Closed niccofyren closed 4 years ago
Updated with soft-delete/disable properties from this related PR: https://github.com/gathering/wannabe/pull/33
We should probably consider removing the default users all together.
Agree with the deletion part, just updating branch to work with latest master if needed
Merging to update the migration data with master
to prevent issues with other tests. Will make a new issue to delete testdata from the migrations completely.
Replaces passwords of default user accounts with a random string using a very hard password hash cost factor. Quick fix to stop them working as unintended backdoor users. Also changes dev account password hash from md5 to proper hash algorithm.
This mainly applies to user data present in initial migrations, if using seed file only the dev user should be present. Default dev user (and any other "test users") password should still be changed if ever intended for production usage, or just removed completely.
Relates to: https://gathering.slack.com/archives/CMH6DCPGE/p1567449718019600 (requires TG slack access) Relates to: https://github.com/gathering/wannabe/issues/9