Change v4.0.0 migration script to not auto-generate credentials.

internal/migrations/v4.0.0.go

@@ -2,13 +2,11 @@ package migrations
 
 import (
 	"encoding/json"
-	"fmt"
 	"log"
 	"os"
 
 	"github.com/jmoiron/sqlx"
 	"github.com/knadh/koanf/v2"
-	"github.com/knadh/listmonk/internal/utils"
 	"github.com/knadh/stuffbin"
 	"github.com/lib/pq"
 )
@@ -49,8 +47,8 @@ func V4_0_0(db *sqlx.DB, fs stuffbin.FileSystem, ko *koanf.Koanf, lo *log.Logger
 		    created_at       TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
 		    updated_at       TIMESTAMP WITH TIME ZONE DEFAULT NOW()
 		);
-		CREATE UNIQUE INDEX IF NOT EXISTS roles_idx ON roles (parent_id, list_id);
-		CREATE UNIQUE INDEX IF NOT EXISTS roles_name_idx ON roles (type, name) WHERE name IS NOT NULL;
+		CREATE UNIQUE INDEX IF NOT EXISTS idx_roles ON roles (parent_id, list_id);
+		CREATE UNIQUE INDEX IF NOT EXISTS idx_roles_name ON roles (type, name) WHERE name IS NOT NULL;
 
 		CREATE TABLE IF NOT EXISTS users (
 		    id               SERIAL PRIMARY KEY,
@@ -99,16 +97,6 @@ func V4_0_0(db *sqlx.DB, fs stuffbin.FileSystem, ko *koanf.Koanf, lo *log.Logger
 		lo.Fatalf("error loading permissions file: %v", err)
 	}
 
-	perms := []string{}
-	for _, group := range permGroups {
-		for _, p := range group.Permissions {
-			perms = append(perms, p)
-		}
-	}
-	if _, err := db.Exec(`INSERT INTO roles (type, name, permissions) VALUES('user', 'Super Admin', $1) ON CONFLICT DO NOTHING`, pq.Array(perms)); err != nil {
-		return err
-	}
-
 	// Create super admin.
 	var (
 		user     = os.Getenv("LISTMONK_ADMIN_USER")
@@ -127,30 +115,31 @@ func V4_0_0(db *sqlx.DB, fs stuffbin.FileSystem, ko *koanf.Koanf, lo *log.Logger
 		password = ko.String("app.admin_password")
 
 		if len(user) < 2 || len(password) < 8 {
-			lo.Fatal("admin_username should be min 3 chars and admin_password should be min 8 chars")
+			lo.Fatal("admin_username should be min 3 chars and admin_password should be min 8 chars in the TOML config")
 		}
-		typ = "legacy config"
-	} else {
-		// None are set. Auto-generate.
-		user = "admin"
-		if p, err := utils.GenerateRandomString(12); err != nil {
-			lo.Fatal("error generating admin password")
-		} else {
-			password = p
-		}
-		typ = "auto-generated"
+		typ = "TOML config"
 	}
 
-	lo.Printf("creating admin user '%s'. Credential source is '%s'", user, typ)
+	if user != "" && password != "" {
+		lo.Printf("creating admin user '%s'. Credential source is '%s'", user, typ)
 
-	if _, err := db.Exec(`
+		perms := []string{}
+		for _, group := range permGroups {
+			for _, p := range group.Permissions {
+				perms = append(perms, p)
+			}
+		}
+		if _, err := db.Exec(`INSERT INTO roles (type, name, permissions) VALUES('user', 'Super Admin', $1) ON CONFLICT DO NOTHING`, pq.Array(perms)); err != nil {
+			return err
+		}
+
+		if _, err := db.Exec(`
 		INSERT INTO users (username, password_login, password, email, name, type, user_role_id, status) VALUES($1, true, CRYPT($2, GEN_SALT('bf')), $3, $4, 'user', 1, 'enabled') ON CONFLICT DO NOTHING;
 	`, user, password, user+"@listmonk", user); err != nil {
-		return err
-	}
-
-	if typ == "auto-generated" {
-		fmt.Printf("\n\033[31mIMPORTANT! CHANGE PASSWORD AFTER LOGGING IN\033[0m\nusername: \033[32m%s\033[0m and password: \033[32m%s\033[0m\n\n", user, password)
+			return err
+		}
+	} else {
+		lo.Printf("no Super Admin user created. Visit webpage to create user.")
 	}
 
 	return nil

schema.sql

@@ -314,8 +314,8 @@ CREATE TABLE roles (
     created_at       TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
     updated_at       TIMESTAMP WITH TIME ZONE DEFAULT NOW()
 );
-CREATE UNIQUE INDEX roles_idx ON roles (parent_id, list_id);
-CREATE UNIQUE INDEX roles_name_idx ON roles (type, name) WHERE name IS NOT NULL;
+CREATE UNIQUE INDEX idx_roles ON roles (parent_id, list_id);
+CREATE UNIQUE INDEX idx_roles_name ON roles (type, name) WHERE name IS NOT NULL;
 
 -- users
 DROP TABLE IF EXISTS users CASCADE;