Merge pull request #680 from kubero-dev/feature/add-admin-reset-cli

Feature / add admin reset command

Author: mms-gianni

server/README.md

@@ -21,6 +21,13 @@ $ yarn run start:dev
 $ yarn run start:prod
 ```
 
+## Administration Commands
+
+```bash
+# Reset admin account (creates or updates with new password)
+$ yarn cli:reset-admin
+```
+
 ## Run tests
 
 ```bash

server/package.json

@@ -15,6 +15,8 @@
     "dev": "nest start --debug --watch",
     "start:prod": "node dist/main",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+    "cli": "ts-node -r tsconfig-paths/register src/cli.ts",
+    "cli:reset-admin": "npm run cli reset-admin",
     "test": "jest",
     "test:ci": "jest --ci --reporters=default --reporters=jest-junit",
     "test:watch": "jest --watch",
@@ -44,6 +46,7 @@
     "@nestjs/serve-static": "^5.0.1",
     "@nestjs/swagger": "^11.0.3",
     "@nestjs/websockets": "^11.0.7",
+    "nest-commander": "^3.13.0",
     "@octokit/core": "^6.1.3",
     "@prisma/client": "^6.9.0",
     "@types/bcrypt": "^5.0.2",

server/src/app.module.ts

@@ -24,6 +24,7 @@ import { DatabaseModule } from './database/database.module';
 import { GroupModule } from './groups/groups.module';
 import { RolesModule } from './roles/roles.module';
 import { TokenModule } from './token/token.module';
+import { CliModule } from './cli/cli.module';
 
 @Module({
   imports: [
@@ -49,6 +50,7 @@ import { TokenModule } from './token/token.module';
     GroupModule,
     RolesModule,
     TokenModule,
+    CliModule,
   ],
   controllers: [AppController, TemplatesController],
   providers: [AppService, TemplatesService],

server/src/cli.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+import { CommandFactory } from 'nest-commander';
+import { CliModule } from './cli/cli.module';
+
+async function bootstrap() {
+  await CommandFactory.run(CliModule, ['warn', 'error', 'log']);
+}
+
+bootstrap();

server/src/cli/cli.module.ts

@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { ResetAdminCommand } from './commands/reset-admin.command';
+import { DatabaseService } from '../database/database.service';
+
+@Module({
+  providers: [
+    ResetAdminCommand,
+    DatabaseService,
+  ],
+})
+export class CliModule {}

server/src/cli/commands/reset-admin.command.spec.ts

@@ -0,0 +1,73 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { ResetAdminCommand } from './reset-admin.command';
+import { DatabaseService } from '../../database/database.service';
+import { Logger } from '@nestjs/common';
+
+describe('ResetAdminCommand', () => {
+  let command: ResetAdminCommand;
+  let databaseService: jest.Mocked<DatabaseService>;
+  let logger: jest.Mocked<Logger>;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        ResetAdminCommand,
+        {
+          provide: DatabaseService,
+          useValue: {
+            resetAdminUser: jest.fn(),
+          },
+        },
+      ],
+    }).compile();
+
+    command = module.get<ResetAdminCommand>(ResetAdminCommand);
+    databaseService = module.get(DatabaseService);
+    
+    // Mock the logger
+    logger = {
+      log: jest.fn(),
+      error: jest.fn(),
+      warn: jest.fn(),
+      debug: jest.fn(),
+      verbose: jest.fn(),
+    } as any;
+    (command as any).logger = logger;
+  });
+
+  it('should be defined', () => {
+    expect(command).toBeDefined();
+  });
+
+  describe('run', () => {
+    let exitSpy: jest.SpyInstance;
+
+    beforeEach(() => {
+      exitSpy = jest.spyOn(process, 'exit').mockImplementation((() => {}) as (code?: number) => never);
+      // We need to call the original implementation of run
+      jest.spyOn(command, 'run').mockRestore();
+    });
+
+    afterEach(() => {
+      exitSpy.mockRestore();
+    });
+
+    it('should reset the admin account and exit with code 0', async () => {
+      await command.run();
+      expect(logger.log).toHaveBeenCalledWith('Resetting admin account...');
+      expect(databaseService.resetAdminUser).toHaveBeenCalled();
+      expect(logger.log).toHaveBeenCalledWith('Admin account has been reset successfully');
+      expect(exitSpy).toHaveBeenCalledWith(0);
+    });
+
+    it('should log an error and exit with code 1 if resetting fails', async () => {
+      const error = new Error('Test error');
+      databaseService.resetAdminUser.mockRejectedValue(error);
+      await command.run();
+      expect(logger.log).toHaveBeenCalledWith('Resetting admin account...');
+      expect(databaseService.resetAdminUser).toHaveBeenCalled();
+      expect(logger.error).toHaveBeenCalledWith('Failed to reset admin account', error);
+      expect(exitSpy).toHaveBeenCalledWith(1);
+    });
+  });
+});

server/src/cli/commands/reset-admin.command.ts

@@ -0,0 +1,27 @@
+import { Command, CommandRunner } from 'nest-commander';
+import { Injectable, Logger } from '@nestjs/common';
+import { DatabaseService } from '../../database/database.service';
+
+@Command({ name: 'reset-admin', description: 'Reset the admin account with a new random password' })
+@Injectable()
+export class ResetAdminCommand extends CommandRunner {
+  private readonly logger = new Logger(ResetAdminCommand.name);
+
+  constructor(private readonly databaseService: DatabaseService) {
+    super();
+  }
+
+  async run(): Promise<void> {
+    this.logger.log('Resetting admin account...');
+    
+    try {
+      await this.databaseService.resetAdminUser();
+      this.logger.log('Admin account has been reset successfully');
+    } catch (error) {
+      this.logger.error('Failed to reset admin account', error);
+      process.exit(1);
+    }
+    
+    process.exit(0);
+  }
+}

server/src/database/database.service.ts

@@ -167,6 +167,78 @@ export class DatabaseService {
     }
   }
 
+  /**
+   * Resets the admin user account with a new random password.
+   * If the admin user doesn't exist, it creates one.
+   * Prints the new username and password to the console.
+   * @returns {Promise<void>}
+   */
+  async resetAdminUser(): Promise<void> {
+    const prisma = new PrismaClient();
+    const adminUser = process.env.KUBERO_ADMIN_USERNAME || 'admin';
+    const adminEmail = process.env.KUBERO_ADMIN_EMAIL || '[email protected]';
+    const role = process.env.KUBERO_SYSTEM_USER_ROLE || 'admin';
+    const userGroups = ['everyone', 'admin'];
+
+    try {
+      // Generate a random password
+      const plainPassword = crypto
+        .randomBytes(25)
+        .toString('base64')
+        .slice(0, 19);
+      // Create bcrypt hash
+      const passwordHash = await bcrypt.hash(plainPassword, 10);
+      
+      // Check if admin user exists
+      const existingUser = await prisma.user.findUnique({
+        where: { id: '2' },
+      });
+      
+      if (existingUser) {
+        // Update existing admin user
+        await prisma.user.update({
+          where: { id: '2' },
+          data: {
+            password: passwordHash,
+            updatedAt: new Date(),
+          },
+        });
+        console.log('\n\n\n', 'Admin account has been reset');
+      } else {
+        // Create new admin user
+        await prisma.user.create({
+          data: {
+            id: '2',
+            username: adminUser,
+            email: adminEmail,
+            password: passwordHash,
+            isActive: true,
+            role: { connect: { name: role } },
+            userGroups:
+              userGroups && Array.isArray(userGroups)
+                ? {
+                    connect: userGroups.map((g: any) => ({ name: g })),
+                  }
+                : undefined,
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          },
+        });
+        console.log('\n\n\n', 'New admin account created');
+      }
+      
+      console.log('  username: ', adminUser);
+      console.log('  password: ', plainPassword);
+      console.log('  email:    ', adminEmail, '\n\n\n');
+      
+      this.logger.log('Admin user reset successfully.');
+      return;
+    } catch (error) {
+      this.logger.error('Failed to reset admin user.', error);
+      throw error;
+    }
+  }
+
   private async migrateLegeacyUsers() {
     const prisma = new PrismaClient();