Add docker admin bootstrap for clean release

2026-03-13 11:41:44 +03:00
parent 2aea70a0f6
commit 152f19eba2
12 changed files with 254 additions and 25 deletions
--- a/backend/tests/test_auth.py
+++ b/backend/tests/test_auth.py
@@ -12,6 +12,7 @@ from src.models.auth import User, Role, Permission, ADGroupMapping
 from src.services.auth_service import AuthService
 from src.core.auth.repository import AuthRepository
 from src.core.auth.security import verify_password, get_password_hash
+from src.scripts.create_admin import create_admin

 # Create in-memory SQLite database for testing
 SQLALCHEMY_DATABASE_URL = "sqlite:///:memory:"
@@ -159,3 +160,32 @@ def test_ad_group_mapping(auth_repo):
    retrieved_mapping = auth_repo.db.query(ADGroupMapping).filter_by(ad_group="DOMAIN\\ADFS_Admins").first()
    assert retrieved_mapping is not None
    assert retrieved_mapping.role_id == role.id
+
+
+def test_create_admin_creates_user_with_optional_email(monkeypatch, db_session):
+    """Test bootstrap admin creation stores optional email and Admin role"""
+    monkeypatch.setattr("src.scripts.create_admin.AuthSessionLocal", lambda: db_session)
+
+    result = create_admin("bootstrap-admin", "bootstrap-pass", "admin@example.com")
+
+    created_user = db_session.query(User).filter(User.username == "bootstrap-admin").first()
+    assert result == "created"
+    assert created_user is not None
+    assert created_user.email == "admin@example.com"
+    assert created_user.roles[0].name == "Admin"
+
+
+def test_create_admin_is_idempotent_for_existing_user(monkeypatch, db_session):
+    """Test bootstrap admin creation preserves existing user on repeated runs"""
+    monkeypatch.setattr("src.scripts.create_admin.AuthSessionLocal", lambda: db_session)
+
+    first_result = create_admin("bootstrap-admin-2", "bootstrap-pass")
+    second_result = create_admin("bootstrap-admin-2", "new-password", "changed@example.com")
+
+    created_user = db_session.query(User).filter(User.username == "bootstrap-admin-2").first()
+    assert first_result == "created"
+    assert second_result == "exists"
+    assert created_user is not None
+    assert created_user.email is None
+    assert verify_password("bootstrap-pass", created_user.password_hash)
+    assert not verify_password("new-password", created_user.password_hash)