diff --git a/doc b/doc
index c3cbf1f..9449a6d 160000
--- a/doc
+++ b/doc
@@ -1 +1 @@
-Subproject commit c3cbf1fdabc81c3e73d831655fe4d9c2d3d8330c
+Subproject commit 9449a6dc39843969d3b549f05848b5857c23cfa3
diff --git a/matemat/db/facade.py b/matemat/db/facade.py
index 1c954db..b7f4291 100644
--- a/matemat/db/facade.py
+++ b/matemat/db/facade.py
@@ -62,9 +62,22 @@ class MatematDatabase(object):
"""
return self.db.transaction(exclusive=exclusive)
- def list_users(self) -> List[User]:
+ def has_admin_users(self) -> bool:
+ """
+ Check whether the instance has any admin users configured.
+
+ :return: True if there are admin users, false otherwise.
+ """
+ with self.db.transaction(exclusive=False) as c:
+ c.execute('SELECT COUNT(user_id) FROM users WHERE is_admin = 1')
+ n, = c.fetchone()
+ return n > 0
+
+ def list_users(self, with_touchkey: bool = False) -> List[User]:
"""
Return a list of users in the database.
+
+ :param with_touchkey: If true, only lists those users that have a touchkey set. Defaults to false.
:return: A list of users.
"""
users: List[User] = []
@@ -72,7 +85,10 @@ class MatematDatabase(object):
for row in c.execute('''
SELECT user_id, username, email, is_admin, is_member, balance
FROM users
- '''):
+ WHERE touchkey IS NOT NULL OR NOT :must_have_touchkey
+ ''', {
+ 'must_have_touchkey': with_touchkey
+ }):
# Decompose each row and put the values into a User object
user_id, username, email, is_admin, is_member, balance = row
users.append(User(user_id, username, balance, email, is_admin, is_member))
diff --git a/matemat/db/test/test_facade.py b/matemat/db/test/test_facade.py
index d82b62c..5843a29 100644
--- a/matemat/db/test/test_facade.py
+++ b/matemat/db/test/test_facade.py
@@ -4,6 +4,7 @@ import unittest
import crypt
from matemat.db import MatematDatabase
+from matemat.db.primitives import User
from matemat.exceptions import AuthenticationError, DatabaseConsistencyError
@@ -43,11 +44,15 @@ class DatabaseTest(unittest.TestCase):
with self.db as db:
users = db.list_users()
self.assertEqual(0, len(users))
- db.create_user('testuser', 'supersecurepassword', 'testuser@example.com', True, True)
+ users = db.list_users(with_touchkey=True)
+ self.assertEqual(0, len(users))
+ testuser: User = db.create_user('testuser', 'supersecurepassword', 'testuser@example.com', True, True)
+ db.change_touchkey(testuser, '', 'touchkey', verify_password=False)
db.create_user('anothertestuser', 'otherpassword', 'anothertestuser@example.com', False, True)
db.create_user('yatu', 'igotapasswordtoo', 'yatu@example.com', False, False)
users = db.list_users()
- self.assertEqual(3, len(users))
+ users_with_touchkey = db.list_users(with_touchkey=True)
+ self.assertEqual(3, len(users))
usercheck = {}
for user in users:
if user.name == 'testuser':
@@ -64,6 +69,16 @@ class DatabaseTest(unittest.TestCase):
self.assertFalse(user.is_admin)
usercheck[user.id] = 1
self.assertEqual(3, len(usercheck))
+ self.assertEqual(1, len(users_with_touchkey))
+ self.assertEqual('testuser', users_with_touchkey[0].name)
+
+ def test_has_admin_users(self):
+ with self.db as db:
+ self.assertFalse(db.has_admin_users())
+ testuser: User = db.create_user('testuser', 'supersecurepassword', 'testuser@example.com', True, True)
+ self.assertTrue(db.has_admin_users())
+ db.change_user(testuser, agent=testuser, is_admin=False)
+ self.assertFalse(db.has_admin_users())
def test_login(self) -> None:
with self.db as db:
diff --git a/matemat/webserver/pagelets/__init__.py b/matemat/webserver/pagelets/__init__.py
index c336f46..4ef6fd5 100644
--- a/matemat/webserver/pagelets/__init__.py
+++ b/matemat/webserver/pagelets/__init__.py
@@ -13,3 +13,4 @@ from .deposit import deposit
from .admin import admin
from .moduser import moduser
from .modproduct import modproduct
+from .userbootstrap import userbootstrap
diff --git a/matemat/webserver/pagelets/main.py b/matemat/webserver/pagelets/main.py
index 81f2d7d..54f6f79 100644
--- a/matemat/webserver/pagelets/main.py
+++ b/matemat/webserver/pagelets/main.py
@@ -1,6 +1,6 @@
from typing import Any, Dict, Union
-from matemat.webserver import pagelet, RequestArguments, PageletResponse, TemplateResponse
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, TemplateResponse, RedirectResponse
from matemat.db import MatematDatabase
@@ -30,7 +30,10 @@ def main_page(method: str,
authuser=user, products=products, authlevel=authlevel,
setupname=config['InstanceName'])
else:
+ # If there are no admin users registered, jump to the admin creation procedure
+ if not db.has_admin_users():
+ return RedirectResponse('/userbootstrap')
# If no user is logged in, fetch the list of users and render the userlist template
- users = db.list_users()
+ users = db.list_users(with_touchkey=True)
return TemplateResponse('userlist.html',
users=users, setupname=config['InstanceName'])
diff --git a/matemat/webserver/pagelets/userbootstrap.py b/matemat/webserver/pagelets/userbootstrap.py
new file mode 100644
index 0000000..8efdb39
--- /dev/null
+++ b/matemat/webserver/pagelets/userbootstrap.py
@@ -0,0 +1,43 @@
+
+from typing import Any, Dict, Union
+
+from matemat.db import MatematDatabase
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse, TemplateResponse
+from matemat.exceptions import HttpException
+
+
+@pagelet('/userbootstrap')
+def userbootstrap(method: str,
+ path: str,
+ args: RequestArguments,
+ session_vars: Dict[str, Any],
+ headers: Dict[str, str],
+ config: Dict[str, str]) \
+ -> Union[bytes, str, PageletResponse]:
+ """
+ The page for creating a first admin user. To be used when the system is set up the first time, or when there are no
+ admin users left.
+ """
+ with MatematDatabase(config['DatabaseFile']) as db:
+ # Redirect to main if there are still administrators registered
+ if db.has_admin_users():
+ return RedirectResponse('/')
+ # Process submission
+ if method == 'POST':
+ # Make sure all required values are present
+ if 'username' not in args or 'password' not in args or 'password2' not in args:
+ raise HttpException(400, 'Some arguments are missing')
+ username: str = str(args.username)
+ password: str = str(args.password)
+ password2: str = str(args.password2)
+ # The 2 passwords must match
+ if password != password2:
+ return RedirectResponse('/userbootstrap')
+ # Create the admin user
+ db.create_user(username, password, None, True, False)
+ # Redirect to the main page
+ return RedirectResponse('/')
+ # Requested via GET; show the user creation UI
+ else:
+ return TemplateResponse('userbootstrap.html',
+ setupname=config['InstanceName'])
diff --git a/templates/userbootstrap.html b/templates/userbootstrap.html
new file mode 100644
index 0000000..3bab41f
--- /dev/null
+++ b/templates/userbootstrap.html
@@ -0,0 +1,28 @@
+{% extends "base.html" %}
+
+{% block header %}
+ {# Show the setup name, as set in the config file, as page title followed by "Setup". Don't escape HTML entities. #}
+ {{ setupname|safe }} Setup
+ {{ super() }}
+{% endblock %}
+
+{% block main %}
+
+ {# Show a user creation form #}
+ Please create an admin user account
+
+
+ {{ super() }}
+
+{% endblock %}