feat: Generate random admin user password in dev mode

mafredri · mafredri · commit 058b0885ed34 · 2022-04-28T14:08:16.000Z
diff --git a/cli/server.go b/cli/server.go
@@ -41,27 +41,23 @@ import (
 	"github.com/coder/coder/coderd/gitsshkey"
 	"github.com/coder/coder/coderd/turnconn"
 	"github.com/coder/coder/codersdk"
+	"github.com/coder/coder/cryptorand"
 	"github.com/coder/coder/provisioner/terraform"
 	"github.com/coder/coder/provisionerd"
 	"github.com/coder/coder/provisionersdk"
 	"github.com/coder/coder/provisionersdk/proto"
 )
 
-var defaultDevUser = codersdk.CreateFirstUserRequest{
-	Email:            "admin@coder.com",
-	Username:         "developer",
-	Password:         "password",
-	OrganizationName: "acme-corp",
-}
-
 // nolint:gocyclo
 func server() *cobra.Command {
 	var (
-		accessURL   string
-		address     string
-		cacheDir    string
-		dev         bool
-		postgresURL string
+		accessURL       string
+		address         string
+		cacheDir        string
+		dev             bool
+		devUserEmail    string
+		devUserPassword string
+		postgresURL     string
 		// provisionerDaemonCount is a uint8 to ensure a number > 0.
 		provisionerDaemonCount           uint8
 		oauth2GithubClientID             string
@@ -278,12 +274,18 @@ func server() *cobra.Command {
 			config := createConfig(cmd)
 
 			if dev {
-				err = createFirstUser(cmd, client, config)
+				if devUserPassword == "" {
+					devUserPassword, err = cryptorand.String(10)
+					if err != nil {
+						return xerrors.Errorf("generate random admin password for dev: %w", err)
+					}
+				}
+				err = createFirstUser(cmd, client, config, devUserEmail, devUserPassword)
 				if err != nil {
 					return xerrors.Errorf("create first user: %w", err)
 				}
-				_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "email: %s\n", defaultDevUser.Email)
-				_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "password: %s\n", defaultDevUser.Password)
+				_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "email: %s\n", devUserEmail)
+				_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "password: %s\n", devUserPassword)
 				_, _ = fmt.Fprintln(cmd.ErrOrStderr())
 
 				_, _ = fmt.Fprintf(cmd.ErrOrStderr(), cliui.Styles.Wrap.Render(`Started in dev mode. All data is in-memory! `+cliui.Styles.Bold.Render("Do not use in production")+`. Press `+
@@ -409,6 +411,8 @@ func server() *cobra.Command {
 	// systemd uses the CACHE_DIRECTORY environment variable!
 	cliflag.StringVarP(root.Flags(), &cacheDir, "cache-dir", "", "CACHE_DIRECTORY", filepath.Join(os.TempDir(), "coder-cache"), "Specifies a directory to cache binaries for provision operations.")
 	cliflag.BoolVarP(root.Flags(), &dev, "dev", "", "CODER_DEV_MODE", false, "Serve Coder in dev mode for tinkering")
+	cliflag.StringVarP(root.Flags(), &devUserEmail, "dev-admin-email", "", "CODER_DEV_ADMIN_EMAIL", "admin@coder.com", "Specifies the admin email to be used in dev mode (--dev)")
+	cliflag.StringVarP(root.Flags(), &devUserPassword, "dev-admin-password", "", "CODER_DEV_ADMIN_PASSWORD", "", "Specifies the admin password to be used in dev mode (--dev) instead of a randomly generated one")
 	cliflag.StringVarP(root.Flags(), &postgresURL, "postgres-url", "", "CODER_PG_CONNECTION_URL", "", "URL of a PostgreSQL database to connect to")
 	cliflag.Uint8VarP(root.Flags(), &provisionerDaemonCount, "provisioner-daemons", "", "CODER_PROVISIONER_DAEMONS", 3, "The amount of provisioner daemons to create on start.")
 	cliflag.StringVarP(root.Flags(), &oauth2GithubClientID, "oauth2-github-client-id", "", "CODER_OAUTH2_GITHUB_CLIENT_ID", "",
@@ -450,14 +454,25 @@ func server() *cobra.Command {
 	return root
 }
 
-func createFirstUser(cmd *cobra.Command, client *codersdk.Client, cfg config.Root) error {
-	_, err := client.CreateFirstUser(cmd.Context(), defaultDevUser)
+func createFirstUser(cmd *cobra.Command, client *codersdk.Client, cfg config.Root, email, password string) error {
+	if email == "" {
+		return xerrors.New("email is empty")
+	}
+	if password == "" {
+		return xerrors.New("password is empty")
+	}
+	_, err := client.CreateFirstUser(cmd.Context(), codersdk.CreateFirstUserRequest{
+		Email:            email,
+		Username:         "developer",
+		Password:         password,
+		OrganizationName: "acme-corp",
+	})
 	if err != nil {
 		return xerrors.Errorf("create first user: %w", err)
 	}
 	token, err := client.LoginWithPassword(cmd.Context(), codersdk.LoginWithPasswordRequest{
-		Email:    defaultDevUser.Email,
-		Password: defaultDevUser.Password,
+		Email:    email,
+		Password: password,
 	})
 	if err != nil {
 		return xerrors.Errorf("login with first user: %w", err)
diff --git a/cli/server_test.go b/cli/server_test.go
@@ -1,7 +1,6 @@
 package cli_test
 
 import (
-	"bytes"
 	"context"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -10,12 +9,14 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
+	"fmt"
 	"math/big"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"runtime"
+	"strings"
 	"testing"
 	"time"
 
@@ -74,18 +75,26 @@ func TestServer(t *testing.T) {
 		t.Parallel()
 		ctx, cancelFunc := context.WithCancel(context.Background())
 		defer cancelFunc()
+
+		wantEmail := "admin@coder.com"
+
 		root, cfg := clitest.New(t, "server", "--dev", "--skip-tunnel", "--address", ":0")
-		var stdoutBuf bytes.Buffer
-		root.SetOutput(&stdoutBuf)
+		var buf strings.Builder
+		root.SetOutput(&buf)
 		go func() {
 			err := root.ExecuteContext(ctx)
 			require.ErrorIs(t, err, context.Canceled)
 
 			// Verify that credentials were output to the terminal.
-			wantEmail := "email: admin@coder.com"
-			wantPassword := "password: password"
-			assert.Contains(t, stdoutBuf.String(), wantEmail, "expected output %q; got no match", wantEmail)
-			assert.Contains(t, stdoutBuf.String(), wantPassword, "expected output %q; got no match", wantPassword)
+			assert.Contains(t, buf.String(), fmt.Sprintf("email: %s", wantEmail), "expected output %q; got no match", wantEmail)
+			// Check that the password line is output and that it's non-empty.
+			if _, after, found := strings.Cut(buf.String(), "password: "); found {
+				before, _, _ := strings.Cut(after, "\n")
+				before = strings.Trim(before, "\r") // Ensure no control character is left.
+				assert.NotEmpty(t, before, "expected non-empty password; got empty")
+			} else {
+				t.Error("expected password line output; got no match")
+			}
 		}()
 		var token string
 		require.Eventually(t, func() bool {
