feat: サーバー初期設定時に初期パスワードを要求できるように (#14626)
* feat: サーバー初期設定時専用の初期パスワードを設定できるように
* 無いのに入力された場合もエラーにする
* 🎨
* 🎨
* cypress-devcontainerにもpassを設定(テストが失敗するため)
* [ci skip] 🎨
* ✌️
* test: please revert this commit before merge
* Revert "test: please revert this commit before merge"
This reverts commit 66b2b48f66.
* Update locales/ja-JP.yml
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* build assets
* Update Changelog
* fix condition
* fix condition
* add comment
* change error code
* 他のエラーコードと合わせる
* Update CHANGELOG.md
---------
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
This commit is contained in:
かっこかり
@@ -63,6 +63,8 @@ type Source = {
|
||||
|
||||
publishTarballInsteadOfProvideRepositoryUrl?: boolean;
|
||||
|
||||
initialPassword?: string;
|
||||
|
||||
proxy?: string;
|
||||
proxySmtp?: string;
|
||||
proxyBypassHosts?: string[];
|
||||
@@ -152,6 +154,7 @@ export type Config = {
|
||||
|
||||
version: string;
|
||||
publishTarballInsteadOfProvideRepositoryUrl: boolean;
|
||||
initialPassword: string | undefined;
|
||||
host: string;
|
||||
hostname: string;
|
||||
scheme: string;
|
||||
@@ -232,6 +235,7 @@ export function loadConfig(): Config {
|
||||
return {
|
||||
version,
|
||||
publishTarballInsteadOfProvideRepositoryUrl: !!config.publishTarballInsteadOfProvideRepositoryUrl,
|
||||
initialPassword: config.initialPassword,
|
||||
url: url.origin,
|
||||
port: config.port ?? parseInt(process.env.PORT ?? '', 10),
|
||||
socket: config.socket,
|
||||
|
||||
@@ -12,11 +12,27 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
|
||||
import { InstanceActorService } from '@/core/InstanceActorService.js';
|
||||
import { localUsernameSchema, passwordSchema } from '@/models/User.js';
|
||||
import { DI } from '@/di-symbols.js';
|
||||
import type { Config } from '@/config.js';
|
||||
import { ApiError } from '@/server/api/error.js';
|
||||
import { Packed } from '@/misc/json-schema.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['admin'],
|
||||
|
||||
errors: {
|
||||
accessDenied: {
|
||||
message: 'Access denied.',
|
||||
code: 'ACCESS_DENIED',
|
||||
id: '1fb7cb09-d46a-4fff-b8df-057708cce513',
|
||||
},
|
||||
|
||||
wrongInitialPassword: {
|
||||
message: 'Initial password is incorrect.',
|
||||
code: 'INCORRECT_INITIAL_PASSWORD',
|
||||
id: '97147c55-1ae1-4f6f-91d6-e1c3e0e76d62',
|
||||
},
|
||||
},
|
||||
|
||||
res: {
|
||||
type: 'object',
|
||||
optional: false, nullable: false,
|
||||
@@ -35,6 +51,7 @@ export const paramDef = {
|
||||
properties: {
|
||||
username: localUsernameSchema,
|
||||
password: passwordSchema,
|
||||
initialPassword: { type: 'string', nullable: true },
|
||||
},
|
||||
required: ['username', 'password'],
|
||||
} as const;
|
||||
@@ -42,6 +59,9 @@ export const paramDef = {
|
||||
@Injectable()
|
||||
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
|
||||
constructor(
|
||||
@Inject(DI.config)
|
||||
private config: Config,
|
||||
|
||||
@Inject(DI.usersRepository)
|
||||
private usersRepository: UsersRepository,
|
||||
|
||||
@@ -52,7 +72,23 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||
super(meta, paramDef, async (ps, _me, token) => {
|
||||
const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null;
|
||||
const realUsers = await this.instanceActorService.realLocalUsersPresent();
|
||||
if ((realUsers && !me?.isRoot) || token !== null) throw new Error('access denied');
|
||||
|
||||
if (!realUsers && me == null && token == null) {
|
||||
// 初回セットアップの場合
|
||||
if (this.config.initialPassword != null) {
|
||||
// 初期パスワードが設定されている場合
|
||||
if (ps.initialPassword !== this.config.initialPassword) {
|
||||
// 初期パスワードが違う場合
|
||||
throw new ApiError(meta.errors.wrongInitialPassword);
|
||||
}
|
||||
} else if (ps.initialPassword != null && ps.initialPassword.trim() !== '') {
|
||||
// 初期パスワードが設定されていないのに初期パスワードが入力された場合
|
||||
throw new ApiError(meta.errors.wrongInitialPassword);
|
||||
}
|
||||
} else if ((realUsers && !me?.isRoot) || token !== null) {
|
||||
// 初回セットアップではなく、管理者でない場合 or 外部トークンを使用している場合
|
||||
throw new ApiError(meta.errors.accessDenied);
|
||||
}
|
||||
|
||||
const { account, secret } = await this.signupService.signup({
|
||||
username: ps.username,
|
||||
|
||||
@@ -14,6 +14,10 @@ SPDX-License-Identifier: AGPL-3.0-only
|
||||
</div>
|
||||
<div class="_gaps_m" style="padding: 32px;">
|
||||
<div>{{ i18n.ts.intro }}</div>
|
||||
<MkInput v-model="initialPassword" type="password" data-cy-admin-initial-password>
|
||||
<template #label>{{ i18n.ts.initialPasswordForSetup }} <div v-tooltip:dialog="i18n.ts.initialPasswordForSetupDescription" class="_button _help"><i class="ti ti-help-circle"></i></div></template>
|
||||
<template #prefix><i class="ti ti-lock"></i></template>
|
||||
</MkInput>
|
||||
<MkInput v-model="username" pattern="^[a-zA-Z0-9_]{1,20}$" :spellcheck="false" required data-cy-admin-username>
|
||||
<template #label>{{ i18n.ts.username }}</template>
|
||||
<template #prefix>@</template>
|
||||
@@ -47,6 +51,7 @@ import MkAnimBg from '@/components/MkAnimBg.vue';
|
||||
|
||||
const username = ref('');
|
||||
const password = ref('');
|
||||
const initialPassword = ref('');
|
||||
const submitting = ref(false);
|
||||
|
||||
function submit() {
|
||||
@@ -56,14 +61,27 @@ function submit() {
|
||||
misskeyApi('admin/accounts/create', {
|
||||
username: username.value,
|
||||
password: password.value,
|
||||
initialPassword: initialPassword.value === '' ? null : initialPassword.value,
|
||||
}).then(res => {
|
||||
return login(res.token);
|
||||
}).catch(() => {
|
||||
}).catch((err) => {
|
||||
submitting.value = false;
|
||||
|
||||
let title = i18n.ts.somethingHappened;
|
||||
let text = err.message + '\n' + err.id;
|
||||
|
||||
if (err.code === 'ACCESS_DENIED') {
|
||||
title = i18n.ts.permissionDeniedError;
|
||||
text = i18n.ts.operationForbidden;
|
||||
} else if (err.code === 'INCORRECT_INITIAL_PASSWORD') {
|
||||
title = i18n.ts.permissionDeniedError;
|
||||
text = i18n.ts.incorrectPassword;
|
||||
}
|
||||
|
||||
os.alert({
|
||||
type: 'error',
|
||||
text: i18n.ts.somethingHappened,
|
||||
title,
|
||||
text,
|
||||
});
|
||||
});
|
||||
}
|
||||
@@ -74,8 +92,8 @@ function submit() {
|
||||
min-height: 100svh;
|
||||
padding: 32px 32px 64px 32px;
|
||||
box-sizing: border-box;
|
||||
display: grid;
|
||||
place-content: center;
|
||||
display: grid;
|
||||
place-content: center;
|
||||
}
|
||||
|
||||
.form {
|
||||
|
||||
@@ -5611,6 +5611,7 @@ export type operations = {
|
||||
'application/json': {
|
||||
username: string;
|
||||
password: string;
|
||||
initialPassword?: string | null;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user