mirror of
https://github.com/actualbudget/actual.git
synced 2026-04-30 10:14:53 -05:00
✨ OPENID: Added option to create users on login (#4421)
* Added option to create users on login (openid) * md * added default value * linter * added validation to ACTUAL_USER_CREATION_MODE * Merge * linter * fixes * removed enchancement * linter
This commit is contained in:
lelemm
GitHub
@@ -200,8 +200,8 @@ export async function loginWithOpenIdFinalize(body) {
|
|||||||
userInfo.login ??
|
userInfo.login ??
|
||||||
userInfo.email ??
|
userInfo.email ??
|
||||||
userInfo.id ??
|
userInfo.id ??
|
||||||
userInfo.name ??
|
userInfo.sub;
|
||||||
'default-username';
|
|
||||||
if (identity == null) {
|
if (identity == null) {
|
||||||
return { error: 'openid-grant-failed: no identification was found' };
|
return { error: 'openid-grant-failed: no identification was found' };
|
||||||
}
|
}
|
||||||
@@ -213,29 +213,35 @@ export async function loginWithOpenIdFinalize(body) {
|
|||||||
'SELECT count(*) as countUsersWithUserName FROM users WHERE user_name <> ?',
|
'SELECT count(*) as countUsersWithUserName FROM users WHERE user_name <> ?',
|
||||||
[''],
|
[''],
|
||||||
);
|
);
|
||||||
if (countUsersWithUserName === 0) {
|
|
||||||
|
// Check if user was created by another transaction
|
||||||
|
const existingUser = accountDb.first(
|
||||||
|
'SELECT id FROM users WHERE user_name = ?',
|
||||||
|
[identity],
|
||||||
|
);
|
||||||
|
|
||||||
|
if (
|
||||||
|
!existingUser &&
|
||||||
|
(countUsersWithUserName === 0 ||
|
||||||
|
config.get('userCreationMode') === 'login')
|
||||||
|
) {
|
||||||
userId = uuidv4();
|
userId = uuidv4();
|
||||||
// Check if user was created by another transaction
|
|
||||||
const existingUser = accountDb.first(
|
|
||||||
'SELECT id FROM users WHERE user_name = ?',
|
|
||||||
[identity],
|
|
||||||
);
|
|
||||||
if (existingUser) {
|
|
||||||
throw new Error('user-already-exists');
|
|
||||||
}
|
|
||||||
accountDb.mutate(
|
accountDb.mutate(
|
||||||
'INSERT INTO users (id, user_name, display_name, enabled, owner, role) VALUES (?, ?, ?, 1, 1, ?)',
|
'INSERT INTO users (id, user_name, display_name, enabled, owner, role) VALUES (?, ?, ?, 1, ?, ?)',
|
||||||
[
|
[
|
||||||
userId,
|
userId,
|
||||||
identity,
|
identity,
|
||||||
userInfo.name ?? userInfo.email ?? identity,
|
userInfo.name ?? userInfo.email ?? identity,
|
||||||
'ADMIN',
|
countUsersWithUserName === 0 ? '1' : '0',
|
||||||
|
countUsersWithUserName === 0 ? 'ADMIN' : 'BASIC',
|
||||||
],
|
],
|
||||||
);
|
);
|
||||||
|
|
||||||
const userFromPasswordMethod = getUserByUsername('');
|
if (countUsersWithUserName === 0) {
|
||||||
if (userFromPasswordMethod) {
|
const userFromPasswordMethod = getUserByUsername('');
|
||||||
transferAllFilesFromUser(userId, userFromPasswordMethod.user_id);
|
if (userFromPasswordMethod) {
|
||||||
|
transferAllFilesFromUser(userId, userFromPasswordMethod.user_id);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
const { id: userIdFromDb, display_name: displayName } =
|
const { id: userIdFromDb, display_name: displayName } =
|
||||||
|
|||||||
@@ -40,4 +40,5 @@ export interface Config {
|
|||||||
};
|
};
|
||||||
token_expiration?: 'never' | 'openid-provider' | number;
|
token_expiration?: 'never' | 'openid-provider' | number;
|
||||||
enforceOpenId: boolean;
|
enforceOpenId: boolean;
|
||||||
|
userCreationMode?: 'manual' | 'login';
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -248,6 +248,13 @@ const configSchema = convict({
|
|||||||
default: false,
|
default: false,
|
||||||
env: 'ACTUAL_OPENID_ENFORCE',
|
env: 'ACTUAL_OPENID_ENFORCE',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
userCreationMode: {
|
||||||
|
doc: 'Determines how users can be created.',
|
||||||
|
format: ['manual', 'login'],
|
||||||
|
default: 'manual',
|
||||||
|
env: 'ACTUAL_USER_CREATION_MODE',
|
||||||
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
let configPath = null;
|
let configPath = null;
|
||||||
|
|||||||
@@ -241,14 +241,25 @@ export function deleteUserAccessByFileId(userIds, fileId) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export function getAllUserAccess(fileId) {
|
export function getAllUserAccess(fileId) {
|
||||||
|
//This can't be used here until we can create user invite links:
|
||||||
|
//const isLoginMode = config.get('userCreationMode') === 'login';
|
||||||
|
const isLoginMode = false;
|
||||||
|
const joinType = isLoginMode ? 'JOIN' : 'LEFT JOIN';
|
||||||
|
|
||||||
return getAccountDb().all(
|
return getAccountDb().all(
|
||||||
`SELECT users.id as userId, user_name as userName, display_name as displayName,
|
`
|
||||||
CASE WHEN user_access.file_id IS NULL THEN 0 ELSE 1 END as haveAccess,
|
SELECT
|
||||||
CASE WHEN files.id IS NULL THEN 0 ELSE 1 END as owner
|
users.id as userId,
|
||||||
FROM users
|
user_name as userName,
|
||||||
LEFT JOIN user_access ON user_access.file_id = ? and user_access.user_id = users.id
|
display_name as displayName,
|
||||||
LEFT JOIN files ON files.id = ? and files.owner = users.id
|
CASE WHEN user_access.file_id IS NULL THEN 0 ELSE 1 END as haveAccess,
|
||||||
WHERE users.enabled = 1 AND users.user_name <> ''`,
|
CASE WHEN files.id IS NULL THEN 0 ELSE 1 END as owner
|
||||||
|
FROM users
|
||||||
|
${joinType} user_access ON user_access.file_id = ? AND user_access.user_id = users.id
|
||||||
|
${joinType} files ON files.id = ? AND files.owner = users.id
|
||||||
|
WHERE users.enabled = 1
|
||||||
|
AND users.user_name <> ''
|
||||||
|
`,
|
||||||
[fileId, fileId],
|
[fileId, fileId],
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
6
upcoming-release-notes/4421.md
Normal file
6
upcoming-release-notes/4421.md
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
category: Enhancements
|
||||||
|
authors: [lelemm]
|
||||||
|
---
|
||||||
|
|
||||||
|
Added `ACTUAL_USER_CREATION_MODE=login` enviroment variable to create users on login
|
||||||
Reference in New Issue
Block a user