aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-05-30 12:39:54 +0300
committerFrederick Muriuki Muriithi2023-05-30 12:39:54 +0300
commit0ade65915a247c4ae151e83850ab2be341d6815e (patch)
treec83c2465ba2b320c8a4cd956155dc4ea988c0c2a
parent0b0da1783bc701e74a1972869bdb221a3c9a6b2a (diff)
downloadgenenetwork3-0ade65915a247c4ae151e83850ab2be341d6815e.tar.gz
Enable registering sys-admin on CLI
To ease registration of system-admin user, provide a CLI script to register the user and mark them as sys admin in one go.
-rw-r--r--main.py6
-rw-r--r--scripts/register_sys_admin.py81
2 files changed, 87 insertions, 0 deletions
diff --git a/main.py b/main.py
index 9864240..a8c6cec 100644
--- a/main.py
+++ b/main.py
@@ -15,6 +15,7 @@ from gn3.auth.authentication.users import hash_password
from gn3.auth import db
+from scripts import register_sys_admin as rsysadm# type: ignore[import]
from scripts import migrate_existing_data as med# type: ignore[import]
app = create_app()
@@ -115,6 +116,11 @@ def make_data_public():
"""Make existing data that is not assigned to any group publicly visible."""
med.entry(app.config["AUTH_DB"], app.config["SQL_URI"])
+@app.cli.command()
+def register_admin():
+ """Register the administrator."""
+ rsysadm.register_admin(app.config["AUTH_DB"])
+
##### END: CLI Commands #####
if __name__ == '__main__':
diff --git a/scripts/register_sys_admin.py b/scripts/register_sys_admin.py
new file mode 100644
index 0000000..2239fc9
--- /dev/null
+++ b/scripts/register_sys_admin.py
@@ -0,0 +1,81 @@
+"""Script to register and mark a user account as sysadmin."""
+import sys
+import uuid
+import getpass
+from pathlib import Path
+
+import click
+from email_validator import validate_email, EmailNotValidError
+
+from gn3.auth import db
+from gn3.auth.authentication.users import hash_password
+
+def fetch_email() -> str:
+ """Prompt user for email."""
+ while True:
+ try:
+ user_input = input("Enter the administrator's email: ")
+ email = validate_email(user_input.strip(), check_deliverability=True)
+ return email["email"]
+ except EmailNotValidError as _enve:
+ print("You did not provide a valid email address. Try again...",
+ file=sys.stderr)
+
+def fetch_password() -> str:
+ """Prompt user for password."""
+ while True:
+ passwd = getpass.getpass(prompt="Enter password: ").strip()
+ passwd2 = getpass.getpass(prompt="Confirm password: ").strip()
+ if passwd != "" and passwd == passwd2:
+ return passwd
+ if passwd == "":
+ print("Empty password not accepted", file=sys.stderr)
+ continue
+ if passwd != passwd2:
+ print("Passwords *MUST* match", file=sys.stderr)
+ continue
+
+def fetch_name() -> str:
+ """Prompt user for name"""
+ while True:
+ name = input("Enter the user's name: ").strip()
+ if name == "":
+ print("Invalid name.")
+ continue
+ return name
+
+def save_admin(conn: db.DbConnection, name: str, email: str, passwd: str):
+ """Save the details to the database and assign the new user as admin."""
+ admin_id = uuid.uuid4()
+ admin = {
+ "user_id": str(admin_id),
+ "email": email,
+ "name": name,
+ "hash": hash_password(passwd)
+ }
+ with db.cursor(conn) as cursor:
+ cursor.execute("INSERT INTO users VALUES (:user_id, :email, :name)",
+ admin)
+ cursor.execute("INSERT INTO user_credentials VALUES (:user_id, :hash)",
+ admin)
+ cursor.execute(
+ "SELECT * FROM roles WHERE role_name='system-administrator'")
+ admin_role = cursor.fetchone()
+ cursor.execute("INSERT INTO user_roles VALUES (:user_id, :role_id)",
+ {**admin, "role_id": admin_role["role_id"]})
+ return 0
+
+def register_admin(authdbpath: Path):
+ """Register a user as a system admin."""
+ assert authdbpath.exists(), "Could not find database file."
+ with db.connection(str(authdbpath)) as conn:
+ return save_admin(conn, fetch_name(), fetch_email(), fetch_password())
+
+if __name__ == "__main__":
+ @click.command()
+ @click.argument("authdbpath")
+ def run(authdbpath):
+ """Entry-point for when script is run directly"""
+ return register_admin(Path(authdbpath).absolute())
+
+ run()