Skip to content

Commit

Permalink
Remove ROOT_USER_NAME (#490)
Browse files Browse the repository at this point in the history
* Remove ROOT_USER_NAME

* Use root as username

---------

Co-authored-by: dariober <dario.beraldi@gmail.com>
  • Loading branch information
garrettjstevens and dariober authored Dec 15, 2024
1 parent 0f5619b commit 0936c87
Show file tree
Hide file tree
Showing 21 changed files with 31 additions and 85 deletions.
1 change: 0 additions & 1 deletion .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,6 @@ jobs:
SESSION_SECRET: ${{ secrets.SESSION_SECRET }}
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
ROOT_USER_NAME: ${{ secrets.ROOT_USER_NAME }}
ROOT_USER_PASSWORD: ${{ secrets.ROOT_USER_PASSWORD }}
URL: ${{ vars.URL }}
DOCKER_TAG: ${{ vars.DOCKER_TAG }}
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/deploy/compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ services:
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
ALLOW_ROOT_USER: true
ROOT_USER_NAME: ${ROOT_USER_NAME}
ROOT_USER_PASSWORD: ${ROOT_USER_PASSWORD}
ports:
- 3999:3999
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pull_request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
run: |
yarn --cwd packages/apollo-collaboration-server/test/data/ serve --listen 3131 &
yarn --cwd packages/apollo-shared start &
ALLOW_ROOT_USER=true ROOT_USER_NAME=admin ROOT_USER_PASSWORD=pass yarn --cwd packages/apollo-collaboration-server start &
ALLOW_ROOT_USER=true ROOT_USER_PASSWORD=pass yarn --cwd packages/apollo-collaboration-server start &
- name: Run CLI tests
run: python3 ./test/test.py TestCLI
working-directory: packages/apollo-cli
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/reload_demo_data.yml
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,7 @@ jobs:
set -x
apollo config address http://host.docker.internal/apollo
apollo config accessType root
apollo config rootCredentials.username ${{ secrets.ROOT_USER_NAME }}
apollo config rootCredentials.password ${{ secrets.ROOT_USER_PASSWORD }}
apollo config rootPassword ${{ secrets.ROOT_USER_PASSWORD }}
apollo login --force
apollo jbrowse set-config /data/config.json
Expand Down
3 changes: 1 addition & 2 deletions docs/automated_setup.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@ P="--profile auto"
apollo config ${P} address http://localhost:3999
apollo config ${P} accessType root
apollo config ${P} rootCredentials.username admin
apollo config ${P} rootCredentials.password pass
apollo config ${P} rootPassword pass
apollo login ${P}
mkdir -p demoData # or some other dir of your choice
Expand Down
5 changes: 1 addition & 4 deletions packages/apollo-cli/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -329,10 +329,7 @@ DESCRIPTION
- accessToken:
Access token. Usually inserted by `apollo login`
- rootCredentials.username:
Username of root account. Only set this for "root" access type
- rootCredentials.password:
- rootPassword:
Password for root account. Only set this for "root" access type
EXAMPLES
Expand Down
21 changes: 4 additions & 17 deletions packages/apollo-cli/src/ApolloConf.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ export enum KEYS {
address = 'address',
accessType = 'accessType',
accessToken = 'accessToken',
rootCredentials_username = 'rootCredentials.username',
rootCredentials_password = 'rootCredentials.password',
rootPassword = 'rootPassword',
}

function optionDocs(): { key: string; description: string }[] {
Expand Down Expand Up @@ -44,15 +43,7 @@ function optionDocs(): { key: string; description: string }[] {
})
break
}
case 'rootCredentials.username': {
docs.push({
key: v,
description:
'Username of root account. Only set this for "root" access type',
})
break
}
case 'rootCredentials.password': {
case 'rootPassword': {
docs.push({
key: v,
description:
Expand Down Expand Up @@ -127,7 +118,7 @@ export class ApolloConf extends Conf {

public setAccessType(profileName: string, accessType: string) {
if (accessType != 'root') {
this.delete(`${profileName}.rootCredentials`)
this.delete(`${profileName}.rootPassword`)
}
this.set(`${profileName}.accessType`, accessType)
}
Expand Down Expand Up @@ -158,12 +149,8 @@ const profileSchema = Joi.object({
address: Joi.string().uri({ scheme: /https?/ }),
accessType: Joi.string().valid('google', 'microsoft', 'root', 'guest'),
accessToken: Joi.string(),
rootCredentials: Joi.object({
username: Joi.string(),
password: Joi.string(),
}).when('accessType', {
rootPassword: Joi.string().when('accessType', {
is: Joi.string().valid('root'),

otherwise: Joi.forbidden(),
}),
})
Expand Down
6 changes: 1 addition & 5 deletions packages/apollo-cli/src/commands/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -119,12 +119,8 @@ export default class ApolloConfig extends BaseCommand<typeof ApolloConfig> {

config.setAccessType(profileName, accessType)
if (accessType === 'root') {
const username: string = await this.askUsername(
config.get(`${profileName}.${KEYS.rootCredentials_username}`) as string,
)
config.set(`${profileName}.rootCredentials.username`, username)
const password: string = await this.askPassword()
config.set(`${profileName}.rootCredentials.password`, password)
config.set(`${profileName}.rootPassword`, password)
}
}

Expand Down
12 changes: 4 additions & 8 deletions packages/apollo-cli/src/commands/login.ts
Original file line number Diff line number Diff line change
Expand Up @@ -97,16 +97,13 @@ need to execute this command again unless the token has expired. To setup a new
await this.checkUserAlreadyLoggedIn(config, profileName)
}
if (accessType === 'root' || flags.username !== undefined) {
const username: string =
flags.username ??
(config.get(`${profileName}.rootCredentials.username`) as string)
const password: string =
flags.password ??
(config.get(`${profileName}.rootCredentials.password`) as string)
if (username === undefined || password === undefined) {
(config.get(`${profileName}.rootPassword`) as string)
if (password === undefined) {
this.error('Username and password must be set')
}
userCredentials = await this.startRootLogin(address, username, password)
userCredentials = await this.startRootLogin(address, password)
} else if (accessType === 'guest') {
userCredentials = await this.startGuestLogin(address)
} else if (accessType === undefined) {
Expand Down Expand Up @@ -152,14 +149,13 @@ need to execute this command again unless the token has expired. To setup a new

private async startRootLogin(
address: string,
username: string,
password: string,
): Promise<UserCredentials> {
const url = localhostToAddress(`${address}/auth/root`)
const response = await fetch(url, {
headers: { 'Content-Type': 'application/json' },
method: 'POST',
body: JSON.stringify({ username, password }),
body: JSON.stringify({ password }),
})
if (!response.ok) {
const errorMessage = await createFetchErrorMessage(
Expand Down
1 change: 0 additions & 1 deletion packages/apollo-cli/test/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ The Apollo server must be configured to accept root user access. For this edit

```
sed -i'' 's/# ALLOW_ROOT_USER=false/ALLOW_ROOT_USER=true/;
s/# ROOT_USER_NAME=root/ROOT_USER_NAME=admin/;
s/# ROOT_USER_PASSWORD=password/ROOT_USER_PASSWORD=pass/' packages/apollo-collaboration-server/.development.env
```

Expand Down
11 changes: 4 additions & 7 deletions packages/apollo-cli/test/test.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,7 @@ def setUpModule():
# See apollo-collaboration-server/.development.env for credentials etc.
shell(f"{apollo} config {P} address http://localhost:3999")
shell(f"{apollo} config {P} accessType root")
shell(f"{apollo} config {P} rootCredentials.username admin")
shell(f"{apollo} config {P} rootCredentials.password pass")
shell(f"{apollo} config {P} rootPassword pass")
shell(f"{apollo} login {P} -f")


Expand Down Expand Up @@ -59,7 +58,6 @@ def testConfigInvalidKeys(self):

def testCanChangeAccessType(self):
p = shell(f"{apollo} config {P} accessType google")
p = shell(f"{apollo} config {P} rootCredentials.username")
self.assertEqual("", p.stdout.strip())

def testApolloStatus(self):
Expand Down Expand Up @@ -884,11 +882,11 @@ def testUser(self):
self.assertTrue(len(out) > 0)
self.assertTrue(len(out) > len(out2))

p = shell(f"{apollo} user get {P} -r admin -u admin")
p = shell(f"{apollo} user get {P} -r admin -u root")
out = json.loads(p.stdout)
self.assertEqual(len(out), 1)

p = shell(f"{apollo} user get {P} -r readOnly -u admin")
p = shell(f"{apollo} user get {P} -r readOnly -u root")
out = json.loads(p.stdout)
self.assertEqual(len(out), 0)

Expand All @@ -897,8 +895,7 @@ def testApolloProfileEnv(self):
f"""export APOLLO_PROFILE=testAdmin2
{apollo} config address http://localhost:3999
{apollo} config accessType root
{apollo} config rootCredentials.username admin
{apollo} config rootCredentials.password pass
{apollo} config rootPassword pass
{apollo} login
{apollo} status
{apollo} user get"""
Expand Down
3 changes: 1 addition & 2 deletions packages/apollo-cli/test/test_docker.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,7 @@ def setUpModule():
# See apollo-collaboration-server/.development.env for credentials etc.
shell(f"{apollo} config --config-file {configFile} address http://localhost:3999")
shell(f"{apollo} config --config-file {configFile} accessType root")
shell(f"{apollo} config --config-file {configFile} rootCredentials.username admin")
shell(f"{apollo} config --config-file {configFile} rootCredentials.password pass")
shell(f"{apollo} config --config-file {configFile} rootPassword pass")
shell(f"{apollo} login --config-file {configFile}", timeout=60)


Expand Down
4 changes: 1 addition & 3 deletions packages/apollo-cli/test_data/complete_config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,7 @@ default:
address: http://localhost:3999
accessType: root
accessToken: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IkRhcmlvIEJlcmFsZGkiLCJlbWFpbCI6ImRhcmlvLmJlcmFsZGlAZ21haWwuY29tIiwicm9sZSI6ImFkbWluIiwiaWQiOiI2NWNjYzE4OGQ5MmM2MjRjMzEyODA0MmYiLCJpYXQiOjE3MDg2MDExODAsImV4cCI6MTcwODY4NzU4MH0.MUeMiiHO3kd4q7_1gVeQbYALUjOhN4DxGhibeIWzy_g
rootCredentials:
username: root
password: '1234'
rootPassword: '1234'
profile1:
address: http://localhost:1999
accessToken: xyz
Expand Down
4 changes: 1 addition & 3 deletions packages/apollo-cli/test_data/nameAsNumber.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,4 @@ default:
address: http://localhost:3999
accessType: root
accessToken: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6InJvb3RfdXNlciIsInJvbGUiOiJhZG1pbiIsImlkIjoiNjU3MDhlZTY4MTViOWNiZjg3ZmU2NzZjIiwiaWF0IjoxNzA3MzA4NTQ5LCJleHAiOjE3MDczOTQ5NDl9.EunwXsL3AcKg9BBTofHg_GbhDzyiK7QCSjaSKr5YXk4
rootCredentials:
username: 7890
password: 1234
rootPassword: 1234
2 changes: 0 additions & 2 deletions packages/apollo-collaboration-server/.development.env
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,6 @@ CHUNK_SIZE=500
# other users (besides guest) must sign in with an authentication provider.
# Defaults to false
# ALLOW_ROOT_USER=false
# The root user name, required if ALLOW_ROOT_USER is true
# ROOT_USER_NAME=root
# The root user password, required if ALLOW_ROOT_USER is true
# ROOT_USER_PASSWORD=password
# Alternatively, can be a path to a file with the root user password
Expand Down
2 changes: 1 addition & 1 deletion packages/apollo-collaboration-server/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"start:no-watch": "yarn build:shared && yarn start:nest",
"start:prod": "NODE_ENV=production node dist/main.js",
"test": "jest",
"test:cli:start": "ALLOW_ROOT_USER=true ROOT_USER_NAME=admin ROOT_USER_PASSWORD=pass MONGODB_URI=\"mongodb://localhost:27017/apolloTestCliDb?directConnection=true\" LOG_LEVELS=error,warn yarn start",
"test:cli:start": "ALLOW_ROOT_USER=true ROOT_USER_PASSWORD=pass MONGODB_URI=\"mongodb://localhost:27017/apolloTestCliDb?directConnection=true\" LOG_LEVELS=error,warn yarn start",
"test:cov": "jest --coverage",
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
"test:e2e": "jest --config ./test/jest-e2e.json",
Expand Down
1 change: 0 additions & 1 deletion packages/apollo-collaboration-server/src/app.module.ts
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ const validationSchema = Joi.object({
FEATURE_TYPE_ONTOLOGY_LOCATION: Joi.string(),
PLUGIN_LOCATION: Joi.string(),
ALLOW_ROOT_USER: Joi.boolean().default(false),
ROOT_USER_NAME: Joi.string(),
ROOT_USER_PASSWORD: Joi.string(),
ROOT_USER_PASSWORD_FILE: Joi.string(),

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,7 @@ export class AuthenticationController {
}

@Post('root')
rootLogin(
@Body() { password, username }: { password: string; username: string },
) {
return this.authService.rootLogin(username, password)
rootLogin(@Body() { password }: { password: string }) {
return this.authService.rootLogin(password)
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,11 @@ interface ConfigValues {
GOOGLE_CLIENT_ID_FILE?: string
ALLOW_GUEST_USER: boolean
DEFAULT_NEW_USER_ROLE: Role
ROOT_USER_NAME: string
ROOT_USER_PASSWORD: string
}

const ROOT_USER_NAME = 'root'

@Injectable()
export class AuthenticationService {
private readonly logger = new Logger(AuthenticationService.name)
Expand Down Expand Up @@ -147,17 +148,11 @@ export class AuthenticationService {
throw new UnauthorizedException('Guest users are not allowed')
}

async rootLogin(username: string, password: string) {
const root_user_name: string = this.configService.get('ROOT_USER_NAME')
if (
username === root_user_name &&
password === this.configService.get('ROOT_USER_PASSWORD')
) {
return this.logIn(root_user_name, ROOT_USER_EMAIL)
async rootLogin(password: string) {
if (password === this.configService.get('ROOT_USER_PASSWORD')) {
return this.logIn(ROOT_USER_NAME, ROOT_USER_EMAIL)
}
throw new UnauthorizedException(
'Invalid username or password for ROOT user',
)
throw new UnauthorizedException('Invalid password for ROOT user')
}

/**
Expand All @@ -171,9 +166,7 @@ export class AuthenticationService {
let user = await this.usersService.findByEmail(email)
if (!user) {
let newUserRole = this.defaultNewUserRole
const isRootUser =
name === this.configService.get('ROOT_USER_NAME') &&
email === ROOT_USER_EMAIL
const isRootUser = name === ROOT_USER_NAME && email === ROOT_USER_EMAIL
if (isRootUser) {
newUserRole = Role.Admin
} else {
Expand Down
5 changes: 1 addition & 4 deletions packages/website/docs/cli/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,7 @@ DESCRIPTION
- accessToken:
Access token. Usually inserted by `apollo login`
- rootCredentials.username:
Username of root account. Only set this for "root" access type
- rootCredentials.password:
- rootPassword:
Password for root account. Only set this for "root" access type
EXAMPLES
Expand Down
2 changes: 0 additions & 2 deletions packages/website/docs/installation.md
Original file line number Diff line number Diff line change
Expand Up @@ -481,8 +481,6 @@ URL=https://my-apollo-site.org
# but can be used in the Apollo CLI as an account that can log in without
# needing an identity provider (such as Google). Defaults to false.
# ALLOW_ROOT_USER=false
# The username for the root user, if allowed
# ROOT_USER_NAME=root
# The password for the root user, if allowed
# ROOT_USER_PASSWORD=
# Alternatively, can be a path to a file with the root password
Expand Down

0 comments on commit 0936c87

Please sign in to comment.