Added setup step for password

2020-08-17 19:04:51 +02:00 · 2020-08-17 19:04:51 +02:00 · 2484015261
parent 6050e26f7a
commit 2484015261
2 changed files with 42 additions and 5 deletions
--- a/maloja/data_files/settings/default.ini
+++ b/maloja/data_files/settings/default.ini
@ -7,6 +7,14 @@
 WEB_PORT = 42010
 HOST = "::" # You most likely want either :: for IPv6 or 0.0.0.0 for IPv4 here

+[Login]
+
+DEFAULT_PASSWORD = none
+FORCE_PASSWORD = none
+# these are only meant for Docker containers
+# on first start, set the environment variable MALOJA_DEFAULT_PASSWORD
+# if you forgot and already generated a random password, you can overwrite it with MALOJA_FORCE_PASSWORD
+
 [Third Party Services]

 # order in which to use the metadata providers
--- a/maloja/proccontrol/setup.py
+++ b/maloja/proccontrol/setup.py
@ -2,6 +2,7 @@ import pkg_resources
 from distutils import dir_util
 from doreah import settings
 from doreah.io import col, ask, prompt
+from doreah import auth
 import os

 from ..globalconf import datadir
@ -22,7 +23,12 @@ def copy_initial_local_files():
 	#shutil.copy(folder,DATA_DIR)
 	dir_util.copy_tree(folder,datadir(),update=False)

-
+def randomstring(length=32):
+	import random
+	key = ""
+	for i in range(length):
+		key += str(random.choice(list(range(10)) + list("abcdefghijklmnopqrstuvwxyz") + list("ABCDEFGHIJKLMNOPQRSTUVWXYZ")))
+	return key

 def setup():

@ -48,10 +54,7 @@ def setup():
 	else:
 		answer = ask("Do you want to set up a key to enable scrobbling? Your scrobble extension needs that key so that only you can scrobble tracks to your database.",default=True,skip=SKIP)
 		if answer:
-			import random
-			key = ""
-			for i in range(64):
-				key += str(random.choice(list(range(10)) + list("abcdefghijklmnopqrstuvwxyz") + list("ABCDEFGHIJKLMNOPQRSTUVWXYZ")))
+			key = randomstring(64)
 			print("Your API Key: " + col["yellow"](key))
 			with open(datadir("clients/authenticated_machines.tsv"),"w") as keyfile:
 				keyfile.write(key + "\t" + "Default Generated Key")
@ -59,6 +62,32 @@ def setup():
 			pass


+	# PASSWORD
+	defaultpassword = settings.get_settings("DEFAULT_PASSWORD")
+	forcepassword = settings.get_settings("FORCE_PASSWORD")
+	# this is mainly meant for docker, supply password via environment variable
+
+	if forcepassword is not None:
+		# user has specified to force the pw, nothing else matters
+		auth.defaultuser.setpw(forcepassword)
+		print("Password has been set.")
+	elif auth.defaultuser.checkpw("admin"):
+		# if the actual pw is admin, it means we've never set this up properly (eg first start after update)
+		if defaultpassword is None:
+			# non-docker installation or user didn't set environment variable
+			defaultpassword = randomstring(32)
+			newpw = prompt("Please set a password for web backend access. Leave this empty to generate a random password.",skip=SKIP,secret=True)
+			if newpw is None:
+				newpw = defaultpassword
+				print("Generated password:",newpw)
+			auth.defaultuser.setpw(newpw)
+		else:
+			# docker installation (or settings file, but don't do that)
+			# we still 'ask' the user to set one, but for docker this will be skipped
+			newpw = prompt("Please set a password for web backend access. Leave this empty to use the default password.",skip=SKIP,default=defaultpassword,secret=True)
+			auth.defaultuser.setpw(newpw)
+
+
 	if settings.get_settings("NAME") is None:
 		name = prompt("Please enter your name. This will be displayed e.g. when comparing your charts to another user. Leave this empty if you would not like to specify a name right now.",default="Generic Maloja User",skip=SKIP)
 		settings.update_settings(datadir("settings/settings.ini"),{"NAME":name},create_new=True)