Add fixed salt for admin password

Author: MarceloRGonc

packages/server/api/src/app/database/seeds/seed-admin.ts

@@ -1,7 +1,3 @@
-import {
-  authenticateUserInOpenOpsTables,
-  resetUserPassword,
-} from '@openops/common';
 import { AppSystemProp, logger, system } from '@openops/server-shared';
 import { OrganizationRole, Provider, User } from '@openops/shared';
 import { authenticationService } from '../../authentication/basic/authentication-service';
@@ -79,9 +75,6 @@ async function ensureUserExists(
   );
 
   user = await createAdminUser(email, password);
-  const { token } = await authenticateUserInOpenOpsTables(email, password);
-  await resetUserPassword(email, user.password, token);
-
   return user;
 }
 
@@ -170,13 +163,10 @@ async function upsertAdminPassword(
   const email = user.email;
   logger.info(`Updating password for admin [${email}]`, email);
 
-  const updatedUser = await userService.updatePassword({
+  await userService.updateAdminPassword({
     id: user.id,
     newPassword,
   });
-
-  const { token } = await authenticateUserInOpenOpsTables(email, newPassword);
-  await resetUserPassword(email, updatedUser.password, token);
 }
 
 async function upsertAdminEmail(user: User, email: string): Promise<void> {
@@ -186,7 +176,7 @@ async function upsertAdminEmail(user: User, email: string): Promise<void> {
 }
 
 function createAdminUser(email: string, password: string): Promise<User> {
-  return userService.create({
+  return userService.createAdminUser({
     email,
     password,
     organizationRole: OrganizationRole.ADMIN,

packages/server/api/src/app/user/user-service.ts

@@ -1,4 +1,4 @@
-import { cacheWrapper } from '@openops/server-shared';
+import { AppSystemProp, cacheWrapper, system } from '@openops/server-shared';
 import {
   ApplicationError,
   assertValidEmail,
@@ -16,6 +16,7 @@ import {
   UserMeta,
   UserStatus,
 } from '@openops/shared';
+import bcrypt from 'bcrypt';
 import dayjs from 'dayjs';
 import { passwordHasher } from '../authentication/basic/password-hasher';
 import { repoFactory } from '../core/db/repo-factory';
@@ -28,17 +29,24 @@ export const userService = {
   async create(params: CreateParams): Promise<User> {
     const hashedPassword = await passwordHasher.hash(params.password);
 
-    const user: NewUser = {
+    return saveUser({
       id: openOpsId(),
       ...params,
       organizationRole: params.organizationRole,
       status: UserStatus.ACTIVE,
       password: hashedPassword,
-    };
-
-    sendUserCreatedEvent(user.id, user.organizationId);
+    });
+  },
+  async createAdminUser(params: CreateParams): Promise<User> {
+    const hashedPassword = await bcrypt.hash(params.password, getStaticSalt());
 
-    return userRepo().save(user);
+    return saveUser({
+      id: openOpsId(),
+      ...params,
+      organizationRole: params.organizationRole,
+      status: UserStatus.ACTIVE,
+      password: hashedPassword,
+    });
   },
   async update({
     id,
@@ -198,13 +206,13 @@ export const userService = {
     });
   },
 
-  async updatePassword({
+  async updateAdminPassword({
     id,
     newPassword,
   }: UpdatePasswordParams): Promise<User> {
     assertValidPassword(newPassword);
 
-    const hashedPassword = await passwordHasher.hash(newPassword);
+    const hashedPassword = await bcrypt.hash(newPassword, getStaticSalt());
 
     await userRepo().update(id, {
       updated: dayjs().toISOString(),
@@ -295,6 +303,17 @@ export const userService = {
   },
 };
 
+function saveUser(user: NewUser): Promise<User> {
+  sendUserCreatedEvent(user.id, user.organizationId);
+
+  return userRepo().save(user);
+}
+
+function getStaticSalt(): string {
+  return system.getOrThrow<string>(AppSystemProp.OPENOPS_ADMIN_PASSWORD_SALT);
+}
+
+
 type DeleteParams = {
   id: UserId;
   organizationId: OrganizationId | null;

packages/server/shared/src/lib/system/system-prop.ts

@@ -66,6 +66,7 @@ export enum AppSystemProp {
 
   OPENOPS_ADMIN_EMAIL = 'OPENOPS_ADMIN_EMAIL',
   OPENOPS_ADMIN_PASSWORD = 'OPENOPS_ADMIN_PASSWORD',
+  OPENOPS_ADMIN_PASSWORD_SALT = 'OPENOPS_ADMIN_PASSWORD_SALT',
 
   OPENOPS_TABLES_DATABASE_NAME = 'OPENOPS_TABLES_DATABASE_NAME',
   OPENOPS_TABLES_PUBLIC_URL = 'OPENOPS_TABLES_PUBLIC_URL',

packages/server/shared/src/lib/system/system.ts

@@ -100,6 +100,7 @@ const systemPropDefaultValues: Partial<Record<SystemProp, string>> = {
   [AppSystemProp.TELEMETRY_MODE]: 'COLLECTOR',
   [AppSystemProp.TELEMETRY_COLLECTOR_URL]: 'https://telemetry.openops.com/save',
   [SharedSystemProp.ENABLE_HOST_VALIDATION]: 'true',
+  [AppSystemProp.OPENOPS_ADMIN_PASSWORD_SALT]: '$2b$10$6zuoB5d8Dz9bzV91gpuynO',
 };
 
 export const system = {