-
-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add admin-cli #99
base: master
Are you sure you want to change the base?
Add admin-cli #99
Conversation
Thanks for the contribution! Let me know once it's ready to review and I'll review it. |
Oh, I made support for groups and permissions just because I saw them on the admin website and I just wanted to be fully compatible. I can remove it if there are no future plans for it. Btw, I'm completely new to django, so I only know how to add commands to manage.py. So by different services I meant mainly email on dovecot and postfix, so I have script which adds user to email, another script which adds user to etebase and a master script which uses both scripts. There is probably a way to share userdb across django services. I know about one more addition that I could implement. If the underwhelming |
I've just found the docker/test-server, but I guess that's just for testing client-app libraries (e.g. etebase-go). |
Yeah, only the |
It seems my approach was more TDD than BDD... I was testing And I've also found out that: user = User.objects.get(username='username')
user.set_password('new password')
user.save() will "just" change the password in |
BDD?
Yeah, but we are not doing it on purpose to protect accidental data loss (think that a single
Yeah, that's on purpose. The password field is actually unused by Etebase. We use a zero knowledge proof for auth. So password has to change client side... Is this ready for review or still WIP? |
It's not important. I was just doing wrong tests.
Ok, any hints on how to do it properly? Should I first remove the user from all collections (and delete them, if he was the only user in them) and then delete him? Anyways, it can always be abstracted into one function call.
Nice, but if I lose access to authorized client, will I be able to recover my encrypted data (e.g. through email password reset)? If so, there is probably a way to reset password from python on the server, which would be nice, but it could be used to compromise all accounts by the admin, which isn't the goal I guess.
It's still WIP, I've changed it to draft. |
Sorry for the slow reply, I missed your comment.
Yeah, the right way is to first remove the collections and everything that depends on it. You'll see, it's quite easy.
No way for the server to access the data nor modify the authentication password. The authentication is done using cryptography and we don't actually use the Django password field. So yeah, drop all of these.
Cool, let me know when ready. |
Okay, I think it's ready now. Here is a quick reference on how to use it: |
I've also found a hacky way to set predefined password for a user. This is useful if you're automatically creating users for many people. However, I didn't find this feature essential and it would add dependency to |
I've added a simple way to manage users and groups from the command line.
Now you should be able to do almost everything, if not everything, that you could do from the admin website. However, now you won't need to worry about superuser.
The most useful usecase would be creating the same users for multiple services with one script.