discourse/lib/tasks/admin.rake
Dan Ungureanu fa8cd629f1
DEV: Hash tokens stored from email_tokens (#14493)
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
2021-11-25 09:34:39 +02:00

110 lines
3.2 KiB
Ruby

# frozen_string_literal: true
desc "invite an admin to this discourse instance"
task "admin:invite", [:email] => [:environment] do |_, args|
email = args[:email]
if !email || email !~ /@/
puts "ERROR: Expecting rake admin:invite[some@email.com]"
exit 1
end
unless user = User.find_by_email(email)
puts "Creating new account!"
user = User.new(email: email)
user.password = SecureRandom.hex
user.username = UserNameSuggester.suggest(user.email)
end
user.active = true
user.save!
puts "Granting admin!"
user.grant_admin!
if user.trust_level < 1
user.change_trust_level!(1)
end
user.email_tokens.update_all confirmed: true
puts "Sending email!"
email_token = user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:signup])
Jobs.enqueue(:user_email, type: :account_created, user_id: user.id, email_token: email_token.token)
end
desc "Creates a forum administrator"
task "admin:create" => :environment do
require 'highline/import'
begin
email = ask("Email: ")
existing_user = User.find_by_email(email)
# check if user account already exists
if existing_user
# user already exists, ask for password reset
admin = existing_user
reset_password = ask("User with this email already exists! Do you want to reset the password for this email? (Y/n) ")
if (reset_password == "" || reset_password.downcase == 'y')
begin
password = ask("Password: ") { |q| q.echo = false }
password_confirmation = ask("Repeat password: ") { |q| q.echo = false }
passwords_match = password == password_confirmation
say("Passwords don't match, try again...") unless passwords_match
end while !passwords_match
admin.password = password
end
else
# create new user
admin = User.new
admin.email = email
admin.username = UserNameSuggester.suggest(admin.email)
begin
if ENV["RANDOM_PASSWORD"] == "1"
password = password_confirmation = SecureRandom.hex
else
password = ask("Password: ") { |q| q.echo = false }
password_confirmation = ask("Repeat password: ") { |q| q.echo = false }
end
passwords_match = password == password_confirmation
say("Passwords don't match, try again...") unless passwords_match
end while !passwords_match
admin.password = password
end
if SiteSetting.full_name_required && admin.name.blank?
admin.name = ask("Full name: ")
end
# save/update user account
saved = admin.save
say(admin.errors.full_messages.join("\n")) unless saved
end while !saved
say "\nEnsuring account is active!"
admin.active = true
admin.save
if existing_user
say("\nAccount updated successfully!")
else
say("\nAccount created successfully with username #{admin.username}")
end
# grant admin privileges
grant_admin = ask("Do you want to grant Admin privileges to this account? (Y/n) ")
if (grant_admin == "" || grant_admin.downcase == 'y')
admin.grant_admin!
if admin.trust_level < 1
admin.change_trust_level!(1)
end
admin.email_tokens.update_all confirmed: true
admin.activate
say("\nYour account now has Admin privileges!")
end
end