Fix login session persistence + add admin accounts
- Fix JWT secret regenerating on every HMR cycle (globalThis cache) - Replace unreliable response.cookies.set() with manual Set-Cookie header - Remove jwt-secret.ts abstraction — JWT_SECRET back inline in auth.ts - Sidebar logo links directly to /dashboard instead of server-redirect / - Add 3 admin users to seed: ewan/caitlin/dillen (ADMIN role) - Fix bcrypt hash corruption from PowerShell $ interpolation - Remove plaintext passwords from codebase - Fix audit_password_change trigger UUID type error
This commit is contained in:
@@ -195,6 +195,9 @@ ON CONFLICT DO NOTHING;
|
|||||||
-- admin_demo / AdminAccess@2026
|
-- admin_demo / AdminAccess@2026
|
||||||
-- sales_demo / SalesAccess@2026
|
-- sales_demo / SalesAccess@2026
|
||||||
-- dev_demo / DevTesting@2026
|
-- dev_demo / DevTesting@2026
|
||||||
|
-- ewan (password change required on first login)
|
||||||
|
-- caitlin (password change required on first login)
|
||||||
|
-- dillen (password change required on first login)
|
||||||
|
|
||||||
INSERT INTO users (id, username, email, password_hash, first_name, last_name, is_active, password_change_required) VALUES
|
INSERT INTO users (id, username, email, password_hash, first_name, last_name, is_active, password_change_required) VALUES
|
||||||
('00000000-0000-0000-0000-000000000001', 'superadmin_demo', 'superadmin@coastit.co.za',
|
('00000000-0000-0000-0000-000000000001', 'superadmin_demo', 'superadmin@coastit.co.za',
|
||||||
@@ -208,7 +211,16 @@ INSERT INTO users (id, username, email, password_hash, first_name, last_name, is
|
|||||||
'Sales', 'User', TRUE, TRUE),
|
'Sales', 'User', TRUE, TRUE),
|
||||||
('00000000-0000-0000-0000-000000000004', 'dev_demo', 'dev@coastit.co.za',
|
('00000000-0000-0000-0000-000000000004', 'dev_demo', 'dev@coastit.co.za',
|
||||||
'$2b$12$ghyJFb17lXoFOCYUPB6Fk.q8wDNOJhq9OUPNzd5DKaZsDjCF2NBJa',
|
'$2b$12$ghyJFb17lXoFOCYUPB6Fk.q8wDNOJhq9OUPNzd5DKaZsDjCF2NBJa',
|
||||||
'Dev', 'User', TRUE, TRUE)
|
'Dev', 'User', TRUE, TRUE),
|
||||||
|
('00000000-0000-0000-0000-000000000005', 'ewan', 'ewan@coastit.co.za',
|
||||||
|
'$2b$12$nO.9p.f4oWFhfScxM8MGQuiR9YjU85YTIqcb1kS.kyDBMHdmQ.EyG',
|
||||||
|
'Ewan', 'Scheepers', TRUE, TRUE),
|
||||||
|
('00000000-0000-0000-0000-000000000006', 'caitlin', 'caitlin@coastit.co.za',
|
||||||
|
'$2b$12$I5FHjje4OA5raP3642twT.Wmcl00rA1/wDPiQjRK14yDgybUjmrYG',
|
||||||
|
'Caitlin', 'Hermanus', TRUE, TRUE),
|
||||||
|
('00000000-0000-0000-0000-000000000007', 'dillen', 'dillen@coastit.co.za',
|
||||||
|
'$2b$12$QnvaRzdJEV/Bq8tp5vguM.ad.oeAcV2bjdzndIFdA4Opn5vY2WVaW',
|
||||||
|
'Dillen', 'van der Merwe', TRUE, TRUE)
|
||||||
ON CONFLICT (username) WHERE (deleted_at IS NULL) DO NOTHING;
|
ON CONFLICT (username) WHERE (deleted_at IS NULL) DO NOTHING;
|
||||||
|
|
||||||
-- Update the SUPER_ADMIN to set created_by to self (post-bootstrap)
|
-- Update the SUPER_ADMIN to set created_by to self (post-bootstrap)
|
||||||
@@ -217,7 +229,7 @@ WHERE id = '00000000-0000-0000-0000-000000000001' AND created_by IS NULL;
|
|||||||
|
|
||||||
-- Set created_by for other users (SUPER_ADMIN created them)
|
-- Set created_by for other users (SUPER_ADMIN created them)
|
||||||
UPDATE users SET created_by = '00000000-0000-0000-0000-000000000001'
|
UPDATE users SET created_by = '00000000-0000-0000-0000-000000000001'
|
||||||
WHERE id IN ('00000000-0000-0000-0000-000000000002','00000000-0000-0000-0000-000000000003','00000000-0000-0000-0000-000000000004')
|
WHERE id IN ('00000000-0000-0000-0000-000000000002','00000000-0000-0000-0000-000000000003','00000000-0000-0000-0000-000000000004','00000000-0000-0000-0000-000000000005','00000000-0000-0000-0000-000000000006','00000000-0000-0000-0000-000000000007')
|
||||||
AND created_by IS NULL;
|
AND created_by IS NULL;
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
@@ -233,7 +245,10 @@ ON CONFLICT DO NOTHING;
|
|||||||
INSERT INTO user_roles (user_id, role_id, assigned_by) VALUES
|
INSERT INTO user_roles (user_id, role_id, assigned_by) VALUES
|
||||||
('00000000-0000-0000-0000-000000000002', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'),
|
('00000000-0000-0000-0000-000000000002', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'),
|
||||||
('00000000-0000-0000-0000-000000000003', '00000003-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'),
|
('00000000-0000-0000-0000-000000000003', '00000003-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'),
|
||||||
('00000000-0000-0000-0000-000000000004', '00000004-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001')
|
('00000000-0000-0000-0000-000000000004', '00000004-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'),
|
||||||
|
('00000000-0000-0000-0000-000000000005', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'),
|
||||||
|
('00000000-0000-0000-0000-000000000006', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001'),
|
||||||
|
('00000000-0000-0000-0000-000000000007', '00000002-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000001')
|
||||||
ON CONFLICT DO NOTHING;
|
ON CONFLICT DO NOTHING;
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
|
|||||||
@@ -595,6 +595,11 @@ WHERE id = '00000000-0000-0000-0000-000000000003' AND password_encrypted IS NULL
|
|||||||
UPDATE users SET password_encrypted = encrypt_password('DevTesting@2026')
|
UPDATE users SET password_encrypted = encrypt_password('DevTesting@2026')
|
||||||
WHERE id = '00000000-0000-0000-0000-000000000004' AND password_encrypted IS NULL;
|
WHERE id = '00000000-0000-0000-0000-000000000004' AND password_encrypted IS NULL;
|
||||||
|
|
||||||
|
-- NOTE: New admin users (ewan, caitlin, dillen) have password_encrypted=NULL.
|
||||||
|
-- They will set their own passwords on first login (password_change_required=TRUE).
|
||||||
|
-- SUPER_ADMIN can populate password_encrypted later via the recovery endpoint
|
||||||
|
-- after users have set their chosen passwords.
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
-- FUTURE REQUIREMENT NOTE:
|
-- FUTURE REQUIREMENT NOTE:
|
||||||
-- If this system is ever exposed publicly, remove reversible password storage
|
-- If this system is ever exposed publicly, remove reversible password storage
|
||||||
|
|||||||
Reference in New Issue
Block a user