fix: admin users were created while the setup wizard wasn't finished

2023-01-26 15:43:13 +01:00
parent 7e91038a24
commit ad92cfc852
8 changed files with 37 additions and 22 deletions
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -23,6 +23,8 @@ export class AuthService {
  ) {}

  async signUp(dto: AuthRegisterDTO) {
+    const isFirstUser = this.config.get("SETUP_STATUS") == "STARTED";
+
    const hash = await argon.hash(dto.password);
    try {
      const user = await this.prisma.user.create({
@@ -30,10 +32,14 @@ export class AuthService {
          email: dto.email,
          username: dto.username,
          password: hash,
-          isAdmin: !this.config.get("SETUP_FINISHED"),
+          isAdmin: isFirstUser,
        },
      });

+      if (isFirstUser) {
+        await this.config.changeSetupStatus("REGISTERED");
+      }
+
      const { refreshToken, refreshTokenId } = await this.createRefreshToken(
        user.id
      );
--- a/backend/src/config/config.controller.ts
+++ b/backend/src/config/config.controller.ts
@@ -37,7 +37,7 @@ export class ConfigController {
  @Post("admin/finishSetup")
  @UseGuards(JwtGuard, AdministratorGuard)
  async finishSetup() {
-    return await this.configService.finishSetup();
+    return await this.configService.changeSetupStatus("FINISHED");
  }

  @Post("admin/testEmail")
--- a/backend/src/config/config.service.ts
+++ b/backend/src/config/config.service.ts
@@ -76,10 +76,10 @@ export class ConfigService {
    return updatedVariable;
  }

-  async finishSetup() {
+  async changeSetupStatus(status: "STARTED" | "REGISTERED" | "FINISHED") {
    return await this.prisma.config.update({
-      where: { key: "SETUP_FINISHED" },
-      data: { value: "true" },
+      where: { key: "SETUP_STATUS" },
+      data: { value: status },
    });
  }
 }