Bootstrap users fix + Ldap Fix error message (#11463)

* Fix issues in Bootstrapping Admin Users * Fix Ldap Binding Message * Remove delete * do not remove the user on own * failing tests fix * null should also add auth-mechanism
2025-09-17 13:00:56 +00:00 · 2023-05-08 23:52:55 +05:30 · 2023-05-08 23:52:55 +05:30 · f50bf5ec70
commit f50bf5ec70
parent 196681b499
3 changed files with 49 additions and 47 deletions
--- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/UserRepository.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/UserRepository.java
@ -36,7 +36,6 @@ import org.apache.commons.csv.CSVPrinter;
 import org.apache.commons.csv.CSVRecord;
 import org.openmetadata.csv.EntityCsv;
 import org.openmetadata.schema.api.teams.CreateTeam.TeamType;
-import org.openmetadata.schema.auth.SSOAuthMechanism;
 import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
 import org.openmetadata.schema.entity.teams.Team;
 import org.openmetadata.schema.entity.teams.User;
@ -222,19 +221,17 @@ public class UserRepository extends EntityRepository<User> {
  }

  public void initializeUsers(OpenMetadataApplicationConfig config) {
+    String providerType = config.getAuthenticationConfiguration().getProvider();
+    // Create Admins
    Set<String> adminUsers = new HashSet<>(config.getAuthorizerConfiguration().getAdminPrincipals());
    LOG.debug("Checking user entries for admin users {}", adminUsers);
    String domain = SecurityUtil.getDomain(config);
-    String providerType = config.getAuthenticationConfiguration().getProvider();
-    if (providerType.equals(SSOAuthMechanism.SsoServiceType.BASIC.value())) {
-      UserUtil.handleBasicAuth(adminUsers, domain);
-    } else {
-      UserUtil.addUsers(adminUsers, domain, true);
-    }
+    UserUtil.addUsers(providerType, adminUsers, domain, true);

+    // Create Test Users
    LOG.debug("Checking user entries for test users");
    Set<String> testUsers = new HashSet<>(config.getAuthorizerConfiguration().getTestPrincipals());
-    UserUtil.addUsers(testUsers, domain, null);
+    UserUtil.addUsers(providerType, testUsers, domain, null);
  }

  private List<EntityReference> getOwns(User user) throws IOException {
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/LdapAuthenticator.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/LdapAuthenticator.java
@ -171,7 +171,7 @@ public class LdapAuthenticator implements AuthenticatorHandler {
    if (bindingResult != null) {
      throw new CustomExceptionMessage(INTERNAL_SERVER_ERROR, bindingResult.getResultCode().getName());
    } else {
-      throw new CustomExceptionMessage(INTERNAL_SERVER_ERROR, "Binding for User in LDAP Failed.");
+      throw new CustomExceptionMessage(INTERNAL_SERVER_ERROR, INVALID_EMAIL_PASSWORD);
    }
  }

--- a/openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/util/UserUtil.java
@ -26,6 +26,7 @@ import static org.openmetadata.service.Entity.ADMIN_USER_NAME;

 import at.favre.lib.crypto.bcrypt.BCrypt;
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
 import java.util.Set;
@ -51,46 +52,57 @@ import org.openmetadata.service.security.jwt.JWTTokenGenerator;

@Slf4j
 public final class UserUtil {
-  private static final String COLON_DELIMITER = ":";

-  public static void handleBasicAuth(Set<String> adminUsers, String domain) {
+  public static void addUsers(String providerType, Set<String> adminUsers, String domain, Boolean isAdmin) {
    try {
-      for (String adminUser : adminUsers) {
-        if (adminUser.contains(COLON_DELIMITER)) {
-          String[] tokens = adminUser.split(COLON_DELIMITER);
-          addUserForBasicAuth(tokens[0], tokens[1], domain);
-        } else {
-          boolean isDefaultAdmin = adminUser.equals(ADMIN_USER_NAME);
-          String token = PasswordUtil.generateRandomPassword();
-          if (isDefaultAdmin) {
-            token = ADMIN_USER_NAME;
-          }
-          addUserForBasicAuth(adminUser, token, domain);
-        }
+      for (String username : adminUsers) {
+        createOrUpdateUser(providerType, username, domain, isAdmin);
      }
-    } catch (IOException e) {
-      LOG.error("Failed in Basic Auth Setup. Reason : {}", e.getMessage());
+    } catch (Exception ex) {
+      LOG.error("[BootstrapUser] Encountered Exception while bootstrapping admin user", ex);
    }
  }

-  public static void addUserForBasicAuth(String username, String pwd, String domain) throws IOException {
+  private static void createOrUpdateUser(String providerType, String username, String domain, Boolean isAdmin)
+      throws IOException {
    UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);
+    User updatedUser;
    try {
-      List<String> fields = List.of("profile", "roles", "teams", "authenticationMechanism", "isEmailVerified");
-      User originalUser = userRepository.getByName(null, username, new EntityUtil.Fields(fields));
-      if (originalUser.getAuthenticationMechanism() == null) {
-        updateBasicAuthUser(originalUser, pwd);
-      }
-    } catch (EntityNotFoundException e) {
-      User user = user(username, domain, username).withIsAdmin(true).withIsEmailVerified(true);
-      updateBasicAuthUser(user, pwd);
-    }
-  }
+      // Create Required Fields List
+      List<String> fieldList = new ArrayList<>(userRepository.getPatchFields().getFieldList());
+      fieldList.add("authenticationMechanism");

-  private static void updateBasicAuthUser(User user, String pwd) {
-    updateUserWithHashedPwd(user, pwd);
-    addOrUpdateUser(user);
-    EmailUtil.sendInviteMailToAdmin(user, pwd);
+      // Fetch Original User, is available
+      User originalUser = userRepository.getByName(null, username, new EntityUtil.Fields(fieldList));
+      updatedUser = originalUser;
+
+      // Update Auth Mechanism if not present, and send mail to the user
+      if (providerType.equals(SSOAuthMechanism.SsoServiceType.BASIC.value())) {
+        if (originalUser.getAuthenticationMechanism() == null
+            || originalUser.getAuthenticationMechanism().equals(new AuthenticationMechanism())) {
+          updateUserWithHashedPwd(updatedUser, ADMIN_USER_NAME);
+          EmailUtil.sendInviteMailToAdmin(updatedUser, ADMIN_USER_NAME);
+        }
+      } else {
+        updatedUser.setAuthenticationMechanism(new AuthenticationMechanism());
+      }
+
+      // Update the specific fields isAdmin
+      updatedUser.setIsAdmin(isAdmin);
+
+      // user email
+      updatedUser.setEmail(String.format("%s@%s", username, domain));
+    } catch (EntityNotFoundException e) {
+      updatedUser = user(username, domain, username).withIsAdmin(isAdmin).withIsEmailVerified(true);
+      // Update Auth Mechanism if not present, and send mail to the user
+      if (providerType.equals(SSOAuthMechanism.SsoServiceType.BASIC.value())) {
+        updateUserWithHashedPwd(updatedUser, ADMIN_USER_NAME);
+        EmailUtil.sendInviteMailToAdmin(updatedUser, ADMIN_USER_NAME);
+      }
+    }
+
+    // Update the user
+    addOrUpdateUser(updatedUser);
  }

  public static void updateUserWithHashedPwd(User user, String pwd) {
@ -101,13 +113,6 @@ public final class UserUtil {
            .withConfig(new BasicAuthMechanism().withPassword(hashedPwd)));
  }

-  public static void addUsers(Set<String> users, String domain, Boolean isAdmin) {
-    for (String userName : users) {
-      User user = user(userName, domain, userName).withIsAdmin(isAdmin);
-      addOrUpdateUser(user);
-    }
-  }
-
  public static User addOrUpdateUser(User user) {
    UserRepository userRepository = (UserRepository) Entity.getEntityRepository(Entity.USER);
    try {