From a46c8e7f41dea6515bd60ab620c14aa2fd3deb95 Mon Sep 17 00:00:00 2001 From: Georg Krause Date: Wed, 7 Jun 2023 09:31:59 +0200 Subject: [PATCH] fix(api): Avoid the creation of users using djangos createsuperuser command --- api/config/settings/common.py | 4 ++-- .../management/commands/createsuperuser.py | 22 +++++++++++++++++++ changes/changelog.d/1288.feature | 3 +++ 3 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 api/funkwhale_api/common/management/commands/createsuperuser.py create mode 100644 changes/changelog.d/1288.feature diff --git a/api/config/settings/common.py b/api/config/settings/common.py index af4e1924c..ffbe4c4fb 100644 --- a/api/config/settings/common.py +++ b/api/config/settings/common.py @@ -281,9 +281,9 @@ ADDITIONAL_APPS = env.list("ADDITIONAL_APPS", default=[]) List of Django apps to load in addition to Funkwhale plugins and apps. """ INSTALLED_APPS = ( - DJANGO_APPS + LOCAL_APPS + + DJANGO_APPS + THIRD_PARTY_APPS - + LOCAL_APPS + tuple(ADDITIONAL_APPS) + tuple(plugins.trigger_filter(plugins.PLUGINS_APPS, [], enabled=True)) ) diff --git a/api/funkwhale_api/common/management/commands/createsuperuser.py b/api/funkwhale_api/common/management/commands/createsuperuser.py new file mode 100644 index 000000000..49a59753f --- /dev/null +++ b/api/funkwhale_api/common/management/commands/createsuperuser.py @@ -0,0 +1,22 @@ +import os + +from django.contrib.auth.management.commands.createsuperuser import ( + Command as BaseCommand, +) +from django.core.management.base import CommandError + + +class Command(BaseCommand): + def handle(self, *apps_label, **options): + """ + Creating Django Superusers would bypass some of our username checks, which can lead to unexpected behaviour. + We therefore prohibit the execution of the command. + """ + if not os.environ.get("FORCE") == "1": + raise CommandError( + "Running createsuperuser on your Funkwhale instance bypasses some of our checks " + "which can lead to unexpected behavior of your instance. We therefore suggest to " + "run `funkwhale-manage fw users create --superuser` instead." + ) + + return super().handle(*apps_label, **options) diff --git a/changes/changelog.d/1288.feature b/changes/changelog.d/1288.feature new file mode 100644 index 000000000..d4deefedc --- /dev/null +++ b/changes/changelog.d/1288.feature @@ -0,0 +1,3 @@ + +Prohibit the creation of new users using django's `createsuperuser` command in favor of our own CLI +entry point. Run `funkwhale-manage fw users create --superuser` instead. (#1288)