From 93df90d2953edd6ad3f557743f6c849657efa267 Mon Sep 17 00:00:00 2001 From: Matthias Mair Date: Fri, 5 Jan 2024 21:38:53 +0100 Subject: [PATCH] [FR] Support creating reading initial superuser account password from file (#6144) * factored out user creation step * [FR] Support creating reading initial superuser account password from file Fixes #5471 * added docs * use env too with password file * do not warn if passwordfile is set --- InvenTree/InvenTree/apps.py | 42 ++++++++++++++++++++++++++++++++-- InvenTree/config_template.yaml | 3 ++- docs/docs/start/config.md | 3 +++ 3 files changed, 45 insertions(+), 3 deletions(-) diff --git a/InvenTree/InvenTree/apps.py b/InvenTree/InvenTree/apps.py index 30f787eb01..d1e32319c8 100644 --- a/InvenTree/InvenTree/apps.py +++ b/InvenTree/InvenTree/apps.py @@ -60,6 +60,7 @@ class InvenTreeConfig(AppConfig): if canAppAccessDatabase() or settings.TESTING_ENV: self.add_user_on_startup() + self.add_user_from_file() def remove_obsolete_tasks(self): """Delete any obsolete scheduled tasks in the database.""" @@ -214,6 +215,7 @@ class InvenTreeConfig(AppConfig): add_user = get_setting('INVENTREE_ADMIN_USER', 'admin_user') add_email = get_setting('INVENTREE_ADMIN_EMAIL', 'admin_email') add_password = get_setting('INVENTREE_ADMIN_PASSWORD', 'admin_password') + add_password_file = get_setting("INVENTREE_ADMIN_PASSWORD_FILE", "admin_password_file", None) # check if all values are present set_variables = 0 @@ -229,11 +231,21 @@ class InvenTreeConfig(AppConfig): # not all needed variables set if set_variables < 3: - logger.warning('Not all required settings for adding a user on startup are present:\nINVENTREE_ADMIN_USER, INVENTREE_ADMIN_EMAIL, INVENTREE_ADMIN_PASSWORD') settings.USER_ADDED = True + + # if a password file is present, do not warn - will be handled later + if add_password_file: + return + logger.warning('Not all required settings for adding a user on startup are present:\nINVENTREE_ADMIN_USER, INVENTREE_ADMIN_EMAIL, INVENTREE_ADMIN_PASSWORD') return # good to go -> create user + self._create_admin_user(add_user, add_email, add_password) + + # do not try again + settings.USER_ADDED = True + + def _create_admin_user(self, add_user, add_email, add_password): user = get_user_model() try: with transaction.atomic(): @@ -245,8 +257,34 @@ class InvenTreeConfig(AppConfig): except IntegrityError: logger.warning('The user "%s" could not be created', add_user) + def add_user_from_file(self): + """Add the superuser from a file.""" + # stop if checks were already created + if hasattr(settings, "USER_ADDED_FILE") and settings.USER_ADDED_FILE: + return + + # get values + add_password_file = get_setting( + "INVENTREE_ADMIN_PASSWORD_FILE", "admin_password_file", None + ) + + # no variable set -> do not try anything + if not add_password_file: + settings.USER_ADDED_FILE = True + return + + # check if file exists + add_password_file = Path(str(add_password_file)) + if not add_password_file.exists(): + logger.warning('The file "%s" does not exist', add_password_file) + settings.USER_ADDED_FILE = True + return + + # good to go -> create user + self._create_admin_user(get_setting('INVENTREE_ADMIN_USER', 'admin_user', 'admin'), get_setting('INVENTREE_ADMIN_EMAIL', 'admin_email', ''), add_password_file.read_text(encoding="utf-8")) + # do not try again - settings.USER_ADDED = True + settings.USER_ADDED_FILE = True def collect_notification_methods(self): """Collect all notification methods.""" diff --git a/InvenTree/config_template.yaml b/InvenTree/config_template.yaml index 182e31fe1b..a6c366280d 100644 --- a/InvenTree/config_template.yaml +++ b/InvenTree/config_template.yaml @@ -96,10 +96,11 @@ timezone: UTC # Base currency code (or use env var INVENTREE_BASE_CURRENCY) base_currency: USD -# Add new user on first startup +# Add new user on first startup by either adding values here or from a file #admin_user: admin #admin_email: info@example.com #admin_password: inventree +#admin_password_file: '/etc/inventree/admin_password.txt' # List of currencies supported by default. Add other currencies here to allow use in InvenTree currencies: diff --git a/docs/docs/start/config.md b/docs/docs/start/config.md index c3f408579f..fc1b38d640 100644 --- a/docs/docs/start/config.md +++ b/docs/docs/start/config.md @@ -88,8 +88,11 @@ An administrator account can be specified using the following environment variab | --- | --- | --- | --- | | INVENTREE_ADMIN_USER | admin_user | Admin account username | *Not specified* | | INVENTREE_ADMIN_PASSWORD | admin_password | Admin account password | *Not specified* | +| INVENTREE_ADMIN_PASSWORD_FILE | admin_password_file | Admin account password file | *Not specified* | | INVENTREE_ADMIN_EMAIL | admin_email |Admin account email address | *Not specified* | +You can either specify the password directly using `INVENTREE_ADMIN_PASSWORD`, or you can specify a file containing the password using `INVENTREE_ADMIN_PASSWORD_FILE` (this is useful for nix users). + !!! info "Administrator Account" Providing `INVENTREE_ADMIN` credentials will result in the provided account being created with *superuser* permissions when InvenTree is started.