tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backend: password related fixes: (#479)

Browse Source 
- mongodb: support passwords with '@' by escaping mongo username and password
- superadmin: update superadmin email and password after initial creation if updated in helm values
This commit is contained in:
Ilya Kreymer 2023-01-13 18:22:50 -08:00 committed by GitHub
parent bc67cc8443
commit d028b93412
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
backend/btrixcloud/db.py
View File

@ -3,6 +3,7 @@ Browsertrix API Mongo DB initialization
""" """
import os import os
import urllib
from typing import Optional from typing import Optional
import motor.motor_asyncio import motor.motor_asyncio
@ -18,8 +19,8 @@ def resolve_db_url():
if db_url: if db_url:
return db_url return db_url
mongo_user = os.environ["MONGO_INITDB_ROOT_USERNAME"] mongo_user = urllib.parse.quote_plus(os.environ["MONGO_INITDB_ROOT_USERNAME"])
mongo_pass = os.environ["MONGO_INITDB_ROOT_PASSWORD"] mongo_pass = urllib.parse.quote_plus(os.environ["MONGO_INITDB_ROOT_PASSWORD"])
mongo_host = os.environ["MONGO_HOST"] mongo_host = os.environ["MONGO_HOST"]
return f"mongodb://{mongo_user}:{mongo_pass}@{mongo_host}:27017" return f"mongodb://{mongo_user}:{mongo_pass}@{mongo_host}:27017"

17
backend/btrixcloud/users.py
View File

@ -166,6 +166,23 @@ class UserManager(BaseUserManager[UserCreate, UserDB]):
if not password: if not password:
password = passlib.pwd.genword() password = passlib.pwd.genword()
curr_superuser_res = await self.user_db.collection.find_one(
{"is_superuser": True}
)
if curr_superuser_res:
user = UserDB(**curr_superuser_res)
update = {"password": password}
if user.email != email:
update["email"] = email
try:
await self._update(user, update)
print("Superuser Updated!")
except UserAlreadyExists:
print(f"User {email} already exists", flush=True)
return
try: try:
res = await self.create( res = await self.create(
UserCreate( UserCreate(

6
chart/examples/k3d-ci.yaml
View File

@ -7,6 +7,12 @@ api_pull_policy: "Never"
nginx_pull_policy: "Never" nginx_pull_policy: "Never"
mongo_auth:
# specify either username + password (for local mongo)
username: root
password: PASSWORD@
superuser: superuser:
# set this to enable a superuser admin # set this to enable a superuser admin
email: admin@example.com email: admin@example.com

6
chart/examples/microk8s-ci.yaml
View File

@ -11,6 +11,12 @@ api_pull_policy: "IfNotPresent"
nginx_pull_policy: "IfNotPresent" nginx_pull_policy: "IfNotPresent"
mongo_auth:
# specify either username + password (for local mongo)
username: root
password: PASSWORD@
superuser: superuser:
# set this to enable a superuser admin # set this to enable a superuser admin
email: admin@example.com email: admin@example.com