From e3ba968fef1c9c1057cae68cf6f6a18cf7a1936c Mon Sep 17 00:00:00 2001 From: Chris Nagy Date: Sun, 14 Mar 2021 19:43:22 +0100 Subject: [PATCH 1/8] Add superuser management script --- docker/docker-entrypoint.sh | 14 +++++++++ docker/install_management_commands.sh | 2 +- .../management/commands/manage_superuser.py | 30 +++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 src/documents/management/commands/manage_superuser.py diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 5919b14aa..95131699f 100644 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -49,6 +49,19 @@ wait_for_postgres() { } +superuser() { + + if [[ -n "${PAPERLESS_DBHOST}" ]] + then + wait_for_postgres + fi + + if [[ ! -z "${PAPERLESS_ADMIN_PASSWORD}" ]] + then + sudo -HEu paperless python3 manage.py manage_superuser + fi + +} migrations() { @@ -86,6 +99,7 @@ initialize() { chown -R paperless:paperless /tmp/paperless migrations + superuser } diff --git a/docker/install_management_commands.sh b/docker/install_management_commands.sh index 17fb8f277..468711d3c 100755 --- a/docker/install_management_commands.sh +++ b/docker/install_management_commands.sh @@ -1,4 +1,4 @@ -for command in document_archiver document_exporter document_importer mail_fetcher document_create_classifier document_index document_renamer document_retagger document_thumbnails document_sanity_checker; +for command in document_archiver document_exporter document_importer mail_fetcher document_create_classifier document_index document_renamer document_retagger document_thumbnails document_sanity_checker manage_superuser; do echo "installing $command..." sed "s/management_command/$command/g" management_script.sh > /usr/local/bin/$command diff --git a/src/documents/management/commands/manage_superuser.py b/src/documents/management/commands/manage_superuser.py new file mode 100644 index 000000000..3c5341cb3 --- /dev/null +++ b/src/documents/management/commands/manage_superuser.py @@ -0,0 +1,30 @@ +import os + +from django.contrib.auth.models import User +from django.core.management.base import BaseCommand, CommandError + +class Command(BaseCommand): + + help = """ + Creates a Django superuser based on env variables. + """.replace(" ", "") + + def handle(self, *args, **options): + + # Get user details from env variables + PAPERLESS_ADMIN_USER=os.getenv('PAPERLESS_ADMIN_USER') + PAPERLESS_ADMIN_MAIL=os.getenv('PAPERLESS_ADMIN_MAIL', 'root@localhost') + PAPERLESS_ADMIN_PASSWORD=os.getenv('PAPERLESS_ADMIN_PASSWORD') + + # If PAPERLESS_ADMIN_USER env variable is set + if PAPERLESS_ADMIN_USER: + try: + # Check if user exists already, leave as is if it does + if User.objects.filter(username=PAPERLESS_ADMIN_USER).exists(): + self.stdout.write(f'The user "{PAPERLESS_ADMIN_USER}" already exists! Leaving user as is.') + elif PAPERLESS_ADMIN_PASSWORD: + # Create superuser based on env variables + User.objects.create_superuser(PAPERLESS_ADMIN_USER, PAPERLESS_ADMIN_MAIL, PAPERLESS_ADMIN_PASSWORD) + self.stdout.write(f'Created superuser "{PAPERLESS_ADMIN_USER}" with provided password.') + except Exception as error: + self.stdout.write(f'Exception occured while managing superuser: {error}') \ No newline at end of file From 0cc32e7ed798a0394c6ec3ed6661f1b1f1f8f732 Mon Sep 17 00:00:00 2001 From: Chris Nagy Date: Sat, 10 Apr 2021 13:47:31 +0200 Subject: [PATCH 2/8] Extend docs with superuser --- docs/configuration.rst | 24 +++++++++++++++++++ .../management/commands/manage_superuser.py | 5 +++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/docs/configuration.rst b/docs/configuration.rst index 48b09213d..3534750b1 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -177,6 +177,30 @@ PAPERLESS_AUTO_LOGIN_USERNAME= Defaults to none, which disables this feature. +PAPERLESS_ADMIN_USER= + If this environment variable is specified, Paperless automatically creates + a superuser with the provided username at start. This is useful in cases + where you can not run the `create-superuser` command seperately, such as Kubernetes + or AWS ECS. + + Requires `PAPERLESS_ADMIN_PASSWORD` to be set. + + .. note:: + + This will not change an existing [super]user's password, nor will + it recreate a user that already exists. You can leave this throughout + the lifecycle of the containers. + +PAPERLESS_ADMIN_MAIL= + (Optional) Specify superuser email address. Only used when + `PAPERLESS_ADMIN_USER` is set. + + Defaults to ``root@localhost``. + +PAPERLESS_ADMIN_PASSWORD= + Only used when `PAPERLESS_ADMIN_USER` is set. + This will be the password of the automatically created superuser. + PAPERLESS_COOKIE_PREFIX= Specify a prefix that is added to the cookies used by paperless to identify diff --git a/src/documents/management/commands/manage_superuser.py b/src/documents/management/commands/manage_superuser.py index 3c5341cb3..ee3fbc8ef 100644 --- a/src/documents/management/commands/manage_superuser.py +++ b/src/documents/management/commands/manage_superuser.py @@ -26,5 +26,8 @@ class Command(BaseCommand): # Create superuser based on env variables User.objects.create_superuser(PAPERLESS_ADMIN_USER, PAPERLESS_ADMIN_MAIL, PAPERLESS_ADMIN_PASSWORD) self.stdout.write(f'Created superuser "{PAPERLESS_ADMIN_USER}" with provided password.') + else: + self.stdout.write(f'Did not create superuser "{PAPERLESS_ADMIN_USER}".') + self.stdout.write('Make sure you specified "PAPERLESS_ADMIN_PASSWORD" in your "docker-compose.env" file.') except Exception as error: - self.stdout.write(f'Exception occured while managing superuser: {error}') \ No newline at end of file + self.stdout.write(f'Exception occured while creating superuser: {error}') \ No newline at end of file From cb4e738a0f8be9191330c2e8a33553e39657b606 Mon Sep 17 00:00:00 2001 From: Chris Nagy Date: Sat, 10 Apr 2021 13:50:52 +0200 Subject: [PATCH 3/8] Fix env variable in docker entrypoint --- docker/docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 95131699f..fe9618c25 100644 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -56,7 +56,7 @@ superuser() { wait_for_postgres fi - if [[ ! -z "${PAPERLESS_ADMIN_PASSWORD}" ]] + if [[ ! -z "${PAPERLESS_ADMIN_USER}" ]] then sudo -HEu paperless python3 manage.py manage_superuser fi From ee51a0be131d8ee953a5b0d7cd3084d6b34c07a7 Mon Sep 17 00:00:00 2001 From: Chris Nagy Date: Sat, 10 Apr 2021 15:08:33 +0200 Subject: [PATCH 4/8] Minor docs change --- docs/configuration.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration.rst b/docs/configuration.rst index 3534750b1..7502cef40 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -180,7 +180,7 @@ PAPERLESS_AUTO_LOGIN_USERNAME= PAPERLESS_ADMIN_USER= If this environment variable is specified, Paperless automatically creates a superuser with the provided username at start. This is useful in cases - where you can not run the `create-superuser` command seperately, such as Kubernetes + where you can not run the `createsuperuser` command seperately, such as Kubernetes or AWS ECS. Requires `PAPERLESS_ADMIN_PASSWORD` to be set. From a9e11b1cb708795c3ccaa6e53c8818c7907c2049 Mon Sep 17 00:00:00 2001 From: Chris Nagy Date: Sat, 10 Apr 2021 16:02:48 +0200 Subject: [PATCH 5/8] Add newline end of file --- src/documents/management/commands/manage_superuser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/documents/management/commands/manage_superuser.py b/src/documents/management/commands/manage_superuser.py index ee3fbc8ef..0762ab001 100644 --- a/src/documents/management/commands/manage_superuser.py +++ b/src/documents/management/commands/manage_superuser.py @@ -30,4 +30,4 @@ class Command(BaseCommand): self.stdout.write(f'Did not create superuser "{PAPERLESS_ADMIN_USER}".') self.stdout.write('Make sure you specified "PAPERLESS_ADMIN_PASSWORD" in your "docker-compose.env" file.') except Exception as error: - self.stdout.write(f'Exception occured while creating superuser: {error}') \ No newline at end of file + self.stdout.write(f'Exception occured while creating superuser: {error}') From c3d70881685701948154e1929cea62479cd635ad Mon Sep 17 00:00:00 2001 From: Chris Nagy Date: Sat, 10 Apr 2021 16:10:45 +0200 Subject: [PATCH 6/8] Fix code guidelines --- .../management/commands/manage_superuser.py | 29 ++++++++++++------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/src/documents/management/commands/manage_superuser.py b/src/documents/management/commands/manage_superuser.py index 0762ab001..81732e7d9 100644 --- a/src/documents/management/commands/manage_superuser.py +++ b/src/documents/management/commands/manage_superuser.py @@ -3,6 +3,7 @@ import os from django.contrib.auth.models import User from django.core.management.base import BaseCommand, CommandError + class Command(BaseCommand): help = """ @@ -11,23 +12,29 @@ class Command(BaseCommand): def handle(self, *args, **options): - # Get user details from env variables - PAPERLESS_ADMIN_USER=os.getenv('PAPERLESS_ADMIN_USER') - PAPERLESS_ADMIN_MAIL=os.getenv('PAPERLESS_ADMIN_MAIL', 'root@localhost') - PAPERLESS_ADMIN_PASSWORD=os.getenv('PAPERLESS_ADMIN_PASSWORD') + PAPERLESS_ADMIN_USER = os.getenv('PAPERLESS_ADMIN_USER') + PAPERLESS_ADMIN_MAIL = os.getenv('PAPERLESS_ADMIN_MAIL', 'root@localhost') + PAPERLESS_ADMIN_PASSWORD = os.getenv('PAPERLESS_ADMIN_PASSWORD') # If PAPERLESS_ADMIN_USER env variable is set if PAPERLESS_ADMIN_USER: try: # Check if user exists already, leave as is if it does - if User.objects.filter(username=PAPERLESS_ADMIN_USER).exists(): - self.stdout.write(f'The user "{PAPERLESS_ADMIN_USER}" already exists! Leaving user as is.') + if User.objects.filter( + username=PAPERLESS_ADMIN_USER).exists(): + self.stdout.write( + f'The user "{PAPERLESS_ADMIN_USER}" already exists! Leaving user as is.') elif PAPERLESS_ADMIN_PASSWORD: # Create superuser based on env variables - User.objects.create_superuser(PAPERLESS_ADMIN_USER, PAPERLESS_ADMIN_MAIL, PAPERLESS_ADMIN_PASSWORD) - self.stdout.write(f'Created superuser "{PAPERLESS_ADMIN_USER}" with provided password.') + User.objects.create_superuser( + PAPERLESS_ADMIN_USER, PAPERLESS_ADMIN_MAIL, PAPERLESS_ADMIN_PASSWORD) + self.stdout.write( + f'Created superuser "{PAPERLESS_ADMIN_USER}" with provided password.') else: - self.stdout.write(f'Did not create superuser "{PAPERLESS_ADMIN_USER}".') - self.stdout.write('Make sure you specified "PAPERLESS_ADMIN_PASSWORD" in your "docker-compose.env" file.') + self.stdout.write( + f'Did not create superuser "{PAPERLESS_ADMIN_USER}".') + self.stdout.write( + 'Make sure you specified "PAPERLESS_ADMIN_PASSWORD" in your "docker-compose.env" file.') except Exception as error: - self.stdout.write(f'Exception occured while creating superuser: {error}') + self.stdout.write( + f'Exception occured while creating superuser: {error}') From 8566682209b8ff22c34cc632789392f638c91e2d Mon Sep 17 00:00:00 2001 From: jonaswinkler <17569239+jonaswinkler@users.noreply.github.com> Date: Sat, 17 Apr 2021 14:33:07 +0200 Subject: [PATCH 7/8] add test case, update password if changed --- docker/docker-prepare.sh | 42 ++++++------ .../management/commands/manage_superuser.py | 50 +++++++------- .../tests/test_management_superuser.py | 66 +++++++++++++++++++ 3 files changed, 114 insertions(+), 44 deletions(-) create mode 100644 src/documents/tests/test_management_superuser.py diff --git a/docker/docker-prepare.sh b/docker/docker-prepare.sh index 53f5201e4..6ea4247b7 100755 --- a/docker/docker-prepare.sh +++ b/docker/docker-prepare.sh @@ -9,16 +9,13 @@ wait_for_postgres() { host="${PAPERLESS_DBHOST}" port="${PAPERLESS_DBPORT}" - if [[ -z $port ]] ; - then + if [[ -z $port ]]; then port="5432" fi - while !/usr/src/paperless/data/migration_lock + ) 200>/usr/src/paperless/data/migration_lock } search_index() { index_version=1 index_version_file=/usr/src/paperless/data/.index_version - if [[ (! -f "$index_version_file") || $(< $index_version_file) != "$index_version" ]]; then + if [[ (! -f "$index_version_file") || $(<$index_version_file) != "$index_version" ]]; then echo "Search index out of date. Updating..." python3 manage.py document_index reindex echo $index_version | tee $index_version_file >/dev/null fi } -do_work() { - migrations; - - search_index; +superuser() { + if [[ -n "${PAPERLESS_ADMIN_USER}" ]]; then + sudo -HEu paperless python3 manage.py manage_superuser + fi } -do_work; +do_work() { + if [[ -n "${PAPERLESS_DBHOST}" ]]; then + wait_for_postgres + fi + + migrations + + search_index + + superuser + +} + +do_work diff --git a/src/documents/management/commands/manage_superuser.py b/src/documents/management/commands/manage_superuser.py index 81732e7d9..d967eab81 100644 --- a/src/documents/management/commands/manage_superuser.py +++ b/src/documents/management/commands/manage_superuser.py @@ -1,9 +1,13 @@ +import logging import os from django.contrib.auth.models import User from django.core.management.base import BaseCommand, CommandError +logger = logging.getLogger("paperless.management.superuser") + + class Command(BaseCommand): help = """ @@ -12,29 +16,25 @@ class Command(BaseCommand): def handle(self, *args, **options): - PAPERLESS_ADMIN_USER = os.getenv('PAPERLESS_ADMIN_USER') - PAPERLESS_ADMIN_MAIL = os.getenv('PAPERLESS_ADMIN_MAIL', 'root@localhost') - PAPERLESS_ADMIN_PASSWORD = os.getenv('PAPERLESS_ADMIN_PASSWORD') + username = os.getenv('PAPERLESS_ADMIN_USER') + if not username: + return - # If PAPERLESS_ADMIN_USER env variable is set - if PAPERLESS_ADMIN_USER: - try: - # Check if user exists already, leave as is if it does - if User.objects.filter( - username=PAPERLESS_ADMIN_USER).exists(): - self.stdout.write( - f'The user "{PAPERLESS_ADMIN_USER}" already exists! Leaving user as is.') - elif PAPERLESS_ADMIN_PASSWORD: - # Create superuser based on env variables - User.objects.create_superuser( - PAPERLESS_ADMIN_USER, PAPERLESS_ADMIN_MAIL, PAPERLESS_ADMIN_PASSWORD) - self.stdout.write( - f'Created superuser "{PAPERLESS_ADMIN_USER}" with provided password.') - else: - self.stdout.write( - f'Did not create superuser "{PAPERLESS_ADMIN_USER}".') - self.stdout.write( - 'Make sure you specified "PAPERLESS_ADMIN_PASSWORD" in your "docker-compose.env" file.') - except Exception as error: - self.stdout.write( - f'Exception occured while creating superuser: {error}') + mail = os.getenv('PAPERLESS_ADMIN_MAIL', 'root@localhost') + password = os.getenv('PAPERLESS_ADMIN_PASSWORD') + + # Check if user exists already, leave as is if it does + if User.objects.filter(username=username).exists(): + user: User = User.objects.get_by_natural_key(username) + user.set_password(password) + user.save() + elif password: + # Create superuser based on env variables + User.objects.create_superuser(username, mail, password) + self.stdout.write( + f'Created superuser "{username}" with provided password.') + else: + self.stdout.write( + f'Did not create superuser "{username}".') + self.stdout.write( + 'Make sure you specified "PAPERLESS_ADMIN_PASSWORD" in your "docker-compose.env" file.') diff --git a/src/documents/tests/test_management_superuser.py b/src/documents/tests/test_management_superuser.py new file mode 100644 index 000000000..ca28db89c --- /dev/null +++ b/src/documents/tests/test_management_superuser.py @@ -0,0 +1,66 @@ +import os +import shutil +from unittest import mock + +from django.contrib.auth.models import User +from django.core.management import call_command +from django.test import TestCase + +from documents.management.commands.document_thumbnails import _process_document +from documents.models import Document, Tag, Correspondent, DocumentType +from documents.tests.utils import DirectoriesMixin + + +class TestManageSuperUser(DirectoriesMixin, TestCase): + + def reset_environment(self): + if "PAPERLESS_ADMIN_USER" in os.environ: + del os.environ["PAPERLESS_ADMIN_USER"] + if "PAPERLESS_ADMIN_PASSWORD" in os.environ: + del os.environ["PAPERLESS_ADMIN_PASSWORD"] + + def setUp(self) -> None: + super().setUp() + self.reset_environment() + + def tearDown(self) -> None: + super().tearDown() + self.reset_environment() + + def test_no_user(self): + call_command("manage_superuser") + + # just the consumer user. + self.assertEqual(User.objects.count(), 1) + self.assertTrue(User.objects.filter(username="consumer").exists()) + + def test_create(self): + os.environ["PAPERLESS_ADMIN_USER"] = "new_user" + os.environ["PAPERLESS_ADMIN_PASSWORD"] = "123456" + + call_command("manage_superuser") + + user: User = User.objects.get_by_natural_key("new_user") + self.assertTrue(user.check_password("123456")) + + def test_update(self): + os.environ["PAPERLESS_ADMIN_USER"] = "new_user" + os.environ["PAPERLESS_ADMIN_PASSWORD"] = "123456" + + call_command("manage_superuser") + + os.environ["PAPERLESS_ADMIN_USER"] = "new_user" + os.environ["PAPERLESS_ADMIN_PASSWORD"] = "more_secure_pwd_7645" + + call_command("manage_superuser") + + user: User = User.objects.get_by_natural_key("new_user") + self.assertTrue(user.check_password("more_secure_pwd_7645")) + + def test_no_password(self): + os.environ["PAPERLESS_ADMIN_USER"] = "new_user" + + call_command("manage_superuser") + + with self.assertRaises(User.DoesNotExist): + User.objects.get_by_natural_key("new_user") From 96f53986b7bc06c4c2b6c3866e844645a88e3ee9 Mon Sep 17 00:00:00 2001 From: jonaswinkler <17569239+jonaswinkler@users.noreply.github.com> Date: Sat, 17 Apr 2021 14:36:04 +0200 Subject: [PATCH 8/8] pycodestyle --- src/documents/management/commands/manage_superuser.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/documents/management/commands/manage_superuser.py b/src/documents/management/commands/manage_superuser.py index d967eab81..ef3635e52 100644 --- a/src/documents/management/commands/manage_superuser.py +++ b/src/documents/management/commands/manage_superuser.py @@ -28,6 +28,7 @@ class Command(BaseCommand): user: User = User.objects.get_by_natural_key(username) user.set_password(password) user.save() + self.stdout.write(f"Changed password of user {username}.") elif password: # Create superuser based on env variables User.objects.create_superuser(username, mail, password) @@ -37,4 +38,5 @@ class Command(BaseCommand): self.stdout.write( f'Did not create superuser "{username}".') self.stdout.write( - 'Make sure you specified "PAPERLESS_ADMIN_PASSWORD" in your "docker-compose.env" file.') + 'Make sure you specified "PAPERLESS_ADMIN_PASSWORD" in your ' + '"docker-compose.env" file.')