Merge branch 'add-validation-to-initadmins' into 'main'

Add validation to initadmins See merge request inject/backend!188

Merge branch 'add-validation-to-initadmins' into 'main'
88fb99bf · Richard Glosner · caf6b1c1 · 810b5aab · 88fb99bf · 88fb99bf
Commit 88fb99bf authored 11 months ago by Richard Glosner
--- a/INSTALATION.md
+++ b/INSTALATION.md
@@ -14,7 +14,6 @@ Before running the project, ensure that the necessary local variables are proper
 - `INJECT_EMAIL_HOST_PASSWORD`: _string, default=""_ - Password to use for the SMTP server defined in _INJECT_EMAIL_HOST_. This setting is used in conjunction with _INJECT_EMAIL_HOST_USER_ when authenticating to the SMTP server.
 - `INJECT_EMAIL_SENDER_ADDRESS`: _string, default=""_ - The sender address for automatic emails.
 - `INJECT_LOGS`: _string, default=backend-logs.log_ - Path to a file where to save logs.
- `INJECT_INITIAL_ADMINS`: _string, default=None_ - A comma-separated list of email addresses of initial admins.

 ### Running the Application with poetry:
 To run the backend application using poetry, ensure you have the following prerequisites:
@@ -32,9 +31,9 @@ Apply any pending database migrations:
 ```
 poetry run python manage.py migrate
 ```
-Seed intitial admin users (from INJECT_INITIAL_ADMINS environment variable):
+Seed intitial admin users (required argument: admin email addresses separated by comma):
 ```
-poetry run python manage.py initadmins
+poetry run python manage.py initadmins {email list}
 ```
 And then lastly launch the backend server:
 ```

--- a/ttxbackend/settings.py
+++ b/ttxbackend/settings.py
@@ -191,9 +191,6 @@ SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_AGE = 24 * 60 * 60  # Session validity period in seconds
 AUTHENTICATION_BACKENDS = ["aai.backend.CustomAuthBackend"]
 NOAUTH = os.environ.get("INJECT_NOAUTH") is not None
-INITIAL_ADMINS = []
-if initial_admins := os.environ.get("INJECT_INITIAL_ADMINS"):
-    INITIAL_ADMINS.extend(initial_admins.split(","))

 # Email client
 EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"

--- a/user/management/commands/initadmins.py
+++ b/user/management/commands/initadmins.py
-from typing import Any
+from typing import Any, List
 import sys
 import re

-from django.core.management.base import BaseCommand
+from django.core.management.base import BaseCommand, CommandParser
 from django.conf import settings

-from user.models import EMAIL_REGEX
-from user.lib.user_uploader import ValidatedUserData, _create_and_tag_user
+from user.models import EMAIL_REGEX, User
+from user.lib.user_uploader import _create_and_tag_user
+from user.lib.user_validator import ValidatedUserData
 from user.email.email_sender import send_credentials
 from aai.models import UserGroup


-def create_initial_admins():
-    valid_emails = [
-        email.strip()
-        for email in settings.INITIAL_ADMINS
-        if re.fullmatch(EMAIL_REGEX, email.strip())
-    ]
-    create_admins = [
-        ValidatedUserData(username=email, group=UserGroup.ADMIN)
-        for email in valid_emails
-    ]
+def _validate_admins(admins: str) -> List[ValidatedUserData]:
+    valid_users: List[ValidatedUserData] = []
+    present_emails = User.objects.all().values_list("username", flat=True)
+    list_duplicates: List[str] = []
+    for email in admins.split(","):
+        email = email.strip()
+        if not re.fullmatch(EMAIL_REGEX, email):
+            sys.stderr.write(f"Invalid email format: {email}\n")
+        elif email in present_emails:
+            sys.stderr.write(f'User with email: "{email}" already exists\n')
+        elif email in list_duplicates:
+            sys.stderr.write(
+                f'User with email: "{email}" is more than once in a initial admin list -> skipping duplicit occurences\n'
+            )
+        else:
+            valid_users.append(
+                ValidatedUserData(username=email, group=UserGroup.ADMIN)
+            )
+    return valid_users
+
+
+def create_initial_admins(admins: str):
    created = []
-    for user_data in create_admins:
+    for user_data in _validate_admins(admins):
        created_user = _create_and_tag_user(user_data=user_data)
        if created_user is not None:
            created.append(created_user)
@@ -31,12 +44,19 @@ def create_initial_admins():
        send_credentials(created)

    sys.stderr.write(
-        "Created admins: " + str([user.email for user, _ in created]) + "\n"
+        "Created admins: " + str([user.username for user, _ in created]) + "\n"
    )


 class Command(BaseCommand):
    help = "Creates initial admins from INJECT_INITIAL_ADMINS"

+    def add_arguments(self, parser: CommandParser) -> None:
+        parser.add_argument(
+            "admin_emails",
+            type=str,
+            help="Comma separated list of admin emails",
+        )
+
    def handle(self, *args: Any, **options: Any):
-        create_initial_admins()
+        create_initial_admins(options["admin_emails"])