From ad92cfc852ca6aa121654d747a02628492ae5b89 Mon Sep 17 00:00:00 2001 From: Elias Schneider Date: Thu, 26 Jan 2023 15:43:13 +0100 Subject: [PATCH] fix: admin users were created while the setup wizard wasn't finished --- .../20230126125501_reverse_shares/migration.sql | 2 +- backend/prisma/seed/config.seed.ts | 6 +++--- backend/src/auth/auth.service.ts | 8 +++++++- backend/src/config/config.controller.ts | 2 +- backend/src/config/config.service.ts | 6 +++--- .../admin/configuration/AdminConfigTable.tsx | 14 +++++++------- frontend/src/pages/_app.tsx | 15 ++++++++++++--- frontend/src/pages/admin/setup.tsx | 2 +- 8 files changed, 35 insertions(+), 20 deletions(-) diff --git a/backend/prisma/migrations/20230126125501_reverse_shares/migration.sql b/backend/prisma/migrations/20230126125501_reverse_shares/migration.sql index 1129288ec..74f162c94 100644 --- a/backend/prisma/migrations/20230126125501_reverse_shares/migration.sql +++ b/backend/prisma/migrations/20230126125501_reverse_shares/migration.sql @@ -46,7 +46,6 @@ CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token"); CREATE UNIQUE INDEX "ReverseShare_shareId_key" ON "ReverseShare"("shareId"); -- Custom migration -UPDATE Config SET `order` = 0 WHERE key = "SETUP_FINISHED"; UPDATE Config SET `order` = 0 WHERE key = "JWT_SECRET"; UPDATE Config SET `order` = 0 WHERE key = "TOTP_SECRET"; @@ -65,3 +64,4 @@ UPDATE Config SET `order` = 15 WHERE key = "SMTP_USERNAME"; UPDATE Config SET `order` = 16 WHERE key = "SMTP_PASSWORD"; INSERT INTO Config (`order`, `key`, `description`, `type`, `value`, `category`, `secret`, `updatedAt`) VALUES (11, "SMTP_ENABLED", "Whether SMTP is enabled. Only set this to true if you entered the host, port, email, user and password of your SMTP server.", "boolean", IFNULL((SELECT value FROM Config WHERE key="ENABLE_SHARE_EMAIL_RECIPIENTS"), "false"), "smtp", 0, strftime('%s', 'now')); +INSERT INTO Config (`order`, `key`, `description`, `type`, `value`, `category`, `secret`, `updatedAt`, `locked`) VALUES (0, "SETUP_STATUS", "Status of the setup wizard", "string", IIF((SELECT value FROM Config WHERE key="SETUP_FINISHED") == "true", "FINISHED", "STARTED"), "internal", 0, strftime('%s', 'now'), 1); \ No newline at end of file diff --git a/backend/prisma/seed/config.seed.ts b/backend/prisma/seed/config.seed.ts index 07f9e50db..2b350c853 100644 --- a/backend/prisma/seed/config.seed.ts +++ b/backend/prisma/seed/config.seed.ts @@ -4,10 +4,10 @@ import * as crypto from "crypto"; const configVariables: Prisma.ConfigCreateInput[] = [ { order: 0, - key: "SETUP_FINISHED", + key: "SETUP_STATUS", description: "Status of the setup wizard", - type: "boolean", - value: "false", + type: "string", + value: "STARTED", // STARTED, REGISTERED, FINISHED category: "internal", secret: false, locked: true, diff --git a/backend/src/auth/auth.service.ts b/backend/src/auth/auth.service.ts index 8254ab92e..4ff00a66f 100644 --- a/backend/src/auth/auth.service.ts +++ b/backend/src/auth/auth.service.ts @@ -23,6 +23,8 @@ export class AuthService { ) {} async signUp(dto: AuthRegisterDTO) { + const isFirstUser = this.config.get("SETUP_STATUS") == "STARTED"; + const hash = await argon.hash(dto.password); try { const user = await this.prisma.user.create({ @@ -30,10 +32,14 @@ export class AuthService { email: dto.email, username: dto.username, password: hash, - isAdmin: !this.config.get("SETUP_FINISHED"), + isAdmin: isFirstUser, }, }); + if (isFirstUser) { + await this.config.changeSetupStatus("REGISTERED"); + } + const { refreshToken, refreshTokenId } = await this.createRefreshToken( user.id ); diff --git a/backend/src/config/config.controller.ts b/backend/src/config/config.controller.ts index ec2281c4b..5c7213576 100644 --- a/backend/src/config/config.controller.ts +++ b/backend/src/config/config.controller.ts @@ -37,7 +37,7 @@ export class ConfigController { @Post("admin/finishSetup") @UseGuards(JwtGuard, AdministratorGuard) async finishSetup() { - return await this.configService.finishSetup(); + return await this.configService.changeSetupStatus("FINISHED"); } @Post("admin/testEmail") diff --git a/backend/src/config/config.service.ts b/backend/src/config/config.service.ts index 5c97a28e8..49d9e5c9b 100644 --- a/backend/src/config/config.service.ts +++ b/backend/src/config/config.service.ts @@ -76,10 +76,10 @@ export class ConfigService { return updatedVariable; } - async finishSetup() { + async changeSetupStatus(status: "STARTED" | "REGISTERED" | "FINISHED") { return await this.prisma.config.update({ - where: { key: "SETUP_FINISHED" }, - data: { value: "true" }, + where: { key: "SETUP_STATUS" }, + data: { value: status }, }); } } diff --git a/frontend/src/components/admin/configuration/AdminConfigTable.tsx b/frontend/src/components/admin/configuration/AdminConfigTable.tsx index 5a6e41ac3..76a83802b 100644 --- a/frontend/src/components/admin/configuration/AdminConfigTable.tsx +++ b/frontend/src/components/admin/configuration/AdminConfigTable.tsx @@ -112,20 +112,20 @@ const AdminConfigTable = () => {