[BUG]: Root user created with credentials - but which ones???

[sglebs]

How are you running VectorAdmin?

Local development

What happened?

I already have a database from running this tool in December (see #93). I did a fresh git clone and re-ran the steps, pointing at my existing database. It all went well, except that it did not honor my existing admin account. It printed:

Root user created with credentials

But what credentials? Using DBeaver I see the database:

root@vectoradmin.com $2b$10$sxqOOuQ7ocYZmhkMfdADZuxUa0ar3yIMzK113wvd3JoL3AYGepSJK

I am assuming this is a hashed/salted password, but... what is the password? (yes, I did try the hash as password in the GUI, to no avail)

If it is impossible to tell the initial default password, then please let me know how to force a reset. Delete this entire row? Delete the password field?

Are there known steps to reproduce?

No response

[sglebs]

Found the algorithm:

const User = {
  create: async function ({ email, password, role = null }) {
    try {
      const bcrypt = require("bcrypt");
      const user = await prisma.users.create({
        data: {
          email,
          password: bcrypt.hashSync(password, 10),
          role: role ?? "default",
        },
      });

      return { user, message: null };
    } catch (e) {
      console.error("FAILED TO CREATE USER.", e.message);
      return { user: null, error: e.message };
    }
  },

still looking for the initial setup with the initial password.

[sglebs]

Found the defaults:

    process.env.SYS_EMAIL = "root@vectoradmin.com";
    process.env.SYS_PASSWORD = "password";

How about updating the Readme to mention these 2 very important env vars?

[sglebs]

It turns out the system does not honor these env vars.

(venv) mqm@Marcios-MBP vector-admin % export SYS_EMAIL="mqm@sglebs.com"
export SYS_EMAIL="mqm@sglebs.com"
(venv) mqm@Marcios-MBP vector-admin % export SYS_PASSWORD="vector@admin"
(venv) mqm@Marcios-MBP vector-admin % echo "now I deleted the row in DBeaver"
now I deleted the row in DBeaver
(venv) mqm@Marcios-MBP vector-admin % yarn dev:server                        
yarn run v1.22.21
$ cd backend && yarn dev
$ NODE_ENV=development nodemon --ignore storage/ --trace-warnings index.js
[nodemon] 2.0.22
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): *.*
[nodemon] watching extensions: js,mjs,json
[nodemon] starting `node --trace-warnings index.js`
Storage folder for vector-cache created.
prisma:info Starting a postgresql pool with 25 connections.
[DEVELOPER MODE: TELEMETRY STUBBED] {
  event: 'server_boot',
  properties: { commit: '39fe4a1117a81feaf09a440b79792120964bb4d6' }
}
Root user created with credentials
Backend server listening on port 3001
[express-admin] No schema changes found. Will not republish settings.

[sglebs]

And it turns out the system fails with the hardcoded credentials also:

[timothycarambat]

The root user login creation is automatic and once you land on the sign-in page for the first time you should automatically be sent to an onboarding flow, you should not need to log in at all visiting the main page after booting up for the first time.

If it was failing to direct you to onboarding, then that is the bug

[sglebs]

Yes, I remember that from December. But now, with today's clone, after starting with a fresh database, it does not redirect me. Maybe that is the real bug, as you said.