chore(infra): enforce admin password check in non-Development environments in DbInitializer
This commit is contained in:
@@ -72,8 +72,28 @@ public static class DbInitializer
|
||||
|
||||
var adminPassword = configuration?["Nexus:AdminPassword"]
|
||||
?? configuration?["NEXUS_ADMIN_PASSWORD"]
|
||||
?? Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD")
|
||||
?? "Admin123!";
|
||||
?? Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD");
|
||||
|
||||
var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")
|
||||
?? Environment.GetEnvironmentVariable("DOTNET_ENVIRONMENT")
|
||||
?? "Development";
|
||||
var isDevelopment = string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase);
|
||||
|
||||
if (string.IsNullOrEmpty(adminPassword))
|
||||
{
|
||||
if (!isDevelopment)
|
||||
{
|
||||
throw new InvalidOperationException(
|
||||
"CRITICAL SECURITY ERROR: Admin password is NOT configured! " +
|
||||
"In non-Development environments (e.g. Test/Production), the admin password must be explicitly set " +
|
||||
"via configuration ('Nexus:AdminPassword' or 'NEXUS_ADMIN_PASSWORD') or environment variables. " +
|
||||
"Seeding aborted to prevent insecure credentials fallback.");
|
||||
}
|
||||
|
||||
Console.WriteLine("[Seeder] WARNING: Admin password is not set. Falling back to default weak password 'Admin123!' in Development environment.");
|
||||
adminPassword = "Admin123!";
|
||||
}
|
||||
|
||||
adminUser.PasswordHash = passwordHasher.HashPassword(adminUser, adminPassword);
|
||||
|
||||
dbContext.Users.Add(adminUser);
|
||||
|
||||
Reference in New Issue
Block a user