Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exporting User Accounts #13073

Open
SzymonSel opened this issue Jan 12, 2023 · 28 comments
Open

Exporting User Accounts #13073

SzymonSel opened this issue Jan 12, 2023 · 28 comments
Milestone

Comments

@SzymonSel
Copy link
Member

I ended up here #7891 looking for a way of export and importing users from one istance to another. Is this still planned as a deployment task? What is the state of it's developement? Any way I could contribute?

@hishamco
Copy link
Member

We need a secrets module to deploy any sort of secrets in more confidential way, then deployments & recipes will take care about the rest

@deanmarcussen any plan to complete the Secrets module that you started with? Or shall some one continues the work that you already did?

@SzymonSel
Copy link
Member Author

As I undestand, we need this module, to recreate user accounts with working passwords. Am I right?
We could create easily export users now, but users would have to reset their passwords in other to regain access to their account on the new site. (the importing one)

@hishamco
Copy link
Member

Yes we could, but it would be nice to export/import users with their credentials

@SzymonSel
Copy link
Member Author

Clear. Thanks.

@sebastienros
Copy link
Member

@deanmarcussen twice in a day ... Do you remember where you code is at if there is a way that someone takes over?

@hishamco
Copy link
Member

FYI @sebastienros #7891

@SzymonSel
Copy link
Member Author

Yes we could, but it would be nice to export/import users with their credentials

To achieve this now, what would one have to do? Where are the keys stored? How can they be copied to make the credentials work?

@hishamco
Copy link
Member

That's what Secrets Module is all about

@sebastienros
Copy link
Member

Do we actually need the secrets module to import/export users? Is there any state in the web app that makes changes how these hashes are stored in the database? I don't think so, so sending them should be fine. There could be an option to include the hashes, this way one could already export the list of user accounts (requires a custom permission though). And importing a user is "security sensitive", i.e. you could reset someone's password with this permission. So not sure if it's a good idea without encryption. Or at least with the same level of permissions as being able to set the encryption keys.

@hishamco
Copy link
Member

Do we actually need the secrets module to import/export users?

Yes & No it depends, it's only need when we want to export content with sensitive data

Is there any state in the web app that makes changes how these hashes are stored in the database? I don't think so, so sending them should be fine.

I think it's fine too send hashes too, but we need to think about more generic way for any sensitive data such as SMTP credentials, database connections .. etc

We might need to revise the secrets modules and make it done if it's possible

@sebastienros
Copy link
Member

but we need to think about more generic way for any sensitive data such as SMTP credentials

Read the title of this issue

@hishamco
Copy link
Member

I already did, but look to the issue description :)

I ended up here #7891 looking for a way of export and importing users from one istance to another. Is this still planned as a deployment task? What is the state of it's developement? Any way I could contribute?

So, for this particular use case it's fine to export the users data

@sebastienros
Copy link
Member

We checked the password hashing code and there is no secret there, so it's safe to create an export step for the user accounts.

@sebastienros sebastienros added this to the 1.x milestone Jan 19, 2023
@SzymonSel
Copy link
Member Author

SzymonSel commented Jan 19, 2023 via email

@yassinsayed
Copy link

yassinsayed commented Mar 3, 2023

@SzymonSel did you find a way to import users or is there any way to import users exported from Orchard CMS

@SzymonSel
Copy link
Member Author

I have, but I haven't yet implemented it.

@yassinsayed
Copy link

Can help by sharing it

@SzymonSel
Copy link
Member Author

I've succesfully implemented a simple Users' Account Deployment step together with the importing step. There is yet no advanced validation or any permissions checking, but this could be implemented at a later time.

Should I place my implemetation in the OrchardCore.Users project for review?

@hishamco
Copy link
Member

Sure

@hishamco
Copy link
Member

One more thing what about the passwords, do you export them? coz we address this long time ago using secrets module

@SzymonSel
Copy link
Member Author

I'm exporting the PasswordHash

@hishamco
Copy link
Member

As expected, even though exporting such data is risky

/cc @sebastienros @Piedone

@jtkech
Copy link
Member

jtkech commented Aug 22, 2023

I'm working on the secrets module which will use a combination of symetric and assymetric encryption.

@hishamco
Copy link
Member

I see you are active to that PR which I planned to make some progress on it, so please assign the PR or the issue to you to avoid anyone else from duplicate the work

@sebastienros
Copy link
Member

@SzymonSel I think it's safe to add the feature. Thanks a lot

@SzymonSel
Copy link
Member Author

I've also created a simple CustomUserSettings Deployment implementation.

By the way, can some one grant me push permissions?

@agriffard
Copy link
Member

@SzymonSel For the first contributions, you are supposed to fork the project and make a pull request that will be reviewed.

We only grant write access to the main repo after multiple contributions to the project (PRs, meetings, demos, ...) and agreement from the core team of developers, even if we know you are an Orchard user for a long time ;-)

@SzymonSel
Copy link
Member Author

Sure thing! I'm being lazy and couldn't be bothered forking the repo :P

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants