From e32fffbb473be4844b0d43d71972f48614aa3c94 Mon Sep 17 00:00:00 2001 From: Leandro Menezes Date: Thu, 20 Feb 2025 17:09:12 -0300 Subject: [PATCH 1/7] Added option to create users on login (openid) --- packages/sync-server/src/accounts/openid.js | 22 +++++++++++++-------- packages/sync-server/src/config-types.ts | 1 + packages/sync-server/src/load-config.js | 3 +++ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/packages/sync-server/src/accounts/openid.js b/packages/sync-server/src/accounts/openid.js index 508e85d00c1..8a4e83e51d3 100644 --- a/packages/sync-server/src/accounts/openid.js +++ b/packages/sync-server/src/accounts/openid.js @@ -193,8 +193,8 @@ export async function loginWithOpenIdFinalize(body) { userInfo.login ?? userInfo.email ?? userInfo.id ?? - userInfo.name ?? - 'default-username'; + userInfo.sub; + if (identity == null) { return { error: 'openid-grant-failed: no identification was found' }; } @@ -206,7 +206,10 @@ export async function loginWithOpenIdFinalize(body) { 'SELECT count(*) as countUsersWithUserName FROM users WHERE user_name <> ?', [''], ); - if (countUsersWithUserName === 0) { + if ( + countUsersWithUserName === 0 || + finalConfig.userCreationMode === 'login' + ) { userId = uuidv4(); // Check if user was created by another transaction const existingUser = accountDb.first( @@ -217,18 +220,21 @@ export async function loginWithOpenIdFinalize(body) { throw new Error('user-already-exists'); } accountDb.mutate( - 'INSERT INTO users (id, user_name, display_name, enabled, owner, role) VALUES (?, ?, ?, 1, 1, ?)', + 'INSERT INTO users (id, user_name, display_name, enabled, owner, role) VALUES (?, ?, ?, 1, ?, ?)', [ userId, identity, userInfo.name ?? userInfo.email ?? identity, - 'ADMIN', + countUsersWithUserName === 0 ? '1' : '0', + countUsersWithUserName === 0 ? 'ADMIN' : 'BASIC', ], ); - const userFromPasswordMethod = getUserByUsername(''); - if (userFromPasswordMethod) { - transferAllFilesFromUser(userId, userFromPasswordMethod.user_id); + if (countUsersWithUserName === 0) { + const userFromPasswordMethod = getUserByUsername(''); + if (userFromPasswordMethod) { + transferAllFilesFromUser(userId, userFromPasswordMethod.user_id); + } } } else { const { id: userIdFromDb, display_name: displayName } = diff --git a/packages/sync-server/src/config-types.ts b/packages/sync-server/src/config-types.ts index 464c2dc3fbc..9c3c2577981 100644 --- a/packages/sync-server/src/config-types.ts +++ b/packages/sync-server/src/config-types.ts @@ -40,4 +40,5 @@ export interface Config { }; multiuser: boolean; token_expiration?: 'never' | 'openid-provider' | number; + userCreationMode?: 'manual' | 'login'; } diff --git a/packages/sync-server/src/load-config.js b/packages/sync-server/src/load-config.js index d991d8e6e21..ef62c948383 100644 --- a/packages/sync-server/src/load-config.js +++ b/packages/sync-server/src/load-config.js @@ -221,6 +221,9 @@ const finalConfig = { token_expiration: process.env.ACTUAL_TOKEN_EXPIRATION ? process.env.ACTUAL_TOKEN_EXPIRATION : config.token_expiration, + userCreationMode: process.env.ACTUAL_USER_CREATION_MODE + ? process.env.ACTUAL_USER_CREATION_MODE + : config.userCreationMode, }; debug(`using port ${finalConfig.port}`); debug(`using hostname ${finalConfig.hostname}`); From 6c271b126a70ae761f07c5f55d804e74efccf445 Mon Sep 17 00:00:00 2001 From: Leandro Menezes Date: Thu, 20 Feb 2025 17:15:08 -0300 Subject: [PATCH 2/7] md --- upcoming-release-notes/4421.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 upcoming-release-notes/4421.md diff --git a/upcoming-release-notes/4421.md b/upcoming-release-notes/4421.md new file mode 100644 index 00000000000..3d74843652e --- /dev/null +++ b/upcoming-release-notes/4421.md @@ -0,0 +1,6 @@ +--- +category: Enhancements +authors: [lelemm] +--- + +Added `ACTUAL_USER_CREATION_MODE=login` enviroment variable to create users on login From 46b5bae91c867316b00061608ff97e26cffc6a44 Mon Sep 17 00:00:00 2001 From: Leandro Menezes Date: Thu, 20 Feb 2025 22:21:35 -0300 Subject: [PATCH 3/7] added default value --- packages/sync-server/src/load-config.js | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/sync-server/src/load-config.js b/packages/sync-server/src/load-config.js index ef62c948383..071c06b1e1b 100644 --- a/packages/sync-server/src/load-config.js +++ b/packages/sync-server/src/load-config.js @@ -88,6 +88,7 @@ const defaultConfig = { projectRoot, multiuser: false, token_expiration: 'never', + userCreationMode: 'manual' }; /** @type {import('./config-types.js').Config} */ From 6b46e422d5b1a8723da68062ca0d2a55786af4bc Mon Sep 17 00:00:00 2001 From: Leandro Menezes Date: Thu, 20 Feb 2025 22:26:18 -0300 Subject: [PATCH 4/7] linter --- packages/sync-server/src/load-config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/sync-server/src/load-config.js b/packages/sync-server/src/load-config.js index 071c06b1e1b..1b95244df79 100644 --- a/packages/sync-server/src/load-config.js +++ b/packages/sync-server/src/load-config.js @@ -88,7 +88,7 @@ const defaultConfig = { projectRoot, multiuser: false, token_expiration: 'never', - userCreationMode: 'manual' + userCreationMode: 'manual', }; /** @type {import('./config-types.js').Config} */ From 18ebf8304b050e91ecefc19afd52d8d40f12801f Mon Sep 17 00:00:00 2001 From: Leandro Menezes Date: Mon, 24 Feb 2025 00:10:37 -0300 Subject: [PATCH 5/7] added validation to ACTUAL_USER_CREATION_MODE --- packages/sync-server/src/load-config.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/packages/sync-server/src/load-config.js b/packages/sync-server/src/load-config.js index 41edff967f7..45b31c61b5b 100644 --- a/packages/sync-server/src/load-config.js +++ b/packages/sync-server/src/load-config.js @@ -235,7 +235,15 @@ const finalConfig = { })() : config.enforceOpenId, userCreationMode: process.env.ACTUAL_USER_CREATION_MODE - ? process.env.ACTUAL_USER_CREATION_MODE + ? (() => { + const value = process.env.ACTUAL_USER_CREATION_MODE.toLowerCase(); + if (!['manual', 'login'].includes(value)) { + throw new Error( + 'ACTUAL_USER_CREATION_MODE must be either "manual" or "login"', + ); + } + return value; + })() : config.userCreationMode, }; debug(`using port ${finalConfig.port}`); From 4b9e7a471e916cd8a5fdd4495ef624ef65b5d0d1 Mon Sep 17 00:00:00 2001 From: Leandro Menezes Date: Tue, 4 Mar 2025 08:25:36 -0300 Subject: [PATCH 6/7] Merge --- packages/sync-server/src/accounts/openid.js | 2 +- packages/sync-server/src/load-config.js | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/sync-server/src/accounts/openid.js b/packages/sync-server/src/accounts/openid.js index fc983f06276..a44c158238b 100644 --- a/packages/sync-server/src/accounts/openid.js +++ b/packages/sync-server/src/accounts/openid.js @@ -207,7 +207,7 @@ export async function loginWithOpenIdFinalize(body) { ); if ( countUsersWithUserName === 0 || - finalConfig.userCreationMode === 'login' + config.get('userCreationMode') === 'login' ) { userId = uuidv4(); // Check if user was created by another transaction diff --git a/packages/sync-server/src/load-config.js b/packages/sync-server/src/load-config.js index f39c6492b08..31d10a81a80 100644 --- a/packages/sync-server/src/load-config.js +++ b/packages/sync-server/src/load-config.js @@ -253,6 +253,13 @@ const configSchema = convict({ default: false, env: 'ACTUAL_OPENID_ENFORCE', }, + + userCreationMode: { + doc: 'Determines how users can be created.', + format: ["manual", "login"], + default: "manual", + env: 'ACTUAL_USER_CREATION_MODE', + } }); let configPath = null; From 7ab17c540c0f8e14071b5a3482718a2a3eb61778 Mon Sep 17 00:00:00 2001 From: Leandro Menezes Date: Tue, 4 Mar 2025 08:33:09 -0300 Subject: [PATCH 7/7] linter --- packages/sync-server/src/load-config.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/sync-server/src/load-config.js b/packages/sync-server/src/load-config.js index 31d10a81a80..4bfc8ed3b63 100644 --- a/packages/sync-server/src/load-config.js +++ b/packages/sync-server/src/load-config.js @@ -256,10 +256,10 @@ const configSchema = convict({ userCreationMode: { doc: 'Determines how users can be created.', - format: ["manual", "login"], - default: "manual", + format: ['manual', 'login'], + default: 'manual', env: 'ACTUAL_USER_CREATION_MODE', - } + }, }); let configPath = null;