From 627fbc79dfe473d5ae33bd4402003b5e0d03e8da Mon Sep 17 00:00:00 2001 From: prdai Date: Fri, 22 May 2026 17:25:08 +0530 Subject: [PATCH 1/4] docs: remove unused users.yaml and update README to Thunder flow Closes #338 - Delete conf/users.yaml (no script or service reads it; companion scripts/user/add_user.sh was removed in an earlier cleanup). - Rewrite the "Adding users" section of README.md to describe the actual provisioning paths: the Thunder console UI and the Thunder /users REST API, with a curl example and pointers to scripts/user/create_test_users.sh and the Thunder API consumer guide. --- README.md | 29 +++++++++++++++++++++++++---- conf/users.yaml | 30 ------------------------------ 2 files changed, 25 insertions(+), 34 deletions(-) delete mode 100644 conf/users.yaml diff --git a/README.md b/README.md index 2c832184..a3aa0b74 100644 --- a/README.md +++ b/README.md @@ -111,13 +111,34 @@ nano services/.env ### Adding users -- To add more users to your email server, open up [`users.yaml`](https://github.com/LSFLK/silver/blob/main/conf/users.yaml), and add their usernames and run the following command. +Users in Silver are provisioned through [Thunder](https://github.com/asgardeo/thunder), the identity provider that ships with the platform. There are two supported ways to add users: + +#### Option 1: Thunder Console (recommended) + +1. Open the Thunder console in your browser at `https://:8090`. +2. Sign in with your Thunder admin credentials. +3. Navigate to the `silver` organization unit and create a new user of type `emailuser`, supplying a `username`, `password`, and `email` (e.g. `alice@example.com`). + +#### Option 2: Thunder `/users` API + +You can create users directly against the Thunder REST API. After obtaining a bearer token and the `silver` organization unit ID (see [`scripts/utils/thunder-auth.sh`](scripts/utils/thunder-auth.sh) for the authentication flow), call: ```bash -# silver/services -bash scripts/user/add_user.sh +curl -X POST "https://:8090/users" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer " \ + -d '{ + "organizationUnit": "", + "type": "emailuser", + "attributes": { + "username": "alice", + "password": "", + "email": "alice@example.com" + } + }' ``` -- Once you have added the users, `user_invite_urls.txt` will be generated in `scripts/user` folder with invite links for each user. You can share these links with the respective users to set up their accounts. + +For a working end-to-end example that authenticates with Thunder, looks up the organization unit, and bulk-creates users, see [`scripts/user/create_test_users.sh`](scripts/user/create_test_users.sh). More details on the Thunder integration are in [Thunder API Consumer Contract Guide for Silver](docs/Thunder-API-Consumer-Contract-Guide-for-Silver.md). ### Testing your setup - Now that you have a working email server, you can test your configuration using the following links/scripts. diff --git a/conf/users.yaml b/conf/users.yaml deleted file mode 100644 index 6c6b61f4..00000000 --- a/conf/users.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# =============================================================== -# Silver Mail Users Configuration (`users.yaml`) -# =============================================================== -# -# This file defines users for each domain. -# Users are grouped by their domain. -# -# Example configuration: -# domains: -# - domain: example.com -# users: -# - username: alice -# - username: bob -# - username: charlie -# -# - domain: another-domain.com -# users: -# - username: john -# - username: jane -# -# Notes: -# - Each user gets their own personal mailbox (user_db_{userID}.db) -# - Usernames must be unique within each domain - -domains: - - domain: - users: - - username: - - username: - - username: From 52eb9fd985b5cf66bf6e29511770243df3f42263 Mon Sep 17 00:00:00 2001 From: Ranuga <79456372+prdai@users.noreply.github.com> Date: Fri, 22 May 2026 17:45:15 +0530 Subject: [PATCH 2/4] Update README.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a3aa0b74..2f47130f 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,7 @@ Users in Silver are provisioned through [Thunder](https://github.com/asgardeo/th #### Option 1: Thunder Console (recommended) 1. Open the Thunder console in your browser at `https://:8090`. -2. Sign in with your Thunder admin credentials. +2. Sign in with your Thunder admin credentials (default is admin/admin). 3. Navigate to the `silver` organization unit and create a new user of type `emailuser`, supplying a `username`, `password`, and `email` (e.g. `alice@example.com`). #### Option 2: Thunder `/users` API From db2328c9be90b86628a0fb3269dffd04c1a48f32 Mon Sep 17 00:00:00 2001 From: prdai Date: Sat, 23 May 2026 11:33:53 +0530 Subject: [PATCH 3/4] =?UTF-8?q?docs:=20address=20review=20=E2=80=94=20slim?= =?UTF-8?q?=20README=20and=20move=20adding-users=20walkthrough=20to=20docs?= =?UTF-8?q?/?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per reviewer feedback on #339: - Drop the Thunder /users API option from the README; keep the section to a single short paragraph pointing at the Thunder ID console. - Move the full walkthrough (admin login, user schema creation, OU assignment, direct-password vs invitation-link) into a new docs/Adding-Users.md so the README stays concise. - Update Thunder repo link to its new home at thunder-id/thunderid (both in the Adding users section and Open Source Components list). - Drop the "(default is admin/admin)" hint per reviewer — admins rotate the credentials and the README should not imply defaults. --- README.md | 31 +++---------------------------- docs/Adding-Users.md | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 28 deletions(-) create mode 100644 docs/Adding-Users.md diff --git a/README.md b/README.md index 2f47130f..c9ff778e 100644 --- a/README.md +++ b/README.md @@ -111,34 +111,9 @@ nano services/.env ### Adding users -Users in Silver are provisioned through [Thunder](https://github.com/asgardeo/thunder), the identity provider that ships with the platform. There are two supported ways to add users: +Users in Silver are provisioned through the [Thunder ID](https://github.com/thunder-id/thunderid) console that ships with the platform. Sign in to the console at `https://:8090` with your admin credentials and add users under the `silver` organization unit. -#### Option 1: Thunder Console (recommended) - -1. Open the Thunder console in your browser at `https://:8090`. -2. Sign in with your Thunder admin credentials (default is admin/admin). -3. Navigate to the `silver` organization unit and create a new user of type `emailuser`, supplying a `username`, `password`, and `email` (e.g. `alice@example.com`). - -#### Option 2: Thunder `/users` API - -You can create users directly against the Thunder REST API. After obtaining a bearer token and the `silver` organization unit ID (see [`scripts/utils/thunder-auth.sh`](scripts/utils/thunder-auth.sh) for the authentication flow), call: - -```bash -curl -X POST "https://:8090/users" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer " \ - -d '{ - "organizationUnit": "", - "type": "emailuser", - "attributes": { - "username": "alice", - "password": "", - "email": "alice@example.com" - } - }' -``` - -For a working end-to-end example that authenticates with Thunder, looks up the organization unit, and bulk-creates users, see [`scripts/user/create_test_users.sh`](scripts/user/create_test_users.sh). More details on the Thunder integration are in [Thunder API Consumer Contract Guide for Silver](docs/Thunder-API-Consumer-Contract-Guide-for-Silver.md). +For the full walkthrough — creating a user schema, assigning it to an organization unit, and adding users via direct password or invitation link — see [Adding Users](docs/Adding-Users.md). ### Testing your setup - Now that you have a working email server, you can test your configuration using the following links/scripts. @@ -178,7 +153,7 @@ Silver is built using open-source software. - [Postfix](https://www.postfix.org/) - Handles sending and receiving email. - [Raven](https://github.com/lsflk/raven) - Handles SASL authentication, LMTP, and IMAP server for email retrieval. -- [Thunder](https://github.com/asgardeo/thunder) - Identity provider and user manager +- [Thunder ID](https://github.com/thunder-id/thunderid) - Identity provider and user manager - [Rspamd](https://rspamd.com/) - Spam filtering system. - [ClamAV](https://docs.clamav.net/Introduction.html) - Virus scanning system. - [Certbot](https://certbot.eff.org/) - Client software that talks to Let’s Encrypt to generate certificates. diff --git a/docs/Adding-Users.md b/docs/Adding-Users.md new file mode 100644 index 00000000..ba601555 --- /dev/null +++ b/docs/Adding-Users.md @@ -0,0 +1,36 @@ +# Adding Users + +Users in Silver are provisioned through the [Thunder ID](https://github.com/thunder-id/thunderid) console that ships with the platform. This guide walks through adding users via the console. + +## Prerequisites + +- Silver is running (see [Server Setup](../README.md#server-setup) in the main README). +- You can reach the Thunder console at `https://:8090`. +- You have Thunder admin credentials. + +## Steps + +### 1. Sign in to the Thunder console + +Open `https://:8090` in your browser and sign in with your admin credentials. + +### 2. Create a user schema + +Define a user schema that includes the fields needed for an email user — at minimum, `username` and `password`. + +### 3. Assign the schema to an organization unit + +Assign the schema you just created to the `silver` organization unit (or another organization unit you want the users to belong to). + +### 4. Add users + +Under the target organization unit, add users using one of the following: + +- **Set a password directly** — supply a `username` and `password` for the user. +- **Send an invitation link** — provide the user's secondary email address; Thunder will email them an invitation link to set their own password. + +## Programmatic provisioning + +For bulk or scripted user creation against the Thunder REST API, see [`scripts/user/create_test_users.sh`](../scripts/user/create_test_users.sh) for a working example that authenticates with Thunder, looks up the `silver` organization unit, and creates users via `POST /users`. The authentication helper lives in [`scripts/utils/thunder-auth.sh`](../scripts/utils/thunder-auth.sh). + +Further details on the Silver ↔ Thunder integration are in the [Thunder API Consumer Contract Guide for Silver](Thunder-API-Consumer-Contract-Guide-for-Silver.md). From 8a35340558cb43e62b68f1be7a1c0562ee9b5031 Mon Sep 17 00:00:00 2001 From: prdai Date: Sat, 23 May 2026 11:50:43 +0530 Subject: [PATCH 4/4] =?UTF-8?q?docs:=20address=20review=20=E2=80=94=20cons?= =?UTF-8?q?ole=20URL,=20drop=20OU=20name=20and=20programmatic=20section?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Append /console to the Thunder console URL in README and docs. - Drop the "silver" organization unit name (varies by deployment). - Remove the programmatic-provisioning section; the example script is outdated and out of scope for this docs PR. --- README.md | 2 +- docs/Adding-Users.md | 12 +++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c9ff778e..e10b68f9 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ nano services/.env ### Adding users -Users in Silver are provisioned through the [Thunder ID](https://github.com/thunder-id/thunderid) console that ships with the platform. Sign in to the console at `https://:8090` with your admin credentials and add users under the `silver` organization unit. +Users in Silver are provisioned through the [Thunder ID](https://github.com/thunder-id/thunderid) console that ships with the platform. Sign in to the console at `https://:8090/console` with your admin credentials. For the full walkthrough — creating a user schema, assigning it to an organization unit, and adding users via direct password or invitation link — see [Adding Users](docs/Adding-Users.md). diff --git a/docs/Adding-Users.md b/docs/Adding-Users.md index ba601555..4d52876e 100644 --- a/docs/Adding-Users.md +++ b/docs/Adding-Users.md @@ -5,14 +5,14 @@ Users in Silver are provisioned through the [Thunder ID](https://github.com/thun ## Prerequisites - Silver is running (see [Server Setup](../README.md#server-setup) in the main README). -- You can reach the Thunder console at `https://:8090`. +- You can reach the Thunder console at `https://:8090/console`. - You have Thunder admin credentials. ## Steps ### 1. Sign in to the Thunder console -Open `https://:8090` in your browser and sign in with your admin credentials. +Open `https://:8090/console` in your browser and sign in with your admin credentials. ### 2. Create a user schema @@ -20,7 +20,7 @@ Define a user schema that includes the fields needed for an email user — at mi ### 3. Assign the schema to an organization unit -Assign the schema you just created to the `silver` organization unit (or another organization unit you want the users to belong to). +Assign the schema you just created to the organization unit you want the users to belong to. ### 4. Add users @@ -28,9 +28,3 @@ Under the target organization unit, add users using one of the following: - **Set a password directly** — supply a `username` and `password` for the user. - **Send an invitation link** — provide the user's secondary email address; Thunder will email them an invitation link to set their own password. - -## Programmatic provisioning - -For bulk or scripted user creation against the Thunder REST API, see [`scripts/user/create_test_users.sh`](../scripts/user/create_test_users.sh) for a working example that authenticates with Thunder, looks up the `silver` organization unit, and creates users via `POST /users`. The authentication helper lives in [`scripts/utils/thunder-auth.sh`](../scripts/utils/thunder-auth.sh). - -Further details on the Silver ↔ Thunder integration are in the [Thunder API Consumer Contract Guide for Silver](Thunder-API-Consumer-Contract-Guide-for-Silver.md).