Document process of creating an admin user and then logging in as that user

[eecavanna]

One place you can add this is in the main README.md file.

Command

mongoimport --db=nmdcedge --host=localhost --password=... --username=root --collection=users --file=admin_user.json --authenticationDatabase admin

admin_user.json

{ "type": "admin", "firstname": "admin", "lastname": "...", "email": "...", "status": "active", "password": "...hashed...", "code": "000000" }

Login endpoint

https://github.com/microbiomedata/nmdc-edge/blob/bdf4e33547b79a063964d3b6b255b92db7a51862/webapp/client/src/routes.js#L20

[eecavanna]

I added this to next sprint's sprint board.

[ssarrafan]

@mflynn-lanl @eecavanna is this done? Can this issue be closed?

[mflynn-lanl]

I don't know if putting this into the README is the best place since it contains a password. Even though it is hashed, the plain-text one can be transmitted out-of-band. I think we need to come up with a way to generate a unique password for the admin user. Let's move this to the next sprint

[eecavanna]

Hi @ssarrafan, it is not done yet.

Hi @mflynn-lanl, I agree about not storing the password (in any format) in the repo. I would like to have everything else documented, and leave the email and password as placeholders (e.g. {email}, {password}) that the person following the instructions can fill in with values specific to that instance of the application. Here's a password generator I suggest people use: https://bitwarden.com/password-generator/#password-generator

[mflynn-lanl]

@eecavanna The password needs to be salted and hashed before it can be inserted into the database.

[mflynn-lanl]

I found this code which I think might do it:

// =====================SEED AND HASH PASSWORD========================================
const User = require('./models/models.user');
const mongoose = require('mongoose');
const bcrypt = require('bcrypt');

const connectDB = async () => {
  try {
    await mongoose.connect(process.env.MONGODB_URL);
    console.log('Connected to mongodb');
  } catch (error) {
    console.log(error);
  }
};

connectDB();

(async () => {
  let data = {
    name: 'Abraham Jujin',
    email: 'abe@gmail.com',
    password: 'abe1234',
    phoneNumber: '08168623107',
    role: 'admin',
  };
  let saltRounds = 10;
  let hashedPassword = await bcrypt.hash(data.password, saltRounds);

  data.password = hashedPassword;
  console.log(data.password);

  const seedDatabase = async () => {
    try {
      await User.deleteMany({});
      await User.insertMany(data);
      console.log('Seeding successful');
    } catch (error) {
      console.log(error);
    }
  };

  seedDatabase().then(() => {
    mongoose.connection.close();
  });
})();

[eecavanna]

Thanks! I'm thinking about isolating just the portion that hashes and salts the password. The administrator can use that to convert the raw password into the hashed and salted one. I don't think it can be run via $ node -e '...' because I don't think importing non-stdlib modules is allowed from within inline scripts like that. However, we could add a short generate-admin-user-creation-mongo-query.js script to the repo, which takes—as its input—the name, plain-text password, etc; and then returns—as its output—the fully-formed Mongo query/JSON object (e.g. an admin_user.json file as shown in the Issue description above) that can be fed into the database.

[yxu-lanl]

We don't need the 'admim/password' user after we changed to ORCiD login. I kept the 'admin/password' because there are many projects owned by the 'admin/password'. I will remove the '/nmdcedgeadminlogin' UI after cleaning up the admin projects. We can change a user to 'admin' in MongoDB shell or add 'admin/ORCiD' user's ORCiD id/firstname/lastname to admin.json to let server.js create 'admin' user.

[ssarrafan]

We don't need the 'admim/password' user after we changed to ORCiD login. I kept the 'admin/password' because there are many projects owned by the 'admin/password'. I will remove the '/nmdcedgeadminlogin' UI after cleaning up the admin projects. We can change a user to 'admin' in MongoDB shell or add 'admin/ORCiD' user's ORCiD id/firstname/lastname to admin.json to let server.js create 'admin' user.

@yxu-lanl does that mean we can close this issue?

[eecavanna]

Thanks, Yan. I'll document that now and then close this issue.

[eecavanna]

I opened a PR containing the documentation. Here's a link to the PR: https://github.com/microbiomedata/nmdc-edge/pull/298

Once that PR gets merged in, this issue will automatically close.