diff --git a/database/migrations/002_seed.sql b/database/migrations/002_seed.sql index 6120547..987dd7e 100644 --- a/database/migrations/002_seed.sql +++ b/database/migrations/002_seed.sql @@ -195,6 +195,9 @@ ON CONFLICT DO NOTHING; -- admin_demo / AdminAccess@2026 -- sales_demo / SalesAccess@2026 -- dev_demo / DevTesting@2026 +-- ewan (password change required on first login) +-- caitlin (password change required on first login) +-- dillen (password change required on first login) INSERT INTO users (id, username, email, password_hash, first_name, last_name, is_active, password_change_required) VALUES ('00000000-0000-0000-0000-000000000001', 'superadmin_demo', 'superadmin@coastit.co.za', @@ -208,7 +211,16 @@ INSERT INTO users (id, username, email, password_hash, first_name, last_name, is 'Sales', 'User', TRUE, TRUE), ('00000000-0000-0000-0000-000000000004', 'dev_demo', 'dev@coastit.co.za', '$2b$12$ghyJFb17lXoFOCYUPB6Fk.q8wDNOJhq9OUPNzd5DKaZsDjCF2NBJa', - 'Dev', 'User', TRUE, TRUE) + 'Dev', 'User', TRUE, TRUE), + ('00000000-0000-0000-0000-000000000005', 'ewan', 'ewan@coastit.co.za', + '$2b$12$nO.9p.f4oWFhfScxM8MGQuiR9YjU85YTIqcb1kS.kyDBMHdmQ.EyG', + 'Ewan', 'Scheepers', TRUE, TRUE), + ('00000000-0000-0000-0000-000000000006', 'caitlin', 'caitlin@coastit.co.za', + '$2b$12$I5FHjje4OA5raP3642twT.Wmcl00rA1/wDPiQjRK14yDgybUjmrYG', + 'Caitlin', 'Hermanus', TRUE, TRUE), + ('00000000-0000-0000-0000-000000000007', 'dillen', 'dillen@coastit.co.za', + '$2b$12$QnvaRzdJEV/Bq8tp5vguM.ad.oeAcV2bjdzndIFdA4Opn5vY2WVaW', + 'Dillen', 'van der Merwe', TRUE, TRUE) ON CONFLICT (username) WHERE (deleted_at IS NULL) DO NOTHING; -- Update the SUPER_ADMIN to set created_by to self (post-bootstrap) @@ -217,7 +229,7 @@ WHERE id = '00000000-0000-0000-0000-000000000001' AND created_by IS NULL; -- Set created_by for other users (SUPER_ADMIN created them) UPDATE users SET created_by = '00000000-0000-0000-0000-000000000001' -WHERE id IN ('00000000-0000-0000-0000-000000000002','00000000-0000-0000-0000-000000000003','00000000-0000-0000-0000-000000000004') +WHERE id IN ('00000000-0000-0000-0000-000000000002','00000000-0000-0000-0000-000000000003','00000000-0000-0000-0000-000000000004','00000000-0000-0000-0000-000000000005','00000000-0000-0000-0000-000000000006','00000000-0000-0000-0000-000000000007') AND created_by IS NULL; -- ============================================================================ @@ -233,7 +245,10 @@ ON CONFLICT DO NOTHING; INSERT INTO user_roles (user_id, role_id, assigned_by) VALUES ('00000000-0000-0000-0000-000000000002', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'), ('00000000-0000-0000-0000-000000000003', '00000003-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'), - ('00000000-0000-0000-0000-000000000004', '00000004-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001') + ('00000000-0000-0000-0000-000000000004', '00000004-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'), + ('00000000-0000-0000-0000-000000000005', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'), + ('00000000-0000-0000-0000-000000000006', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'), + ('00000000-0000-0000-0000-000000000007', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001') ON CONFLICT DO NOTHING; -- ============================================================================ diff --git a/database/migrations/013_security_upgrade.sql b/database/migrations/013_security_upgrade.sql index 62ebc44..f020ff2 100644 --- a/database/migrations/013_security_upgrade.sql +++ b/database/migrations/013_security_upgrade.sql @@ -595,6 +595,11 @@ WHERE id = '00000000-0000-0000-0000-000000000003' AND password_encrypted IS NULL UPDATE users SET password_encrypted = encrypt_password('DevTesting@2026') WHERE id = '00000000-0000-0000-0000-000000000004' AND password_encrypted IS NULL; +-- NOTE: New admin users (ewan, caitlin, dillen) have password_encrypted=NULL. +-- They will set their own passwords on first login (password_change_required=TRUE). +-- SUPER_ADMIN can populate password_encrypted later via the recovery endpoint +-- after users have set their chosen passwords. + -- ============================================================================ -- FUTURE REQUIREMENT NOTE: -- If this system is ever exposed publicly, remove reversible password storage