Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tool to create users #259

Open
willemarcel opened this issue Aug 24, 2022 · 4 comments
Open

Add tool to create users #259

willemarcel opened this issue Aug 24, 2022 · 4 comments
Labels
enhancement New feature or request

Comments

@willemarcel
Copy link

Create a command line tool or a web interface to create X number of users, so it returns the username and passwords. The goal is to avoid users from having to register themselves to use an osm-seed instance.

@willemarcel willemarcel added the enhancement New feature or request label Aug 24, 2022
@Rub21
Copy link
Collaborator

Rub21 commented Aug 24, 2022

@willemarcel The CLI already exists , https://github.com/openstreetmap/openstreetmap-website/blob/master/CONFIGURE.md#managing-users but for using it, it needs to access to the container a run, but I like the idea of a web interface to create users.

@willemarcel
Copy link
Author

@willemarcel The CLI already exists , https://github.com/openstreetmap/openstreetmap-website/blob/master/CONFIGURE.md#managing-users but for using it, it needs to access to the container a run, but I like the idea of a web interface to create users.

The goal is not only activating the user, but create it. So, we would call it with a command like:

create_users 2

and it would get the usernames and passwords ready to login, like:

Created 2 users:

user_1, password1
user_2, pass2

@batpad
Copy link
Member

batpad commented Sep 17, 2022

Just related here:

It would also be really nice to automatically create a user, register an OAuth application, and handle adding of the OAuth keys, instead of the user having to do it themselves. Configuring iD and the OAuth keys required is quite error prone, and requires doing this weird dance of installing, setting up the keys, editing conf, re-installing, etc. - eg. #265

It would be great if we could read from some config file and automatically create an admin user and also register the OAuth application and populate the OAuth key values where required.

This would be really nice to take up during some labs time.

@spwoodcock
Copy link
Contributor

In hotosm/osm-sandbox, I added an entrypoint script to init an admin user + create an OAuth app automatically.

#!/bin/bash

# First start web server & run migrations
bundle exec rails s -d -p 3000 -b '0.0.0.0'
bundle exec rails db:migrate

# Ruby script to create admin (to file)
# NOTE ID_EDITOR_REDIRECT_URI env var is injected
cat << EOF > create_admin_user.rb
admin_user = User.find_by(email: "#{ENV['ADMIN_EMAIL']}")
unless admin_user
  pass_crypt, pass_salt = PasswordHash.create("#{ENV['ADMIN_PASS']}")
  admin_user = User.create!(
      display_name: "HOTOSM",
      email: "#{ENV['ADMIN_EMAIL']}",
      pass_crypt: pass_crypt,
      pass_salt: pass_salt,
      email_valid: true,
      data_public: true,
      terms_seen: true,
      terms_agreed: Time.now,
      tou_agreed: Time.now,
  )
  admin_user.confirm!
  admin_user.roles.create(role: "administrator", granter_id: admin_user.id)
  admin_user.roles.create(role: "moderator", granter_id: admin_user.id)
end

oauth_application = Oauth2Application.find_by(name: 'ID Dev')
unless oauth_application
  oauth_application = Oauth2Application.create!(
      owner: admin_user,
      name: 'ID Dev',
      redirect_uri: "#{ENV['ID_EDITOR_REDIRECT_URI']}",
      scopes: ['read_prefs', 'write_api'],
      confidential: false,
  )
end
puts oauth_application.uid
puts oauth_application.secret

oauth_token = Doorkeeper::AccessToken.find_by(application_id: oauth_application.id)
unless oauth_token
  oauth_token = Doorkeeper::AccessToken.create!(
    resource_owner_id: admin_user.id,
    application_id: oauth_application.id,
    expires_in: 315360000,  # 10yrs
    scopes: 'read_prefs write_api'
  )
end
puts oauth_token.token
EOF

# Add output from Rails script to file, then extract OAuth app creds
if [ ! -e /tmp/create_admin_user.log ]; then
  bundle exec rails runner create_admin_user.rb > /tmp/create_admin_user.log
  ID_EDITOR_CLIENT_ID=$(sed -n '1p' /tmp/create_admin_user.log)
  ID_EDITOR_CLIENT_SECRET=$(sed -n '2p' /tmp/create_admin_user.log)
  ADMIN_OAUTH_TOKEN=$(sed -n '3p' /tmp/create_admin_user.log)
fi

# Stop web server gracefully
kill -TERM $(cat /tmp/pids/server.pid)

# Update the OpenStreetMap settings
# Further overrides can be made in a mounted settings.local.yml file
# The oauth_application var is for OSM Notes / changeset comments
# The id_application var is for ID editor
if ! grep -q "id_application: \"${ID_EDITOR_CLIENT_ID}\"" /app/config/settings.yml; then
  sed -i "s/#id_application: \"\"/id_application: \"${ID_EDITOR_CLIENT_ID}\"/" /app/config/settings.yml
fi

if ! grep -q "server_protocol: \"${PROTOCOL}\"" /app/config/settings.yml; then
  sed -i "s/server_protocol: \"http\"/server_protocol: \"${PROTOCOL}\"/" /app/config/settings.yml
fi

if ! grep -q "server_url: \"${DOMAIN}\"" /app/config/settings.yml; then
  sed -i "s/server_url: \"openstreetmap.example.com\"/server_url: \"${DOMAIN}\"/" /app/config/settings.yml
fi

# SMTP settings
if ! grep -q "smtp_address: \"mail\"" /app/config/settings.yml; then
  sed -i "s/smtp_address: \"localhost\"/smtp_address: \"mail\"/" /app/config/settings.yml
fi

if ! grep -q "smtp_domain: \"${DOMAIN}\"" /app/config/settings.yml; then
  sed -i "s/smtp_domain: \"localhost\"/smtp_domain: \"${DOMAIN}\"/" /app/config/settings.yml
fi

if ! grep -q "email_from: \"HOTOSM Sandbox <no-reply@${DOMAIN}>\"" /app/config/settings.yml; then
  sed -i "s/email_from: \"OpenStreetMap <openstreetmap@example.com>\"/email_from: \"HOTOSM Sandbox <no-reply@${DOMAIN}>\"/" /app/config/settings.yml
fi

if ! grep -q "email_return_path: \"no-reply@${DOMAIN}\"" /app/config/settings.yml; then
  sed -i "s/email_return_path: \"openstreetmap@example.com\"/email_return_path: \"no-reply@${DOMAIN}\"/" /app/config/settings.yml
fi

echo
echo "**ID Editor OAuth App Details**"
echo "Client ID: $ID_EDITOR_CLIENT_ID"
echo "Client Secret: $ID_EDITOR_CLIENT_SECRET"
echo
echo "Admin OAuth Token: $ADMIN_OAUTH_TOKEN"
echo

exec "$@"

However, before this is added, first I think #338 should be addressed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants