Admin password shouldn't be left to default

[ghost]

By default, the admin account password is "admin". While that doesn't seem to cause problems in the web interface, because the SSO makes sure a Yunohost user is logged to allow access to libresonic, one can use the API (from an external *sonic client like dsub for instance) to log in as admin by using the default password and delete users.

One solution could be to make the install script generate a long, random, password for the admin account via the Rest API, if possible.

[massyas]

Thanks for the issue, I clearly missed that. Currently, I would say that admin account can be deleted by yunohost admin user when first connecting. But I think your idea of setting a random password for admin can be a good improvement. I'll try to address it.

[ghost]

I don't think it is possible to delete the admin account. Neither the web interface nor the Rest API allowed me to do it, but I may be wrong.