BookStack Code Mirror - bookstack/blobdiff - app/Console/Commands/CreateAdminCommand.php

diff --git a/app/Console/Commands/CreateAdminCommand.php b/app/Console/Commands/CreateAdminCommand.php

index 82b6e50aa522a372f208b070086e540f50d0d7d9..bf72553f72a3018e49cc511d7bc3124f3bc3a250 100644 (file)

--- a/app/Console/Commands/CreateAdminCommand.php

+++ b/app/Console/Commands/CreateAdminCommand.php

@@ -8,7 +8,6 @@ use Illuminate\Console\Command;

use Illuminate\Support\Facades\Validator;

use Illuminate\Support\Str;

use Illuminate\Validation\Rules\Password;

-use Illuminate\Validation\Rules\Unique;

class CreateAdminCommand extends Command

{

@@ -21,7 +20,9 @@ class CreateAdminCommand extends Command

{--email= : The email address for the new admin user}

{--name= : The name of the new admin user}

{--password= : The password to assign to the new admin user}

- {--external-auth-id= : The external authentication system id for the new admin user (SAML2/LDAP/OIDC)}';

+ {--external-auth-id= : The external authentication system id for the new admin user (SAML2/LDAP/OIDC)}

+ {--generate-password : Generate a random password for the new admin user}

+ {--initial : Indicate if this should set/update the details of the initial admin user}';

/**

* The console command description.

@@ -35,26 +36,12 @@ class CreateAdminCommand extends Command

*/

public function handle(UserRepo $userRepo): int

{

- $details = $this->snakeCaseOptions();

-

- if (empty($details['email'])) {

- $details['email'] = $this->ask('Please specify an email address for the new admin user');

- }

-

- if (empty($details['name'])) {

- $details['name'] = $this->ask('Please specify a name for the new admin user');

- }

-

- if (empty($details['password'])) {

- if (empty($details['external_auth_id'])) {

- $details['password'] = $this->ask('Please specify a password for the new admin user (8 characters min)');

- } else {

- $details['password'] = Str::random(32);

- }

+ $initialAdminOnly = $this->option('initial');

+ $shouldGeneratePassword = $this->option('generate-password');

+ $details = $this->gatherDetails($shouldGeneratePassword, $initialAdminOnly);

$validator = Validator::make($details, [

- 'email' => ['required', 'email', 'min:5', new Unique('users', 'email')],

+ 'email' => ['required', 'email', 'min:5'],

'name' => ['required', 'min:2'],

'password' => ['required_without:external_auth_id', Password::default()],

'external_auth_id' => ['required_without:password'],

@@ -68,16 +55,101 @@ class CreateAdminCommand extends Command

return 1;

}

+ $adminRole = Role::getSystemRole('admin');

+

+ if ($initialAdminOnly) {

+ $handled = $this->handleInitialAdminIfExists($userRepo, $details, $shouldGeneratePassword, $adminRole);

+ if ($handled !== null) {

+ return $handled;

+ }

+

+ $emailUsed = $userRepo->getByEmail($details['email']) !== null;

+ if ($emailUsed) {

+ $this->error("Could not create admin account.");

+ $this->error("An account with the email address \"{$details['email']}\" already exists.");

+ return 1;

+ }

+

$user = $userRepo->createWithoutActivity($validator->validated());

- $user->attachRole(Role::getSystemRole('admin'));

+ $user->attachRole($adminRole);

$user->email_confirmed = true;

$user->save();

- $this->info("Admin account with email \"{$user->email}\" successfully created!");

+ if ($shouldGeneratePassword) {

+ $this->line($details['password']);

+ } else {

+ $this->info("Admin account with email \"{$user->email}\" successfully created!");

+ }

return 0;

}

+ /**

+ * Handle updates to the original admin account if it exists.

+ * Returns an int return status if handled, otherwise returns null if not handled (new user to be created).

+ */

+ protected function handleInitialAdminIfExists(UserRepo $userRepo, array $data, bool $generatePassword, Role $adminRole): int|null

+ {

+ $defaultAdmin = $userRepo->getByEmail('admin@admin.com');

+ if ($defaultAdmin && $defaultAdmin->hasSystemRole('admin')) {

+ if ($defaultAdmin->email !== $data['email'] && $userRepo->getByEmail($data['email']) !== null) {

+ $this->error("Could not create admin account.");

+ $this->error("An account with the email address \"{$data['email']}\" already exists.");

+ return 1;

+ }

+

+ $userRepo->updateWithoutActivity($defaultAdmin, $data, true);

+ if ($generatePassword) {

+ $this->line($data['password']);

+ } else {

+ $this->info("The default admin user has been updated with the provided details!");

+ }

+

+ return 0;

+ } else if ($adminRole->users()->count() > 0) {

+ $this->warn('Non-default admin user already exists. Skipping creation of new admin user.');

+ return 2;

+ }

+

+ return null;

+ }

+

+ protected function gatherDetails(bool $generatePassword, bool $initialAdmin): array

+ {

+ $details = $this->snakeCaseOptions();

+

+ if (empty($details['email'])) {

+ if ($initialAdmin) {

+ $details['email'] = 'admin@example.com';

+ } else {

+ $details['email'] = $this->ask('Please specify an email address for the new admin user');

+ }

+

+ if (empty($details['name'])) {

+ if ($initialAdmin) {

+ $details['name'] = 'Admin';

+ } else {

+ $details['name'] = $this->ask('Please specify a name for the new admin user');

+ }

+

+ if (empty($details['password'])) {

+ if (empty($details['external_auth_id'])) {

+ if ($generatePassword) {

+ $details['password'] = Str::random(32);

+ } else {

+ $details['password'] = $this->ask('Please specify a password for the new admin user (8 characters min)');

+ }

+ } else {

+ $details['password'] = Str::random(32);

+ }

+

+ return $details;

+ }

+

protected function snakeCaseOptions(): array

{

$returnOpts = [];