From f3bec4784af4715465fe63fd2cb9b8a0ca026d3e Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 22 Nov 2023 11:43:36 +0300 Subject: Move system admin creation Make the system admin creation code part of the core system, and simply call it from the script(s). This will help with maintenance, since the changes are done in a single place only. --- gn_auth/auth/authorisation/users/admin/models.py | 23 ++++++++++++++++ scripts/register_sys_admin.py | 34 ++++-------------------- 2 files changed, 28 insertions(+), 29 deletions(-) create mode 100644 gn_auth/auth/authorisation/users/admin/models.py diff --git a/gn_auth/auth/authorisation/users/admin/models.py b/gn_auth/auth/authorisation/users/admin/models.py new file mode 100644 index 0000000..36f3c09 --- /dev/null +++ b/gn_auth/auth/authorisation/users/admin/models.py @@ -0,0 +1,23 @@ +"""Major function for handling admin users.""" +from gn_auth.auth.db import sqlite3 as db +from gn_auth.auth.authentication.users import User + +def make_sys_admin(cursor: db.DbCursor, user: User) -> User: + """Make a given user into an system admin.""" + cursor.execute( + "SELECT * FROM roles WHERE role_name='system-administrator'") + admin_role = cursor.fetchone() + cursor.execute( + "SELECT * FROM resources AS r " + "INNER JOIN resource_categories AS rc " + "ON r.resource_category_id=rc.resource_category_id " + "WHERE resource_category_key='system'") + the_system = cursor.fetchone() + cursor.execute( + "INSERT INTO user_roles VALUES (:user_id, :role_id, :resource_id)", + { + "user_id": str(user.user_id), + "role_id": admin_role["role_id"], + "resource_id": the_system["resource_id"] + }) + return user diff --git a/scripts/register_sys_admin.py b/scripts/register_sys_admin.py index 78a0b33..dfd4d59 100644 --- a/scripts/register_sys_admin.py +++ b/scripts/register_sys_admin.py @@ -1,6 +1,5 @@ """Script to register and mark a user account as sysadmin.""" import sys -import uuid import getpass from pathlib import Path @@ -8,7 +7,8 @@ import click from email_validator import validate_email, EmailNotValidError from gn_auth.auth.db import sqlite3 as db -from gn_auth.auth.authentication.users import hash_password +from gn_auth.auth.authorisation.users.admin.models import make_sys_admin +from gn_auth.auth.authentication.users import save_user, set_user_password def fetch_email() -> str: """Prompt user for email.""" @@ -46,34 +46,10 @@ def fetch_name() -> str: def save_admin(conn: db.DbConnection, name: str, email: str, passwd: str): """Save the details to the database and assign the new user as admin.""" - admin_id = uuid.uuid4() - admin = { - "user_id": str(admin_id), - "email": email, - "name": name, - "hash": hash_password(passwd) - } with db.cursor(conn) as cursor: - cursor.execute("INSERT INTO users VALUES (:user_id, :email, :name)", - admin) - cursor.execute("INSERT INTO user_credentials VALUES (:user_id, :hash)", - admin) - cursor.execute( - "SELECT * FROM roles WHERE role_name='system-administrator'") - admin_role = cursor.fetchone() - cursor.execute( - "SELECT * FROM resources AS r " - "INNER JOIN resource_categories AS rc " - "ON r.resource_category_id=rc.resource_category_id " - "WHERE resource_category_key='system'") - the_system = cursor.fetchall() - cursor.execute( - "INSERT INTO user_roles VALUES (:user_id, :role_id, :resource_id)", - { - **admin, - "role_id": admin_role["role_id"], - "resource_id": the_system["resource_id"] - }) + usr, _hpasswd = set_user_password( + cursor, save_user(cursor, email, name), passwd) + make_sys_admin(cursor, usr) return 0 def register_admin(authdbpath: Path): -- cgit v1.2.3