-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exporting User Accounts #13073
Comments
We need a secrets module to deploy any sort of secrets in more confidential way, then deployments & recipes will take care about the rest @deanmarcussen any plan to complete the Secrets module that you started with? Or shall some one continues the work that you already did? |
As I undestand, we need this module, to recreate user accounts with working passwords. Am I right? |
Yes we could, but it would be nice to export/import users with their credentials |
Clear. Thanks. |
@deanmarcussen twice in a day ... Do you remember where you code is at if there is a way that someone takes over? |
FYI @sebastienros #7891 |
To achieve this now, what would one have to do? Where are the keys stored? How can they be copied to make the credentials work? |
That's what Secrets Module is all about |
Do we actually need the secrets module to import/export users? Is there any state in the web app that makes changes how these hashes are stored in the database? I don't think so, so sending them should be fine. There could be an option to include the hashes, this way one could already export the list of user accounts (requires a custom permission though). And importing a user is "security sensitive", i.e. you could reset someone's password with this permission. So not sure if it's a good idea without encryption. Or at least with the same level of permissions as being able to set the encryption keys. |
Yes & No it depends, it's only need when we want to export content with sensitive data
I think it's fine too send hashes too, but we need to think about more generic way for any sensitive data such as SMTP credentials, database connections .. etc We might need to revise the secrets modules and make it done if it's possible |
Read the title of this issue |
I already did, but look to the issue description :)
So, for this particular use case it's fine to export the users data |
We checked the password hashing code and there is no secret there, so it's safe to create an export step for the user accounts. |
Great! I’m on it!
|
@SzymonSel did you find a way to import users or is there any way to import users exported from Orchard CMS |
I have, but I haven't yet implemented it. |
Can help by sharing it |
I've succesfully implemented a simple Users' Account Deployment step together with the importing step. There is yet no advanced validation or any permissions checking, but this could be implemented at a later time. Should I place my implemetation in the OrchardCore.Users project for review? |
Sure |
One more thing what about the passwords, do you export them? coz we address this long time ago using secrets module |
I'm exporting the |
As expected, even though exporting such data is risky |
I'm working on the secrets module which will use a combination of symetric and assymetric encryption. |
I see you are active to that PR which I planned to make some progress on it, so please assign the PR or the issue to you to avoid anyone else from duplicate the work |
@SzymonSel I think it's safe to add the feature. Thanks a lot |
I've also created a simple By the way, can some one grant me push permissions? |
@SzymonSel For the first contributions, you are supposed to fork the project and make a pull request that will be reviewed. We only grant write access to the main repo after multiple contributions to the project (PRs, meetings, demos, ...) and agreement from the core team of developers, even if we know you are an Orchard user for a long time ;-) |
Sure thing! I'm being lazy and couldn't be bothered forking the repo :P |
I ended up here #7891 looking for a way of export and importing users from one istance to another. Is this still planned as a deployment task? What is the state of it's developement? Any way I could contribute?
The text was updated successfully, but these errors were encountered: