use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Str;
use Illuminate\Validation\Rules\Password;
-use Illuminate\Validation\Rules\Unique;
class CreateAdminCommand extends Command
{
{--password= : The password to assign to the new admin user}
{--external-auth-id= : The external authentication system id for the new admin user (SAML2/LDAP/OIDC)}
{--generate-password : Generate a random password for the new admin user}
- {--first-admin : Indicate if this should set/update the details of the initial admin user}';
+ {--initial : Indicate if this should set/update the details of the initial admin user}';
/**
* The console command description.
*/
public function handle(UserRepo $userRepo): int
{
- $firstAdminOnly = $this->option('first-admin');
+ $initialAdminOnly = $this->option('initial');
$shouldGeneratePassword = $this->option('generate-password');
- $details = $this->gatherDetails($shouldGeneratePassword);
+ $details = $this->gatherDetails($shouldGeneratePassword, $initialAdminOnly);
$validator = Validator::make($details, [
- 'email' => ['required', 'email', 'min:5', new Unique('users', 'email')],
+ 'email' => ['required', 'email', 'min:5'],
'name' => ['required', 'min:2'],
'password' => ['required_without:external_auth_id', Password::default()],
'external_auth_id' => ['required_without:password'],
$adminRole = Role::getSystemRole('admin');
- if ($firstAdminOnly) {
- $handled = $this->handleFirstAdminIfExists($userRepo, $details, $shouldGeneratePassword, $adminRole);
- if ($handled) {
- return 0;
+ if ($initialAdminOnly) {
+ $handled = $this->handleInitialAdminIfExists($userRepo, $details, $shouldGeneratePassword, $adminRole);
+ if ($handled !== null) {
+ return $handled ? 0 : 1;
}
}
+ $emailUsed = $userRepo->getByEmail($details['email']) !== null;
+ if ($emailUsed) {
+ $this->error("Could not create admin account.");
+ $this->error("An account with the email address \"{$details['email']}\" already exists.");
+ return 1;
+ }
+
$user = $userRepo->createWithoutActivity($validator->validated());
$user->attachRole($adminRole);
$user->email_confirmed = true;
}
/**
- * Handle updates to the first admin if exists.
- * Returns true if the action has been handled (user updated or already a non-default admin user) otherwise
- * returns false if no action has been taken, and we therefore need to proceed with a normal account creation.
+ * Handle updates to the original admin account if it exists.
+ * Returns true if it's been successfully handled, false if unsuccessful, or null if not handled.
*/
- protected function handleFirstAdminIfExists(UserRepo $userRepo, array $data, bool $generatePassword, Role $adminRole): bool
+ protected function handleInitialAdminIfExists(UserRepo $userRepo, array $data, bool $generatePassword, Role $adminRole): bool|null
{
if ($defaultAdmin && $defaultAdmin->hasSystemRole('admin')) {
+ if ($defaultAdmin->email !== $data['email'] && $userRepo->getByEmail($data['email']) !== null) {
+ $this->error("Could not create admin account.");
+ $this->error("An account with the email address \"{$data['email']}\" already exists.");
+ return false;
+ }
+
$userRepo->updateWithoutActivity($defaultAdmin, $data, true);
if ($generatePassword) {
$this->line($data['password']);
return true;
}
- return false;
+ return null;
}
- protected function gatherDetails(bool $generatePassword): array
+ protected function gatherDetails(bool $generatePassword, bool $initialAdmin): array
{
$details = $this->snakeCaseOptions();
if (empty($details['email'])) {
- $details['email'] = $this->ask('Please specify an email address for the new admin user');
+ if ($initialAdmin) {
+ } else {
+ $details['email'] = $this->ask('Please specify an email address for the new admin user');
+ }
}
if (empty($details['name'])) {
- $details['name'] = $this->ask('Please specify a name for the new admin user');
+ if ($initialAdmin) {
+ $details['name'] = 'Admin';
+ } else {
+ $details['name'] = $this->ask('Please specify a name for the new admin user');
+ }
}
if (empty($details['password'])) {
namespace Tests\Commands;
+use BookStack\Users\Models\Role;
use BookStack\Users\Models\User;
+use Illuminate\Support\Facades\Artisan;
use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
use Tests\TestCase;
class CreateAdminCommandTest extends TestCase
public function test_standard_command_usage()
{
$this->artisan('bookstack:create-admin', [
- '--name' => 'Admin Test',
+ '--name' => 'Admin Test',
'--password' => 'testing-4',
])->assertExitCode(0);
$this->assertDatabaseHas('users', [
- 'name' => 'Admin Test',
+ 'name' => 'Admin Test',
]);
/** @var User $user */
public function test_providing_external_auth_id()
{
$this->artisan('bookstack:create-admin', [
- '--name' => 'Admin Test',
+ '--name' => 'Admin Test',
'--external-auth-id' => 'xX_admin_Xx',
])->assertExitCode(0);
$this->assertDatabaseHas('users', [
- 'name' => 'Admin Test',
+ 'name' => 'Admin Test',
'external_auth_id' => 'xX_admin_Xx',
]);
{
$this->artisan('bookstack:create-admin', [
- '--name' => 'Admin Test',
+ '--name' => 'Admin Test',
])->expectsQuestion('Please specify a password for the new admin user (8 characters min)', 'hunter2000')
->assertExitCode(0);
$this->assertDatabaseHas('users', [
- 'name' => 'Admin Test',
+ 'name' => 'Admin Test',
]);
$this->assertTrue(Auth::attempt(['email' => '
[email protected]', 'password' => 'hunter2000']));
}
+
+ public function test_generate_password_option()
+ {
+ $this->withoutMockingConsoleOutput()
+ ->artisan('bookstack:create-admin', [
+ '--name' => 'Admin Test',
+ '--generate-password' => true,
+ ]);
+
+ $output = trim(Artisan::output());
+ $this->assertMatchesRegularExpression('/^[a-zA-Z0-9]{32}$/', $output);
+
+ $this->assertTrue(Hash::check($output, $user->password));
+ }
+
+ public function test_initial_option_updates_default_admin()
+ {
+
+ $this->artisan('bookstack:create-admin', [
+ '--name' => 'Admin Test',
+ '--password' => 'testing-7',
+ '--initial' => true,
+ ])->expectsOutput('The default admin user has been updated with the provided details!')
+ ->assertExitCode(0);
+
+ $defaultAdmin->refresh();
+
+ }
+
+ public function test_initial_option_does_not_update_if_only_non_default_admin_exists()
+ {
+ $defaultAdmin->save();
+
+ $this->artisan('bookstack:create-admin', [
+ '--name' => 'Admin Test',
+ '--password' => 'testing-7',
+ '--initial' => true,
+ ])->expectsOutput('Non-default admin user already exists. Skipping creation of new admin user.')
+ ->assertExitCode(0);
+
+ $defaultAdmin->refresh();
+
+ }
+
+ public function test_initial_option_updates_creates_new_admin_if_none_exists()
+ {
+ $adminRole = Role::getSystemRole('admin');
+ $adminRole->users()->delete();
+ $this->assertEquals(0, $adminRole->users()->count());
+
+ $this->artisan('bookstack:create-admin', [
+ '--name' => 'My initial admin',
+ '--password' => 'testing-7',
+ '--initial' => true,
+ ])->expectsOutput("Admin account with email \"
[email protected]\" successfully created!")
+ ->assertExitCode(0);
+
+ $this->assertEquals(1, $adminRole->users()->count());
+ $this->assertDatabaseHas('users', [
+ 'name' => 'My initial admin',
+ ]);
+ }
+
+ public function test_initial_rerun_does_not_error_but_skips()
+ {
+ $adminRole = Role::getSystemRole('admin');
+ $adminRole->users()->delete();
+
+ $this->artisan('bookstack:create-admin', [
+ '--name' => 'My initial admin',
+ '--password' => 'testing-7',
+ '--initial' => true,
+ ])->expectsOutput("Admin account with email \"
[email protected]\" successfully created!")
+ ->assertExitCode(0);
+
+ $this->artisan('bookstack:create-admin', [
+ '--name' => 'My initial admin',
+ '--password' => 'testing-7',
+ '--initial' => true,
+ ])->expectsOutput("Non-default admin user already exists. Skipping creation of new admin user.")
+ ->assertExitCode(0);
+ }
+
+ public function test_initial_option_creation_errors_if_email_already_exists()
+ {
+ $adminRole = Role::getSystemRole('admin');
+ $adminRole->users()->delete();
+ $editor = $this->users->editor();
+
+ $this->artisan('bookstack:create-admin', [
+ '--email' => $editor->email,
+ '--name' => 'My initial admin',
+ '--password' => 'testing-7',
+ '--initial' => true,
+ ])->expectsOutput("Could not create admin account.")
+ ->expectsOutput("An account with the email address \"{$editor->email}\" already exists.")
+ ->assertExitCode(1);
+ }
+
+ public function test_initial_option_updating_errors_if_email_already_exists()
+ {
+ $editor = $this->users->editor();
+ $this->assertNotNull($defaultAdmin);
+
+ $this->artisan('bookstack:create-admin', [
+ '--email' => $editor->email,
+ '--name' => 'My initial admin',
+ '--password' => 'testing-7',
+ '--initial' => true,
+ ])->expectsOutput("Could not create admin account.")
+ ->expectsOutput("An account with the email address \"{$editor->email}\" already exists.")
+ ->assertExitCode(1);
+ }
+
+ public function test_initial_option_does_not_require_name_or_email_to_be_passed()
+ {
+ $adminRole = Role::getSystemRole('admin');
+ $adminRole->users()->delete();
+ $this->assertEquals(0, $adminRole->users()->count());
+
+ $this->artisan('bookstack:create-admin', [
+ '--generate-password' => true,
+ '--initial' => true,
+ ])->assertExitCode(0);
+
+ $this->assertEquals(1, $adminRole->users()->count());
+ $this->assertDatabaseHas('users', [
+ 'name' => 'Admin',
+ ]);
+ }
+
+ public function test_initial_option_updating_existing_user_with_generate_password_only_outputs_password()
+ {
+
+ $this->withoutMockingConsoleOutput()
+ ->artisan('bookstack:create-admin', [
+ '--name' => 'Admin Test',
+ '--generate-password' => true,
+ '--initial' => true,
+ ]);
+
+ $output = Artisan::output();
+ $this->assertMatchesRegularExpression('/^[a-zA-Z0-9]{32}$/', $output);
+
+ $defaultAdmin->refresh();
+ }
}
projects / bookstack / commitdiff