fix(backend): bootstrap admin from env instead of seeding admin/admin
007_seed_data.sql shipped a fixed admin account whose bcrypt hash decodes to the password "admin", giving every deployment the same known credentials. The seed row is removed; UserService.EnsureAdmin now creates the administrator on startup from ADMIN_USERNAME / ADMIN_PASSWORD. It is idempotent and never overwrites an existing password, so an operator who rotates the admin password keeps it across restarts. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -133,6 +133,10 @@ func setupSuite(t *testing.T) *harness {
|
||||
fileSvc := service.NewFileService(fileRepo, mimeRepo, diskStorage, aclSvc, auditSvc, tagSvc, transactor, filesDir)
|
||||
userSvc := service.NewUserService(userRepo, auditSvc)
|
||||
|
||||
// Bootstrap the admin account the suite logs in with (replaces the old
|
||||
// hardcoded seed credentials).
|
||||
require.NoError(t, userSvc.EnsureAdmin(ctx, "admin", "admin"))
|
||||
|
||||
// --- Handlers ------------------------------------------------------------
|
||||
authMiddleware := handler.NewAuthMiddleware(authSvc)
|
||||
authHandler := handler.NewAuthHandler(authSvc)
|
||||
|
||||
Reference in New Issue
Block a user