[FR] Support creating reading initial superuser account password from file (#6144)

* factored out user creation step * [FR] Support creating reading initial superuser account password from file Fixes #5471 * added docs * use env too with password file * do not warn if passwordfile is set
2024-08-30 18:33:04 +00:00 · 2024-01-05 21:38:53 +01:00 · 2024-01-05 21:38:53 +01:00 · 93df90d295
commit 93df90d295
parent 6a6a5932f3
3 changed files with 45 additions and 3 deletions
--- a/InvenTree/InvenTree/apps.py
+++ b/InvenTree/InvenTree/apps.py
@ -60,6 +60,7 @@ class InvenTreeConfig(AppConfig):

        if canAppAccessDatabase() or settings.TESTING_ENV:
            self.add_user_on_startup()
+            self.add_user_from_file()

    def remove_obsolete_tasks(self):
        """Delete any obsolete scheduled tasks in the database."""
@ -214,6 +215,7 @@ class InvenTreeConfig(AppConfig):
        add_user = get_setting('INVENTREE_ADMIN_USER', 'admin_user')
        add_email = get_setting('INVENTREE_ADMIN_EMAIL', 'admin_email')
        add_password = get_setting('INVENTREE_ADMIN_PASSWORD', 'admin_password')
+        add_password_file = get_setting("INVENTREE_ADMIN_PASSWORD_FILE", "admin_password_file", None)

        # check if all values are present
        set_variables = 0
@ -229,11 +231,21 @@ class InvenTreeConfig(AppConfig):

        # not all needed variables set
        if set_variables < 3:
-            logger.warning('Not all required settings for adding a user on startup are present:\nINVENTREE_ADMIN_USER, INVENTREE_ADMIN_EMAIL, INVENTREE_ADMIN_PASSWORD')
            settings.USER_ADDED = True
+
+            # if a password file is present, do not warn - will be handled later
+            if add_password_file:
+                return
+            logger.warning('Not all required settings for adding a user on startup are present:\nINVENTREE_ADMIN_USER, INVENTREE_ADMIN_EMAIL, INVENTREE_ADMIN_PASSWORD')
            return

        # good to go -> create user
+        self._create_admin_user(add_user, add_email, add_password)
+
+        # do not try again
+        settings.USER_ADDED = True
+
+    def _create_admin_user(self, add_user, add_email, add_password):
        user = get_user_model()
        try:
            with transaction.atomic():
@ -245,8 +257,34 @@ class InvenTreeConfig(AppConfig):
        except IntegrityError:
            logger.warning('The user "%s" could not be created', add_user)

+    def add_user_from_file(self):
+        """Add the superuser from a file."""
+        # stop if checks were already created
+        if hasattr(settings, "USER_ADDED_FILE") and settings.USER_ADDED_FILE:
+            return
+
+        # get values
+        add_password_file = get_setting(
+            "INVENTREE_ADMIN_PASSWORD_FILE", "admin_password_file", None
+        )
+
+        # no variable set -> do not try anything
+        if not add_password_file:
+            settings.USER_ADDED_FILE = True
+            return
+
+        # check if file exists
+        add_password_file = Path(str(add_password_file))
+        if not add_password_file.exists():
+            logger.warning('The file "%s" does not exist', add_password_file)
+            settings.USER_ADDED_FILE = True
+            return
+
+        # good to go -> create user
+        self._create_admin_user(get_setting('INVENTREE_ADMIN_USER', 'admin_user', 'admin'), get_setting('INVENTREE_ADMIN_EMAIL', 'admin_email', ''), add_password_file.read_text(encoding="utf-8"))
+
        # do not try again
-        settings.USER_ADDED = True
+        settings.USER_ADDED_FILE = True

    def collect_notification_methods(self):
        """Collect all notification methods."""
--- a/InvenTree/config_template.yaml
+++ b/InvenTree/config_template.yaml
@ -96,10 +96,11 @@ timezone: UTC
 # Base currency code (or use env var INVENTREE_BASE_CURRENCY)
 base_currency: USD

-# Add new user on first startup
+# Add new user on first startup by either adding values here or from a file
 #admin_user: admin
 #admin_email: info@example.com
 #admin_password: inventree
+#admin_password_file: '/etc/inventree/admin_password.txt'

 # List of currencies supported by default. Add other currencies here to allow use in InvenTree
 currencies:
--- a/docs/docs/start/config.md
+++ b/docs/docs/start/config.md
@ -88,8 +88,11 @@ An administrator account can be specified using the following environment variab
 | --- | --- | --- | --- |
 | INVENTREE_ADMIN_USER | admin_user | Admin account username | *Not specified* |
 | INVENTREE_ADMIN_PASSWORD | admin_password | Admin account password | *Not specified* |
+| INVENTREE_ADMIN_PASSWORD_FILE | admin_password_file | Admin account password file | *Not specified* |
 | INVENTREE_ADMIN_EMAIL | admin_email |Admin account email address | *Not specified* |

+You can either specify the password directly using `INVENTREE_ADMIN_PASSWORD`, or you can specify a file containing the password using `INVENTREE_ADMIN_PASSWORD_FILE` (this is useful for nix users).
+
 !!! info "Administrator Account"
    Providing `INVENTREE_ADMIN` credentials will result in the provided account being created with *superuser* permissions when InvenTree is started.