fix: move hardcoded automated test passwords to env var

[jamesgeddes]

Description

This change ensures that we are not storing any passwords in the code, regardless of whether they are for testing or not. It moves all testing passwords to the environment variables TEST_USER_PASSWORD andTEST_USER_PASSWORD_BAD`.

Related Issue

resolves #581

Motivation and Context

Sonar repeatedly reports security risks due to our having passwords in plain text in the code. In reality, these are

How Has This Been Tested?

No testing required, only moving two strings into a env vars.

Types of changes

• [x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• [x] My code follows the code style of this project.
• [ ] My change requires a change to the documentation.
• [ ] I have updated the documentation accordingly.
• [x] I have read the CONTRIBUTING document.
• [ ] I have added tests to cover my changes.
• [x] All new and existing tests passed.

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication