diff --git a/compose.yaml b/compose.yaml index f5ef4e099..2d3fd5ded 100644 --- a/compose.yaml +++ b/compose.yaml @@ -2,7 +2,7 @@ name: openopsdev services: tables: container_name: tables - image: public.ecr.aws/openops/openops-tables:0.2.12 + image: public.ecr.aws/openops/openops-tables:0.2.13 environment: BASEROW_PUBLIC_URL: ${OPS_OPENOPS_TABLES_PUBLIC_URL} BASEROW_PRIVATE_URL: http://localhost:3001 diff --git a/deploy/docker-compose/docker-compose.yml b/deploy/docker-compose/docker-compose.yml index a7a26ce86..a83a4568b 100644 --- a/deploy/docker-compose/docker-compose.yml +++ b/deploy/docker-compose/docker-compose.yml @@ -21,7 +21,7 @@ services: environment: OPS_COMPONENT: app OPS_VERSION: ${OPS_VERSION:-latest} - OPS_OPENOPS_TABLES_VERSION: 0.2.12 + OPS_OPENOPS_TABLES_VERSION: 0.2.13 OPS_ANALYTICS_VERSION: 0.14.1 depends_on: openops-tables: @@ -47,7 +47,7 @@ services: - ${HOST_AZURE_CONFIG_DIR:-openops_azure_cli_data}:/tmp/azure - ${HOST_CLOUDSDK_CONFIG:-openops_gcloud_cli_data}:/tmp/gcloud openops-tables: - image: public.ecr.aws/openops/openops-tables:0.2.12 + image: public.ecr.aws/openops/openops-tables:0.2.13 restart: unless-stopped environment: BASEROW_PUBLIC_URL: ${OPS_OPENOPS_TABLES_PUBLIC_URL} diff --git a/deploy/helm/openops/values.yaml b/deploy/helm/openops/values.yaml index 17063ed2a..850ec7e67 100644 --- a/deploy/helm/openops/values.yaml +++ b/deploy/helm/openops/values.yaml @@ -89,7 +89,7 @@ engine: tables: name: openops-tables image: openops-tables - tag: "0.2.12" + tag: "0.2.13" replicas: 1 env: BASEROW_PUBLIC_URL: "{{ .Values.openopsEnv.OPS_OPENOPS_TABLES_PUBLIC_URL }}" diff --git a/packages/server/api/src/app/database/seeds/seed-admin.ts b/packages/server/api/src/app/database/seeds/seed-admin.ts index d1a981df7..877aaa63b 100644 --- a/packages/server/api/src/app/database/seeds/seed-admin.ts +++ b/packages/server/api/src/app/database/seeds/seed-admin.ts @@ -1,7 +1,3 @@ -import { - authenticateUserInOpenOpsTables, - resetUserPassword, -} from '@openops/common'; import { AppSystemProp, logger, system } from '@openops/server-shared'; import { Organization, @@ -95,9 +91,6 @@ async function ensureUserExists( ); user = await createAdminUser(email, password); - const { token } = await authenticateUserInOpenOpsTables(email, password); - await resetUserPassword(email, user.password, token); - return user; } @@ -188,13 +181,10 @@ async function upsertAdminPassword( const email = user.email; logger.info(`Updating password for admin [${email}]`, email); - const updatedUser = await userService.updatePassword({ + await userService.updateAdminPassword({ id: user.id, newPassword, }); - - const { token } = await authenticateUserInOpenOpsTables(email, newPassword); - await resetUserPassword(email, updatedUser.password, token); } async function upsertAdminEmail(user: User, email: string): Promise { @@ -204,7 +194,7 @@ async function upsertAdminEmail(user: User, email: string): Promise { } function createAdminUser(email: string, password: string): Promise { - return userService.create({ + return userService.createAdminUser({ email, password, organizationRole: OrganizationRole.ADMIN, diff --git a/packages/server/api/src/app/user/user-service.ts b/packages/server/api/src/app/user/user-service.ts index 526d71cb0..4a521157c 100644 --- a/packages/server/api/src/app/user/user-service.ts +++ b/packages/server/api/src/app/user/user-service.ts @@ -1,4 +1,4 @@ -import { cacheWrapper } from '@openops/server-shared'; +import { AppSystemProp, cacheWrapper, system } from '@openops/server-shared'; import { ApplicationError, assertValidEmail, @@ -17,6 +17,7 @@ import { UserStatus, UserWithOrganization, } from '@openops/shared'; +import bcrypt from 'bcrypt'; import dayjs from 'dayjs'; import { passwordHasher } from '../authentication/basic/password-hasher'; import { repoFactory } from '../core/db/repo-factory'; @@ -29,17 +30,24 @@ export const userService = { async create(params: CreateParams): Promise { const hashedPassword = await passwordHasher.hash(params.password); - const user: NewUser = { + return saveUser({ id: openOpsId(), ...params, organizationRole: params.organizationRole, status: UserStatus.ACTIVE, password: hashedPassword, - }; - - sendUserCreatedEvent(user.id, user.organizationId); + }); + }, + async createAdminUser(params: CreateParams): Promise { + const hashedPassword = await bcrypt.hash(params.password, getStaticSalt()); - return userRepo().save(user); + return saveUser({ + id: openOpsId(), + ...params, + organizationRole: params.organizationRole, + status: UserStatus.ACTIVE, + password: hashedPassword, + }); }, async update({ id, @@ -209,13 +217,13 @@ export const userService = { }); }, - async updatePassword({ + async updateAdminPassword({ id, newPassword, }: UpdatePasswordParams): Promise { assertValidPassword(newPassword); - const hashedPassword = await passwordHasher.hash(newPassword); + const hashedPassword = await bcrypt.hash(newPassword, getStaticSalt()); await userRepo().update(id, { updated: dayjs().toISOString(), @@ -307,6 +315,16 @@ export const userService = { }, }; +function saveUser(user: NewUser): Promise { + sendUserCreatedEvent(user.id, user.organizationId); + + return userRepo().save(user); +} + +function getStaticSalt(): string { + return system.getOrThrow(AppSystemProp.OPENOPS_ADMIN_PASSWORD_SALT); +} + type DeleteParams = { id: UserId; organizationId: OrganizationId | null; diff --git a/packages/server/shared/src/lib/system/system-prop.ts b/packages/server/shared/src/lib/system/system-prop.ts index 8c76f634d..fc3c06a04 100644 --- a/packages/server/shared/src/lib/system/system-prop.ts +++ b/packages/server/shared/src/lib/system/system-prop.ts @@ -65,6 +65,7 @@ export enum AppSystemProp { OPENOPS_ADMIN_EMAIL = 'OPENOPS_ADMIN_EMAIL', OPENOPS_ADMIN_PASSWORD = 'OPENOPS_ADMIN_PASSWORD', + OPENOPS_ADMIN_PASSWORD_SALT = 'OPENOPS_ADMIN_PASSWORD_SALT', OPENOPS_TABLES_DATABASE_NAME = 'OPENOPS_TABLES_DATABASE_NAME', OPENOPS_TABLES_PUBLIC_URL = 'OPENOPS_TABLES_PUBLIC_URL', diff --git a/packages/server/shared/src/lib/system/system.ts b/packages/server/shared/src/lib/system/system.ts index aaf748876..1a37a3c1c 100644 --- a/packages/server/shared/src/lib/system/system.ts +++ b/packages/server/shared/src/lib/system/system.ts @@ -100,6 +100,7 @@ const systemPropDefaultValues: Partial> = { [AppSystemProp.TELEMETRY_MODE]: 'COLLECTOR', [AppSystemProp.TELEMETRY_COLLECTOR_URL]: 'https://telemetry.openops.com/save', [SharedSystemProp.ENABLE_HOST_VALIDATION]: 'true', + [AppSystemProp.OPENOPS_ADMIN_PASSWORD_SALT]: '$2b$10$6zuoB5d8Dz9bzV91gpuynO', }; export const system = {