settings: do not create a user if he has no password field, or if his password is null.

This will be used by the settings.json in the default Dockerfile to eschew creating an admin user when no password is set. Closes #3648.
2019-10-19 00:54:56 +02:00 · 2019-10-19 00:54:56 +02:00 · 7c099fef5e
parent 4e758a9f4a
commit 7c099fef5e
2 changed files with 28 additions and 2 deletions
--- a/settings.json.template
+++ b/settings.json.template
@ -50,6 +50,9 @@
 * 2) Beware of undefined variables and default values: nulls and empty strings
 *    are different!
 *
+ *    This is particularly important for user's passwords (see the relevant
+ *    section):
+ *
 *    "password": "${PASSW}"  // if PASSW is not defined would result in password === null
 *    "password": "${PASSW:}" // if PASSW is not defined would result in password === ''
 *
@ -358,12 +361,14 @@
  /*
  "users": {
    "admin": {
-      // "password" can be replaced with "hash" if you install ep_hash_auth
+      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
+      // 2) please note that if password is null, the user will not be created
      "password": "changeme1",
      "is_admin": true
    },
    "user": {
-      // "password" can be replaced with "hash" if you install ep_hash_auth
+      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
+      // 2) please note that if password is null, the user will not be created
      "password": "changeme1",
      "is_admin": false
    }
--- a/src/node/utils/Settings.js
+++ b/src/node/utils/Settings.js
@ -629,6 +629,27 @@ exports.reloadSettings = function reloadSettings() {
    console.info(`Using skin "${exports.skinName}" in dir: ${skinPath}`);
  }

+  if (exports.users) {
+    /*
+     * Prune from export.users any user that has no password attribute, or whose
+     * password attribute is "null".
+     *
+     * This is used by the settings.json in the default Dockerfile to eschew
+     * creating an admin user if no password is set.
+     */
+    var filteredUsers = _.filter(exports.users, function(user, username) {
+      if ((user.hasOwnProperty("password")) || user.password !== null) {
+        return true;
+      }
+
+      console.warn(`The password for ${username} is null. This means the user must not be created. Removing it.`);
+
+      return false;
+    });
+
+    exports.users = filteredUsers;
+  }
+
  if (exports.abiword) {
    // Check abiword actually exists
    if (exports.abiword != null) {