Force random password on first run. Stop using Crafty as default password
What does this MR do and why?
Updates first creation procedures to add admin user and a random password. This will prevent user accounts from being broken into due to not changing the default credentials.
The newly created credentials will be dumped into app/config/default-creds.txt
where the user can copy and paste the default password.
We will still strongly encourage the user to create their own strong password and/or delete default-creds.txt
.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
Have you checked this doesn't interfere/conflict/duplicate someone elses work? -
Have you fully tested your changes? -
Have you resolved any lint issues? -
Have you assigned a reviewer? -
Have you applied correct labels?
Edited by Iain Powrie