Merge branch 'master' into attach-user-to-spans

This commit is contained in:
Sam Rose 2024-01-05 14:46:53 +00:00 committed by GitHub
commit 26fd6b55cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 26 additions and 10 deletions

View File

@ -26,7 +26,7 @@ services:
BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL} BB_ADMIN_USER_EMAIL: ${BB_ADMIN_USER_EMAIL}
BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD} BB_ADMIN_USER_PASSWORD: ${BB_ADMIN_USER_PASSWORD}
PLUGINS_DIR: ${PLUGINS_DIR} PLUGINS_DIR: ${PLUGINS_DIR}
OFFLINE_MODE: ${OFFLINE_MODE} OFFLINE_MODE: ${OFFLINE_MODE:-}
depends_on: depends_on:
- worker-service - worker-service
- redis-service - redis-service
@ -53,7 +53,7 @@ services:
INTERNAL_API_KEY: ${INTERNAL_API_KEY} INTERNAL_API_KEY: ${INTERNAL_API_KEY}
REDIS_URL: redis-service:6379 REDIS_URL: redis-service:6379
REDIS_PASSWORD: ${REDIS_PASSWORD} REDIS_PASSWORD: ${REDIS_PASSWORD}
OFFLINE_MODE: ${OFFLINE_MODE} OFFLINE_MODE: ${OFFLINE_MODE:-}
depends_on: depends_on:
- redis-service - redis-service
- minio-service - minio-service

View File

@ -166,6 +166,8 @@ const environment = {
DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING, DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
BLACKLIST_IPS: process.env.BLACKLIST_IPS, BLACKLIST_IPS: process.env.BLACKLIST_IPS,
SERVICE_TYPE: "unknown", SERVICE_TYPE: "unknown",
PASSWORD_MIN_LENGTH: process.env.PASSWORD_MIN_LENGTH,
PASSWORD_MAX_LENGTH: process.env.PASSWORD_MAX_LENGTH,
/** /**
* Enable to allow an admin user to login using a password. * Enable to allow an admin user to login using a password.
* This can be useful to prevent lockout when configuring SSO. * This can be useful to prevent lockout when configuring SSO.

View File

@ -1,7 +1,7 @@
import { env } from ".." import env from "../environment"
export const PASSWORD_MIN_LENGTH = +(process.env.PASSWORD_MIN_LENGTH || 8) export const PASSWORD_MIN_LENGTH = +(env.PASSWORD_MIN_LENGTH || 8)
export const PASSWORD_MAX_LENGTH = +(process.env.PASSWORD_MAX_LENGTH || 512) export const PASSWORD_MAX_LENGTH = +(env.PASSWORD_MAX_LENGTH || 512)
export function validatePassword( export function validatePassword(
password: string password: string

View File

@ -44,6 +44,12 @@ type GroupFns = {
getBulk: GroupGetFn getBulk: GroupGetFn
getGroupBuilderAppIds: GroupBuildersFn getGroupBuilderAppIds: GroupBuildersFn
} }
type CreateAdminUserOpts = {
ssoId?: string
hashPassword?: boolean
requirePassword?: boolean
skipPasswordValidation?: boolean
}
type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn } type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
const bulkDeleteProcessing = async (dbUser: User) => { const bulkDeleteProcessing = async (dbUser: User) => {
@ -112,10 +118,12 @@ export class UserDB {
throw new HTTPError("Password change is disabled for this user", 400) throw new HTTPError("Password change is disabled for this user", 400)
} }
if (!opts.skipPasswordValidation) {
const passwordValidation = validatePassword(password) const passwordValidation = validatePassword(password)
if (!passwordValidation.valid) { if (!passwordValidation.valid) {
throw new HTTPError(passwordValidation.error, 400) throw new HTTPError(passwordValidation.error, 400)
} }
}
hashedPassword = opts.hashPassword ? await hash(password) : password hashedPassword = opts.hashPassword ? await hash(password) : password
} else if (dbUser) { } else if (dbUser) {
@ -489,7 +497,7 @@ export class UserDB {
email: string, email: string,
password: string, password: string,
tenantId: string, tenantId: string,
opts?: { ssoId?: string; hashPassword?: boolean; requirePassword?: boolean } opts?: CreateAdminUserOpts
) { ) {
const user: User = { const user: User = {
email: email, email: email,
@ -513,6 +521,7 @@ export class UserDB {
return await UserDB.save(user, { return await UserDB.save(user, {
hashPassword: opts?.hashPassword, hashPassword: opts?.hashPassword,
requirePassword: opts?.requirePassword, requirePassword: opts?.requirePassword,
skipPasswordValidation: opts?.skipPasswordValidation,
}) })
} }

View File

@ -138,7 +138,11 @@ export async function startup(app?: Koa, server?: Server) {
bbAdminEmail, bbAdminEmail,
bbAdminPassword, bbAdminPassword,
tenantId, tenantId,
{ hashPassword: true, requirePassword: true } {
hashPassword: true,
requirePassword: true,
skipPasswordValidation: true,
}
) )
// Need to set up an API key for automated integration tests // Need to set up an API key for automated integration tests
if (env.isTest()) { if (env.isTest()) {

View File

@ -2,4 +2,5 @@ export interface SaveUserOpts {
hashPassword?: boolean hashPassword?: boolean
requirePassword?: boolean requirePassword?: boolean
currentUserId?: string currentUserId?: string
skipPasswordValidation?: boolean
} }