mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-09-10 17:31:58 +03:00
f36e6fb929
Return status for skipped --initial creation will now return 2, so that it can be identified seperate from a creation and from an error.
163 lines
5.7 KiB
PHP
163 lines
5.7 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Console\Commands;
|
|
|
|
use BookStack\Users\Models\Role;
|
|
use BookStack\Users\UserRepo;
|
|
use Illuminate\Console\Command;
|
|
use Illuminate\Support\Facades\Validator;
|
|
use Illuminate\Support\Str;
|
|
use Illuminate\Validation\Rules\Password;
|
|
|
|
class CreateAdminCommand extends Command
|
|
{
|
|
/**
|
|
* The name and signature of the console command.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $signature = 'bookstack:create-admin
|
|
{--email= : The email address for the new admin user}
|
|
{--name= : The name of the new admin user}
|
|
{--password= : The password to assign to the new admin user}
|
|
{--external-auth-id= : The external authentication system id for the new admin user (SAML2/LDAP/OIDC)}
|
|
{--generate-password : Generate a random password for the new admin user}
|
|
{--initial : Indicate if this should set/update the details of the initial admin user}';
|
|
|
|
/**
|
|
* The console command description.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $description = 'Add a new admin user to the system';
|
|
|
|
/**
|
|
* Execute the console command.
|
|
*/
|
|
public function handle(UserRepo $userRepo): int
|
|
{
|
|
$initialAdminOnly = $this->option('initial');
|
|
$shouldGeneratePassword = $this->option('generate-password');
|
|
$details = $this->gatherDetails($shouldGeneratePassword, $initialAdminOnly);
|
|
|
|
$validator = Validator::make($details, [
|
|
'email' => ['required', 'email', 'min:5'],
|
|
'name' => ['required', 'min:2'],
|
|
'password' => ['required_without:external_auth_id', Password::default()],
|
|
'external_auth_id' => ['required_without:password'],
|
|
]);
|
|
|
|
if ($validator->fails()) {
|
|
foreach ($validator->errors()->all() as $error) {
|
|
$this->error($error);
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
$adminRole = Role::getSystemRole('admin');
|
|
|
|
if ($initialAdminOnly) {
|
|
$handled = $this->handleInitialAdminIfExists($userRepo, $details, $shouldGeneratePassword, $adminRole);
|
|
if ($handled !== null) {
|
|
return $handled;
|
|
}
|
|
}
|
|
|
|
$emailUsed = $userRepo->getByEmail($details['email']) !== null;
|
|
if ($emailUsed) {
|
|
$this->error("Could not create admin account.");
|
|
$this->error("An account with the email address \"{$details['email']}\" already exists.");
|
|
return 1;
|
|
}
|
|
|
|
$user = $userRepo->createWithoutActivity($validator->validated());
|
|
$user->attachRole($adminRole);
|
|
$user->email_confirmed = true;
|
|
$user->save();
|
|
|
|
if ($shouldGeneratePassword) {
|
|
$this->line($details['password']);
|
|
} else {
|
|
$this->info("Admin account with email \"{$user->email}\" successfully created!");
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* Handle updates to the original admin account if it exists.
|
|
* Returns an int return status if handled, otherwise returns null if not handled (new user to be created).
|
|
*/
|
|
protected function handleInitialAdminIfExists(UserRepo $userRepo, array $data, bool $generatePassword, Role $adminRole): int|null
|
|
{
|
|
$defaultAdmin = $userRepo->getByEmail('admin@admin.com');
|
|
if ($defaultAdmin && $defaultAdmin->hasSystemRole('admin')) {
|
|
if ($defaultAdmin->email !== $data['email'] && $userRepo->getByEmail($data['email']) !== null) {
|
|
$this->error("Could not create admin account.");
|
|
$this->error("An account with the email address \"{$data['email']}\" already exists.");
|
|
return 1;
|
|
}
|
|
|
|
$userRepo->updateWithoutActivity($defaultAdmin, $data, true);
|
|
if ($generatePassword) {
|
|
$this->line($data['password']);
|
|
} else {
|
|
$this->info("The default admin user has been updated with the provided details!");
|
|
}
|
|
|
|
return 0;
|
|
} else if ($adminRole->users()->count() > 0) {
|
|
$this->warn('Non-default admin user already exists. Skipping creation of new admin user.');
|
|
return 2;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
protected function gatherDetails(bool $generatePassword, bool $initialAdmin): array
|
|
{
|
|
$details = $this->snakeCaseOptions();
|
|
|
|
if (empty($details['email'])) {
|
|
if ($initialAdmin) {
|
|
$details['email'] = 'admin@example.com';
|
|
} else {
|
|
$details['email'] = $this->ask('Please specify an email address for the new admin user');
|
|
}
|
|
}
|
|
|
|
if (empty($details['name'])) {
|
|
if ($initialAdmin) {
|
|
$details['name'] = 'Admin';
|
|
} else {
|
|
$details['name'] = $this->ask('Please specify a name for the new admin user');
|
|
}
|
|
}
|
|
|
|
if (empty($details['password'])) {
|
|
if (empty($details['external_auth_id'])) {
|
|
if ($generatePassword) {
|
|
$details['password'] = Str::random(32);
|
|
} else {
|
|
$details['password'] = $this->ask('Please specify a password for the new admin user (8 characters min)');
|
|
}
|
|
} else {
|
|
$details['password'] = Str::random(32);
|
|
}
|
|
}
|
|
|
|
return $details;
|
|
}
|
|
|
|
protected function snakeCaseOptions(): array
|
|
{
|
|
$returnOpts = [];
|
|
foreach ($this->options() as $key => $value) {
|
|
$returnOpts[str_replace('-', '_', $key)] = $value;
|
|
}
|
|
|
|
return $returnOpts;
|
|
}
|
|
}
|