Register first user as admin

2025-02-23 14:40:36 +01:00 · 2024-07-29 16:44:13 +02:00 · 2024-07-29 16:44:13 +02:00 · f61592cb35
commit f61592cb35
parent 0df173b415
2 changed files with 30 additions and 13 deletions
--- a/BTCPayServer/App/API/AppApiController.Account.cs
+++ b/BTCPayServer/App/API/AppApiController.Account.cs
@ -6,14 +6,12 @@ using System.Threading.Tasks;
 using BTCPayApp.CommonServer.Models;
 using BTCPayServer.Abstractions.Constants;
 using BTCPayServer.Abstractions.Extensions;
-using BTCPayServer.Abstractions.Models;
 using BTCPayServer.Client.Models;
 using BTCPayServer.Data;
 using BTCPayServer.Events;
 using BTCPayServer.Plugins.PointOfSale;
 using BTCPayServer.Services;
 using BTCPayServer.Services.Apps;
-using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.BearerToken;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@ -37,33 +35,51 @@ public partial class AppApiController
    [RateLimitsFilter(ZoneLimits.Login, Scope = RateLimitsScope.RemoteAddress)]
    public async Task<Results<Ok<AccessTokenResponse>, Ok<SignupResult>, EmptyHttpResult, ProblemHttpResult>> Register(SignupRequest signup)
    {
-        var policiesSettings = await settingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
-        if (policiesSettings.LockSubscription)
+        var policies = await settingsRepository.GetSettingAsync<PoliciesSettings>() ?? new PoliciesSettings();
+        if (policies.LockSubscription)
            return TypedResults.Problem("This instance does not allow public user registration", statusCode: 401);
            
        var errorMessage = "Invalid signup attempt.";
        if (ModelState.IsValid)
        {
+            var isFirstAdmin = !(await userManager.GetUsersInRoleAsync(Roles.ServerAdmin)).Any();
            var user = new ApplicationUser
            {
                UserName = signup.Email,
                Email = signup.Email,
-                RequiresEmailConfirmation = policiesSettings.RequiresConfirmedEmail,
-                RequiresApproval = policiesSettings.RequiresUserApproval,
-                Created = DateTimeOffset.UtcNow
+                RequiresEmailConfirmation = policies.RequiresConfirmedEmail,
+                RequiresApproval = policies.RequiresUserApproval,
+                Created = DateTimeOffset.UtcNow,
+                Approved = isFirstAdmin // auto-approve first admin and users created by an admin
            };
+            
            var result = await userManager.CreateAsync(user, signup.Password);
            if (result.Succeeded)
            {
+                if (isFirstAdmin)
+                {
+                    await roleManager.CreateAsync(new IdentityRole(Roles.ServerAdmin));
+                    await userManager.AddToRoleAsync(user, Roles.ServerAdmin);
+                    var settings = await settingsRepository.GetSettingAsync<ThemeSettings>() ?? new ThemeSettings();
+                    if (settings.FirstRun)
+                    {
+                        settings.FirstRun = false;
+                        await settingsRepository.UpdateSetting(settings);
+                    }
+
+                    await settingsRepository.FirstAdminRegistered(policies, btcpayOptions.UpdateUrl != null, btcpayOptions.DisableRegistration, logs);
+                }
+
                eventAggregator.Publish(new UserRegisteredEvent
                {
                    RequestUri = Request.GetAbsoluteRootUri(),
-                    User = user
+                    User = user,
+                    Admin = isFirstAdmin
                });

                SignInResult? signInResult = null;
-                var requiresConfirmedEmail = policiesSettings.RequiresConfirmedEmail && !user.EmailConfirmed;
-                var requiresUserApproval = policiesSettings.RequiresUserApproval && !user.Approved;
+                var requiresConfirmedEmail = policies.RequiresConfirmedEmail && !user.EmailConfirmed;
+                var requiresUserApproval = policies.RequiresUserApproval && !user.Approved;
                if (!requiresConfirmedEmail && !requiresUserApproval)
                {
                    signInManager.AuthenticationScheme = Scheme;
--- a/BTCPayServer/App/API/AppApiController.cs
+++ b/BTCPayServer/App/API/AppApiController.cs
@ -5,6 +5,7 @@ using BTCPayApp.CommonServer.Models;
 using BTCPayServer.Abstractions.Constants;
 using BTCPayServer.Abstractions.Contracts;
 using BTCPayServer.Abstractions.Extensions;
+using BTCPayServer.Configuration;
 using BTCPayServer.Data;
 using BTCPayServer.Fido2;
 using BTCPayServer.Logging;
@ -18,7 +19,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;

@ -33,14 +33,15 @@ public partial class AppApiController(
    EventAggregator eventAggregator,
    SignInManager<ApplicationUser> signInManager,
    UserManager<ApplicationUser> userManager,
+    RoleManager<IdentityRole> roleManager,
    TimeProvider timeProvider,
-    ISettingsRepository settingsRepository,
+    SettingsRepository settingsRepository,
    UriResolver uriResolver,
    DefaultRulesCollection defaultRules,
    RateFetcher rateFactory,
-    LinkGenerator linkGenerator,
    UserLoginCodeService userLoginCodeService,
    Logs logs,
+    BTCPayServerOptions btcpayOptions,
    IOptionsMonitor<BearerTokenOptions> bearerTokenOptions)
    : Controller
 {