From 2c1a7470d35cb840950e63008fb4014e5e341dd6 Mon Sep 17 00:00:00 2001 From: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> Date: Thu, 3 Oct 2024 18:18:00 +0900 Subject: feat: サーバー初期設定時に初期パスワードを要求できるように (#14626) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: サーバー初期設定時専用の初期パスワードを設定できるように * 無いのに入力された場合もエラーにする * :art: * :art: * cypress-devcontainerにもpassを設定(テストが失敗するため) * [ci skip] :art: * :v: * test: please revert this commit before merge * Revert "test: please revert this commit before merge" This reverts commit 66b2b48f66830d2450d8cda03955c143feba76c7. * Update locales/ja-JP.yml Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * build assets * Update Changelog * fix condition * fix condition * add comment * change error code * 他のエラーコードと合わせる * Update CHANGELOG.md --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> --- .../server/api/endpoints/admin/accounts/create.ts | 38 +++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'packages/backend/src/server/api/endpoints/admin/accounts') diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts index a7e8a3b018..bddf7f45d3 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts @@ -12,11 +12,27 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { InstanceActorService } from '@/core/InstanceActorService.js'; import { localUsernameSchema, passwordSchema } from '@/models/User.js'; import { DI } from '@/di-symbols.js'; +import type { Config } from '@/config.js'; +import { ApiError } from '@/server/api/error.js'; import { Packed } from '@/misc/json-schema.js'; export const meta = { tags: ['admin'], + errors: { + accessDenied: { + message: 'Access denied.', + code: 'ACCESS_DENIED', + id: '1fb7cb09-d46a-4fff-b8df-057708cce513', + }, + + wrongInitialPassword: { + message: 'Initial password is incorrect.', + code: 'INCORRECT_INITIAL_PASSWORD', + id: '97147c55-1ae1-4f6f-91d6-e1c3e0e76d62', + }, + }, + res: { type: 'object', optional: false, nullable: false, @@ -35,6 +51,7 @@ export const paramDef = { properties: { username: localUsernameSchema, password: passwordSchema, + initialPassword: { type: 'string', nullable: true }, }, required: ['username', 'password'], } as const; @@ -42,6 +59,9 @@ export const paramDef = { @Injectable() export default class extends Endpoint { // eslint-disable-line import/no-default-export constructor( + @Inject(DI.config) + private config: Config, + @Inject(DI.usersRepository) private usersRepository: UsersRepository, @@ -52,7 +72,23 @@ export default class extends Endpoint { // eslint- super(meta, paramDef, async (ps, _me, token) => { const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null; const realUsers = await this.instanceActorService.realLocalUsersPresent(); - if ((realUsers && !me?.isRoot) || token !== null) throw new Error('access denied'); + + if (!realUsers && me == null && token == null) { + // 初回セットアップの場合 + if (this.config.initialPassword != null) { + // 初期パスワードが設定されている場合 + if (ps.initialPassword !== this.config.initialPassword) { + // 初期パスワードが違う場合 + throw new ApiError(meta.errors.wrongInitialPassword); + } + } else if (ps.initialPassword != null && ps.initialPassword.trim() !== '') { + // 初期パスワードが設定されていないのに初期パスワードが入力された場合 + throw new ApiError(meta.errors.wrongInitialPassword); + } + } else if ((realUsers && !me?.isRoot) || token !== null) { + // 初回セットアップではなく、管理者でない場合 or 外部トークンを使用している場合 + throw new ApiError(meta.errors.accessDenied); + } const { account, secret } = await this.signupService.signup({ username: ps.username, -- cgit v1.2.3-freya From d2175a9b9f6e38ca3ec0ca28b29d99f4b46f9dcd Mon Sep 17 00:00:00 2001 From: syuilo <4439005+syuilo@users.noreply.github.com> Date: Thu, 3 Oct 2024 20:40:39 +0900 Subject: initialPassword -> setupPassword --- .config/cypress-devcontainer.yml | 2 +- .config/example.yml | 2 +- packages/backend/src/config.ts | 6 +++--- .../backend/src/server/api/endpoints/admin/accounts/create.ts | 8 ++++---- packages/frontend/src/pages/welcome.setup.vue | 8 ++++---- packages/misskey-js/src/autogen/types.ts | 2 +- 6 files changed, 14 insertions(+), 14 deletions(-) (limited to 'packages/backend/src/server/api/endpoints/admin/accounts') diff --git a/.config/cypress-devcontainer.yml b/.config/cypress-devcontainer.yml index 64988aff66..3907615f73 100644 --- a/.config/cypress-devcontainer.yml +++ b/.config/cypress-devcontainer.yml @@ -13,7 +13,7 @@ # The provider of the service who sets up Misskey on behalf of the customer should # set this value to something unique when generating the Misskey config file, # and provide it to the customer. -initialPassword: example_password_please_change_this_or_you_will_get_hacked +setupPassword: example_password_please_change_this_or_you_will_get_hacked # ┌─────┐ #───┘ URL └───────────────────────────────────────────────────── diff --git a/.config/example.yml b/.config/example.yml index fbc4cdff4b..600c1c632e 100644 --- a/.config/example.yml +++ b/.config/example.yml @@ -70,7 +70,7 @@ # The provider of the service who sets up Misskey on behalf of the customer should # set this value to something unique when generating the Misskey config file, # and provide it to the customer. -initialPassword: example_password_please_change_this_or_you_will_get_hacked +setupPassword: example_password_please_change_this_or_you_will_get_hacked # ┌─────┐ #───┘ URL └───────────────────────────────────────────────────── diff --git a/packages/backend/src/config.ts b/packages/backend/src/config.ts index b320ce5403..42f1033b9d 100644 --- a/packages/backend/src/config.ts +++ b/packages/backend/src/config.ts @@ -63,7 +63,7 @@ type Source = { publishTarballInsteadOfProvideRepositoryUrl?: boolean; - initialPassword?: string; + setupPassword?: string; proxy?: string; proxySmtp?: string; @@ -154,7 +154,7 @@ export type Config = { version: string; publishTarballInsteadOfProvideRepositoryUrl: boolean; - initialPassword: string | undefined; + setupPassword: string | undefined; host: string; hostname: string; scheme: string; @@ -235,7 +235,7 @@ export function loadConfig(): Config { return { version, publishTarballInsteadOfProvideRepositoryUrl: !!config.publishTarballInsteadOfProvideRepositoryUrl, - initialPassword: config.initialPassword, + setupPassword: config.setupPassword, url: url.origin, port: config.port ?? parseInt(process.env.PORT ?? '', 10), socket: config.socket, diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts index bddf7f45d3..d30131a62f 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts @@ -51,7 +51,7 @@ export const paramDef = { properties: { username: localUsernameSchema, password: passwordSchema, - initialPassword: { type: 'string', nullable: true }, + setupPassword: { type: 'string', nullable: true }, }, required: ['username', 'password'], } as const; @@ -75,13 +75,13 @@ export default class extends Endpoint { // eslint- if (!realUsers && me == null && token == null) { // 初回セットアップの場合 - if (this.config.initialPassword != null) { + if (this.config.setupPassword != null) { // 初期パスワードが設定されている場合 - if (ps.initialPassword !== this.config.initialPassword) { + if (ps.setupPassword !== this.config.setupPassword) { // 初期パスワードが違う場合 throw new ApiError(meta.errors.wrongInitialPassword); } - } else if (ps.initialPassword != null && ps.initialPassword.trim() !== '') { + } else if (ps.setupPassword != null && ps.setupPassword.trim() !== '') { // 初期パスワードが設定されていないのに初期パスワードが入力された場合 throw new ApiError(meta.errors.wrongInitialPassword); } diff --git a/packages/frontend/src/pages/welcome.setup.vue b/packages/frontend/src/pages/welcome.setup.vue index cb20cfc5fc..dd258aad98 100644 --- a/packages/frontend/src/pages/welcome.setup.vue +++ b/packages/frontend/src/pages/welcome.setup.vue @@ -14,7 +14,7 @@ SPDX-License-Identifier: AGPL-3.0-only
{{ i18n.ts.intro }}
- + @@ -40,9 +40,9 @@ SPDX-License-Identifier: AGPL-3.0-only