From 7100c03c192aaab805fdbe536cc878d42ac7f76e Mon Sep 17 00:00:00 2001
From: Jeny Sadadia <jeny.sadadia@collabora.com>
Date: Fri, 29 Dec 2023 18:22:10 +0530
Subject: [PATCH] api.admin: ensure unique email for admin users

The script is allowing multiple users with the
same email address. Fix the issue by creating
unique DB index on `User.email` field.
Remove manual check for existing `username`.
Catch `DuplicateKeyError` from `pymongo` while
creating users for duplicate username or
email field.

Signed-off-by: Jeny Sadadia <jeny.sadadia@collabora.com>
---
 api/admin.py | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/api/admin.py b/api/admin.py
index 06505471..657041f0 100644
--- a/api/admin.py
+++ b/api/admin.py
@@ -12,8 +12,8 @@
 import asyncio
 import argparse
 import sys
-
 import getpass
+import pymongo
 
 from .auth import Authentication
 from .db import Database
@@ -22,12 +22,6 @@
 
 async def setup_admin_user(db, username, email):
     """Create an admin user"""
-    user_obj = await db.find_one_by_attributes(User,
-                                               {'username': username})
-    if user_obj:
-        print(f"User {username} already exists, aborting.")
-        print(user_obj.json())
-        return None
     password = getpass.getpass(f"Password for user '{username}': ")
     retyped = getpass.getpass(f"Retype password for user '{username}': ")
     if password != retyped:
@@ -35,18 +29,27 @@ async def setup_admin_user(db, username, email):
         return None
     hashed_password = Authentication.get_password_hash(password)
     print(f"Creating {username} user...")
-    return await db.create(User(
-        username=username,
-        hashed_password=hashed_password,
-        email=email,
-        is_superuser=1,
-        is_verified=1,
-    ))
+    try:
+        return await db.create(User(
+            username=username,
+            hashed_password=hashed_password,
+            email=email,
+            is_superuser=1,
+            is_verified=1,
+        ))
+    except pymongo.errors.DuplicateKeyError as exc:
+        err = str(exc)
+        if "username" in err:
+            print(f"User {username} already exists, aborting.")
+        elif "email" in err:
+            print(f"User with {email} already exists, aborting.")
+        return None
 
 
 async def main(args):
     db = Database(args.mongo, args.database)
     await db.initialize_beanie()
+    await db.create_indexes()
     await setup_admin_user(db, args.username, args.email)
     return True