yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-11-12 17:02:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #12610: adminUsers lookup should be quoted, do not allow bot users s to be promoted to admin user via adminUsers config (#12611)

Browse Source 
* Fix #12610: adminUsers lookup should be quoted, do not allow bot users to be promoted to admin user via adminUsers config

* Fix #12610: adminUsers lookup should be quoted, do not allow bot users to be promoted to admin user via adminUsers config

* remove changes to yaml

---------

Co-authored-by: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com>
This commit is contained in:
Sriharsha Chintalapani 2023-07-27 23:34:48 -07:00 committed by GitHub
parent bad506b5d9
commit 50fb66c8dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java
View File

@ -35,6 +35,7 @@ import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.schema.security.client.OpenMetadataJWTClientConfig; import org.openmetadata.schema.security.client.OpenMetadataJWTClientConfig;
import org.openmetadata.schema.services.connections.metadata.AuthProvider; import org.openmetadata.schema.services.connections.metadata.AuthProvider;
import org.openmetadata.schema.type.EntityReference; import org.openmetadata.schema.type.EntityReference;
import org.openmetadata.schema.utils.EntityInterfaceUtil;
import org.openmetadata.service.Entity; import org.openmetadata.service.Entity;
import org.openmetadata.service.OpenMetadataApplicationConfig; import org.openmetadata.service.OpenMetadataApplicationConfig;
import org.openmetadata.service.exception.EntityNotFoundException; import org.openmetadata.service.exception.EntityNotFoundException;
@ -63,32 +64,40 @@ public final class UserUtil {
private static void createOrUpdateUser(AuthProvider authProvider, String username, String domain, Boolean isAdmin) private static void createOrUpdateUser(AuthProvider authProvider, String username, String domain, Boolean isAdmin)
throws IOException { throws IOException {
UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER); UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);
User updatedUser; User updatedUser = null;
try { try {
// Create Required Fields List // Create Required Fields List
Set<String> fieldList = new HashSet<>(userRepository.getPatchFields().getFieldList()); Set<String> fieldList = new HashSet<>(userRepository.getPatchFields().getFieldList());
fieldList.add("authenticationMechanism"); fieldList.add("authenticationMechanism");
// Fetch Original User, is available // Fetch Original User, is available
User originalUser = userRepository.getByName(null, username, new Fields(fieldList)); User originalUser =
updatedUser = originalUser; userRepository.getByName(null, EntityInterfaceUtil.quoteName(username), new Fields(fieldList));
if (!originalUser.getIsBot() && !originalUser.getIsAdmin()) {
updatedUser = originalUser;
// Update Auth Mechanism if not present, and send mail to the user // Update Auth Mechanism if not present, and send mail to the user
if (authProvider.equals(AuthProvider.BASIC)) { if (authProvider.equals(AuthProvider.BASIC)) {
if (originalUser.getAuthenticationMechanism() == null if (originalUser.getAuthenticationMechanism() == null
|| originalUser.getAuthenticationMechanism().equals(new AuthenticationMechanism())) { || originalUser.getAuthenticationMechanism().equals(new AuthenticationMechanism())) {
updateUserWithHashedPwd(updatedUser, getPassword()); updateUserWithHashedPwd(updatedUser, getPassword());
EmailUtil.sendInviteMailToAdmin(updatedUser, ADMIN_USER_NAME); EmailUtil.sendInviteMailToAdmin(updatedUser, ADMIN_USER_NAME);
}
} else {
updatedUser.setAuthenticationMechanism(new AuthenticationMechanism());
} }
// Update the specific fields isAdmin
updatedUser.setIsAdmin(isAdmin);
// user email
updatedUser.setEmail(String.format("%s@%s", username, domain));
} else { } else {
updatedUser.setAuthenticationMechanism(new AuthenticationMechanism()); LOG.error(
String.format(
"You configured bot user %s in initialAdmins config. Bot user cannot be promoted to be an admin.",
originalUser.getName()));
} }
// Update the specific fields isAdmin
updatedUser.setIsAdmin(isAdmin);
// user email
updatedUser.setEmail(String.format("%s@%s", username, domain));
} catch (EntityNotFoundException e) { } catch (EntityNotFoundException e) {
updatedUser = user(username, domain, username).withIsAdmin(isAdmin).withIsEmailVerified(true); updatedUser = user(username, domain, username).withIsAdmin(isAdmin).withIsEmailVerified(true);
// Update Auth Mechanism if not present, and send mail to the user // Update Auth Mechanism if not present, and send mail to the user
@ -99,7 +108,9 @@ public final class UserUtil {
} }
// Update the user // Update the user
addOrUpdateUser(updatedUser); if (updatedUser != null) {
addOrUpdateUser(updatedUser);
}
} }
private static String getPassword() { private static String getPassword() {