rewrite admin password reset

Author: williamstein

src/packages/conat/hub-api/db.ts

@@ -1,12 +1,12 @@
-import { authFirst } from "./util";
+import { authFirst, requireAccount } from "./util";
 
 export const db = {
   userQuery: authFirst,
   touch: authFirst,
   getLegacyTimeTravelInfo: authFirst,
   getLegacyTimeTravelPatches: authFirst,
   fileUseTimes: authFirst,
-  removeBlobTtls: authFirst,
+  removeBlobTtls: requireAccount,
 };
 
 export interface DB {

src/packages/conat/hub-api/system.ts

@@ -16,6 +16,7 @@ export const system = {
   revokeUserAuthToken: noAuth,
   userSearch: authFirst,
   getNames: requireAccount,
+  adminResetPasswordLink: authFirst,
 };
 
 export interface System {
@@ -68,4 +69,17 @@ export interface System {
         }
       | undefined;
   }>;
+
+  // adminResetPasswordLink: Enables admins (and only admins!) to generate and get a password reset
+  // for another user.  The response message contains a password reset link,
+  // though without the site part of the url (the client should fill that in).
+  // This makes it possible for admins to reset passwords of users, even if
+  // sending email is not setup, e.g., for cocalc-docker, and also deals with the
+  // possibility that users have no email address, or broken email, or they
+  // can't receive email due to crazy spam filtering.
+  // Non-admins always get back an error.
+  adminResetPasswordLink: (opts: {
+    account_id?: string;
+    user_account_id: string;
+  }) => Promise<string>;
 }

src/packages/frontend/admin/users/password-reset.tsx

@@ -5,12 +5,17 @@
 
 import { Component, Rendered } from "@cocalc/frontend/app-framework";
 import { Button } from "@cocalc/frontend/antd-bootstrap";
-import { CopyToClipBoard, Icon, ErrorDisplay } from "@cocalc/frontend/components";
+import {
+  CopyToClipBoard,
+  Icon,
+  ErrorDisplay,
+} from "@cocalc/frontend/components";
 import { webapp_client } from "../../webapp-client";
 import { appBasePath } from "@cocalc/frontend/customize/app-base-path";
 
 interface Props {
-  email_address?: string;
+  account_id: string;
+  email_address: string;
 }
 
 interface State {
@@ -32,12 +37,11 @@ export class PasswordReset extends Component<Props, State> {
   }
 
   async do_request(): Promise<void> {
-    if (!this.props.email_address) throw Error("bug");
     this.setState({ running: true });
     let link: string;
     try {
-      link = await webapp_client.admin_client.admin_reset_password(
-        this.props.email_address
+      link = await webapp_client.conat_client.hub.system.adminResetPasswordLink(
+        { user_account_id: this.props.account_id },
       );
     } catch (err) {
       if (!this.mounted) return;
@@ -74,6 +78,7 @@ export class PasswordReset extends Component<Props, State> {
     }
     return (
       <ErrorDisplay
+        style={{ margin: "30px" }}
         error={this.state.error}
         onClose={() => {
           this.setState({ error: undefined });

src/packages/frontend/admin/users/user.tsx

@@ -155,9 +155,12 @@ export function UserResult({
               last_name={last_name ?? ""}
             />
           )}
-          {state.password && (
+          {state.password && email_address && (
             <Card title="Password">
-              <PasswordReset email_address={email_address} />
+              <PasswordReset
+                account_id={account_id}
+                email_address={email_address}
+              />
             </Card>
           )}
           {state.ban && (

src/packages/frontend/client/admin.ts

@@ -14,17 +14,6 @@ export class AdminClient {
     this.client = client;
   }
 
-  public async admin_reset_password(email_address: string): Promise<string> {
-    return (
-      await this.client.async_call({
-        message: message.admin_reset_password({
-          email_address,
-        }),
-        allow_post: true,
-      })
-    ).link;
-  }
-
   public async admin_ban_user(
     account_id: string,
     ban: boolean = true, // if true, ban user  -- if false, remove ban

src/packages/frontend/client/llm.ts

@@ -5,23 +5,14 @@
 
 import { delay } from "awaiting";
 import { EventEmitter } from "events";
-
 import { redux } from "@cocalc/frontend/app-framework";
-import type { EmbeddingData } from "@cocalc/util/db-schema/llm";
-import {
-  MAX_EMBEDDINGS_TOKENS,
-  MAX_REMOVE_LIMIT,
-  MAX_SAVE_LIMIT,
-  MAX_SEARCH_LIMIT,
-} from "@cocalc/util/db-schema/llm";
 import {
   LanguageModel,
   LanguageServiceCore,
   getSystemPrompt,
   isFreeModel,
   model2service,
 } from "@cocalc/util/db-schema/llm-utils";
-import * as message from "@cocalc/util/message";
 import type { WebappClient } from "./client";
 import type { History } from "./types";
 import {
@@ -43,15 +34,6 @@ interface QueryLLMProps {
   startStreamExplicitly?: boolean;
 }
 
-interface EmbeddingsQuery {
-  scope: string | string[];
-  limit: number; // client automatically deals with large limit by making multiple requests (i.e., there is no limit on the limit)
-  text?: string;
-  filter?: object;
-  selector?: { include?: string[]; exclude?: string[] };
-  offset?: number | string;
-}
-
 export class LLMClient {
   private client: WebappClient;
 
@@ -200,147 +182,14 @@ export class LLMClient {
 
     return "see stream for output";
   }
-
-  public async embeddings_search(
-    query: EmbeddingsQuery,
-  ): Promise<{ id: string; payload: object }[]> {
-    let limit = Math.min(MAX_SEARCH_LIMIT, query.limit);
-    const result = await this.embeddings_search_call({ ...query, limit });
-
-    if (result.length >= MAX_SEARCH_LIMIT) {
-      // get additional pages
-      while (true) {
-        const offset =
-          query.text == null ? result[result.length - 1].id : result.length;
-        const page = await this.embeddings_search_call({
-          ...query,
-          limit,
-          offset,
-        });
-        // Include the new elements
-        result.push(...page);
-        if (page.length < MAX_SEARCH_LIMIT) {
-          // didn't reach the limit, so we're done.
-          break;
-        }
-      }
-    }
-    return result;
-  }
-
-  private async embeddings_search_call({
-    scope,
-    limit,
-    text,
-    filter,
-    selector,
-    offset,
-  }: EmbeddingsQuery) {
-    text = text?.trim();
-    const resp = await this.client.async_call({
-      message: message.openai_embeddings_search({
-        scope,
-        text,
-        filter,
-        limit,
-        selector,
-        offset,
-      }),
-    });
-    return resp.matches;
-  }
-
-  public async embeddings_save({
-    project_id,
-    path,
-    data: data0,
-  }: {
-    project_id: string;
-    path: string;
-    data: EmbeddingData[];
-  }): Promise<string[]> {
-    this.assertHasNeuralSearch();
-    const { truncateMessage } = await import("@cocalc/frontend/misc/llm");
-
-    // Make data be data0, but without mutate data0
-    // and with any text truncated to fit in the
-    // embeddings limit.
-    const data: EmbeddingData[] = [];
-    for (const x of data0) {
-      const { text } = x;
-      if (typeof text != "string") {
-        throw Error("text must be a string");
-      }
-      const text1 = truncateMessage(text, MAX_EMBEDDINGS_TOKENS);
-      if (text1.length != text.length) {
-        data.push({ ...x, text: text1 });
-      } else {
-        data.push(x);
-      }
-    }
-
-    const ids: string[] = [];
-    let v = data;
-    while (v.length > 0) {
-      const resp = await this.client.async_call({
-        message: message.openai_embeddings_save({
-          project_id,
-          path,
-          data: v.slice(0, MAX_SAVE_LIMIT),
-        }),
-      });
-      ids.push(...resp.ids);
-      v = v.slice(MAX_SAVE_LIMIT);
-    }
-
-    return ids;
-  }
-
-  public async embeddings_remove({
-    project_id,
-    path,
-    data,
-  }: {
-    project_id: string;
-    path: string;
-    data: EmbeddingData[];
-  }): Promise<string[]> {
-    this.assertHasNeuralSearch();
-
-    const ids: string[] = [];
-    let v = data;
-    while (v.length > 0) {
-      const resp = await this.client.async_call({
-        message: message.openai_embeddings_remove({
-          project_id,
-          path,
-          data: v.slice(0, MAX_REMOVE_LIMIT),
-        }),
-      });
-      ids.push(...resp.ids);
-      v = v.slice(MAX_REMOVE_LIMIT);
-    }
-
-    return ids;
-  }
-
-  neuralSearchIsEnabled(): boolean {
-    return !!redux.getStore("customize").get("neural_search_enabled");
-  }
-
-  assertHasNeuralSearch() {
-    if (!this.neuralSearchIsEnabled()) {
-      throw Error("OpenAI support is not currently enabled on this server");
-    }
-  }
 }
 
 class ChatStream extends EventEmitter {
   constructor() {
     super();
   }
 
-  process = (text: string|null) => {
+  process = (text: string | null) => {
     // emits undefined text when done (or err below)
     this.emit("token", text);
   };

src/packages/frontend/project_actions.ts

@@ -3042,38 +3042,6 @@ export class ProjectActions extends Actions<ProjectStoreState> {
     }
   }
 
-  private async neuralSearch(text, path) {
-    try {
-      const scope = `projects/${this.project_id}/files/${path}`;
-      const results = await webapp_client.openai_client.embeddings_search({
-        text,
-        limit: 25,
-        scope,
-      });
-      const search_results: {
-        filename: string;
-        description: string;
-        fragment_id?: FragmentId;
-      }[] = [];
-      for (const result of results) {
-        const url = result.payload["url"] as string | undefined;
-        if (!url) continue;
-        const [filename, fragment_id] = url.slice(scope.length + 1).split("#");
-        const description = result.payload["text"] ?? "";
-        search_results.push({
-          filename: filename[0] == "/" ? filename.slice(1) : filename,
-          description,
-          fragment_id: Fragment.decode(fragment_id),
-        });
-      }
-      this.setState({ search_results });
-    } catch (err) {
-      this.setState({
-        search_error: `${err}`,
-      });
-    }
-  }
-
   search = () => {
     let cmd, ins;
     const store = this.get_store();
@@ -3105,10 +3073,6 @@ export class ProjectActions extends Actions<ProjectStoreState> {
       git_grep: store.get("git_grep"),
     });
 
-    if (store.get("neural_search")) {
-      this.neuralSearch(query, path);
-      return;
-    }
 
     // generate the grep command for the given query with the given flags
     if (store.get("case_sensitive")) {

src/packages/hub/client.coffee

@@ -1477,28 +1477,6 @@ class exports.Client extends EventEmitter
                 @push_to_client(message.success(id:mesg.id))
 
 
-    mesg_admin_reset_password: (mesg) =>
-        dbg = @dbg("mesg_reset_password")
-        dbg(mesg.email_address)
-        try
-            if not misc.is_valid_email_address(mesg.email_address)
-                throw Error("invalid email address")
-            await callback(@assert_user_is_in_group, 'admin')
-            if not await callback2(@database.account_exists, {email_address : mesg.email_address})
-                throw Error("no such account with email #{mesg.email_address}")
-            # We now know that there is an account with this email address.
-            # put entry in the password_reset uuid:value table with ttl of 24 hours.
-            # NOTE: when users request their own reset, the ttl is 1 hour, but when we
-            # as admins send one manually, they typically need more time, so 1 day instead.
-            # We used 8 hours for a while and it is often not enough time.
-            id = await callback2(@database.set_password_reset, {email_address : mesg.email_address, ttl:24*60*60});
-            mesg.link = "/auth/password-reset/#{id}"
-            @push_to_client(mesg)
-        catch err
-            dbg("failed -- #{err}")
-            @error_to_client(id:mesg.id, error:"#{err}")
-
-
     # These are deprecated. Not the best approach.
     mesg_openai_embeddings_search: (mesg) =>
         @error_to_client(id:mesg.id, error:"openai_embeddings_search is DEPRECATED")