users: Deal with admin user already existing during first boot

- Trying to create another admin user using the first boot wizard will certainly fail. - Show the list of admin users in the system so that they an be deleted and creation of admin by first boot wizard can continue. - If existing account can already work (such as when Plinth and LDAP entries exist) allow skipping the step. - Since the scenario is mostly like encountered only during advanced usage and not for most regular users, the technical nature of solutions is okay. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
2026-01-28 08:03:36 +00:00 · 2020-10-04 20:59:51 -07:00 · 2020-10-04 20:59:51 -07:00 · 30c326523e
commit 30c326523e
parent dfaf009d3c
2 changed files with 69 additions and 14 deletions
--- a/plinth/modules/users/templates/users_firstboot.html
+++ b/plinth/modules/users/templates/users_firstboot.html
@ -10,21 +10,57 @@
 {% block content %}
  <h2>{% trans "Administrator Account" %}</h2>

-  <p>
-    {% blocktrans trimmed %}
-      Choose a username and password to access this web interface.
-      The password can be changed later. This user will be granted
-      administrative privileges. Other users can be added later.
-    {% endblocktrans %}
-  </p>
+  {% if not admin_users %}
+    <p>
+      {% blocktrans trimmed %}
+        Choose a username and password to access this web interface.
+        The password can be changed later. This user will be granted
+        administrative privileges. Other users can be added later.
+      {% endblocktrans %}
+    </p>

-  <form class="form" method="post">
-    {% csrf_token %}
+    <form class="form" method="post">
+      {% csrf_token %}

-    {{ form|bootstrap }}
+      {{ form|bootstrap }}

-    <input type="submit" class="btn btn-primary"
-           value="{% trans "Create Account" %}"/>
-  </form>
+      <input type="submit" class="btn btn-primary"
+             value="{% trans "Create Account" %}"/>
+    </form>
+  {% else %}
+    <div class="alert alert-danger" role="alert">
+      {% blocktrans trimmed %}
+        An administrator account already exists.
+      {% endblocktrans %}
+    </div>
+
+    <p>
+      {% blocktrans trimmed %}
+        The following administrator accounts exist in the system.
+      {% endblocktrans %}
+    </p>
+
+    <ul>
+      {% for user in admin_users %}
+        <li>{{ user }} </li>
+      {% endfor %}
+    </ul>
+
+    <p>
+      {% blocktrans trimmed %}
+        Delete these accounts from command line and refresh the page to create
+        an account that is usable with {{ box_name }}. On the command line run
+        the command 'echo "{password}" | /usr/share/plinth/actions/users
+        remove-user {username}'. If an account is already usable with
+        {{ box_name }}, skip this step.
+      {% endblocktrans %}
+    </p>
+
+    <form class="form" method="post">
+      {% csrf_token %}
+
+      <input type="submit" class="btn btn-link" name="skip"
+             value="{% trans "Skip this step" %}"/>
+    </form>
+  {% endif %}
 {% endblock %}
-
--- a/plinth/modules/users/views.py
+++ b/plinth/modules/users/views.py
@ -6,6 +6,7 @@ from django.contrib.auth import update_session_auth_hash
 from django.contrib.auth.models import User
 from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import PermissionDenied
+from django.http import HttpResponseRedirect
 from django.urls import reverse, reverse_lazy
 from django.utils.translation import ugettext as _
 from django.utils.translation import ugettext_lazy
@ -185,6 +186,24 @@ class FirstBootView(django.views.generic.CreateView):

    form_class = FirstBootForm

+    def dispatch(self, request, *args, **kwargs):
+        """Check if there is no possibility to create a new admin account."""
+        if request.method == 'POST' and 'skip' in request.POST:
+            first_boot.mark_step_done('users_firstboot')
+            return HttpResponseRedirect(reverse(first_boot.next_step()))
+
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_context_data(self, *args, **kwargs):
+        """Add admin users to context data."""
+        context = super().get_context_data(*args, **kwargs)
+
+        output = actions.superuser_run('users', ['get-group-users', 'admin'])
+        admin_users = output.strip().split('\n') if output.strip() else []
+        context['admin_users'] = admin_users
+
+        return context
+
    def get_form_kwargs(self):
        """Make request available to the form (to insert messages)"""
        kwargs = super(FirstBootView, self).get_form_kwargs()