forked from lix-project/hydra
Add a command `hydra-create-user' for managing user accounts
This commit is contained in:
parent
3315d1ea51
commit
55f9d23933
3 changed files with 98 additions and 8 deletions
|
@ -163,15 +163,16 @@ hydra-init</screen>
|
|||
</para>
|
||||
|
||||
<para>
|
||||
To add a user <emphasis>root</emphasis> with
|
||||
<emphasis>admin</emphasis> privileges, execute:
|
||||
<screen>
|
||||
echo "INSERT INTO Users(userName, emailAddress, password) VALUES ('root', 'some@email.adress.com', '$(echo -n foobar | sha1sum | cut -c1-40)');" | psql hydra
|
||||
echo "INSERT INTO UserRoles(userName, role) values('root', 'admin');" | psql hydra</screen>
|
||||
To create projects, you need to create a user with
|
||||
<emphasis>admin</emphasis> privileges. This can be done using
|
||||
the command <command>hydra-create-user</command>:
|
||||
|
||||
For SQLite the same commands can be used, with <command>psql
|
||||
hydra</command> replaced by <command>sqlite3
|
||||
/path/to/hydra.sqlite</command>.
|
||||
<screen>
|
||||
$ hydra-create-user alice --full-name 'Alice Q. User' \
|
||||
--email-address 'alice@example.org' --password foobar --role admin
|
||||
</screen>
|
||||
|
||||
Additional users can be created through the web interface.
|
||||
</para>
|
||||
|
||||
</section>
|
||||
|
|
|
@ -10,6 +10,7 @@ distributable_scripts = \
|
|||
hydra-server \
|
||||
hydra-update-gc-roots \
|
||||
hydra-s3-backup-collect-garbage \
|
||||
hydra-create-user \
|
||||
nix-prefetch-git \
|
||||
nix-prefetch-bzr \
|
||||
nix-prefetch-hg
|
||||
|
|
88
src/script/hydra-create-user
Executable file
88
src/script/hydra-create-user
Executable file
|
@ -0,0 +1,88 @@
|
|||
#! /var/run/current-system/sw/bin/perl -w
|
||||
|
||||
use strict;
|
||||
use Hydra::Schema;
|
||||
use Hydra::Helper::Nix;
|
||||
use Hydra::Model::DB;
|
||||
use Getopt::Long qw(:config gnu_getopt);
|
||||
use Digest::SHA1 qw(sha1_hex);
|
||||
|
||||
sub showHelp {
|
||||
print <<EOF;
|
||||
Usage: $0 NAME
|
||||
[--rename-from NAME]
|
||||
[--type hydra|persona]
|
||||
[--full-name FULLNAME]
|
||||
[--email-address EMAIL-ADDRESS]
|
||||
[--password PASSWORD]
|
||||
[--wipe-roles]
|
||||
[--role ROLE]...
|
||||
|
||||
Create a new Hydra user account, or update or an existing one. The
|
||||
--role flag can be given multiple times. If the account already
|
||||
exists, roles are added to the existing roles unless --wipe-roles is
|
||||
specified. If --rename-from is given, the specified account is
|
||||
renamed.
|
||||
|
||||
Example:
|
||||
\$ hydra-create-user alice --password foobar --role admin
|
||||
EOF
|
||||
exit 0;
|
||||
}
|
||||
|
||||
my ($renameFrom, $type, $fullName, $emailAddress, $password);
|
||||
my $wipeRoles = 0;
|
||||
my @roles;
|
||||
|
||||
GetOptions("rename-from=s" => \$renameFrom,
|
||||
"type=s" => \$type,
|
||||
"full-name=s" => \$fullName,
|
||||
"email-address=s" => \$emailAddress,
|
||||
"password=s" => \$password,
|
||||
"wipe-roles" => \$wipeRoles,
|
||||
"role=s" => \@roles,
|
||||
"help" => sub { showHelp() }
|
||||
) or exit 1;
|
||||
|
||||
die "$0: one user name required\n" if scalar @ARGV != 1;
|
||||
my $userName = $ARGV[0];
|
||||
|
||||
die "$0: type must be `hydra' or `persona'\n"
|
||||
if defined $type && $type ne "hydra" && $type ne "persona";
|
||||
|
||||
my $db = Hydra::Model::DB->new();
|
||||
|
||||
txn_do($db, sub {
|
||||
my $user = $db->resultset('Users')->find({ username => $renameFrom // $userName });
|
||||
if ($renameFrom) {
|
||||
die "$0: user `$renameFrom' does not exist\n" unless $user;
|
||||
$user->update({ username => $userName });
|
||||
} elsif ($user) {
|
||||
print STDERR "updating existing user `$userName'\n";
|
||||
} else {
|
||||
print STDERR "creating new user `$userName'\n";
|
||||
$user = $db->resultset('Users')->create(
|
||||
{ username => $userName, type => "hydra", emailaddress => "", password => "!" });
|
||||
}
|
||||
|
||||
die "$0: Persona user names must be email addresses\n"
|
||||
if $user->type eq "persona" && $userName !~ /\@/;
|
||||
|
||||
$user->update({ type => $type }) if defined $type;
|
||||
|
||||
$user->update({ fullname => $fullName eq "" ? undef : $fullName }) if defined $fullName;
|
||||
|
||||
if ($user->type eq "persona") {
|
||||
die "$0: Persona accounts do not have an explicitly set email address.\n"
|
||||
if defined $emailAddress;
|
||||
die "$0: Persona accounts do not have a password.\n"
|
||||
if defined $password;
|
||||
$user->update({ emailaddress => $userName, password => "!" });
|
||||
} else {
|
||||
$user->update({ emailaddress => $emailAddress }) if defined $emailAddress;
|
||||
$user->update({ password => sha1_hex($password) }) if defined $password;
|
||||
}
|
||||
|
||||
$user->userroles->delete if $wipeRoles;
|
||||
$user->userroles->update_or_create({ role => $_ }) foreach @roles;
|
||||
});
|
Loading…
Reference in a new issue