Compare commits
20 Commits
0a69910e8b
...
feature/mu
| Author | SHA1 | Date | |
|---|---|---|---|
|
6c79147cbf | ||
|
|
1bf8274d8c | ||
|
|
9b79838cc3 | ||
|
|
1f5d3665c8 | ||
|
|
1b2bc33aba | ||
|
|
2b9c039157 | ||
|
|
7d106998be | ||
|
|
6198a174c7 | ||
|
|
184cb8ec00 | ||
|
|
000540727c | ||
|
|
aece9e0b9f | ||
|
|
018e352820 | ||
|
|
86f2f031db | ||
|
|
69f3737303 | ||
|
|
60179e68fd | ||
|
|
6901880a2f | ||
|
|
89186a0d61 | ||
|
|
da6af4ae71 | ||
|
|
053d45add1 | ||
|
|
a1bf38de04 |
@@ -11,7 +11,7 @@ from typing import Optional
|
||||
from passlib.context import CryptContext
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from .models import User, Session as UserSession, APIKey
|
||||
from .models import User, Session as UserSession, APIKey, Team, TeamMembership
|
||||
from .config import get_settings
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -363,6 +363,8 @@ def create_default_admin(db: Session) -> Optional[User]:
|
||||
|
||||
The admin password can be set via ORCHARD_ADMIN_PASSWORD environment variable.
|
||||
If not set, defaults to 'changeme123' and requires password change on first login.
|
||||
|
||||
Also creates the "Global Admins" team and adds the admin user to it.
|
||||
"""
|
||||
# Check if any users exist
|
||||
user_count = db.query(User).count()
|
||||
@@ -385,6 +387,27 @@ def create_default_admin(db: Session) -> Optional[User]:
|
||||
must_change_password=must_change,
|
||||
)
|
||||
|
||||
# Create Global Admins team and add admin to it
|
||||
global_admins_team = Team(
|
||||
name="Global Admins",
|
||||
slug="global-admins",
|
||||
description="System administrators with full access",
|
||||
created_by="admin",
|
||||
)
|
||||
db.add(global_admins_team)
|
||||
db.flush()
|
||||
|
||||
membership = TeamMembership(
|
||||
team_id=global_admins_team.id,
|
||||
user_id=admin.id,
|
||||
role="owner",
|
||||
invited_by="admin",
|
||||
)
|
||||
db.add(membership)
|
||||
db.commit()
|
||||
|
||||
logger.info("Created Global Admins team and added admin as owner")
|
||||
|
||||
if settings.admin_password:
|
||||
logger.info("Created default admin user with configured password")
|
||||
else:
|
||||
|
||||
@@ -10,6 +10,7 @@ class TestCreateDefaultAdmin:
|
||||
def test_create_default_admin_with_env_password(self):
|
||||
"""Test that ORCHARD_ADMIN_PASSWORD env var sets admin password."""
|
||||
from app.auth import create_default_admin, verify_password
|
||||
from app.models import User
|
||||
|
||||
# Create mock settings with custom password
|
||||
mock_settings = MagicMock()
|
||||
@@ -19,20 +20,23 @@ class TestCreateDefaultAdmin:
|
||||
mock_db = MagicMock()
|
||||
mock_db.query.return_value.count.return_value = 0 # No existing users
|
||||
|
||||
# Track the user that gets created
|
||||
created_user = None
|
||||
# Track all objects that get created
|
||||
created_objects = []
|
||||
|
||||
def capture_user(user):
|
||||
nonlocal created_user
|
||||
created_user = user
|
||||
def capture_object(obj):
|
||||
created_objects.append(obj)
|
||||
|
||||
mock_db.add.side_effect = capture_user
|
||||
mock_db.add.side_effect = capture_object
|
||||
|
||||
with patch("app.auth.get_settings", return_value=mock_settings):
|
||||
admin = create_default_admin(mock_db)
|
||||
|
||||
# Verify the user was created
|
||||
# Verify objects were created (user, team, membership)
|
||||
assert mock_db.add.called
|
||||
assert len(created_objects) >= 1
|
||||
|
||||
# Find the user object
|
||||
created_user = next((obj for obj in created_objects if isinstance(obj, User)), None)
|
||||
assert created_user is not None
|
||||
assert created_user.username == "admin"
|
||||
assert created_user.is_admin is True
|
||||
@@ -44,6 +48,7 @@ class TestCreateDefaultAdmin:
|
||||
def test_create_default_admin_with_default_password(self):
|
||||
"""Test that default password 'changeme123' is used when env var not set."""
|
||||
from app.auth import create_default_admin, verify_password
|
||||
from app.models import User
|
||||
|
||||
# Create mock settings with empty password (default)
|
||||
mock_settings = MagicMock()
|
||||
@@ -53,20 +58,23 @@ class TestCreateDefaultAdmin:
|
||||
mock_db = MagicMock()
|
||||
mock_db.query.return_value.count.return_value = 0 # No existing users
|
||||
|
||||
# Track the user that gets created
|
||||
created_user = None
|
||||
# Track all objects that get created
|
||||
created_objects = []
|
||||
|
||||
def capture_user(user):
|
||||
nonlocal created_user
|
||||
created_user = user
|
||||
def capture_object(obj):
|
||||
created_objects.append(obj)
|
||||
|
||||
mock_db.add.side_effect = capture_user
|
||||
mock_db.add.side_effect = capture_object
|
||||
|
||||
with patch("app.auth.get_settings", return_value=mock_settings):
|
||||
admin = create_default_admin(mock_db)
|
||||
|
||||
# Verify the user was created
|
||||
# Verify objects were created
|
||||
assert mock_db.add.called
|
||||
assert len(created_objects) >= 1
|
||||
|
||||
# Find the user object
|
||||
created_user = next((obj for obj in created_objects if isinstance(obj, User)), None)
|
||||
assert created_user is not None
|
||||
assert created_user.username == "admin"
|
||||
assert created_user.is_admin is True
|
||||
|
||||
Reference in New Issue
Block a user