generate random password for initial okta login with heroku

[atomfrede]

This PR generates a random password for the initial okta login when using heroku. The password is printed to the console afterwards (or can be checked in configuration as before).

closes #13768

---

Please make sure the below checklist is followed for Pull Requests.

• All continuous integration tests are green
• Tests are added where necessary
• jhipster-online was updated if necessary
• Documentation is added/updated where necessary
• Coding Rules & Commit Guidelines as per our CONTRIBUTING.md document are followed

When you are still working on the PR, consider converting it to Draft (bellow reviewers) and adding skip-ci label, you can still see CI build result at your branch.

[atomfrede]

Added a confirm prompt to make sure the user is aware of the generated password. The hint about login is now displayed after the script has been executed.

[mraible]

@atomfrede I tried to test this with your branch, but it fails to deploy to Heroku with the "build on Heroku" option. I think this is because jhipster-dependencies' SNAPSHOT is unavailable, I'm not sure.

remote: -----> Executing Maven
remote:        $ ./mvnw -Pprod,heroku -DskipTests clean dependency:list install

remote:        [INFO] Scanning for projects...

remote:        [INFO] Downloading from ossrh-snapshots: https://oss.sonatype.org/content/repositories/snapshots/tech/jhipster/jhipster-dependencies/7.0.0-SNAPSHOT/maven-metadata.xml

remote:        [INFO] Downloading from ossrh-snapshots: https://oss.sonatype.org/content/repositories/snapshots/tech/jhipster/jhipster-dependencies/7.0.0-SNAPSHOT/jhipster-dependencies-7.0.0-SNAPSHOT.pom

remote:        [ERROR] [ERROR] Some problems were encountered while processing the POMs:
remote:        [ERROR] Non-resolvable import POM: Could not find artifact tech.jhipster:jhipster-dependencies:pom:7.0.0-SNAPSHOT in ossrh-snapshots (https://oss.sonatype.org/content/repositories/snapshots/) @ line 104, column 25
remote:        [ERROR] 'dependencies.dependency.version' for tech.jhipster:jhipster-framework:jar is missing. @ line 116, column 21

remote:        [ERROR] 'dependencies.dependency.version' for javax.annotation:javax.annotation-api:jar is missing. @ line 120, column 21
remote:        [ERROR] 'dependencies.dependency.version' for org.springframework.boot:spring-boot-starter-cache:jar is missing. @ line 124, column 21

I tried to run jhipster heroku again to build locally, but it fails too.

Configuring Heroku
No new Database addon created
✖ Error: Command failed: heroku buildpacks:add heroku/java --app shrouded-mountain-34941
 ›   Error: The buildpack heroku/java is already set on your app.

    at ChildProcess.exithandler (child_process.js:308:12)
    at ChildProcess.emit (events.js:315:20)
    at maybeClose (internal/child_process.js:1048:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:288:5) {
  killed: false,
  code: 1,
  signal: null,
  cmd: 'heroku buildpacks:add heroku/java --app shrouded-mountain-34941',
  stdout: '',
  stderr: ' ›   Error: The buildpack heroku/java is already set on your app.\n'

One thing I noticed is the Maven command that's used on Heroku:

./mvnw -Pprod,heroku -DskipTests clean dependency:list install

It seems like it could be a bit shorter, like:

./mvnw -Pprod,heroku -DskipTests package

[mraible]

Related: building locally seems to run all the tests too. It's probably a good practice, but not sure if it's necessary.

[INFO] ------------------------------------------------------------------------
[INFO] Total time:  03:35 min
[INFO] Finished at: 2021-02-02T08:36:14-07:00
[INFO] ------------------------------------------------------------------------

It'd be cool if you could create and deploy a JHipster app to Heroku in 2 minutes!

[mraible]

@atomfrede I got it to work. I forgot you needed to run npm link generator-jhipster in the project after generation.

Here's what it currently says:

? You are using OAuth 2.0. Do you want to use Okta as your identity provider it yourself? When you choose Okta, the auto
mated configuration of users and groups requires cURL and jq. Yes, provision the Okta add-on
? Login (valid email) for the JHipster Admin user: matt.raible@okta.com
? Take note of this password! You will need it on your first login: 28be10ea4c0501b162c0f6dfdb0cf64a49ee767b Yes

Can we change it to the following?

? You are using OAuth 2.0. Do you want to use Okta? When you choose Okta, the automated configuration of users and groups requires cURL and jq. Yes, provision the Okta add-on
? Enter a valid email for the JHipster Admin user: matt.raible@okta.com
? Take note of this password! You will need it to sign in: 28be10ea4c0501b162c0f6dfdb0cf64a49ee767b Yes

I could also see changing the initial question to Do you want to use Okta as your identity provider? The reason I removed it is I don't think developers are that familiar with the term 'identity provider', but I could be wrong.

It'd also be cool if the password could be a different color so it's more noticeable. You probably don't want it to be blue because then the user might think "Yes" is part of it. Maybe yellow?

At the end, there's a NaN. Not sure what that should be.

I'm using the blog-oauth2 JDL to test. It looks like Hazlecast might be preventing a successful startup.

[atomfrede]

@atomfrede I got it to work. I forgot you needed to run npm link generator-jhipster in the project after generation.

Here's what it currently says:

? You are using OAuth 2.0. Do you want to use Okta as your identity provider it yourself? When you choose Okta, the auto
mated configuration of users and groups requires cURL and jq. Yes, provision the Okta add-on
? Login (valid email) for the JHipster Admin user: matt.raible@okta.com
? Take note of this password! You will need it on your first login: 28be10ea4c0501b162c0f6dfdb0cf64a49ee767b Yes

Can we change it to the following?

? You are using OAuth 2.0. Do you want to use Okta? When you choose Okta, the automated configuration of users and groups requires cURL and jq. Yes, provision the Okta add-on
? Enter a valid email for the JHipster Admin user: matt.raible@okta.com
? Take note of this password! You will need it to sign in: 28be10ea4c0501b162c0f6dfdb0cf64a49ee767b Yes

I could also see changing the initial question to Do you want to use Okta as your identity provider? The reason I removed it is I don't think developers are that familiar with the term 'identity provider', but I could be wrong.

Sure.

It'd also be cool if the password could be a different color so it's more noticeable. You probably don't want it to be blue because then the user might think "Yes" is part of it. Maybe yellow?

Need to check if we can use different colors for the prompts

At the end, there's a NaN. Not sure what that should be.

I'm using the blog-oauth2 JDL to test. It looks like Hazlecast might be preventing a successful startup.

The NaN is wrong. Will check. It should be EMAIL/PASSWORD.

[mraible]

I tried again without Hazelcast and it worked. I like the "reset your password on first use flow!"

Besides the other edits I suggested, it might be cool to spit out the credentials at the end. I'm not sure we need to tell them they'll need to change their password afterward.

Okta configured successfully!

Use $email/$password to sign in. 

[atomfrede]

It now looks like this

[mraible]

@atomfrede I would change the end messages to capitalize JHipster. There's a jhipster in there.

[atomfrede]

Bounty claimed https://opencollective.com/generator-jhipster/expenses/33184

[pascalgrimaud]

@atomfrede : approved