Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-02-13 01:56:51 +01:00
Code Issues Packages Projects Releases Activity
Files
e1239aff9207e3788cb303b5c348579c2807edee
SCM-Manager/docs/en/first-startup/index.md
René Pfeuffer d9d3547a22 Create custom initial user (#1707) 
Using a default user with a default password has the implicit risk, that this user is not changed and therefore this system can be compromised. With this change, SCM-Manager does not create the default user with the default password on startup any more, but it shows an initial form where the initial values for the administration user have to be entered by the user. To secure this form, a random token is created on startup and printed in the log.

To implement this form, the concept of an InitializationStep is introduced. This extension point can be implemented to offer different setup tasks. The creation of the administration user is the first implementation, others might be things like first plugin selections or the like.

Frontend components are selected by the name of these initialization steps, whose names will be added to the index resource
(whichever is active at the moment) and will be show accordingly.

Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
2021-06-24 09:29:42 +02:00

2.1 KiB
Raw Blame History

title, subtitle
title subtitle
First Startup Administration User Creation

First Startup

On first startup, you have to create the initial administration user. Therefore, you need the token from the log. This log looks something like this:

2021-06-22 09:19:43.166 [main] [          ] WARN  sonia.scm.lifecycle.AdminAccountStartupAction - ====================================================
2021-06-22 09:19:43.166 [main] [          ] WARN  sonia.scm.lifecycle.AdminAccountStartupAction - ==                                                ==
2021-06-22 09:19:43.166 [main] [          ] WARN  sonia.scm.lifecycle.AdminAccountStartupAction - ==    Startup token for initial user creation     ==
2021-06-22 09:19:43.166 [main] [          ] WARN  sonia.scm.lifecycle.AdminAccountStartupAction - ==                                                ==
2021-06-22 09:19:43.166 [main] [          ] WARN  sonia.scm.lifecycle.AdminAccountStartupAction - ==              LAh8BzNE68y2fj8Hj9lZ              ==
2021-06-22 09:19:43.166 [main] [          ] WARN  sonia.scm.lifecycle.AdminAccountStartupAction - ==                                                ==
2021-06-22 09:19:43.166 [main] [          ] WARN  sonia.scm.lifecycle.AdminAccountStartupAction - ====================================================

When you open the SCM-Manager URL in a browser, you will see the creation form:

Creation form for initial administration user

Enter the token from the log in the first input field and specify the username, the display name, the email address and the password for the administration user and click the "Submit" button. When the administration user has been created, the page will reload, and you will see the login dialog of SCM-Manager.

The password of the administration user cannot be recovered.

Bypass User Creation Form

For automated processes, you might want to bypass the initial user creation. To do so, you can set the initial password in a system property scm.initialPassword. If this is present, a user scmadmin with this password will be created, if it does not already exist.

Reference in New Issue View Git Blame Copy Permalink