Added external-auth-id option to create-admin command

- Added tests to cover.
- Refactored some existing testing.
- Requires password or external_auth_id to be provided. Defaults to
  password.
- Randomly sets password to 32 digit random chars if external_auth_id
  provided instead.

For #3222

diff --git a/app/Console/Commands/CreateAdmin.php b/app/Console/Commands/CreateAdmin.php
index 8c273bc1ff416ee5f6c5e1607d25a16e4733b002..e7aff3f927aaa60586948026be9e4e2af7d8c3ae 100644 (file)
--- a/app/Console/Commands/CreateAdmin.php
+++ b/app/Console/Commands/CreateAdmin.php
@@ -3,8 +3,10 @@
 namespace BookStack\Console\Commands;
 
 use BookStack\Auth\UserRepo;
 namespace BookStack\Console\Commands;
 
 use BookStack\Auth\UserRepo;

+use BookStack\Exceptions\NotFoundException;

 use Illuminate\Console\Command;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Console\Command;
 use Illuminate\Support\Facades\Validator;

+use Illuminate\Support\Str;

 use Illuminate\Validation\Rules\Password;
 use Illuminate\Validation\Rules\Unique;
 use Symfony\Component\Console\Command\Command as SymfonyCommand;
 use Illuminate\Validation\Rules\Password;
 use Illuminate\Validation\Rules\Unique;
 use Symfony\Component\Console\Command\Command as SymfonyCommand;


@@ -19,7 +21,8 @@ class CreateAdmin extends Command
     protected $signature = 'bookstack:create-admin
                             {--email= : The email address for the new admin user}
                             {--name= : The name of the new admin user}
     protected $signature = 'bookstack:create-admin
                             {--email= : The email address for the new admin user}
                             {--name= : The name of the new admin user}

-                            {--password= : The password to assign to the new admin user}';
+                            {--password= : The password to assign to the new admin user}
+                            {--external-auth-id= : The external authentication system id for the new admin user (SAML2/LDAP/OIDC)}';

 
     /**
      * The console command description.
 
     /**
      * The console command description.


@@ -42,28 +45,35 @@ class CreateAdmin extends Command
     /**
      * Execute the console command.
      *
     /**
      * Execute the console command.
      *

-     * @throws \BookStack\Exceptions\NotFoundException
+     * @throws NotFoundException

      *
      * @return mixed
      */
     public function handle()
     {
      *
      * @return mixed
      */
     public function handle()
     {

-        $details = $this->options();
+        $details = $this->snakeCaseOptions();

 
         if (empty($details['email'])) {
             $details['email'] = $this->ask('Please specify an email address for the new admin user');
         }
 
         if (empty($details['email'])) {
             $details['email'] = $this->ask('Please specify an email address for the new admin user');
         }

+

         if (empty($details['name'])) {
             $details['name'] = $this->ask('Please specify a name for the new admin user');
         }
         if (empty($details['name'])) {
             $details['name'] = $this->ask('Please specify a name for the new admin user');
         }

+

         if (empty($details['password'])) {
         if (empty($details['password'])) {

-            $details['password'] = $this->ask('Please specify a password for the new admin user (8 characters min)');
+            if (empty($details['external_auth_id'])) {
+                $details['password'] = $this->ask('Please specify a password for the new admin user (8 characters min)');
+            } else {
+                $details['password'] = Str::random(32);
+            }

         }
 
         $validator = Validator::make($details, [
         }
 
         $validator = Validator::make($details, [

-            'email'    => ['required', 'email', 'min:5', new Unique('users', 'email')],
-            'name'     => ['required', 'min:2'],
-            'password' => ['required', Password::default()],
+            'email'            => ['required', 'email', 'min:5', new Unique('users', 'email')],
+            'name'             => ['required', 'min:2'],
+            'password'         => ['required_without:external_auth_id', Password::default()],
+            'external_auth_id' => ['required_without:password'],

         ]);
 
         if ($validator->fails()) {
         ]);
 
         if ($validator->fails()) {


@@ -84,4 +94,13 @@ class CreateAdmin extends Command
 
         return SymfonyCommand::SUCCESS;
     }
 
         return SymfonyCommand::SUCCESS;
     }

+
+    protected function snakeCaseOptions(): array
+    {
+        $returnOpts = [];
+        foreach ($this->options() as $key => $value) {
+            $returnOpts[str_replace('-', '_', $key)] = $value;
+        }
+        return $returnOpts;
+    }

 }
 }

diff --git a/tests/Commands/AddAdminCommandTest.php b/tests/Commands/AddAdminCommandTest.php
deleted file mode 100644 (file)
index 0f14424..0000000
--- a/tests/Commands/AddAdminCommandTest.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-namespace Tests\Commands;
-
-use BookStack\Auth\User;
-use Tests\TestCase;
-
-class AddAdminCommandTest extends TestCase
-{
-    public function test_add_admin_command()
-    {
-        $exitCode = \Artisan::call('bookstack:create-admin', [
-            '--email'    => '[email protected]',
-            '--name'     => 'Admin Test',
-            '--password' => 'testing-4',
-        ]);
-        $this->assertTrue($exitCode === 0, 'Command executed successfully');
-
-        $this->assertDatabaseHas('users', [
-            'email' => '[email protected]',
-            'name'  => 'Admin Test',
-        ]);
-
-        $this->assertTrue(User::query()->where('email', '=', '[email protected]')->first()->hasSystemRole('admin'), 'User has admin role as expected');
-        $this->assertTrue(\Auth::attempt(['email' => '[email protected]', 'password' => 'testing-4']), 'Password stored as expected');
-    }
-}

diff --git a/tests/Commands/CreateAdminCommandTest.php b/tests/Commands/CreateAdminCommandTest.php
new file mode 100644 (file)
index 0000000..9aa4b8e
--- /dev/null
+++ b/tests/Commands/CreateAdminCommandTest.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace Tests\Commands;
+
+use BookStack\Auth\User;
+use Illuminate\Support\Facades\Auth;
+use Tests\TestCase;
+
+class CreateAdminCommandTest extends TestCase
+{
+    public function test_standard_command_usage()
+    {
+        $this->artisan('bookstack:create-admin', [
+            '--email' => '[email protected]',
+            '--name' => 'Admin Test',
+            '--password' => 'testing-4',
+        ])->assertExitCode(0);
+
+        $this->assertDatabaseHas('users', [
+            'email' => '[email protected]',
+            'name' => 'Admin Test',
+        ]);
+
+        /** @var User $user */
+        $user = User::query()->where('email', '=', '[email protected]')->first();
+        $this->assertTrue($user->hasSystemRole('admin'));
+        $this->assertTrue(Auth::attempt(['email' => '[email protected]', 'password' => 'testing-4']));
+    }
+
+    public function test_providing_external_auth_id()
+    {
+        $this->artisan('bookstack:create-admin', [
+            '--email' => '[email protected]',
+            '--name' => 'Admin Test',
+            '--external-auth-id' => 'xX_admin_Xx',
+        ])->assertExitCode(0);
+
+        $this->assertDatabaseHas('users', [
+            'email' => '[email protected]',
+            'name' => 'Admin Test',
+            'external_auth_id' => 'xX_admin_Xx',
+        ]);
+
+        /** @var User $user */
+        $user = User::query()->where('email', '=', '[email protected]')->first();
+        $this->assertNotEmpty($user->password);
+    }
+
+    public function test_password_required_if_external_auth_id_not_given()
+    {
+        $this->artisan('bookstack:create-admin', [
+            '--email' => '[email protected]',
+            '--name' => 'Admin Test',
+        ])->expectsQuestion('Please specify a password for the new admin user (8 characters min)', 'hunter2000')
+            ->assertExitCode(0);
+
+        $this->assertDatabaseHas('users', [
+            'email' => '[email protected]',
+            'name' => 'Admin Test',
+        ]);
+        $this->assertTrue(Auth::attempt(['email' => '[email protected]', 'password' => 'hunter2000']));
+    }
+}