Options to recreate admin. (#436)

6 years ago · c6e8bac2af
8 changed files with 84 additions and 16 deletions
--- a/backend/src/Squidex.Domain.Users/DefaultUserResolver.cs
+++ b/backend/src/Squidex.Domain.Users/DefaultUserResolver.cs
@ -69,7 +69,7 @@ namespace Squidex.Domain.Users
                }
                else
                {
-                    return await userManager.FindByEmailWithClaimsAsyncAsync(idOrEmail);
+                    return await userManager.FindByEmailWithClaimsAsync(idOrEmail);
                }
            }
        }
--- a/backend/src/Squidex.Domain.Users/UserManagerExtensions.cs
+++ b/backend/src/Squidex.Domain.Users/UserManagerExtensions.cs
@ -55,7 +55,7 @@ namespace Squidex.Domain.Users
            return await userManager.ResolveUserAsync(user);
        }
-        public static async Task<UserWithClaims?> FindByEmailWithClaimsAsyncAsync(this UserManager<IdentityUser> userManager, string email)
+        public static async Task<UserWithClaims?> FindByEmailWithClaimsAsync(this UserManager<IdentityUser> userManager, string email)
        {
            if (email == null)
            {
--- a/backend/src/Squidex.Infrastructure/Security/PermissionSet.cs
+++ b/backend/src/Squidex.Infrastructure/Security/PermissionSet.cs
@ -48,6 +48,20 @@ namespace Squidex.Infrastructure.Security
            display = new Lazy<string>(() => string.Join(";", this.permissions));
        }
        public PermissionSet Add(string permission)
        {
            Guard.NotNullOrEmpty(permission);
            return Add(new Permission(permission));
        }
        public PermissionSet Add(Permission permission)
        {
            Guard.NotNull(permission);
            return new PermissionSet(permissions.Union(Enumerable.Repeat(permission, 1)).Distinct());
        }
        public bool Allows(Permission? other)
        {
            if (other == null)
--- a/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminHost.cs
+++ b/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminHost.cs
@ -19,6 +19,7 @@ using Squidex.Domain.Users;
 using Squidex.Infrastructure.Log;
 using Squidex.Infrastructure.Security;
 using Squidex.Shared;
 using Squidex.Shared.Users;
 namespace Squidex.Areas.IdentityServer.Config
 {
@ -49,19 +50,41 @@ namespace Squidex.Areas.IdentityServer.Config
                    var adminEmail = identityOptions.AdminEmail;
                    var adminPass = identityOptions.AdminPassword;
-                    if (userManager.SupportsQueryableUsers && !userManager.Users.Any())
+                    var isEmpty = IsEmpty(userManager);
                    if (isEmpty || identityOptions.AdminRecreate)
                    {
                        try
                        {
-                            var values = new UserValues
+                            var user = await userManager.FindByEmailWithClaimsAsync(adminEmail);
                            if (user != null)
                            {
                                if (identityOptions.AdminRecreate)
                                {
                                    var permissions = user.Permissions().Add(Permissions.Admin);
                                    var values = new UserValues
                                    {
                                        Password = adminPass,
                                        Permissions = permissions
                                    };
                                    await userManager.UpdateAsync(user.Identity, values);
                                }
                            }
                            else
                            {
-                                Email = adminEmail,
+                                var values = new UserValues
-                                Password = adminPass,
+                                {
-                                Permissions = new PermissionSet(Permissions.Admin),
+                                    Email = adminEmail,
-                                DisplayName = adminEmail
+                                    Password = adminPass,
-                            };
+                                    Permissions = new PermissionSet(Permissions.Admin),
                                    DisplayName = adminEmail
                                };
-                            await userManager.CreateAsync(userFactory, values);
+                                await userManager.CreateAsync(userFactory, values);
                            }
                        }
                        catch (Exception ex)
                        {
@ -73,5 +96,10 @@ namespace Squidex.Areas.IdentityServer.Config
                }
            }
        }
        private static bool IsEmpty(UserManager<IdentityUser> userManager)
        {
            return userManager.SupportsQueryableUsers && !userManager.Users.Any();
        }
    }
 }
--- a/backend/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs
+++ b/backend/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs
@ -268,7 +268,7 @@ namespace Squidex.Areas.IdentityServer.Controllers.Account
            {
                var email = externalLogin.Principal.FindFirst(ClaimTypes.Email).Value;
-                user = await userManager.FindByEmailWithClaimsAsyncAsync(email);
+                user = await userManager.FindByEmailWithClaimsAsync(email);
                if (user != null)
                {
--- a/backend/src/Squidex/Config/MyIdentityOptions.cs
+++ b/backend/src/Squidex/Config/MyIdentityOptions.cs
@ -11,6 +11,10 @@ namespace Squidex.Config
 {
    public sealed class MyIdentityOptions
    {
        public string PrivacyUrl { get; set; }
        public string AuthorityUrl { get; set; }
        public string AdminEmail { get; set; }
        public string AdminPassword { get; set; }
@ -45,11 +49,7 @@ namespace Squidex.Config
        public Dictionary<string, string[]> OidcRoleMapping { get; set; }
-        public string AuthorityUrl { get; set; }
+        public bool AdminRecreate { get; set; }
        public string PrivacyUrl { get; set; }
        public bool RequiresHttps { get; set; }
        public bool AllowPasswordAuth { get; set; }
@ -57,6 +57,8 @@ namespace Squidex.Config
        public bool NoConsent { get; set; }
        public bool RequiresHttps { get; set; }
        public bool ShowPII { get; set; }
        public bool IsAdminConfigured()
--- a/backend/src/Squidex/appsettings.json
+++ b/backend/src/Squidex/appsettings.json
@ -428,6 +428,10 @@
     */
    "adminEmail": "",
    "adminPassword": "",
    /*
     * Recreate the admin if it does not exist or the password does not match.
     */
    "adminRecreate": false,
    /*
     * Client with all admin permissions.
     */
--- a/backend/tests/Squidex.Infrastructure.Tests/Security/PermissionSetTests.cs
+++ b/backend/tests/Squidex.Infrastructure.Tests/Security/PermissionSetTests.cs
@ -113,5 +113,25 @@ namespace Squidex.Infrastructure.Security
            Assert.False(sut.Includes(null));
        }
        [Fact]
        public void Should_add_permission_by_string()
        {
            var sut =
                new PermissionSet("app.contents")
                    .Add("admin.*");
            Assert.True(sut.Includes(new Permission("admin")));
        }
        [Fact]
        public void Should_add_permission()
        {
            var sut =
                new PermissionSet("app.contents")
                    .Add(new Permission("admin.*"));
            Assert.True(sut.Includes(new Permission("admin")));
        }
    }
 }