github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix: initAdminFromEnv 

Signed-off-by: mertmit <mertmit99@gmail.com>
pull/6333/head
mertmit 1 year ago
parent
52adf6168d
commit
6371294cf5
2 changed files with 119 additions and 158 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 275
      packages/nocodb/src/helpers/initAdminFromEnv.ts
  2. 2
      packages/nocodb/src/models/User.ts

275
packages/nocodb/src/helpers/initAdminFromEnv.ts
Unescape View File

@ -89,190 +89,151 @@ export default async function initAdminFromEnv(_ncMeta = Noco.ncMeta) {
salt, salt,
); );
const email_verification_token = uuidv4(); const email_verification_token = uuidv4();
const superUser = await ncMeta.metaGet2(null, null, MetaTable.USERS, { // TODO improve this
roles: 'user,super', const superUsers = await ncMeta.metaList2(null, null, MetaTable.USERS);
});
if (!superUser?.id) { for (const user of superUsers) {
const existingUserWithNewEmail = await User.getByEmail(email, ncMeta); if (!user.roles?.includes('super')) continue;
if (existingUserWithNewEmail?.id) {
// clear cache
await NocoCache.delAll(
CacheScope.USER,
`${existingUserWithNewEmail.email}___*`,
);
await NocoCache.del(
`${CacheScope.USER}:${existingUserWithNewEmail.id}`,
);
await NocoCache.del(
`${CacheScope.USER}:${existingUserWithNewEmail.email}`,
);
// Update email and password of super admin account if (email !== user.email) {
await User.update( // update admin email and password and migrate projects
existingUserWithNewEmail.id, // if user already present and associated with some project
{
salt,
email,
password,
email_verification_token,
token_version: randomTokenString(),
refresh_token: null,
roles,
},
ncMeta,
);
} else {
T.emit('evt', {
evt_type: 'project:invite',
count: 1,
});
await User.insert( // check user account already present with the new admin email
{ const existingUserWithNewEmail = await User.getByEmail(
email, email,
salt,
password,
email_verification_token,
roles,
},
ncMeta, ncMeta,
); );
}
} else if (email !== superUser.email) {
// update admin email and password and migrate projects
// if user already present and associated with some project
// check user account already present with the new admin email
const existingUserWithNewEmail = await User.getByEmail(email, ncMeta);
if (existingUserWithNewEmail?.id) {
// get all project access belongs to the existing account
// and migrate to the admin account
const existingUserProjects = await ncMeta.metaList2(
null,
null,
MetaTable.PROJECT_USERS,
{
condition: { fk_user_id: existingUserWithNewEmail.id },
},
);
for (const existingUserProject of existingUserProjects) { if (existingUserWithNewEmail?.id) {
const userProject = await ProjectUser.get( // get all project access belongs to the existing account
existingUserProject.project_id, // and migrate to the admin account
superUser.id, const existingUserProjects = await ncMeta.metaList2(
ncMeta, null,
null,
MetaTable.PROJECT_USERS,
{
condition: { fk_user_id: existingUserWithNewEmail.id },
},
); );
// if admin user already have access to the project for (const existingUserProject of existingUserProjects) {
// then update role based on the highest access level const userProject = await ProjectUser.get(
if (userProject) { existingUserProject.project_id,
if ( user.id,
rolesLevel[userProject.roles] > ncMeta,
rolesLevel[existingUserProject.roles] );
) {
await ProjectUser.update( // if admin user already have access to the project
userProject.project_id, // then update role based on the highest access level
superUser.id, if (userProject) {
existingUserProject.roles, if (
rolesLevel[userProject.roles] >
rolesLevel[existingUserProject.roles]
) {
await ProjectUser.update(
userProject.project_id,
user.id,
existingUserProject.roles,
ncMeta,
);
}
} else {
// if super doesn't have access then add the access
await ProjectUser.insert(
{
...existingUserProject,
fk_user_id: user.id,
},
ncMeta, ncMeta,
); );
} }
} else { // delete the old project access entry from DB
// if super doesn't have access then add the access await ProjectUser.delete(
await ProjectUser.insert( existingUserProject.project_id,
{ existingUserProject.fk_user_id,
...existingUserProject,
fk_user_id: superUser.id,
},
ncMeta, ncMeta,
); );
} }
// delete the old project access entry from DB
await ProjectUser.delete(
existingUserProject.project_id,
existingUserProject.fk_user_id,
ncMeta,
);
}
// delete existing user // delete existing user
await ncMeta.metaDelete( await ncMeta.metaDelete(
null, null,
null, null,
MetaTable.USERS, MetaTable.USERS,
existingUserWithNewEmail.id, existingUserWithNewEmail.id,
); );
// clear cache // clear cache
await NocoCache.delAll( await NocoCache.delAll(
CacheScope.USER, CacheScope.USER,
`${existingUserWithNewEmail.email}___*`, `${existingUserWithNewEmail.email}___*`,
); );
await NocoCache.del( await NocoCache.del(
`${CacheScope.USER}:${existingUserWithNewEmail.id}`, `${CacheScope.USER}:${existingUserWithNewEmail.id}`,
); );
await NocoCache.del( await NocoCache.del(
`${CacheScope.USER}:${existingUserWithNewEmail.email}`, `${CacheScope.USER}:${existingUserWithNewEmail.email}`,
); );
// Update email and password of super admin account // Update email and password of super admin account
await User.update( await User.update(
superUser.id, user.id,
{ {
salt, salt,
email, email,
password, password,
email_verification_token, email_verification_token,
token_version: randomTokenString(), token_version: randomTokenString(),
refresh_token: null, refresh_token: null,
}, },
ncMeta, ncMeta,
); );
} else {
// if email's are not different update the password and hash
await User.update(
user.id,
{
salt,
email,
password,
email_verification_token,
token_version: randomTokenString(),
refresh_token: null,
},
ncMeta,
);
}
} else { } else {
// if email's are not different update the password and hash const newPasswordHash = await promisify(bcrypt.hash)(
await User.update( process.env.NC_ADMIN_PASSWORD,
superUser.id, user.salt,
{
salt,
email,
password,
email_verification_token,
token_version: randomTokenString(),
refresh_token: null,
},
ncMeta,
); );
}
} else {
const newPasswordHash = await promisify(bcrypt.hash)(
process.env.NC_ADMIN_PASSWORD,
superUser.salt,
);
if (newPasswordHash !== superUser.password) { if (newPasswordHash !== user.password) {
// if email's are same and passwords are different // if email's are same and passwords are different
// then update the password and token version // then update the password and token version
await User.update( await User.update(
superUser.id, user.id,
{ {
salt, salt,
password, password,
email_verification_token, email_verification_token,
token_version: randomTokenString(), token_version: randomTokenString(),
refresh_token: null, refresh_token: null,
}, },
ncMeta, ncMeta,
); );
}
} }
} }
} }
await ncMeta.commit(); await ncMeta.commit();
} catch (e) { } catch (e) {
console.log('Error occurred while updating/creating admin user'); console.log('Error occurred while updating/creating admin user');
console.log(e);
await ncMeta.rollback(e); await ncMeta.rollback(e);
throw e;
} }
} }
} }

2
packages/nocodb/src/models/User.ts
Unescape View File

@ -87,7 +87,7 @@ export default class User implements UserType {
// check if the target email addr is in use or not // check if the target email addr is in use or not
const targetUser = await this.getByEmail(updateObj.email, ncMeta); const targetUser = await this.getByEmail(updateObj.email, ncMeta);
if (targetUser.id !== id) { if (targetUser && targetUser.id !== id) {
NcError.badRequest('email is in use'); NcError.badRequest('email is in use');
} }
} else { } else {

Write Preview
Loading…
Cancel
Save