From 6b340f50cb33ceaf888789b9dcfa70e09f405970 Mon Sep 17 00:00:00 2001 From: "Adrian A. Baumann" Date: Sun, 1 Mar 2026 01:08:40 +0100 Subject: [PATCH] fix: remove passlib import from migration 0001, embed static hash --- backend/alembic/versions/0001_initial.py | 8 +++++--- helm/shorefront/values.yaml | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/backend/alembic/versions/0001_initial.py b/backend/alembic/versions/0001_initial.py index 3739d22..09265d7 100644 --- a/backend/alembic/versions/0001_initial.py +++ b/backend/alembic/versions/0001_initial.py @@ -6,14 +6,16 @@ Create Date: 2026-02-28 """ from alembic import op import sqlalchemy as sa -from passlib.context import CryptContext revision = "0001" down_revision = None branch_labels = None depends_on = None -pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") +# Pre-computed bcrypt hash of "admin". Used only for seeding the initial admin +# row; hashed_password becomes nullable in migration 0002 (SSO transition) and +# is never validated at login. +_ADMIN_HASH = "$2b$12$E8Td3Igd66V.udnDuflWFOhhhZDYFRHwLpgIsw.cRQtMf4h102sj." def upgrade() -> None: @@ -98,7 +100,7 @@ def upgrade() -> None: "INSERT INTO users (username, email, hashed_password, is_active) " "VALUES (:u, :e, :p, true)" ), - {"u": "admin", "e": "admin@localhost", "p": pwd_context.hash("admin")}, + {"u": "admin", "e": "admin@localhost", "p": _ADMIN_HASH}, ) user_id = conn.execute(sa.text("SELECT id FROM users WHERE username='admin'")).scalar() diff --git a/helm/shorefront/values.yaml b/helm/shorefront/values.yaml index f680a29..29242f3 100644 --- a/helm/shorefront/values.yaml +++ b/helm/shorefront/values.yaml @@ -42,4 +42,4 @@ keycloak: redirectUri: https://shorefront.baumann.gr/api/auth/oidc/callback containers: - version: "0.004" + version: "0.005"