git-echo/linux_patch_manager
Private
Public Access
1
0
Fork 0
Code Releases 8 Wiki Activity
Files
d2dd27c2a32eaeee695c67dfd44fbf62aa7c5ada
linux_patch_manager/migrations/002_seed_admin.sql
Draco-Lunaris-Echo 80ffb6b62f
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
CI Pipeline / Clippy Lints (push) Successful in 50s
CI Pipeline / Rust Unit Tests (push) Successful in 1m8s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
CI Pipeline / Build .deb & Release (push) Has been skipped
feat(security): replace hardcoded admin password with in-app bootstrap (#25) 
* feat(security): replace hardcoded admin password with in-app bootstrap (issue #8)

Replace the publicly-known Argon2id hash in 002_seed_admin.sql with a
clearly-invalid placeholder that cannot validate any password (fail-closed).

On first startup, pm-web detects the placeholder and generates a random
24-character alphanumeric password, hashes it with Argon2id, and UPDATEs
the admin row. The plaintext password is printed once to stderr (visible
in systemd journal).

This eliminates the need for a separate hash_password binary, shell
script SQL injection risk, and password leakage in shell variables.

Closes #8

* fix(security): rustfmt compliance for bootstrap function

* fix(security): add trailing commas to match arms per rustfmt
2026-06-04 13:28:44 -05:00

43 lines
1.2 KiB
SQL
Raw Blame History

-- Migration: 002_seed_admin
-- Description: Seed the default admin account.
--
-- IMPORTANT (issue #8): The password_hash below is a PLACEHOLDER
-- that cannot validate any password. On first startup, pm-web detects
-- this placeholder and generates a random admin password, replacing
-- the hash in the database. The generated password is printed once
-- to stderr (visible in systemd journal).
--
-- If the application never starts (e.g., manual migration only),
-- the admin account is inaccessible — this is fail-closed.
--
-- On first successful login with a real password, the admin is forced to
-- set a new password (force_password_reset = TRUE).
INSERT INTO users (
id,
username,
display_name,
email,
role,
auth_provider,
password_hash,
mfa_enabled,
is_active,
force_password_reset
)
VALUES (
gen_random_uuid(),
'admin',
'Administrator',
'admin@localhost',
'admin',
'local',
-- PLACEHOLDER Argon2id hash (issue #8). Cannot validate any password.
-- pm-web replaces this with a real hash on first startup.
'$argon2id$v=19$m=65536,t=3,p=1$AAAAAAAAAAAAAAAA$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',
FALSE,
TRUE,
TRUE
)
ON CONFLICT (username) DO NOTHING;
View Git Blame Copy Permalink