diff --git a/doc b/doc index c3cbf1f..9449a6d 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit c3cbf1fdabc81c3e73d831655fe4d9c2d3d8330c +Subproject commit 9449a6dc39843969d3b549f05848b5857c23cfa3 diff --git a/matemat/db/facade.py b/matemat/db/facade.py index 1c954db..b7f4291 100644 --- a/matemat/db/facade.py +++ b/matemat/db/facade.py @@ -62,9 +62,22 @@ class MatematDatabase(object): """ return self.db.transaction(exclusive=exclusive) - def list_users(self) -> List[User]: + def has_admin_users(self) -> bool: + """ + Check whether the instance has any admin users configured. + + :return: True if there are admin users, false otherwise. + """ + with self.db.transaction(exclusive=False) as c: + c.execute('SELECT COUNT(user_id) FROM users WHERE is_admin = 1') + n, = c.fetchone() + return n > 0 + + def list_users(self, with_touchkey: bool = False) -> List[User]: """ Return a list of users in the database. + + :param with_touchkey: If true, only lists those users that have a touchkey set. Defaults to false. :return: A list of users. """ users: List[User] = [] @@ -72,7 +85,10 @@ class MatematDatabase(object): for row in c.execute(''' SELECT user_id, username, email, is_admin, is_member, balance FROM users - '''): + WHERE touchkey IS NOT NULL OR NOT :must_have_touchkey + ''', { + 'must_have_touchkey': with_touchkey + }): # Decompose each row and put the values into a User object user_id, username, email, is_admin, is_member, balance = row users.append(User(user_id, username, balance, email, is_admin, is_member)) diff --git a/matemat/db/test/test_facade.py b/matemat/db/test/test_facade.py index d82b62c..5843a29 100644 --- a/matemat/db/test/test_facade.py +++ b/matemat/db/test/test_facade.py @@ -4,6 +4,7 @@ import unittest import crypt from matemat.db import MatematDatabase +from matemat.db.primitives import User from matemat.exceptions import AuthenticationError, DatabaseConsistencyError @@ -43,11 +44,15 @@ class DatabaseTest(unittest.TestCase): with self.db as db: users = db.list_users() self.assertEqual(0, len(users)) - db.create_user('testuser', 'supersecurepassword', 'testuser@example.com', True, True) + users = db.list_users(with_touchkey=True) + self.assertEqual(0, len(users)) + testuser: User = db.create_user('testuser', 'supersecurepassword', 'testuser@example.com', True, True) + db.change_touchkey(testuser, '', 'touchkey', verify_password=False) db.create_user('anothertestuser', 'otherpassword', 'anothertestuser@example.com', False, True) db.create_user('yatu', 'igotapasswordtoo', 'yatu@example.com', False, False) users = db.list_users() - self.assertEqual(3, len(users)) + users_with_touchkey = db.list_users(with_touchkey=True) + self.assertEqual(3, len(users)) usercheck = {} for user in users: if user.name == 'testuser': @@ -64,6 +69,16 @@ class DatabaseTest(unittest.TestCase): self.assertFalse(user.is_admin) usercheck[user.id] = 1 self.assertEqual(3, len(usercheck)) + self.assertEqual(1, len(users_with_touchkey)) + self.assertEqual('testuser', users_with_touchkey[0].name) + + def test_has_admin_users(self): + with self.db as db: + self.assertFalse(db.has_admin_users()) + testuser: User = db.create_user('testuser', 'supersecurepassword', 'testuser@example.com', True, True) + self.assertTrue(db.has_admin_users()) + db.change_user(testuser, agent=testuser, is_admin=False) + self.assertFalse(db.has_admin_users()) def test_login(self) -> None: with self.db as db: diff --git a/matemat/webserver/pagelets/__init__.py b/matemat/webserver/pagelets/__init__.py index c336f46..4ef6fd5 100644 --- a/matemat/webserver/pagelets/__init__.py +++ b/matemat/webserver/pagelets/__init__.py @@ -13,3 +13,4 @@ from .deposit import deposit from .admin import admin from .moduser import moduser from .modproduct import modproduct +from .userbootstrap import userbootstrap diff --git a/matemat/webserver/pagelets/main.py b/matemat/webserver/pagelets/main.py index 81f2d7d..54f6f79 100644 --- a/matemat/webserver/pagelets/main.py +++ b/matemat/webserver/pagelets/main.py @@ -1,6 +1,6 @@ from typing import Any, Dict, Union -from matemat.webserver import pagelet, RequestArguments, PageletResponse, TemplateResponse +from matemat.webserver import pagelet, RequestArguments, PageletResponse, TemplateResponse, RedirectResponse from matemat.db import MatematDatabase @@ -30,7 +30,10 @@ def main_page(method: str, authuser=user, products=products, authlevel=authlevel, setupname=config['InstanceName']) else: + # If there are no admin users registered, jump to the admin creation procedure + if not db.has_admin_users(): + return RedirectResponse('/userbootstrap') # If no user is logged in, fetch the list of users and render the userlist template - users = db.list_users() + users = db.list_users(with_touchkey=True) return TemplateResponse('userlist.html', users=users, setupname=config['InstanceName']) diff --git a/matemat/webserver/pagelets/userbootstrap.py b/matemat/webserver/pagelets/userbootstrap.py new file mode 100644 index 0000000..8efdb39 --- /dev/null +++ b/matemat/webserver/pagelets/userbootstrap.py @@ -0,0 +1,43 @@ + +from typing import Any, Dict, Union + +from matemat.db import MatematDatabase +from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse, TemplateResponse +from matemat.exceptions import HttpException + + +@pagelet('/userbootstrap') +def userbootstrap(method: str, + path: str, + args: RequestArguments, + session_vars: Dict[str, Any], + headers: Dict[str, str], + config: Dict[str, str]) \ + -> Union[bytes, str, PageletResponse]: + """ + The page for creating a first admin user. To be used when the system is set up the first time, or when there are no + admin users left. + """ + with MatematDatabase(config['DatabaseFile']) as db: + # Redirect to main if there are still administrators registered + if db.has_admin_users(): + return RedirectResponse('/') + # Process submission + if method == 'POST': + # Make sure all required values are present + if 'username' not in args or 'password' not in args or 'password2' not in args: + raise HttpException(400, 'Some arguments are missing') + username: str = str(args.username) + password: str = str(args.password) + password2: str = str(args.password2) + # The 2 passwords must match + if password != password2: + return RedirectResponse('/userbootstrap') + # Create the admin user + db.create_user(username, password, None, True, False) + # Redirect to the main page + return RedirectResponse('/') + # Requested via GET; show the user creation UI + else: + return TemplateResponse('userbootstrap.html', + setupname=config['InstanceName']) diff --git a/templates/userbootstrap.html b/templates/userbootstrap.html new file mode 100644 index 0000000..3bab41f --- /dev/null +++ b/templates/userbootstrap.html @@ -0,0 +1,28 @@ +{% extends "base.html" %} + +{% block header %} + {# Show the setup name, as set in the config file, as page title followed by "Setup". Don't escape HTML entities. #} +