#!/usr/bin/env python3 """ Create Super Admin User - RateRight Australian Construction Marketplace MUST BE RUN MANUALLY - Super admins cannot be created through web registration Usage: python scripts/create_super_admin.py Security: - Only use this script for initial system setup - Store admin credentials securely - Consider using environment variables for production """ import sys import os from getpass import getpass # Add parent directory to path for imports sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) from app import create_app from app.extensions import db from app.models import User from datetime import datetime def create_super_admin(): """Create a super admin user with manual input""" print("=" * 60) print("RateRight - Create Super Admin User") print("=" * 60) print() print("⚠️ WARNING: Super admin has full system access") print(" Only create admin accounts for authorized personnel") print() # Get admin details email = input("Admin Email: ").strip() if not email: print("❌ Email is required") return password = getpass("Admin Password: ") password_confirm = getpass("Confirm Password: ") if password != password_confirm: print("❌ Passwords do not match") return if len(password) < 8: print("❌ Password must be at least 8 characters") return first_name = input("First Name: ").strip() if not first_name: print("❌ First name is required") return last_name = input("Last Name: ").strip() if not last_name: print("❌ Last name is required") return phone_number = input("Phone Number (format: 0412345678): ").strip() if not phone_number: phone_number = "0000000000" # Default for admin print() print("Creating super admin account...") print() # Create Flask app context app = create_app() with app.app_context(): try: # Check if email already exists existing_user = User.query.filter_by(email=email).first() if existing_user: print(f"❌ User with email '{email}' already exists!") print(f" User ID: {existing_user.id}") print(f" Role: {existing_user.role}") print() # Option to upgrade existing user to super_admin if existing_user.role != 'super_admin': upgrade = input("Would you like to upgrade this user to super_admin? (yes/no): ").strip().lower() if upgrade == 'yes': existing_user.role = 'super_admin' db.session.commit() print() print("✅ User upgraded to super_admin successfully!") print(f" Email: {existing_user.email}") print(f" Name: {existing_user.first_name} {existing_user.last_name}") print(f" Role: {existing_user.role}") else: print("❌ Operation cancelled") return # Create super admin user admin = User( email=email, first_name=first_name, last_name=last_name, role='super_admin', # ← This is the critical field phone_number=phone_number, location='System Administrator', abn_number='00000000000', # Dummy ABN for admin account gst_registered=False, privacy_consent=True, terms_accepted=True, terms_accepted_date=datetime.utcnow(), is_active=True, account_status='active', email_verified=True # ← Admin accounts are pre-verified ) # Set password (will be hashed) admin.set_password(password) # Save to database db.session.add(admin) db.session.commit() print() print("=" * 60) print("✅ Super Admin Created Successfully!") print("=" * 60) print() print(f" Email: {admin.email}") print(f" Name: {admin.first_name} {admin.last_name}") print(f" Role: {admin.role}") print(f" User ID: {admin.id}") print(f" Created: {admin.date_created}") print() print("🔐 Security Reminders:") print(" - Store credentials securely") print(" - Use strong, unique passwords") print(" - Enable 2FA when available") print(" - Monitor admin activity logs") print() print("📍 Admin Dashboard Access:") print(" - Login at: /login") print(" - API Endpoints: /api/admin/*") print() except Exception as e: db.session.rollback() print() print("❌ ERROR: Failed to create super admin") print(f" {str(e)}") print() import traceback traceback.print_exc() def list_super_admins(): """List all existing super admin accounts""" print() print("Fetching super admin accounts...") print() app = create_app() with app.app_context(): try: admins = User.query.filter_by(role='super_admin').all() if not admins: print("No super admin accounts found.") else: print(f"Found {len(admins)} super admin account(s):") print() for admin in admins: print(f" • {admin.email}") print(f" ID: {admin.id}") print(f" Name: {admin.first_name} {admin.last_name}") print(f" Active: {admin.is_active}") print(f" Created: {admin.date_created}") print() except Exception as e: print(f"❌ Error fetching admins: {e}") if __name__ == '__main__': print() print("RateRight - Super Admin Management") print() print("1. Create new super admin") print("2. List existing super admins") print("3. Exit") print() choice = input("Select option (1-3): ").strip() if choice == '1': create_super_admin() elif choice == '2': list_super_admins() elif choice == '3': print("Exiting...") else: print("Invalid option")