From 13751cab2d7ab754f17f78a53ea83a42c8a4aaa1 Mon Sep 17 00:00:00 2001 From: ali-zipstack Date: Tue, 26 Nov 2024 13:38:59 +0530 Subject: [PATCH 1/6] changes in user crdential updations and readme --- backend/README.md | 24 +++- backend/account_v2/authentication_service.py | 122 +++++++++++++++--- .../organization_member_service.py | 24 ++++ 3 files changed, 142 insertions(+), 28 deletions(-) diff --git a/backend/README.md b/backend/README.md index a048efec8..31e5e1c45 100644 --- a/backend/README.md +++ b/backend/README.md @@ -74,20 +74,30 @@ python manage.py runserver localhost:8000 The default username is `unstract` and the default password is `unstract`. +### Initial Setup + To customize the username or password: 1. Navigate to `/backend/.env` created from [/backend/sample.env](/backend/sample.env) -1. Update the values for `DEFAULT_AUTH_USERNAME` and `DEFAULT_AUTH_PASSWORD` with strong, unique credentials of your choosing -1. Save the `/backend/.env` file and restart the server to apply changes +2. Update the values for `DEFAULT_AUTH_USERNAME` and `DEFAULT_AUTH_PASSWORD` with strong, unique credentials of your choosing +3. Save the `/backend/.env` file and restart the server to apply changes + +### Updating Credentials -> **NOTE**: The username `admin` is reserved for Django admin, hence cannot be used +To update the username or password after initial setup: -To update the username or password after it's been set: +1. Modify the credentials in `/backend/.env` + 1. **DEFAULT_AUTH_USERNAME**=`your_new_username` + 2. **DEFAULT_AUTH_PASSWORD**=`your_new_password` +2. Save the `/backend/.env` file +3. Restart the server to apply changes +4. Login with the new credentials -1. Modify the username and password in the same `/backend/.env` -1. Restart server to apply updates -1. Login with the new credentials +### Important Notes +- **DEFAULT_AUTH_USERNAME** must not match the `username` of any `Django superuser` or `admin` account. Keeping them distinct ensures security and avoids potential conflicts. +- Use strong and unique credentials to protect your system. +- The authentication system validates credentials against the values specified in the `/backend/.env` file. ## Asynchronous Execution diff --git a/backend/account_v2/authentication_service.py b/backend/account_v2/authentication_service.py index 59be49c44..59097a97c 100644 --- a/backend/account_v2/authentication_service.py +++ b/backend/account_v2/authentication_service.py @@ -27,8 +27,9 @@ from rest_framework.response import Response from tenant_account_v2.models import OrganizationMember as OrganizationMember from tenant_account_v2.organization_member_service import OrganizationMemberService +from utils.user_context import UserContext -Logger = logging.getLogger(__name__) +logger = logging.getLogger(__name__) class AuthenticationService: @@ -90,6 +91,13 @@ def authenticate_and_login( bool: True if the user is successfully authenticated and logged in, False otherwise. """ + # Validation of user credentials + if ( + username != DefaultOrg.MOCK_USER + or password != DefaultOrg.MOCK_USER_PASSWORD + ): + return False + user = authenticate(request, username=username, password=password) if user: # To avoid conflicts with django superuser @@ -98,7 +106,7 @@ def authenticate_and_login( login(request, user) return True # Attempt to initiate default user and authenticate again - if self.set_default_user(username, password): + if self._set_default_user(): user = authenticate(request, username=username, password=password) if user: login(request, user) @@ -295,36 +303,108 @@ def get_organization_by_org_id(self, id: str) -> OrganizationData: ) return organizationData - def set_default_user(self, username: str, password: str) -> bool: + def _set_default_user(self) -> bool: """Set the default user for authentication. - This method creates a default user with the provided username and - password if the username and password match the default values defined - in the 'DefaultOrg' class. The default user is saved in the database. + Creates or updates a default user with predefined credentials. + + Returns: + bool: True if the default user is successfully created/updated. + """ + try: + UserContext.set_organization_identifier(DefaultOrg.ORGANIZATION_NAME) + organization = UserContext.get_organization() + + user = self._get_or_create_user(organization) + self._update_user_credentials(user) + + return True + + except Exception as e: + logger.error(f"Failed to set default user: {str(e)}") + return False + + def _get_or_create_user(self, organization: Organization) -> User: + """Get existing user or create a new one based on organization context. Args: - username (str): The username of the default user. - password (str): The password of the default user. + organization: The organization context Returns: - bool: True if the default user is successfully created and saved, - False otherwise. + User: The retrieved or created user """ - if ( - username != DefaultOrg.MOCK_USER - or password != DefaultOrg.MOCK_USER_PASSWORD - ): - return False + if not organization: + return self._create_mock_user() + return self._get_or_create_organization_user() + + def _create_mock_user(self) -> User: + """Create a new mock user if it doesn't exist. + + Returns: + User: The created or existing mock user + """ user, created = User.objects.get_or_create(username=DefaultOrg.MOCK_USER) if created: - user.password = make_password(DefaultOrg.MOCK_USER_PASSWORD) - else: - user.user_id = DefaultOrg.MOCK_USER_ID - user.email = DefaultOrg.MOCK_USER_EMAIL - user.password = make_password(DefaultOrg.MOCK_USER_PASSWORD) + logger.info(f"Created new user with username {DefaultOrg.MOCK_USER}") + return user + + def _get_or_create_organization_user(self) -> User: + """Get or create an organization user with admin privileges. + + Returns: + User: The organization user with admin role + """ + admin_user = self._get_admin_user() + if admin_user: + return admin_user + + member = self._promote_first_member_to_admin() + if member: + return member.user + + return self._create_mock_user() + + def _get_admin_user(self) -> Optional[User]: + """Get the first admin user from the organization. + + Returns: + Optional[User]: The admin user if exists, None otherwise + """ + admin_members = OrganizationMemberService.get_members_by_role( + role=UserRole.ADMIN.value + ) + return admin_members[0].user if admin_members else None + + def _promote_first_member_to_admin(self) -> Optional[OrganizationMember]: + """Promote the first organization member to admin role. + + Returns: + Optional[OrganizationMember]: The promoted member if exists, None otherwise + """ + members = OrganizationMemberService.get_members() + if not members: + logger.error("No organization member found") + return None + + first_member = members[0] + OrganizationMemberService.set_member_role( + member_id=first_member.member_id, role=UserRole.ADMIN.value + ) + return first_member + + def _update_user_credentials(self, user: User) -> None: + """Update user with default credentials. + + Args: + user (User): The user to update + """ + user.username = DefaultOrg.MOCK_USER + user.user_id = DefaultOrg.MOCK_USER_ID + user.email = DefaultOrg.MOCK_USER_EMAIL + user.password = make_password(DefaultOrg.MOCK_USER_PASSWORD) user.save() - return True + logger.info(f"Updated user {user} with username {DefaultOrg.MOCK_USER}") def get_user_info(self, request: Request) -> Optional[UserInfo]: user: User = request.user diff --git a/backend/tenant_account_v2/organization_member_service.py b/backend/tenant_account_v2/organization_member_service.py index ae9dd085c..71fa4f215 100644 --- a/backend/tenant_account_v2/organization_member_service.py +++ b/backend/tenant_account_v2/organization_member_service.py @@ -31,6 +31,30 @@ def get_user_by_id(id: str) -> Optional[OrganizationMember]: def get_members() -> list[OrganizationMember]: return OrganizationMember.objects.all() + @staticmethod + def get_members_by_role(role: str) -> list[OrganizationMember]: + """It return members in the order of member_id + + Args: + role (str): user role + + Returns: + list[OrganizationMember]: list of members + """ + return OrganizationMember.objects.filter(role=role).order_by("member_id") + + @staticmethod + def set_member_role(member_id: int, role: str) -> None: + """Set the role of a member. + + Parameters: + role (str): The role to set. + """ + # Get and update member + member = OrganizationMember.objects.get(member_id=member_id) + member.role = role.lower() + member.save() + @staticmethod def get_members_by_user_email( user_emails: list[str], values_list_fields: list[str] From bb270ca0c41d8b8d393d962e6480ec1b35996366 Mon Sep 17 00:00:00 2001 From: ali-zipstack Date: Tue, 26 Nov 2024 15:47:49 +0530 Subject: [PATCH 2/6] update man Read me by adding a linnk of Authentication of backend readme --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2d3dde6bb..694dc2868 100644 --- a/README.md +++ b/README.md @@ -54,10 +54,13 @@ Next, either download a release or clone this repo and do the following: ✅ `./run-platform.sh`
✅ Now visit [http://frontend.unstract.localhost](http://frontend.unstract.localhost) in your browser
-✅ Use user name and password `unstract` to login +✅ Use username and password `unstract` to login + That's all there is to it! +See [this guide](backend/README.md#authentication) for steps to change the default username and password. + See [user guide](https://docs.unstract.com/unstract/unstract_platform/user_guides/run_platform) for more details on managing the platform. Another really quick way to experience Unstract is by signing up for our [hosted version](https://us-central.unstract.com/). From 4df978a00258e44038647dc8dc82e0cdd5a264e7 Mon Sep 17 00:00:00 2001 From: ali <117142933+muhammad-ali-e@users.noreply.github.com> Date: Wed, 4 Dec 2024 10:31:49 +0530 Subject: [PATCH 3/6] Update README.md Co-authored-by: Chandrasekharan M <117059509+chandrasekharan-zipstack@users.noreply.github.com> Signed-off-by: ali <117142933+muhammad-ali-e@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 694dc2868..1aae3ec08 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ Next, either download a release or clone this repo and do the following: That's all there is to it! -See [this guide](backend/README.md#authentication) for steps to change the default username and password. +Follow [these steps](backend/README.md#authentication) to change the default username and password. See [user guide](https://docs.unstract.com/unstract/unstract_platform/user_guides/run_platform) for more details on managing the platform. Another really quick way to experience Unstract is by signing up for our [hosted version](https://us-central.unstract.com/). From 78a4df8bdd6e6641078f43738553475d60eaac91 Mon Sep 17 00:00:00 2001 From: ali <117142933+muhammad-ali-e@users.noreply.github.com> Date: Wed, 4 Dec 2024 10:31:56 +0530 Subject: [PATCH 4/6] Update README.md Co-authored-by: Chandrasekharan M <117059509+chandrasekharan-zipstack@users.noreply.github.com> Signed-off-by: ali <117142933+muhammad-ali-e@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1aae3ec08..6d75357cb 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ That's all there is to it! Follow [these steps](backend/README.md#authentication) to change the default username and password. See [user guide](https://docs.unstract.com/unstract/unstract_platform/user_guides/run_platform) for more details on managing the platform. -Another really quick way to experience Unstract is by signing up for our [hosted version](https://us-central.unstract.com/). +Another really quick way to experience Unstract is by signing up for our [hosted version](https://us-central.unstract.com/). It comes with a 14 day free trial! ## ⏩ Quick Start Guide From b08eeb3327a52e1747c145482cd8a3043b105470 Mon Sep 17 00:00:00 2001 From: ali <117142933+muhammad-ali-e@users.noreply.github.com> Date: Wed, 4 Dec 2024 10:32:07 +0530 Subject: [PATCH 5/6] Update backend/README.md Co-authored-by: Hari John Kuriakose Signed-off-by: ali <117142933+muhammad-ali-e@users.noreply.github.com> --- backend/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/README.md b/backend/README.md index 31e5e1c45..8f8cbc330 100644 --- a/backend/README.md +++ b/backend/README.md @@ -87,11 +87,11 @@ To customize the username or password: To update the username or password after initial setup: 1. Modify the credentials in `/backend/.env` - 1. **DEFAULT_AUTH_USERNAME**=`your_new_username` - 2. **DEFAULT_AUTH_PASSWORD**=`your_new_password` -2. Save the `/backend/.env` file -3. Restart the server to apply changes -4. Login with the new credentials + - **DEFAULT_AUTH_USERNAME**=`your_new_username` + - **DEFAULT_AUTH_PASSWORD**=`your_new_password` +2. Save changes and restart `backend` service + +Now you can login with the new credentials. ### Important Notes From ca32c38963cec95b9ebbea4f2234d10a60e5cb26 Mon Sep 17 00:00:00 2001 From: ali-zipstack Date: Wed, 4 Dec 2024 10:34:17 +0530 Subject: [PATCH 6/6] minor type and logs fixes --- backend/account_v2/authentication_service.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/account_v2/authentication_service.py b/backend/account_v2/authentication_service.py index 59097a97c..7f2f746cf 100644 --- a/backend/account_v2/authentication_service.py +++ b/backend/account_v2/authentication_service.py @@ -324,7 +324,7 @@ def _set_default_user(self) -> bool: logger.error(f"Failed to set default user: {str(e)}") return False - def _get_or_create_user(self, organization: Organization) -> User: + def _get_or_create_user(self, organization: Optional[Organization]) -> User: """Get existing user or create a new one based on organization context. Args: @@ -384,7 +384,7 @@ def _promote_first_member_to_admin(self) -> Optional[OrganizationMember]: """ members = OrganizationMemberService.get_members() if not members: - logger.error("No organization member found") + logger.warning("No organization member found") return None first_member = members[0]