335 feature request automatically send user invite link#336
335 feature request automatically send user invite link#336Aravinda-HWK wants to merge 3 commits into
Conversation
…ion in Thunder setup
…r-compose to include silver.yaml
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request automates the setup of domain-specific resources for Thunder, including the creation of Organization Units, user schemas, and contact users via shell scripts and API calls. It also integrates SMTP configuration by deriving values from the primary domain and updating the deployment configuration. Feedback highlights a security concern regarding logging generated passwords to stdout and suggests refining sed patterns in gen-thunder.sh to be more precise by anchoring matches and preserving indentation.
| if [[ "$HTTP_CODE" == "201" ]] || [[ "$HTTP_CODE" == "200" ]]; then | ||
| log_success "User '${CONTACT_USERNAME}' created" | ||
| log_info "Username: ${CONTACT_USERNAME}" | ||
| log_info "Password: ${CONTACT_PASSWORD}" |
There was a problem hiding this comment.
Logging the generated password to stdout is a security risk, as these logs may be persisted in container logs or monitoring systems. Since this script is intended for automated setup, consider providing the password via an environment variable (which is already supported via THUNDER_SMTP_PASSWORD) and only generating/printing it as a last resort. If it must be printed, ensure the environment is secure and logs are handled appropriately.
| sed -i'' -e "/^email:/,/^[^ ]/ s|host:.*|host: \"${SMTP_HOST}\"|" "${THUNDER_DEPLOYMENT_FILE}" | ||
| sed -i'' -e "/^email:/,/^[^ ]/ s|username:.*|username: \"${SMTP_USERNAME}\"|" "${THUNDER_DEPLOYMENT_FILE}" | ||
| sed -i'' -e "/^email:/,/^[^ ]/ s|from_address:.*|from_address: \"${SMTP_FROM_ADDRESS}\"|" "${THUNDER_DEPLOYMENT_FILE}" |
There was a problem hiding this comment.
The sed substitution patterns are a bit broad and could accidentally match other keys that contain these strings (e.g., smtp_host: or backup_host:). It's safer to anchor the match to the start of the line and preserve indentation using a capture group. Additionally, the range /^email:/,/^[^ ]/ can be fragile if there are comments starting at the first column within the email: block, as sed will stop the range at the first such comment. Quoting numeric or string values in the generated YAML is acceptable per repository guidelines.
| sed -i'' -e "/^email:/,/^[^ ]/ s|host:.*|host: \"${SMTP_HOST}\"|" "${THUNDER_DEPLOYMENT_FILE}" | |
| sed -i'' -e "/^email:/,/^[^ ]/ s|username:.*|username: \"${SMTP_USERNAME}\"|" "${THUNDER_DEPLOYMENT_FILE}" | |
| sed -i'' -e "/^email:/,/^[^ ]/ s|from_address:.*|from_address: \"${SMTP_FROM_ADDRESS}\"|" "${THUNDER_DEPLOYMENT_FILE}" | |
| sed -i'' -e "/^email:/,/^[^ ]/ s|^\([[:space:]]*\)host:.*|\1host: \"${SMTP_HOST}\"|" "${THUNDER_DEPLOYMENT_FILE}" | |
| sed -i'' -e "/^email:/,/^[^ ]/ s|^\([[:space:]]*\)username:.*|\1username: \"${SMTP_USERNAME}\"|" "${THUNDER_DEPLOYMENT_FILE}" | |
| sed -i'' -e "/^email:/,/^[^ ]/ s|^\([[:space:]]*\)from_address:.*|\1from_address: \"${SMTP_FROM_ADDRESS}\"|" "${THUNDER_DEPLOYMENT_FILE}" |
References
- In shell scripts that generate YAML, it is acceptable to quote numeric values as strings if the consuming application is not strict about the data type.
| sed -i'' -e "/^email:/,/^[^ ]/ s|username:.*|username: \"${SMTP_USERNAME}\"|" "${THUNDER_DEPLOYMENT_FILE}" | ||
| sed -i'' -e "/^email:/,/^[^ ]/ s|from_address:.*|from_address: \"${SMTP_FROM_ADDRESS}\"|" "${THUNDER_DEPLOYMENT_FILE}" | ||
| if [[ -n "${SMTP_PASSWORD}" ]]; then | ||
| sed -i'' -e "/^email:/,/^[^ ]/ s|password:.*|password: \"${SMTP_PASSWORD}\"|" "${THUNDER_DEPLOYMENT_FILE}" |
There was a problem hiding this comment.
Anchoring the match to the start of the line is recommended here as well to avoid accidental matches with other keys. Quoting the value as a string is acceptable per repository guidelines.
| sed -i'' -e "/^email:/,/^[^ ]/ s|password:.*|password: \"${SMTP_PASSWORD}\"|" "${THUNDER_DEPLOYMENT_FILE}" | |
| sed -i'' -e "/^email:/,/^[^ ]/ s|^\([[:space:]]*\)password:.*|\1password: \"${SMTP_PASSWORD}\"|" "${THUNDER_DEPLOYMENT_FILE}" |
References
- In shell scripts that generate YAML, it is acceptable to quote numeric values as strings if the consuming application is not strict about the data type.
1 participant
📌 Description
This PR is to add the user invite email send flow with the primary domain contact@domain_name email address to the users' secondary email address by the admin.
🔍 Changes Made
✅ Checklist (Email System)
🧪 Testing Instructions
📷 Screenshots / Logs (if applicable)