1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-01-04 02:46:47 +01:00

refactor: reset admin password (#1335)

* refactor: reset-admin-password

* chore: docs
This commit is contained in:
Jason Rasmussen 2023-01-16 13:09:04 -05:00 committed by GitHub
parent 5a6a726014
commit 1e2f02613f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 100 additions and 40 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 16 KiB

View file

@ -11,29 +11,18 @@ The `immich-server` docker image comes preinstalled with an administrative CLI (
## How to run a command ## How to run a command
To run a command, connect to the container and then execute it by running `immich <command>`. To run a command, [connect](/docs/guides/docker-help.md#attach-to-a-container) to the `immich_server` container and then execute the command via `immich <command>`.
## Examples ## Examples
```bash title="Reset Admin Password" Reset Admin Password
docker exec -it immich_server sh
/usr/src/app$ immich reset-admin-password ![Reset Admin Password](./img/reset-admin-password.png)
? Please choose a new password (optional) immich-is-awesome-unlike-this-password
New password:
immich-is-awesome-unlike-this-password
```
```bash title="Disable Password Login" Disable Password Login
docker exec -it immich_server sh
/usr/src/app$ immich disable-password-login ![Disable Password Login](./img/disable-password-login.png)
Password login has been disabled.
```
```bash title="Enable Password Login" Enabled Password Login
docker exec -it immich_server sh
/usr/src/app$ immich enable-password-login ![Enable Password Login](./img/enable-password-login.png)
Password login has been enabled.
```

View file

@ -4,11 +4,27 @@ sidebar_position: 1
# Docker Help # Docker Help
## Logs ## Containers
```bash title="Log Examples" ```bash
docker ps # see a list of running containers docker ps # see a list of running containers
docker ps -a # see a list of running and stopped containers docker ps -a # see a list of running and stopped containers
```
## Attach to a Container
```bash
docker exec -it <id or name> <command> # attach to a container with a command
docker exec -it immich_server sh
docker exec -it immich_microservices sh
docker exec -it immich_machine_learning sh
docker exec -it immich_web sh
docker exec -it immich_proxy sh
```
## Logs
```bash
docker logs <id or name> # see the logs for a specific container (by id or name) docker logs <id or name> # see the logs for a specific container (by id or name)
docker logs immich_server docker logs immich_server

View file

@ -1,37 +1,38 @@
import { Inject } from '@nestjs/common'; import { UserResponseDto, UserService } from '@app/domain';
import { Command, CommandRunner, InquirerService, Question, QuestionSet } from 'nest-commander'; import { Command, CommandRunner, InquirerService, Question, QuestionSet } from 'nest-commander';
import { randomBytes } from 'node:crypto';
import { IUserRepository, UserCore } from '@app/domain';
@Command({ @Command({
name: 'reset-admin-password', name: 'reset-admin-password',
description: 'Reset the admin password', description: 'Reset the admin password',
}) })
export class ResetAdminPasswordCommand extends CommandRunner { export class ResetAdminPasswordCommand extends CommandRunner {
userCore: UserCore; constructor(private userService: UserService, private readonly inquirer: InquirerService) {
constructor(private readonly inquirer: InquirerService, @Inject(IUserRepository) userRepository: IUserRepository) {
super(); super();
this.userCore = new UserCore(userRepository);
} }
async run(): Promise<void> { async run(): Promise<void> {
const user = await this.userCore.getAdmin(); const ask = (admin: UserResponseDto) => {
if (!user) { const { id, oauthId, email, firstName, lastName } = admin;
console.log('Unable to reset password: no admin user.'); console.log(`Found Admin:
return; - ID=${id}
} - OAuth ID=${oauthId}
- Email=${email}
- Name=${firstName} ${lastName}`);
const { password: providedPassword } = await this.inquirer.ask<{ password: string }>('prompt-password', undefined); return this.inquirer.ask<{ password: string }>('prompt-password', undefined).then(({ password }) => password);
const password = providedPassword || randomBytes(24).toString('base64').replace(/\W/g, ''); };
await this.userCore.updateUser(user, user.id, { password }); try {
const { password, provided } = await this.userService.resetAdminPassword(ask);
if (providedPassword) { if (provided) {
console.log('The admin password has been updated.'); console.log(`The admin password has been updated.`);
} else { } else {
console.log(`The admin password has been updated to:\n${password}`); console.log(`The admin password has been updated to:\n${password}`);
}
} catch (error) {
console.error(error);
console.error('Unable to reset admin password');
} }
} }
} }

View file

@ -340,4 +340,43 @@ describe('UserService', () => {
expect(userRepositoryMock.get).toHaveBeenCalledWith(adminUserAuth.id, undefined); expect(userRepositoryMock.get).toHaveBeenCalledWith(adminUserAuth.id, undefined);
}); });
}); });
describe('resetAdminPassword', () => {
it('should only work when there is an admin account', async () => {
userRepositoryMock.getAdmin.mockResolvedValue(null);
const ask = jest.fn().mockResolvedValue('new-password');
await expect(sut.resetAdminPassword(ask)).rejects.toBeInstanceOf(BadRequestException);
expect(ask).not.toHaveBeenCalled();
});
it('should default to a random password', async () => {
userRepositoryMock.getAdmin.mockResolvedValue(adminUser);
const ask = jest.fn().mockResolvedValue(undefined);
const response = await sut.resetAdminPassword(ask);
const [id, update] = userRepositoryMock.update.mock.calls[0];
expect(response.provided).toBe(false);
expect(ask).toHaveBeenCalled();
expect(id).toEqual(adminUser.id);
expect(update.password).toBeDefined();
});
it('should use the supplied password', async () => {
userRepositoryMock.getAdmin.mockResolvedValue(adminUser);
const ask = jest.fn().mockResolvedValue('new-password');
const response = await sut.resetAdminPassword(ask);
const [id, update] = userRepositoryMock.update.mock.calls[0];
expect(response.provided).toBe(true);
expect(ask).toHaveBeenCalled();
expect(id).toEqual(adminUser.id);
expect(update.password).toBeDefined();
});
});
}); });

View file

@ -1,4 +1,5 @@
import { BadRequestException, Inject, Injectable, NotFoundException } from '@nestjs/common'; import { BadRequestException, Inject, Injectable, NotFoundException } from '@nestjs/common';
import { randomBytes } from 'crypto';
import { ReadStream } from 'fs'; import { ReadStream } from 'fs';
import { AuthUserDto } from '../auth'; import { AuthUserDto } from '../auth';
import { IUserRepository } from '../user'; import { IUserRepository } from '../user';
@ -104,4 +105,18 @@ export class UserService {
} }
return this.userCore.getUserProfileImage(user); return this.userCore.getUserProfileImage(user);
} }
async resetAdminPassword(ask: (admin: UserResponseDto) => Promise<string | undefined>) {
const admin = await this.userCore.getAdmin();
if (!admin) {
throw new BadRequestException('Admin account does not exist');
}
const providedPassword = await ask(admin);
const password = providedPassword || randomBytes(24).toString('base64').replace(/\W/g, '');
await this.userCore.updateUser(admin, admin.id, { password });
return { admin, password, provided: !!providedPassword };
}
} }