backend: password related fixes: (#479)

- mongodb: support passwords with '@' by escaping mongo username and password - superadmin: update superadmin email and password after initial creation if updated in helm values
2023-01-13 18:22:50 -08:00 · 2023-01-13 18:22:50 -08:00 · d028b93412
commit d028b93412
parent bc67cc8443
4 changed files with 32 additions and 2 deletions
--- a/backend/btrixcloud/db.py
+++ b/backend/btrixcloud/db.py
@ -3,6 +3,7 @@ Browsertrix API Mongo DB initialization
 """

 import os
+import urllib
 from typing import Optional

 import motor.motor_asyncio
@ -18,8 +19,8 @@ def resolve_db_url():
    if db_url:
        return db_url

-    mongo_user = os.environ["MONGO_INITDB_ROOT_USERNAME"]
-    mongo_pass = os.environ["MONGO_INITDB_ROOT_PASSWORD"]
+    mongo_user = urllib.parse.quote_plus(os.environ["MONGO_INITDB_ROOT_USERNAME"])
+    mongo_pass = urllib.parse.quote_plus(os.environ["MONGO_INITDB_ROOT_PASSWORD"])
    mongo_host = os.environ["MONGO_HOST"]

    return f"mongodb://{mongo_user}:{mongo_pass}@{mongo_host}:27017"
--- a/backend/btrixcloud/users.py
+++ b/backend/btrixcloud/users.py
@ -166,6 +166,23 @@ class UserManager(BaseUserManager[UserCreate, UserDB]):
        if not password:
            password = passlib.pwd.genword()

+        curr_superuser_res = await self.user_db.collection.find_one(
+            {"is_superuser": True}
+        )
+        if curr_superuser_res:
+            user = UserDB(**curr_superuser_res)
+            update = {"password": password}
+            if user.email != email:
+                update["email"] = email
+
+            try:
+                await self._update(user, update)
+                print("Superuser Updated!")
+            except UserAlreadyExists:
+                print(f"User {email} already exists", flush=True)
+
+            return
+
        try:
            res = await self.create(
                UserCreate(
--- a/chart/examples/k3d-ci.yaml
+++ b/chart/examples/k3d-ci.yaml
@ -7,6 +7,12 @@ api_pull_policy: "Never"
 nginx_pull_policy: "Never"


+mongo_auth:
+  # specify either username + password (for local mongo)
+  username: root
+  password: PASSWORD@
+
+
 superuser:
  # set this to enable a superuser admin
  email: admin@example.com
--- a/chart/examples/microk8s-ci.yaml
+++ b/chart/examples/microk8s-ci.yaml
@ -11,6 +11,12 @@ api_pull_policy: "IfNotPresent"
 nginx_pull_policy: "IfNotPresent"


+mongo_auth:
+  # specify either username + password (for local mongo)
+  username: root
+  password: PASSWORD@
+
+
 superuser:
  # set this to enable a superuser admin
  email: admin@example.com