chore(infra): enforce admin password check in non-Development environments in DbInitializer
This commit is contained in:
@@ -72,8 +72,28 @@ public static class DbInitializer
|
|||||||
|
|
||||||
var adminPassword = configuration?["Nexus:AdminPassword"]
|
var adminPassword = configuration?["Nexus:AdminPassword"]
|
||||||
?? configuration?["NEXUS_ADMIN_PASSWORD"]
|
?? configuration?["NEXUS_ADMIN_PASSWORD"]
|
||||||
?? Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD")
|
?? Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD");
|
||||||
?? "Admin123!";
|
|
||||||
|
var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")
|
||||||
|
?? Environment.GetEnvironmentVariable("DOTNET_ENVIRONMENT")
|
||||||
|
?? "Development";
|
||||||
|
var isDevelopment = string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase);
|
||||||
|
|
||||||
|
if (string.IsNullOrEmpty(adminPassword))
|
||||||
|
{
|
||||||
|
if (!isDevelopment)
|
||||||
|
{
|
||||||
|
throw new InvalidOperationException(
|
||||||
|
"CRITICAL SECURITY ERROR: Admin password is NOT configured! " +
|
||||||
|
"In non-Development environments (e.g. Test/Production), the admin password must be explicitly set " +
|
||||||
|
"via configuration ('Nexus:AdminPassword' or 'NEXUS_ADMIN_PASSWORD') or environment variables. " +
|
||||||
|
"Seeding aborted to prevent insecure credentials fallback.");
|
||||||
|
}
|
||||||
|
|
||||||
|
Console.WriteLine("[Seeder] WARNING: Admin password is not set. Falling back to default weak password 'Admin123!' in Development environment.");
|
||||||
|
adminPassword = "Admin123!";
|
||||||
|
}
|
||||||
|
|
||||||
adminUser.PasswordHash = passwordHasher.HashPassword(adminUser, adminPassword);
|
adminUser.PasswordHash = passwordHasher.HashPassword(adminUser, adminPassword);
|
||||||
|
|
||||||
dbContext.Users.Add(adminUser);
|
dbContext.Users.Add(adminUser);
|
||||||
|
|||||||
Reference in New Issue
Block a user