settings: do not create a user if he has no password field, or if his password is null.

This will be used by the settings.json in the default Dockerfile to eschew
creating an admin user when no password is set.

Closes #3648.
pull/3644/head
muxator 2019-10-19 00:54:56 +02:00
parent 4e758a9f4a
commit 7c099fef5e
2 changed files with 28 additions and 2 deletions

View File

@ -50,6 +50,9 @@
* 2) Beware of undefined variables and default values: nulls and empty strings
* are different!
*
* This is particularly important for user's passwords (see the relevant
* section):
*
* "password": "${PASSW}" // if PASSW is not defined would result in password === null
* "password": "${PASSW:}" // if PASSW is not defined would result in password === ''
*
@ -358,12 +361,14 @@
/*
"users": {
"admin": {
// "password" can be replaced with "hash" if you install ep_hash_auth
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
// 2) please note that if password is null, the user will not be created
"password": "changeme1",
"is_admin": true
},
"user": {
// "password" can be replaced with "hash" if you install ep_hash_auth
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
// 2) please note that if password is null, the user will not be created
"password": "changeme1",
"is_admin": false
}

View File

@ -629,6 +629,27 @@ exports.reloadSettings = function reloadSettings() {
console.info(`Using skin "${exports.skinName}" in dir: ${skinPath}`);
}
if (exports.users) {
/*
* Prune from export.users any user that has no password attribute, or whose
* password attribute is "null".
*
* This is used by the settings.json in the default Dockerfile to eschew
* creating an admin user if no password is set.
*/
var filteredUsers = _.filter(exports.users, function(user, username) {
if ((user.hasOwnProperty("password")) || user.password !== null) {
return true;
}
console.warn(`The password for ${username} is null. This means the user must not be created. Removing it.`);
return false;
});
exports.users = filteredUsers;
}
if (exports.abiword) {
// Check abiword actually exists
if (exports.abiword != null) {