$this->assertEquals(1, $adminRole->users()->count());
$this->assertDatabaseHas('users', [
'email' => 'firstadmin@example.com',
'name' => 'My initial admin',
]);
}
public function test_initial_rerun_does_not_error_but_skips()
{
$adminRole = Role::getSystemRole('admin');
$adminRole->users()->delete();
$this->artisan('bookstack:create-admin', [
'--email' => 'firstadmin@example.com',
'--name' => 'My initial admin',
'--password' => 'testing-7',
'--initial' => true,
])->expectsOutput("Admin account with email \"firstadmin@example.com\" successfully created!")
->assertExitCode(0);
$this->artisan('bookstack:create-admin', [
'--email' => 'firstadmin@example.com',
'--name' => 'My initial admin',
'--password' => 'testing-7',
'--initial' => true,
])->expectsOutput("Non-default admin user already exists. Skipping creation of new admin user.")
->assertExitCode(2);
}
public function test_initial_option_creation_errors_if_email_already_exists()
{
$adminRole = Role::getSystemRole('admin');
$adminRole->users()->delete();
$editor = $this->users->editor();
$this->artisan('bookstack:create-admin', [
'--email' => $editor->email,
'--name' => 'My initial admin',
'--password' => 'testing-7',
'--initial' => true,
])->expectsOutput("Could not create admin account.")
->expectsOutput("An account with the email address \"{$editor->email}\" already exists.")
->assertExitCode(1);
}
public function test_initial_option_updating_errors_if_email_already_exists()
{
$editor = $this->users->editor();
$defaultAdmin = User::query()->where('email', '=', 'admin@admin.com')->first();
$this->assertNotNull($defaultAdmin);
$this->artisan('bookstack:create-admin', [
'--email' => $editor->email,
'--name' => 'My initial admin',
'--password' => 'testing-7',
'--initial' => true,
])->expectsOutput("Could not create admin account.")
->expectsOutput("An account with the email address \"{$editor->email}\" already exists.")
->assertExitCode(1);
}
public function test_initial_option_does_not_require_name_or_email_to_be_passed()
{
$adminRole = Role::getSystemRole('admin');
$adminRole->users()->delete();
$this->assertEquals(0, $adminRole->users()->count());
$this->artisan('bookstack:create-admin', [
'--generate-password' => true,
'--initial' => true,
])->assertExitCode(0);
$this->assertEquals(1, $adminRole->users()->count());
$this->assertDatabaseHas('users', [
'email' => 'admin@example.com',
'name' => 'Admin',
]);
}
public function test_initial_option_updating_existing_user_with_generate_password_only_outputs_password()
{
$defaultAdmin = User::query()->where('email', '=', 'admin@admin.com')->first();
$this->withoutMockingConsoleOutput()
->artisan('bookstack:create-admin', [
'--email' => 'firstadmin@example.com',
'--name' => 'Admin Test',
'--generate-password' => true,
'--initial' => true,
]);
$output = Artisan::output();
$this->assertMatchesRegularExpression('/^[a-zA-Z0-9]{32}$/', $output);
$defaultAdmin->refresh();
$this->assertEquals('firstadmin@example.com', $defaultAdmin->email);
}
} }