niccofyren
commented
4 years ago Updated with soft-delete/disable properties from this related PR: https://github.com/gathering/wannabe/pull/33
Closed niccofyren closed 4 years ago
niccofyren
commented
4 years ago Updated with soft-delete/disable properties from this related PR: https://github.com/gathering/wannabe/pull/33
mfyll
commented
4 years ago We should probably consider removing the default users all together.
niccofyren
commented
4 years ago Agree with the deletion part, just updating branch to work with latest master if needed
Atriusftw
commented
4 years ago Merging to update the migration data with master to prevent issues with other tests. Will make a new issue to delete testdata from the migrations completely.
Replaces passwords of default user accounts with a random string using a very hard password hash cost factor. Quick fix to stop them working as unintended backdoor users. Also changes dev account password hash from md5 to proper hash algorithm.
This mainly applies to user data present in initial migrations, if using seed file only the dev user should be present. Default dev user (and any other "test users") password should still be changed if ever intended for production usage, or just removed completely.
Relates to: https://gathering.slack.com/archives/CMH6DCPGE/p1567449718019600 (requires TG slack access) Relates to: https://github.com/gathering/wannabe/issues/9