mirror of
https://git.coastit.co.za/caitlin/CRM_ENVR.git
synced 2026-07-10 11:15:43 +02:00
Fix login session persistence + add admin accounts
- Fix JWT secret regenerating on every HMR cycle (globalThis cache) - Replace unreliable response.cookies.set() with manual Set-Cookie header - Remove jwt-secret.ts abstraction — JWT_SECRET back inline in auth.ts - Sidebar logo links directly to /dashboard instead of server-redirect / - Add 3 admin users to seed: ewan/caitlin/dillen (ADMIN role) - Fix bcrypt hash corruption from PowerShell $ interpolation - Remove plaintext passwords from codebase - Fix audit_password_change trigger UUID type error
This commit is contained in:
@@ -595,6 +595,11 @@ WHERE id = '00000000-0000-0000-0000-000000000003' AND password_encrypted IS NULL
|
||||
UPDATE users SET password_encrypted = encrypt_password('DevTesting@2026')
|
||||
WHERE id = '00000000-0000-0000-0000-000000000004' AND password_encrypted IS NULL;
|
||||
|
||||
-- NOTE: New admin users (ewan, caitlin, dillen) have password_encrypted=NULL.
|
||||
-- They will set their own passwords on first login (password_change_required=TRUE).
|
||||
-- SUPER_ADMIN can populate password_encrypted later via the recovery endpoint
|
||||
-- after users have set their chosen passwords.
|
||||
|
||||
-- ============================================================================
|
||||
-- FUTURE REQUIREMENT NOTE:
|
||||
-- If this system is ever exposed publicly, remove reversible password storage
|
||||
|
||||
Reference in New Issue
Block a user