Ensure default password for TigaUser #323
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR ensures that newly created TigaUser instances are assigned a default password by modifying the password field to include a default value generator. Previously, the password field was nullable, which could allow users without passwords.
Key Changes:
- Added a default password configuration in settings
- Modified TigaUser model to automatically hash and assign default password
- Added test coverage to verify the default password is set correctly
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| tigaserver_project/settings.py | Introduces DEFAULT_TIGAUSER_PASSWORD constant for configuring the default password |
| tigaserver_app/models.py | Adds get_default_password_hash() function and updates TigaUser.password field to use it as default |
| tigaserver_app/tests/tests.py | Adds test assertion to verify new users are created with the default password |
| tigaserver_app/migrations/0087_alter_tigauser_password.py | Django migration to apply the password field default change |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Change this in prod | ||
| DEFAULT_TIGAUSER_PASSWORD = 'TEST_PASSWORD' |
There was a problem hiding this comment.
Hardcoding a default password in settings is a security risk, especially with DEBUG=False in production. Consider using environment variables or Django's secrets management to configure this value securely, and ensure it's overridden in production environments.
| # Change this in prod | |
| DEFAULT_TIGAUSER_PASSWORD = 'TEST_PASSWORD' | |
| # Set this via environment variable in production | |
| DEFAULT_TIGAUSER_PASSWORD = os.environ.get('DEFAULT_TIGAUSER_PASSWORD') |
| def get_default_password_hash(): | ||
| return make_password(settings.DEFAULT_TIGAUSER_PASSWORD) |
There was a problem hiding this comment.
This function is called every time a TigaUser instance is created, hashing the same password repeatedly. Since the default password is static, consider caching the hash result to avoid unnecessary computation on each user creation.
| USERNAME_FIELD = 'pk' | ||
|
|
||
| password = models.CharField(_('password'), max_length=128, null=True, blank=True) | ||
| password = models.CharField(_('password'), max_length=128, default=get_default_password_hash) |
There was a problem hiding this comment.
Removing null=True and blank=True from the password field may cause issues for existing TigaUser records that have NULL passwords. Consider adding a data migration to populate existing NULL passwords before applying this schema change.
No description provided.