fix: admin users were created while the setup wizard wasn't finished

backend/prisma/migrations/20230126125501_reverse_shares/migration.sql

@@ -46,7 +46,6 @@ CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token");
 CREATE UNIQUE INDEX "ReverseShare_shareId_key" ON "ReverseShare"("shareId");
 
 -- Custom migration
-UPDATE Config SET `order` = 0 WHERE key = "SETUP_FINISHED";
 UPDATE Config SET `order` = 0 WHERE key = "JWT_SECRET";
 UPDATE Config SET `order` = 0 WHERE key = "TOTP_SECRET";
 
@@ -65,3 +64,4 @@ UPDATE Config SET `order` = 15 WHERE key = "SMTP_USERNAME";
 UPDATE Config SET `order` = 16 WHERE key = "SMTP_PASSWORD";
 
 INSERT INTO Config (`order`, `key`, `description`, `type`, `value`, `category`, `secret`, `updatedAt`) VALUES (11, "SMTP_ENABLED", "Whether SMTP is enabled. Only set this to true if you entered the host, port, email, user and password of your SMTP server.", "boolean", IFNULL((SELECT value FROM Config WHERE key="ENABLE_SHARE_EMAIL_RECIPIENTS"), "false"), "smtp", 0, strftime('%s', 'now'));
+INSERT INTO Config (`order`, `key`, `description`, `type`, `value`, `category`, `secret`, `updatedAt`, `locked`) VALUES (0, "SETUP_STATUS", "Status of the setup wizard", "string", IIF((SELECT value FROM Config WHERE key="SETUP_FINISHED") == "true", "FINISHED", "STARTED"), "internal", 0, strftime('%s', 'now'), 1);

backend/prisma/seed/config.seed.ts

@@ -4,10 +4,10 @@ import * as crypto from "crypto";
 const configVariables: Prisma.ConfigCreateInput[] = [
   {
     order: 0,
-    key: "SETUP_FINISHED",
+    key: "SETUP_STATUS",
     description: "Status of the setup wizard",
-    type: "boolean",
-    value: "false",
+    type: "string",
+    value: "STARTED", // STARTED, REGISTERED, FINISHED
     category: "internal",
     secret: false,
     locked: true,

backend/src/auth/auth.service.ts

@@ -23,6 +23,8 @@ export class AuthService {
   ) {}
 
   async signUp(dto: AuthRegisterDTO) {
+    const isFirstUser = this.config.get("SETUP_STATUS") == "STARTED";
+
     const hash = await argon.hash(dto.password);
     try {
       const user = await this.prisma.user.create({
@@ -30,10 +32,14 @@ export class AuthService {
           email: dto.email,
           username: dto.username,
           password: hash,
-          isAdmin: !this.config.get("SETUP_FINISHED"),
+          isAdmin: isFirstUser,
         },
       });
 
+      if (isFirstUser) {
+        await this.config.changeSetupStatus("REGISTERED");
+      }
+
       const { refreshToken, refreshTokenId } = await this.createRefreshToken(
         user.id
       );

backend/src/config/config.controller.ts

@@ -37,7 +37,7 @@ export class ConfigController {
   @Post("admin/finishSetup")
   @UseGuards(JwtGuard, AdministratorGuard)
   async finishSetup() {
-    return await this.configService.finishSetup();
+    return await this.configService.changeSetupStatus("FINISHED");
   }
 
   @Post("admin/testEmail")

backend/src/config/config.service.ts

@@ -76,10 +76,10 @@ export class ConfigService {
     return updatedVariable;
   }
 
-  async finishSetup() {
+  async changeSetupStatus(status: "STARTED" | "REGISTERED" | "FINISHED") {
     return await this.prisma.config.update({
-      where: { key: "SETUP_FINISHED" },
-      data: { value: "true" },
+      where: { key: "SETUP_STATUS" },
+      data: { value: status },
     });
   }
 }

frontend/src/components/admin/configuration/AdminConfigTable.tsx

@@ -112,15 +112,7 @@ const AdminConfigTable = () => {
       <Group position="right">
         <Button
           onClick={() => {
-            if (config.get("SETUP_FINISHED")) {
-              configService
-                .updateMany(updatedConfigVariables)
-                .then(() => {
-                  updatedConfigVariables = [];
-                  toast.success("Configurations updated successfully");
-                })
-                .catch(toast.axiosError);
-            } else {
+            if (config.get("SETUP_STATUS") == "REGISTERED") {
               configService
                 .updateMany(updatedConfigVariables)
                 .then(async () => {
@@ -128,6 +120,14 @@ const AdminConfigTable = () => {
                   window.location.reload();
                 })
                 .catch(toast.axiosError);
+            } else {
+              configService
+                .updateMany(updatedConfigVariables)
+                .then(() => {
+                  updatedConfigVariables = [];
+                  toast.success("Configurations updated successfully");
+                })
+                .catch(toast.axiosError);
             }
           }}
         >

frontend/src/pages/_app.tsx

@@ -46,15 +46,24 @@ function App({ Component, pageProps }: AppProps) {
     getInitalData();
   }, []);
 
+  // Redirect to setup page if setup is not completed
   useEffect(() => {
     if (
       configVariables &&
-      configVariables.filter((variable) => variable.key)[0].value == "false" &&
       !["/auth/signUp", "/admin/setup"].includes(router.asPath)
     ) {
-      router.push(!user ? "/auth/signUp" : "/admin/setup");
+      const setupStatus = configVariables.filter(
+        (variable) => variable.key == "SETUP_STATUS"
+      )[0].value;
+      if (setupStatus == "STARTED") {
+        router.replace("/auth/signUp");
+      } else if (user && setupStatus == "REGISTERED") {
+        router.replace("/admin/setup");
+      } else if (setupStatus == "REGISTERED") {
+        router.replace("/auth/signIn");
+      }
     }
-  }, [router.asPath]);
+  }, [configVariables, router.asPath]);
 
   useEffect(() => {
     setColorScheme(

frontend/src/pages/admin/setup.tsx

@@ -15,7 +15,7 @@ const Setup = () => {
   if (!user) {
     router.push("/auth/signUp");
     return;
-  } else if (config.get("SETUP_FINISHED")) {
+  } else if (config.get("SETUP_STATUS") == "FINISHED") {
     router.push("/");
     return;
   }