raethlein
commented
2 years ago LGTM! Thanks for the change. Maybe you could add the comment
This is not perfect, as it does not prevent the usage of the system before initialization is done. Maybe at some point, we could discuss the general idea of this initialization endpoint again.
(in a shorter form) to the code 🙂
Currently, the /system/initialize endpoint can be called multiple times without authentication. This allows anyone to reset the instance and create an admin account. This simple fix checks if there are already users in the DB. If that is the case, the system is not initialized again. This is not perfect, as it does not prevent the usage of the system before initialization is done. Maybe at some point, we could discuss the general idea of this initialization endpoint again.