Merge pull request #1571 from rocket-admin/backend_security_report

remove user creation in selfhosted mode

Author: Artuomka

backend/src/entities/user/user-helper.service.ts

@@ -1,26 +1,11 @@
-import { Injectable, OnModuleInit } from '@nestjs/common';
-import { isSaaS } from '../../helpers/app/is-saas.js';
+import { Injectable } from '@nestjs/common';
 import { FoundUserInGroupDs } from './application/data-structures/found-user-in-group.ds.js';
 import { FoundUserDto } from './dto/found-user.dto.js';
 import { UserEntity } from './user.entity.js';
 import { getUserIntercomHash } from './utils/get-user-intercom-hash.js';
-import { Encryptor } from '../../helpers/encryption/encryptor.js';
-import { CompanyInfoEntity } from '../company-info/company-info.entity.js';
-import { RegisterUserDs } from './application/data-structures/register-user-ds.js';
-import { UserRoleEnum } from './enums/user-role.enum.js';
-import { InjectRepository } from '@nestjs/typeorm';
-import { Repository } from 'typeorm';
-import { buildRegisteringUser } from './utils/build-registering-user.util.js';
 
 @Injectable()
-export class UserHelperService implements OnModuleInit {
-	constructor(
-		@InjectRepository(UserEntity)
-		private readonly userRepository: Repository<UserEntity>,
-		@InjectRepository(CompanyInfoEntity)
-		private readonly companyInfoRepository: Repository<CompanyInfoEntity>,
-	) {}
-
+export class UserHelperService {
 	public buildFoundUserInGroupDs(user: UserEntity): FoundUserInGroupDs {
 		return {
 			id: user.id,
@@ -50,35 +35,4 @@ export class UserHelperService implements OnModuleInit {
 			show_test_connections: user.showTestConnections,
 		};
 	}
-
-	public async onModuleInit(): Promise<void> {
-		if (isSaaS() || process.env.NODE_ENV !== 'test') {
-			return;
-		}
-		const email = (process.env.ADMIN_EMAIL || 'admin@email.local').toLowerCase();
-		const password =
-			process.env.ADMIN_PASSWORD ||
-			(process.env.NODE_ENV === 'test' ? 'test12345' : Encryptor.generateRandomString(10));
-
-		const foundTestUser = await this.userRepository.findOneBy({ email: email });
-		if (foundTestUser) {
-			return;
-		}
-
-		const registerUserData: RegisterUserDs = {
-			email: email,
-			password: password,
-			isActive: true,
-			gclidValue: null,
-			name: 'Admin',
-			role: UserRoleEnum.ADMIN,
-		};
-		const savedUser = await this.userRepository.save(buildRegisteringUser(registerUserData));
-		const newCompanyInfo = new CompanyInfoEntity();
-		newCompanyInfo.id = Encryptor.generateUUID();
-		const savedCompanyInfo = await this.companyInfoRepository.save(newCompanyInfo);
-		savedUser.company = savedCompanyInfo;
-		await this.userRepository.save(savedUser);
-		console.info(`Admin user created with email: "${email}" and password: "${password}"`);
-	}
 }

backend/test/ava-tests/non-saas-tests/non-saas-ai-chat-e2e.test.ts

@@ -12,7 +12,7 @@ import { Cacher } from '../../../src/helpers/cache/cacher.js';
 import { DatabaseModule } from '../../../src/shared/database/database.module.js';
 import { DatabaseService } from '../../../src/shared/database/database.service.js';
 import { MockFactory } from '../../mock.factory.js';
-import { registerUserAndReturnUserInfo } from '../../utils/register-user-and-return-user-info.js';
+import { registerUserAndReturnUserInfo, createInitialTestUser } from '../../utils/register-user-and-return-user-info.js';
 import { setSaasEnvVariable } from '../../utils/set-saas-env-variable.js';
 import { TestUtils } from '../../utils/test.utils.js';
 import { ValidationException } from '../../../src/exceptions/custom-exceptions/validation-exception.js';
@@ -77,6 +77,7 @@ test.before(async () => {
 		}),
 	);
 	await app.init();
+	await createInitialTestUser(app);
 	app.getHttpServer().listen(0);
 });
 

backend/test/ava-tests/non-saas-tests/non-saas-app-e2e.test.ts

@@ -8,31 +8,33 @@ import { DatabaseService } from '../../../src/shared/database/database.service.j
 import { DatabaseModule } from '../../../src/shared/database/database.module.js';
 import { setSaasEnvVariable } from '../../utils/set-saas-env-variable.js';
 import { Cacher } from '../../../src/helpers/cache/cacher.js';
+import { createInitialTestUser } from '../../utils/register-user-and-return-user-info.js';
 
 let app: INestApplication;
 
 test.before(async () => {
-  setSaasEnvVariable();
-  const moduleFixture = await Test.createTestingModule({
-    imports: [ApplicationModule, DatabaseModule],
-    providers: [DatabaseService],
-  }).compile();
-  app = moduleFixture.createNestApplication();
-  await app.init();
+	setSaasEnvVariable();
+	const moduleFixture = await Test.createTestingModule({
+		imports: [ApplicationModule, DatabaseModule],
+		providers: [DatabaseService],
+	}).compile();
+	app = moduleFixture.createNestApplication();
+	await app.init();
+	await createInitialTestUser(app);
 });
 
 test.after(async () => {
-  try {
-    await Cacher.clearAllCache();
-    await app.close();
-  } catch (e) {
-    console.error('After tests error ' + e);
-  }
+	try {
+		await Cacher.clearAllCache();
+		await app.close();
+	} catch (e) {
+		console.error('After tests error ' + e);
+	}
 });
 
 test.serial(' > get hello', async (t) => {
-  const result = await request(app.getHttpServer()).get('/hello');
-  const responseText = result.text;
-  t.assert('Hello World!', responseText);
-  t.pass();
+	const result = await request(app.getHttpServer()).get('/hello');
+	const responseText = result.text;
+	t.assert('Hello World!', responseText);
+	t.pass();
 });

backend/test/ava-tests/non-saas-tests/non-saas-company-info-e2e.test.ts

@@ -22,6 +22,7 @@ import { MockFactory } from '../../mock.factory.js';
 import { setSaasEnvVariable } from '../../utils/set-saas-env-variable.js';
 import { TestUtils } from '../../utils/test.utils.js';
 import { createConnectionsAndInviteNewUserInNewGroupWithGroupPermissions } from '../../utils/user-with-different-permissions-utils.js';
+import { createInitialTestUser } from '../../utils/register-user-and-return-user-info.js';
 
 const _mockFactory = new MockFactory();
 let app: INestApplication;
@@ -47,6 +48,7 @@ test.before(async () => {
 		}),
 	);
 	await app.init();
+	await createInitialTestUser(app);
 	app.getHttpServer().listen(0);
 });
 

backend/test/ava-tests/non-saas-tests/non-saas-connection-e2e.test.ts

@@ -15,6 +15,7 @@ import { TestUtils } from '../../utils/test.utils.js';
 import {
   inviteUserInCompanyAndAcceptInvitation,
   registerUserAndReturnUserInfo,
+  createInitialTestUser,
 } from '../../utils/register-user-and-return-user-info.js';
 import { setSaasEnvVariable } from '../../utils/set-saas-env-variable.js';
 import { ValidationException } from '../../../src/exceptions/custom-exceptions/validation-exception.js';
@@ -49,6 +50,7 @@ test.before(async () => {
     }),
   );
   await app.init();
+  await createInitialTestUser(app);
   app.getHttpServer().listen(0);
 });
 

backend/test/ava-tests/non-saas-tests/non-saas-connection-properties-e2e.test.ts

@@ -11,7 +11,7 @@ import { DatabaseService } from '../../../src/shared/database/database.service.j
 import { MockFactory } from '../../mock.factory.js';
 import { getTestKnex } from '../../utils/get-test-knex.js';
 import { TestUtils } from '../../utils/test.utils.js';
-import { registerUserAndReturnUserInfo } from '../../utils/register-user-and-return-user-info.js';
+import { registerUserAndReturnUserInfo, createInitialTestUser } from '../../utils/register-user-and-return-user-info.js';
 import { setSaasEnvVariable } from '../../utils/set-saas-env-variable.js';
 import { ValidationException } from '../../../src/exceptions/custom-exceptions/validation-exception.js';
 import { ValidationError } from 'class-validator';
@@ -48,6 +48,7 @@ test.before(async () => {
     }),
   );
   await app.init();
+  await createInitialTestUser(app);
   app.getHttpServer().listen(0);
 });
 

backend/test/ava-tests/non-saas-tests/non-saas-custom-field-e2e.test.ts

@@ -9,7 +9,7 @@ import { INestApplication, ValidationPipe } from '@nestjs/common';
 import { MockFactory } from '../../mock.factory.js';
 import { Encryptor } from '../../../src/helpers/encryption/encryptor.js';
 import test from 'ava';
-import { registerUserAndReturnUserInfo } from '../../utils/register-user-and-return-user-info.js';
+import { registerUserAndReturnUserInfo, createInitialTestUser } from '../../utils/register-user-and-return-user-info.js';
 import { getTestData } from '../../utils/get-test-data.js';
 import request from 'supertest';
 import { replaceTextInCurlies } from '../../../src/helpers/index.js';
@@ -56,6 +56,7 @@ test.before(async () => {
 		}),
 	);
 	await app.init();
+	await createInitialTestUser(app);
 	app.getHttpServer().listen(0);
 });
 

backend/test/ava-tests/non-saas-tests/non-saas-dashboard-e2e.test.ts

@@ -15,7 +15,7 @@ import { DatabaseModule } from '../../../src/shared/database/database.module.js'
 import { DatabaseService } from '../../../src/shared/database/database.service.js';
 import { MockFactory } from '../../mock.factory.js';
 import { getTestData } from '../../utils/get-test-data.js';
-import { registerUserAndReturnUserInfo } from '../../utils/register-user-and-return-user-info.js';
+import { registerUserAndReturnUserInfo, createInitialTestUser } from '../../utils/register-user-and-return-user-info.js';
 import { setSaasEnvVariable } from '../../utils/set-saas-env-variable.js';
 import { TestUtils } from '../../utils/test.utils.js';
 import { DashboardWidgetTypeEnum } from '../../../src/enums/dashboard-widget-type.enum.js';
@@ -46,6 +46,7 @@ test.before(async () => {
 		}),
 	);
 	await app.init();
+	await createInitialTestUser(app);
 	app.getHttpServer().listen(0);
 });
 

backend/test/ava-tests/non-saas-tests/non-saas-group-e2e.test.ts

@@ -12,6 +12,7 @@ import { AllExceptionsFilter } from '../../../src/exceptions/all-exceptions.filt
 import {
   inviteUserInCompanyAndAcceptInvitation,
   registerUserAndReturnUserInfo,
+  createInitialTestUser,
 } from '../../utils/register-user-and-return-user-info.js';
 import { getTestData } from '../../utils/get-test-data.js';
 import request from 'supertest';
@@ -57,6 +58,7 @@ test.before(async () => {
     }),
   );
   await app.init();
+  await createInitialTestUser(app);
   app.getHttpServer().listen(0);
 });
 

backend/test/ava-tests/non-saas-tests/non-saas-permissions-e2e.test.ts

@@ -11,7 +11,7 @@ import { DatabaseModule } from '../../../src/shared/database/database.module.js'
 import { DatabaseService } from '../../../src/shared/database/database.service.js';
 import cookieParser from 'cookie-parser';
 import { AllExceptionsFilter } from '../../../src/exceptions/all-exceptions.filter.js';
-import { registerUserAndReturnUserInfo } from '../../utils/register-user-and-return-user-info.js';
+import { registerUserAndReturnUserInfo, createInitialTestUser } from '../../utils/register-user-and-return-user-info.js';
 import { getTestData } from '../../utils/get-test-data.js';
 import request from 'supertest';
 import { AccessLevelEnum } from '../../../src/enums/index.js';
@@ -46,6 +46,7 @@ test.before(async () => {
     }),
   );
   await app.init();
+  await createInitialTestUser(app);
   app.getHttpServer().listen(0);
 });