search

microbiomedata / nmdc-edge

Web-based interface to the NMDC EDGE platform
https://nmdc-edge.org
4 stars 0 forks source link

Document process of creating an admin user and then logging in as that user #274

Closed eecavanna closed 2 months ago

eecavanna commented 3 months ago

One place you can add this is in the main README.md file.

Command

mongoimport --db=nmdcedge --host=localhost --password=... --username=root --collection=users --file=admin_user.json --authenticationDatabase admin

admin_user.json

{ "type": "admin", "firstname": "admin", "lastname": "...", "email": "...", "status": "active", "password": "...hashed...", "code": "000000" }

Login endpoint

https://github.com/microbiomedata/nmdc-edge/blob/bdf4e33547b79a063964d3b6b255b92db7a51862/webapp/client/src/routes.js#L20

eecavanna commented 3 months ago

I added this to next sprint's sprint board.

ssarrafan commented 3 months ago

@mflynn-lanl @eecavanna is this done? Can this issue be closed?

mflynn-lanl commented 3 months ago

I don't know if putting this into the README is the best place since it contains a password. Even though it is hashed, the plain-text one can be transmitted out-of-band. I think we need to come up with a way to generate a unique password for the admin user. Let's move this to the next sprint

eecavanna commented 3 months ago

Hi @ssarrafan, it is not done yet.

Hi @mflynn-lanl, I agree about not storing the password (in any format) in the repo. I would like to have everything else documented, and leave the email and password as placeholders (e.g. {email}, {password}) that the person following the instructions can fill in with values specific to that instance of the application. Here's a password generator I suggest people use: https://bitwarden.com/password-generator/#password-generator

mflynn-lanl commented 3 months ago

@eecavanna The password needs to be salted and hashed before it can be inserted into the database.

mflynn-lanl commented 3 months ago

I found this code which I think might do it:

// =====================SEED AND HASH PASSWORD========================================
const User = require('./models/models.user');
const mongoose = require('mongoose');
const bcrypt = require('bcrypt');

const connectDB = async () => {
  try {
    await mongoose.connect(process.env.MONGODB_URL);
    console.log('Connected to mongodb');
  } catch (error) {
    console.log(error);
  }
};

connectDB();

(async () => {
  let data = {
    name: 'Abraham Jujin',
    email: 'abe@gmail.com',
    password: 'abe1234',
    phoneNumber: '08168623107',
    role: 'admin',
  };
  let saltRounds = 10;
  let hashedPassword = await bcrypt.hash(data.password, saltRounds);

  data.password = hashedPassword;
  console.log(data.password);

  const seedDatabase = async () => {
    try {
      await User.deleteMany({});
      await User.insertMany(data);
      console.log('Seeding successful');
    } catch (error) {
      console.log(error);
    }
  };

  seedDatabase().then(() => {
    mongoose.connection.close();
  });
})();
eecavanna commented 3 months ago

Thanks! I'm thinking about isolating just the portion that hashes and salts the password. The administrator can use that to convert the raw password into the hashed and salted one. I don't think it can be run via $ node -e '...' because I don't think importing non-stdlib modules is allowed from within inline scripts like that. However, we could add a short generate-admin-user-creation-mongo-query.js script to the repo, which takes—as its input—the name, plain-text password, etc; and then returns—as its output—the fully-formed Mongo query/JSON object (e.g. an admin_user.json file as shown in the Issue description above) that can be fed into the database.

yxu-lanl commented 2 months ago

We don't need the 'admim/password' user after we changed to ORCiD login. I kept the 'admin/password' because there are many projects owned by the 'admin/password'. I will remove the '/nmdcedgeadminlogin' UI after cleaning up the admin projects. We can change a user to 'admin' in MongoDB shell or add 'admin/ORCiD' user's ORCiD id/firstname/lastname to admin.json to let server.js create 'admin' user.

ssarrafan commented 2 months ago

We don't need the 'admim/password' user after we changed to ORCiD login. I kept the 'admin/password' because there are many projects owned by the 'admin/password'. I will remove the '/nmdcedgeadminlogin' UI after cleaning up the admin projects. We can change a user to 'admin' in MongoDB shell or add 'admin/ORCiD' user's ORCiD id/firstname/lastname to admin.json to let server.js create 'admin' user.

@yxu-lanl does that mean we can close this issue?

eecavanna commented 2 months ago

Thanks, Yan. I'll document that now and then close this issue.

eecavanna commented 2 months ago

I opened a PR containing the documentation. Here's a link to the PR: https://github.com/microbiomedata/nmdc-edge/pull/298

Once that PR gets merged in, this issue will automatically close.