tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Headless CMS and Content Managment Hub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6075 Commits
18 Branches
152 Tags
130 MiB
 
 
 
 
 
Tree: 0668c09ae6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0668c09ae6'
${ noResults }
squidex/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminInitializer.cs

109 lines
3.3 KiB
Raw Blame History

// ==========================================================================
// Squidex Headless CMS
// ==========================================================================
// Copyright (c) Squidex UG (haftungsbeschraenkt)
// All rights reserved. Licensed under the MIT license.
// ==========================================================================
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Logging;
using Squidex.Config;
using Squidex.Domain.Users;
using Squidex.Hosting;
using Squidex.Infrastructure;
using Squidex.Infrastructure.Security;
using Squidex.Shared;
using Squidex.Shared.Identity;
namespace Squidex.Areas.IdentityServer.Config;
public sealed class CreateAdminInitializer(IServiceProvider serviceProvider) : IInitializable
{
public int Order => int.MaxValue;
public async Task InitializeAsync(
CancellationToken ct)
{
await using var scope = serviceProvider.CreateAsyncScope();
var identityOptions = serviceProvider.GetRequiredService<IOptions<MyIdentityOptions>>().Value;
IdentityModelEventSource.ShowPII = identityOptions.ShowPII;
if (!identityOptions.IsAdminConfigured())
{
return;
}
var userService = scope.ServiceProvider.GetRequiredService<IUserService>();
var adminEmail = identityOptions.AdminEmail;
var adminPass = identityOptions.AdminPassword;
var isEmpty = await IsEmptyAsync(userService);
if (!isEmpty && !identityOptions.AdminRecreate)
{
return;
}
try
{
var user = await userService.FindByEmailAsync(adminEmail, ct);
if (user != null)
{
if (identityOptions.AdminRecreate)
{
var permissions = CreatePermissions(user.Claims.Permissions(), identityOptions);
var values = new UserValues
{
Password = adminPass,
Permissions = permissions,
};
await userService.UpdateAsync(user.Id, values, ct: ct);
}
}
else
{
var permissions = CreatePermissions(PermissionSet.Empty, identityOptions);
var values = new UserValues
{
Password = adminPass,
Permissions = permissions,
DisplayName = adminEmail,
};
await userService.CreateAsync(adminEmail, values, ct: ct);
}
}
catch (Exception ex)
{
var log = serviceProvider.GetRequiredService<ILogger<CreateAdminInitializer>>();
LogMessages.LogFailedToCreateAdministrator(log, ex);
}
}
private static PermissionSet CreatePermissions(PermissionSet permissions, MyIdentityOptions identityOptions)
{
permissions = permissions.Add(PermissionIds.Admin);
foreach (var app in identityOptions.AdminApps.OrEmpty())
{
permissions = permissions.Add(PermissionIds.ForApp(PermissionIds.AppAdmin, app));
}
return permissions;
}
private static async Task<bool> IsEmptyAsync(IUserService userService)
{
var users = await userService.QueryAsync(take: 1);
return users.Total == 0;
}
}