r/mnemosyne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(mcp_server): add --password option to ensure_service_user command
All checks were successful
CVE Scan & Docker Build / security-scan (push) Successful in 1m2s
Details
CVE Scan & Docker Build / build-and-push (push) Successful in 2m15s
Details

Browse Source
This commit is contained in:
Robert Helewka
2026-05-04 08:43:55 -04:00
parent df2e495660
commit e34b7f46a5
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
mnemosyne/mcp_server/management/commands/ensure_service_user.py
View File

@@ -18,19 +18,27 @@ class Command(BaseCommand):
def add_arguments(self, parser): def add_arguments(self, parser):
parser.add_argument("--username", default="daedalus-service") parser.add_argument("--username", default="daedalus-service")
parser.add_argument("--email", default="daedalus-service@local") parser.add_argument("--email", default="daedalus-service@local")
parser.add_argument(
"--password",
default=None,
help=(
"Password for HTTP Basic auth (Daedalus REST calls). "
"Omit to set a random unusable password (JWT-only mode)."
),
)
def handle(self, *args, **options): def handle(self, *args, **options):
User = get_user_model() User = get_user_model()
username = options["username"] username = options["username"]
email = options["email"] email = options["email"]
password = options["password"] or secrets.token_urlsafe(32)
user, created = User.objects.get_or_create( user, created = User.objects.get_or_create(
username=username, username=username,
defaults={"email": email, "is_active": True}, defaults={"email": email, "is_active": True},
) )
if created: if created:
# Set a random password the user cannot log in with via the UI. user.set_password(password)
user.set_password(secrets.token_urlsafe(32))
user.save(update_fields=["password"]) user.save(update_fields=["password"])
self.stdout.write(self.style.SUCCESS(f"Created service user {username!r}")) self.stdout.write(self.style.SUCCESS(f"Created service user {username!r}"))
else: else:
@@ -41,8 +49,11 @@ class Command(BaseCommand):
if user.email != email: if user.email != email:
user.email = email user.email = email
changed = True changed = True
if options["password"]:
user.set_password(password)
changed = True
if changed: if changed:
user.save(update_fields=["is_active", "email"]) user.save(update_fields=["is_active", "email", "password"])
self.stdout.write(self.style.SUCCESS(f"Updated service user {username!r}")) self.stdout.write(self.style.SUCCESS(f"Updated service user {username!r}"))
else: else:
self.stdout.write(f"Service user {username!r} already provisioned") self.stdout.write(f"Service user {username!r} already provisioned")