Merge pull request #359 from FlowCI/feature/1473

gy2006 · web-flow · commit c5fb5ca00103 · 2020-07-31T23:41:18.000+02:00
remove default admin settings
diff --git a/core/src/main/java/com/flowci/core/auth/AuthController.java b/core/src/main/java/com/flowci/core/auth/AuthController.java
@@ -71,6 +71,6 @@ private User getFromAuthorization(String authorization) {
         String email = values[0];
         String passwordOnMd5 = values[1];
 
-        return new User(email, passwordOnMd5, null);
+        return new User(email, passwordOnMd5, null, null);
     }
 }
diff --git a/core/src/main/java/com/flowci/core/auth/WebAuth.java b/core/src/main/java/com/flowci/core/auth/WebAuth.java
@@ -45,8 +45,6 @@
 @Component("webAuth")
 public class WebAuth implements HandlerInterceptor {
 
-    private static final String MagicToken = "helloflowciadmin";
-
     private static final String HeaderToken = "Token";
 
     private static final String ParameterToken = "token";
@@ -91,15 +89,10 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
                 return true;
             }
 
-            return authService.setAsDefaultAdmin();
+            return true;
         }
 
         String token = getToken(request);
-
-        if (Objects.equals(token, MagicToken)) {
-            return authService.setAsDefaultAdmin();
-        }
-
         if (!authService.set(token)) {
             throw new AuthenticationException("Invalid token");
         }
diff --git a/core/src/main/java/com/flowci/core/auth/service/AuthService.java b/core/src/main/java/com/flowci/core/auth/service/AuthService.java
@@ -65,8 +65,4 @@ public interface AuthService {
      */
     Optional<User> get(String token);
 
-    /**
-     * Set current user from default admin form config properties
-     */
-    boolean setAsDefaultAdmin();
 }
diff --git a/core/src/main/java/com/flowci/core/auth/service/AuthServiceImpl.java b/core/src/main/java/com/flowci/core/auth/service/AuthServiceImpl.java
@@ -153,11 +153,4 @@ public Optional<User> get(String token) {
 
         return Optional.empty();
     }
-
-    @Override
-    public boolean setAsDefaultAdmin() {
-        User defaultAdmin = userService.defaultAdmin();
-        sessionManager.set(defaultAdmin);
-        return true;
-    }
 }
diff --git a/core/src/main/java/com/flowci/core/common/config/AppProperties.java b/core/src/main/java/com/flowci/core/common/config/AppProperties.java
@@ -60,12 +60,6 @@ public class AppProperties {
 
     private boolean socketContainer;
 
-    @Bean("adminProperties")
-    @ConfigurationProperties(prefix = "app.admin")
-    public Admin admin() {
-        return new Admin();
-    }
-
     @Bean("zkProperties")
     @ConfigurationProperties(prefix = "app.zookeeper")
     public Zookeeper zk() {
@@ -108,18 +102,6 @@ public Minio minio() {
         return new Minio();
     }
 
-    @Data
-    @Validated
-    public static class Admin {
-
-        @NotBlank
-        @Email
-        private String defaultEmail;
-
-        @NotBlank
-        private String defaultPassword;
-    }
-
     @Data
     public static class Flow {
 
diff --git a/core/src/main/java/com/flowci/core/common/config/WebConfig.java b/core/src/main/java/com/flowci/core/common/config/WebConfig.java
@@ -78,6 +78,7 @@ public void addInterceptors(InterceptorRegistry registry) {
 
                 registry.addInterceptor(webAuth)
                         .addPathPatterns("/users/**")
+                        .excludePathPatterns("/users/default")
                         .addPathPatterns("/flows/**")
                         .addPathPatterns("/jobs/**")
                         .addPathPatterns("/agents/**")
diff --git a/core/src/main/java/com/flowci/core/user/UserController.java b/core/src/main/java/com/flowci/core/user/UserController.java
@@ -22,6 +22,8 @@
 import com.flowci.core.user.service.UserService;
 import com.flowci.exception.ArgumentException;
 import java.util.Objects;
+import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
@@ -45,6 +47,17 @@ public class UserController {
     @Autowired
     private AuthService authService;
 
+    @GetMapping("/default")
+    public Boolean hasDefaultAdmin() {
+        Optional<User> user = userService.defaultAdmin();
+        return user.isPresent();
+    }
+
+    @PostMapping("/default")
+    public void createDefaultAdmin(@Validated @RequestBody CreateUser body) {
+        userService.createDefaultAdmin(body.getEmail(), body.getPasswordOnMd5());
+    }
+
     @GetMapping
     @Action(UserAction.LIST_ALL)
     public Page<User> listAll(@RequestParam(required = false, defaultValue = DefaultPage) int page,
diff --git a/core/src/main/java/com/flowci/core/user/dao/UserDao.java b/core/src/main/java/com/flowci/core/user/dao/UserDao.java
@@ -22,6 +22,7 @@
 
 import java.util.Collection;
 import java.util.List;
+import java.util.Optional;
 
 /**
  * @author yang
@@ -32,4 +33,6 @@ public interface UserDao extends MongoRepository<User, String> {
     User findByEmail(String email);
 
     List<User> findAllByEmailIn(Collection<String> emails);
+
+    Optional<User> findByRoleAndDefaultAdmin(User.Role role, Boolean defaultAdmin);
 }
diff --git a/core/src/main/java/com/flowci/core/user/domain/User.java b/core/src/main/java/com/flowci/core/user/domain/User.java
@@ -54,8 +54,15 @@ public enum Role {
 
     private Role role;
 
+    private Boolean defaultAdmin;
+
     @JsonIgnore
     public boolean isAdmin() {
         return role == Role.Admin;
     }
+
+    @JsonIgnore
+    public boolean isDefaultAdmin() {
+        return isAdmin() && defaultAdmin != null;
+    }
 }
diff --git a/core/src/main/java/com/flowci/core/user/service/UserService.java b/core/src/main/java/com/flowci/core/user/service/UserService.java
@@ -22,6 +22,7 @@
 
 import java.util.Collection;
 import java.util.List;
+import java.util.Optional;
 
 /**
  * @author yang
@@ -41,12 +42,17 @@ public interface UserService {
     /**
      * Get default admin user
      */
-    User defaultAdmin();
+    Optional<User> defaultAdmin();
+
+    /**
+     * Create default admin user
+     */
+    User createDefaultAdmin(String email, String passwordOnMd5);
 
     /**
      * Create user by email and password;
      */
-    User create(String email, String password, User.Role role);
+    User create(String email, String passwordOnMd5, User.Role role);
 
     /**
      * Get user by email
diff --git a/core/src/main/java/com/flowci/core/user/service/UserServiceImpl.java b/core/src/main/java/com/flowci/core/user/service/UserServiceImpl.java
@@ -16,7 +16,6 @@
 
 package com.flowci.core.user.service;
 
-import com.flowci.core.common.config.AppProperties;
 import com.flowci.core.common.manager.SessionManager;
 import com.flowci.core.common.manager.SpringEventManager;
 import com.flowci.core.user.dao.UserDao;
@@ -26,7 +25,7 @@
 import com.flowci.exception.ArgumentException;
 import com.flowci.exception.DuplicateException;
 import com.flowci.exception.NotFoundException;
-import com.flowci.util.HashingHelper;
+import com.flowci.exception.StatusException;
 import com.google.common.collect.Lists;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -35,10 +34,10 @@
 import org.springframework.data.domain.Pageable;
 import org.springframework.stereotype.Service;
 
-import javax.annotation.PostConstruct;
 import java.util.Collection;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
 
 /**
  * @author yang
@@ -47,9 +46,6 @@
 @Service
 public class UserServiceImpl implements UserService {
 
-    @Autowired
-    private AppProperties.Admin adminProperties;
-
     @Autowired
     private UserDao userDao;
 
@@ -59,19 +55,6 @@ public class UserServiceImpl implements UserService {
     @Autowired
     private SpringEventManager eventManager;
 
-    @PostConstruct
-    public void initAdmin() {
-        String adminEmail = adminProperties.getDefaultEmail();
-        String adminPassword = adminProperties.getDefaultPassword();
-
-        try {
-            create(adminEmail, HashingHelper.md5(adminPassword), Role.Admin);
-            log.info("Admin {} been initialized", adminEmail);
-        } catch (DuplicateException ignore) {
-
-        }
-    }
-
     @Override
     public Page<User> list(Pageable pageable) {
         return userDao.findAll(pageable);
@@ -84,19 +67,22 @@ public List<User> list(Collection<String> emails) {
     }
 
     @Override
-    public User defaultAdmin() {
-        String email = adminProperties.getDefaultEmail();
-        return userDao.findByEmail(email);
+    public Optional<User> defaultAdmin() {
+        return userDao.findByRoleAndDefaultAdmin(Role.Admin, true);
     }
 
     @Override
-    public User create(String email, String passwordOnMd5, User.Role role) {
-        try {
-            User user = new User(email, passwordOnMd5, role);
-            return userDao.insert(user);
-        } catch (DuplicateKeyException e) {
-            throw new DuplicateException("Email {0} is already existed", email);
+    public User createDefaultAdmin(String email, String passwordOnMd5) {
+        if (defaultAdmin().isPresent()) {
+            throw new StatusException("Default admin has been created");
         }
+
+        return create(email, passwordOnMd5, Role.Admin, Boolean.TRUE);
+    }
+
+    @Override
+    public User create(String email, String passwordOnMd5, User.Role role) {
+        return create(email, passwordOnMd5, role, null);
     }
 
     @Override
@@ -123,20 +109,37 @@ public void changePassword(String oldOnMd5, String newOnMd5) {
 
     @Override
     public void changeRole(String email, Role newRole) {
-        User target = getByEmail(email);
-        if (target.getRole().equals(newRole)) {
+        User user = getByEmail(email);
+        if (user.isDefaultAdmin()) {
+            throw new StatusException("Default admin user role cannot be deleted");
+        }
+
+        if (user.getRole().equals(newRole)) {
             return;
         }
 
-        target.setRole(newRole);
-        userDao.save(target);
+        user.setRole(newRole);
+        userDao.save(user);
     }
 
     @Override
     public User delete(String email) {
         User user = getByEmail(email);
+        if (user.isDefaultAdmin()) {
+            throw new StatusException("Default admin user cannot be deleted");
+        }
+
         userDao.delete(user);
         eventManager.publish(new UserDeletedEvent(this, user));
         return user;
     }
+
+    private User create(String email, String md5pw, Role role, Boolean isDefaultAdmin) {
+        try {
+            User user = new User(email, md5pw, role, isDefaultAdmin);
+            return userDao.insert(user);
+        } catch (DuplicateKeyException e) {
+            throw new DuplicateException("Email {0} is already existed", email);
+        }
+    }
 }
diff --git a/core/src/main/resources/flow.properties b/core/src/main/resources/flow.properties
@@ -7,9 +7,6 @@ app.auto-local-agent-host=${FLOWCI_AUTO_AGENT:true}
 app.default-smtp-config=true
 app.socket-container=true
 
-app.admin.default-email=${FLOWCI_DEFAULT_ADMIN_EMAIL}
-app.admin.default-password=${FLOWCI_DEFAULT_ADMIN_PASSWORD}
-
 app.auth.enabled=true
 app.auth.expire-seconds=7200
 app.auth.refresh-expired-seconds=14400
diff --git a/core/src/test/java/com/flowci/core/test/auth/JwtHelperTest.java b/core/src/test/java/com/flowci/core/test/auth/JwtHelperTest.java
@@ -27,7 +27,7 @@
 
 public class JwtHelperTest {
 
-    private final User user  = new User("test@flow.ci", "12345", User.Role.Admin);
+    private final User user  = new User("test@flow.ci", "12345", User.Role.Admin, null);
 
     private ObjectWrapper<String> token = new ObjectWrapper<>();
 
diff --git a/core/src/test/resources/flow.properties b/core/src/test/resources/flow.properties
@@ -7,9 +7,6 @@ app.auto-local-agent-host=false
 app.default-smtp-config=false
 app.socket-container=false
 
-app.admin.default-email=admin@flow.ci
-app.admin.default-password=123456
-
 app.auth.enabled=false
 app.auth.expire-seconds=5
 app.auth.refresh-expired-seconds=7200

Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,6 @@ private User getFromAuthorization(String authorization) {`
`71`	`71`	`String email = values[0];`
`72`	`72`	`String passwordOnMd5 = values[1];`
`73`	`73`
`74`		`- return new User(email, passwordOnMd5, null);`
	`74`	`+ return new User(email, passwordOnMd5, null, null);`
`75`	`75`	`}`
`76`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -65,8 +65,4 @@ public interface AuthService {`
`65`	`65`	`*/`
`66`	`66`	`Optional<User> get(String token);`
`67`	`67`
`68`		`- /**`
`69`		`- * Set current user from default admin form config properties`
`70`		`- */`
`71`		`- boolean setAsDefaultAdmin();`
`72`	`68`	`}`
Original file line number	Diff line number	Diff line change
`@@ -153,11 +153,4 @@ public Optional<User> get(String token) {`
`153`	`153`
`154`	`154`	`return Optional.empty();`
`155`	`155`	`}`
`156`		`-`
`157`		`- @Override`
`158`		`- public boolean setAsDefaultAdmin() {`
`159`		`- User defaultAdmin = userService.defaultAdmin();`
`160`		`- sessionManager.set(defaultAdmin);`
`161`		`- return true;`
`162`		`- }`
`163`	`156`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,8 +54,15 @@ public enum Role {`
`54`	`54`
`55`	`55`	`private Role role;`
`56`	`56`
	`57`	`+ private Boolean defaultAdmin;`
	`58`	`+`
`57`	`59`	`@JsonIgnore`
`58`	`60`	`public boolean isAdmin() {`
`59`	`61`	`return role == Role.Admin;`
`60`	`62`	`}`
	`63`	`+`
	`64`	`+ @JsonIgnore`
	`65`	`+ public boolean isDefaultAdmin() {`
	`66`	`+ return isAdmin() && defaultAdmin != null;`
	`67`	`+ }`
`61`	`68`	`}`