From bf76f86ea4bacb3ae2e92f89d42d1134beac802c Mon Sep 17 00:00:00 2001 From: Jordan Wright Date: Thu, 25 Jun 2020 08:31:28 -0500 Subject: [PATCH] Adds environment variable to set the initial admin password This change adds a `GOPHISH_INITIAL_ADMIN_PASSWORD` environment variable so that system administrators can set the initial admin password rather than having it randomly generated. This is especially useful in automated deployment scenarios, or scenarios using Docker (ref #1876, #1874) --- models/models.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/models/models.go b/models/models.go index 7a82fb0b..bc1fe3a4 100644 --- a/models/models.go +++ b/models/models.go @@ -7,6 +7,7 @@ import ( "fmt" "io" "io/ioutil" + "os" "time" "bitbucket.org/liamstask/goose/lib/goose" @@ -28,6 +29,11 @@ const MaxDatabaseConnectionAttempts int = 10 // DefaultAdminUsername is the default username for the administrative user const DefaultAdminUsername = "admin" +// InitialAdminPassword is the environment variable that specifies which +// password to use for the initial root login instead of generating one +// randomly +const InitialAdminPassword = "GOPHISH_INITIAL_ADMIN_PASSWORD" + const ( CampaignInProgress string = "In progress" CampaignQueued string = "Queued" @@ -88,9 +94,14 @@ func chooseDBDriver(name, openStr string) goose.DBDriver { } func createTemporaryPassword(u *User) error { - // This will result in a 16 character password which could be viewed as an - // inconvenience, but it should be ok for now. - temporaryPassword := auth.GenerateSecureKey(auth.MinPasswordLength) + var temporaryPassword string + if envPassword := os.Getenv(InitialAdminPassword); envPassword != "" { + temporaryPassword = envPassword + } else { + // This will result in a 16 character password which could be viewed as an + // inconvenience, but it should be ok for now. + temporaryPassword = auth.GenerateSecureKey(auth.MinPasswordLength) + } hash, err := auth.GeneratePasswordHash(temporaryPassword) if err != nil { return err