mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lnms user:add command (#9830)

Browse Source 
* Add lnms user:add command
Uses events to mark past notifications as read (even for non-manually added users)

* Filter out previous options from auto-completion

* use validation to check cli input

* Warn if using other auth

* abstract LnmsCommand

* Use setPassword helper for hashing instead of mutator

* Extract validation function
This commit is contained in:
Tony Murray
2019-02-15 09:00:07 -06:00
committed by GitHub
parent a41f1d9608
commit a4b79d3339
9 changed files with 345 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
LibreNMS/Authentication/MysqlAuthorizer.php
View File

@@ -75,8 +75,7 @@ class MysqlAuthorizer extends AuthorizerBase
$user = User::thisAuth()->where('username', $username)->first(); $user = User::thisAuth()->where('username', $username)->first();
if ($user) { if ($user) {
$user->password = password_hash($password, PASSWORD_DEFAULT); $user->setPassword($password);
return $user->save(); return $user->save();
} }
@@ -97,7 +96,7 @@ class MysqlAuthorizer extends AuthorizerBase
// only update new users // only update new users
if (!$new_user->user_id) { if (!$new_user->user_id) {
$new_user->auth_type = LegacyAuth::getType(); $new_user->auth_type = LegacyAuth::getType();
$new_user->password = password_hash($password, PASSWORD_DEFAULT); $new_user->setPassword($password);
$new_user->email = (string)$new_user->email; $new_user->email = (string)$new_user->email;
$new_user->save(); $new_user->save();
@@ -108,21 +107,6 @@ class MysqlAuthorizer extends AuthorizerBase
$new_user->save(); $new_user->save();
if ($user_id) { if ($user_id) {
// mark pre-existing notifications as read
Notification::whereNotExists(function ($query) use ($user_id) {
return $query->select(Eloquent::DB()->raw(1))
->from('notifications_attribs')
->whereRaw('notifications.notifications_id = notifications_attribs.notifications_id')
->where('notifications_attribs.user_id', $user_id);
})->get()->each(function ($notif) use ($user_id) {
NotificationAttrib::create([
'notifications_id' => $notif->notifications_id,
'user_id' => $user_id,
'key' => 'read',
'value' => 1
]);
});
return $user_id; return $user_id;
} }
} }

101
app/Console/Commands/AddUserCommand.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
/**
* AddUserCommand.php
*
* CLI command to add a user to LibreNMS
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package LibreNMS
* @link http://librenms.org
* @copyright 2019 Tony Murray
* @author Tony Murray <murraytony@gmail.com>
*/
namespace App\Console\Commands;
use App\Console\LnmsCommand;
use App\Models\User;
use Illuminate\Validation\Rule;
use LibreNMS\Config;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputOption;
class AddUserCommand extends LnmsCommand
{
protected $name = 'user:add';
/**
* Create a new command instance.
*
* @return void
*/
public function __construct()
{
parent::__construct();
$this->setDescription(__('commands.user:add.description'));
$this->addArgument('username', InputArgument::REQUIRED);
$this->addOption('password', 'p', InputOption::VALUE_REQUIRED);
$this->addOption('role', 'r', InputOption::VALUE_REQUIRED, __('commands.user:add.options.role', ['roles' => '[normal, global-read, admin]']), 'normal');
$this->addOption('email', 'e', InputOption::VALUE_REQUIRED);
$this->addOption('full-name', 'l', InputOption::VALUE_REQUIRED);
$this->addOption('descr', 's', InputOption::VALUE_REQUIRED);
}
/**
* Execute the console command.
*
* @return mixed
*/
public function handle()
{
if (Config::get('auth_mechanism') != 'mysql') {
$this->warn(__('commands.user:add.wrong-auth'));
}
$roles = [
'normal' => 1,
'global-read' => 5,
'admin' => 10
];
$this->validate([
'username' => ['required', Rule::unique('users', 'username')->where('auth_type', 'mysql')],
'email' => 'email',
'role' => Rule::in(array_keys($roles))
]);
// set get password
$password = $this->option('password');
if (!$password) {
$password = $this->secret(__('commands.user:add.password-request'));
}
$user = new User([
'username' => $this->argument('username'),
'level' => $roles[$this->option('role')],
'descr' => (string)$this->option('descr'),
'email' => (string)$this->option('email'),
'realname' => (string)$this->option('full-name'),
'auth_type' => 'mysql',
]);
$user->setPassword($password);
$user->save();
$this->info(__('commands.user:add.success', ['username' => $user->username]));
return 0;
}
}

25
app/Console/Commands/BashCompletionCommand.php
View File

@@ -54,7 +54,7 @@ class BashCompletionCommand extends Command
if (!starts_with($previous, '-')) { if (!starts_with($previous, '-')) {
$completions = $this->completeArguments($command, $current, end($words)); $completions = $this->completeArguments($command, $current, end($words));
} }
$completions = $completions->merge($this->completeOption($command_def, $current)); $completions = $completions->merge($this->completeOption($command_def, $current, $this->getPreviousOptions($words)));
} }
} }
} }
@@ -110,9 +110,10 @@ class BashCompletionCommand extends Command
* *
* @param InputDefinition $command * @param InputDefinition $command
* @param string $partial * @param string $partial
* @param array $prev_options Previous words in the command
* @return \Illuminate\Support\Collection * @return \Illuminate\Support\Collection
*/ */
private function completeOption($command, $partial) private function completeOption($command, $partial, $prev_options)
{ {
// default options // default options
$options = collect([ $options = collect([
@@ -132,8 +133,13 @@ class BashCompletionCommand extends Command
if ($command) { if ($command) {
$options = collect($command->getOptions()) $options = collect($command->getOptions())
->flatMap(function ($option) { ->flatMap(function ($option) use ($prev_options) {
return $this->parseOption($option); $option_flags = $this->parseOption($option);
// don't return previously specified options
if (array_intersect($option_flags, $prev_options)) {
return [];
}
return $option_flags;
})->merge($options); })->merge($options);
} }
@@ -142,6 +148,17 @@ class BashCompletionCommand extends Command
}); });
} }
private function getPreviousOptions($words)
{
return array_reduce($words, function ($result, $word) {
if (starts_with($word, '-')) {
$split = explode('=', $word, 2); // users may use equals for values
$result[] = reset($split);
}
return $result;
}, []);
}
/** /**
* Complete options with values (if a list is enumerate in the description) * Complete options with values (if a list is enumerate in the description)
* *

113
app/Console/LnmsCommand.php Normal file
View File

@@ -0,0 +1,113 @@
<?php
/**
* LnmsCommand.php
*
* Convenience class for common command code
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package LibreNMS
* @link http://librenms.org
* @copyright 2019 Tony Murray
* @author Tony Murray <murraytony@gmail.com>
*/
namespace App\Console;
use Illuminate\Console\Command;
use Illuminate\Validation\ValidationException;
use Symfony\Component\Console\Exception\InvalidArgumentException;
use Validator;
abstract class LnmsCommand extends Command
{
protected $developer = false;
public function isHidden()
{
return $this->hidden || ($this->developer && $this->getLaravel()->environment() !== 'production');
}
/**
* Adds an argument. If $description is null, translate commands.command-name.arguments.name
* If you want the description to be empty, just set an empty string
*
* @param string $name The argument name
* @param int|null $mode The argument mode: InputArgument::REQUIRED or InputArgument::OPTIONAL
* @param string $description A description text
* @param string|string[]|null $default The default value (for InputArgument::OPTIONAL mode only)
*
* @throws InvalidArgumentException When argument mode is not valid
*
* @return $this
*/
public function addArgument($name, $mode = null, $description = null, $default = null)
{
// use a generated translation location by default
if (is_null($description)) {
$description = __('commands.' . $this->getName() . '.arguments.' . $name);
}
parent::addArgument($name, $mode, $description, $default);
return $this;
}
/**
* Adds an option. If $description is null, translate commands.command-name.arguments.name
* If you want the description to be empty, just set an empty string
*
* @param string $name The option name
* @param string|array|null $shortcut The shortcuts, can be null, a string of shortcuts delimited by | or an array of shortcuts
* @param int|null $mode The option mode: One of the InputOption::VALUE_* constants
* @param string $description A description text
* @param string|string[]|int|bool|null $default The default value (must be null for InputOption::VALUE_NONE)
*
* @throws InvalidArgumentException If option mode is invalid or incompatible
*
* @return $this
*/
public function addOption($name, $shortcut = null, $mode = null, $description = null, $default = null)
{
// use a generated translation location by default
if (is_null($description)) {
$description = __('commands.' . $this->getName() . '.options.' . $name);
}
parent::addOption($name, $shortcut, $mode, $description, $default);
return $this;
}
/**
* Validate the input of this command. Uses Laravel input validation
* merging the arguments and options together to check.
*
* @param array $rules
* @param array $messages
*/
protected function validate($rules, $messages = [])
{
$validator = Validator::make($this->arguments() + $this->options(), $rules, $messages);
try {
$validator->validate();
} catch (ValidationException $e) {
collect($validator->getMessageBag()->all())->each(function ($message) {
$this->error($message);
});
exit(1);
}
}
}

24
app/Events/UserCreated.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
namespace App\Events;
use App\Models\User;
use Illuminate\Broadcasting\InteractsWithSockets;
use Illuminate\Foundation\Events\Dispatchable;
use Illuminate\Queue\SerializesModels;
class UserCreated
{
use Dispatchable, InteractsWithSockets, SerializesModels;
public $user;
/**
* Create a new event instance.
*
* @param User $user
*/
public function __construct(User $user)
{
$this->user = $user;
}
}

48
app/Listeners/MarkNotificationsRead.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
namespace App\Listeners;
use App\Events\UserCreated;
use App\Models\Notification;
use App\Models\NotificationAttrib;
use DB;
class MarkNotificationsRead
{
/**
* Create the event listener.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Handle the event.
*
* @param UserCreated $event
* @return void
*/
public function handle(UserCreated $event)
{
$user = $event->user;
// mark pre-existing notifications as read
NotificationAttrib::query()->insert(Notification::whereNotExists(function ($query) use ($user) {
return $query->select(DB::raw(1))
->from('notifications_attribs')
->whereRaw('notifications.notifications_id = notifications_attribs.notifications_id')
->where('notifications_attribs.user_id', $user->user_id);
})->get()->map(function ($notif) use ($user) {
return [
'notifications_id' => $notif->notifications_id,
'user_id' => $user->user_id,
'key' => 'read',
'value' => 1
];
})->toArray());
\Log::info('Marked all notifications as read for user ' . $user->username);
}
}

14
app/Models/User.php
View File

@@ -2,6 +2,7 @@
namespace App\Models; namespace App\Models;
use App\Events\UserCreated;
use Illuminate\Database\Eloquent\Builder; use Illuminate\Database\Eloquent\Builder;
use Illuminate\Foundation\Auth\User as Authenticatable; use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable; use Illuminate\Notifications\Notifiable;
@@ -20,6 +21,9 @@ class User extends Authenticatable
'email' => '', 'email' => '',
'can_modify_passwd' => 0, 'can_modify_passwd' => 0,
]; ];
protected $dispatchesEvents = [
'created' => UserCreated::class,
];
// ---- Helper Functions ---- // ---- Helper Functions ----
@@ -76,6 +80,16 @@ class User extends Authenticatable
return $this->hasGlobalRead() || $this->devices->contains($device); return $this->hasGlobalRead() || $this->devices->contains($device);
} }
/**
* Helper function to hash passwords before setting
*
* @param string $password
*/
public function setPassword($password)
{
$this->attributes['password'] = $password ? password_hash($password, PASSWORD_DEFAULT) : null;
}
// ---- Query scopes ---- // ---- Query scopes ----
/** /**

2
app/Providers/EventServiceProvider.php
View File

@@ -2,6 +2,7 @@
namespace App\Providers; namespace App\Providers;
use App\Listeners\MarkNotificationsRead;
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider; use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
class EventServiceProvider extends ServiceProvider class EventServiceProvider extends ServiceProvider
@@ -14,6 +15,7 @@ class EventServiceProvider extends ServiceProvider
protected $listen = [ protected $listen = [
\Illuminate\Auth\Events\Login::class => ['App\Listeners\AuthEventListener@login'], \Illuminate\Auth\Events\Login::class => ['App\Listeners\AuthEventListener@login'],
\Illuminate\Auth\Events\Logout::class => ['App\Listeners\AuthEventListener@logout'], \Illuminate\Auth\Events\Logout::class => ['App\Listeners\AuthEventListener@logout'],
\App\Events\UserCreated::class => [MarkNotificationsRead::class]
]; ];
/** /**

20
resources/lang/en/commands.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
return [
'user:add' => [
'description' => 'Add a local user, you can only log in with this user if auth is set to mysql',
'arguments' => [
'username' => 'The username the user will log in with',
],
'options' => [
'descr' => 'User description',
'email' => 'Email to use for the user',
'password' => 'Password for the user, if not given, you will be prompted',
'full-name' => 'Full name for the user',
'role' => 'Set the user to the desired role :roles',
],
'password-request' => "Please enter the user's password",
'success' => 'Successfully added user: :username',
'wrong-auth' => 'Warning! You will not be able to log in with this user because you are not using MySQL auth',
],
];