chore(infra): enforce admin password check in non-Development environments in DbInitializer

This commit is contained in:
2026-06-01 19:08:50 +02:00
parent 5340be3045
commit a672a868b4
@@ -72,8 +72,28 @@ public static class DbInitializer
var adminPassword = configuration?["Nexus:AdminPassword"] var adminPassword = configuration?["Nexus:AdminPassword"]
?? configuration?["NEXUS_ADMIN_PASSWORD"] ?? configuration?["NEXUS_ADMIN_PASSWORD"]
?? Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD") ?? Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD");
?? "Admin123!";
var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")
?? Environment.GetEnvironmentVariable("DOTNET_ENVIRONMENT")
?? "Development";
var isDevelopment = string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase);
if (string.IsNullOrEmpty(adminPassword))
{
if (!isDevelopment)
{
throw new InvalidOperationException(
"CRITICAL SECURITY ERROR: Admin password is NOT configured! " +
"In non-Development environments (e.g. Test/Production), the admin password must be explicitly set " +
"via configuration ('Nexus:AdminPassword' or 'NEXUS_ADMIN_PASSWORD') or environment variables. " +
"Seeding aborted to prevent insecure credentials fallback.");
}
Console.WriteLine("[Seeder] WARNING: Admin password is not set. Falling back to default weak password 'Admin123!' in Development environment.");
adminPassword = "Admin123!";
}
adminUser.PasswordHash = passwordHasher.HashPassword(adminUser, adminPassword); adminUser.PasswordHash = passwordHasher.HashPassword(adminUser, adminPassword);
dbContext.Users.Add(adminUser); dbContext.Users.Add(adminUser);