Enhancement: allow webUI first account signup (#9500)

2025-08-10 00:18:57 +00:00 · 2025-03-29 10:12:34 -07:00
parent b4b2a92225
commit 32a7f9cd5a
16 changed files with 163 additions and 120 deletions
--- a/src/paperless/adapter.py
+++ b/src/paperless/adapter.py
@@ -10,6 +10,7 @@ from django.contrib.auth.models import User
 from django.forms import ValidationError
 from django.urls import reverse

+from documents.models import Document
 from paperless.signals import handle_social_account_updated

 logger = logging.getLogger("paperless.auth")
@@ -21,6 +22,13 @@ class CustomAccountAdapter(DefaultAccountAdapter):
        Check whether the site is open for signups, which can be
        disabled via the ACCOUNT_ALLOW_SIGNUPS setting.
        """
+        if (
+            User.objects.exclude(username__in=["consumer", "AnonymousUser"]).count()
+            == 0
+            and Document.global_objects.count() == 0
+        ):
+            # I.e. a fresh install, allow signups
+            return True
        allow_signups = super().is_open_for_signup(request)
        # Override with setting, otherwise default to super.
        return getattr(settings, "ACCOUNT_ALLOW_SIGNUPS", allow_signups)
@@ -73,6 +81,17 @@ class CustomAccountAdapter(DefaultAccountAdapter):
        Save the user instance. Default groups are assigned to the user, if
        specified in the settings.
        """
+
+        if (
+            User.objects.exclude(username__in=["consumer", "AnonymousUser"]).count()
+            == 0
+            and Document.global_objects.count() == 0
+        ):
+            # I.e. a fresh install, make the user a superuser
+            logger.debug(f"Creating initial superuser `{user}`")
+            user.is_superuser = True
+            user.is_staff = True
+
        user: User = super().save_user(request, user, form, commit)
        group_names: list[str] = settings.ACCOUNT_DEFAULT_GROUPS
        if len(group_names) > 0:
--- a/src/paperless/tests/test_adapter.py
+++ b/src/paperless/tests/test_adapter.py
@@ -17,6 +17,11 @@ class TestCustomAccountAdapter(TestCase):
    def test_is_open_for_signup(self):
        adapter = get_adapter()

+        # With no accounts, signups should be allowed
+        self.assertTrue(adapter.is_open_for_signup(None))
+
+        User.objects.create_user("testuser")
+
        # Test when ACCOUNT_ALLOW_SIGNUPS is True
        settings.ACCOUNT_ALLOW_SIGNUPS = True
        self.assertTrue(adapter.is_open_for_signup(None))
@@ -101,6 +106,27 @@ class TestCustomAccountAdapter(TestCase):
        self.assertTrue(user.groups.filter(name="group1").exists())
        self.assertFalse(user.groups.filter(name="group2").exists())

+    def test_fresh_install_save_creates_superuser(self):
+        adapter = get_adapter()
+        form = mock.Mock(
+            cleaned_data={
+                "username": "testuser",
+                "email": "user@paperless-ngx.com",
+            },
+        )
+        user = adapter.save_user(HttpRequest(), User(), form, commit=True)
+        self.assertTrue(user.is_superuser)
+
+        # Next time, it should not create a superuser
+        form = mock.Mock(
+            cleaned_data={
+                "username": "testuser2",
+                "email": "user2@paperless-ngx.com",
+            },
+        )
+        user2 = adapter.save_user(HttpRequest(), User(), form, commit=True)
+        self.assertFalse(user2.is_superuser)
+

 class TestCustomSocialAccountAdapter(TestCase):
    def test_is_open_for_signup(self):