From 955d30675b6cafa46e5007e990f8ff0147c14114 Mon Sep 17 00:00:00 2001 From: Eduardo Pozo Date: Thu, 12 Mar 2026 19:49:15 +0100 Subject: [PATCH 1/3] Add SUPERUSER_API_KEY, fix token message --- docker-compose.override.yml.example | 1 + docker/super_user.py | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/docker-compose.override.yml.example b/docker-compose.override.yml.example index 8c2ff70..c8a83f5 100644 --- a/docker-compose.override.yml.example +++ b/docker-compose.override.yml.example @@ -13,6 +13,7 @@ services: # environment: # SKIP_SUPERUSER: "false" # SUPERUSER_API_TOKEN: "" + # SUPERUSER_API_KEY: "" # SUPERUSER_EMAIL: "" # SUPERUSER_NAME: "" # SUPERUSER_PASSWORD: "" diff --git a/docker/super_user.py b/docker/super_user.py index 7918388..f10bec5 100644 --- a/docker/super_user.py +++ b/docker/super_user.py @@ -15,15 +15,23 @@ def _read_secret(secret_name: str, default: str | None = None) -> str | None: with f: return f.readline().strip() - su_name = environ.get("SUPERUSER_NAME", "admin") su_email = environ.get("SUPERUSER_EMAIL", "admin@example.com") su_password = _read_secret("superuser_password", environ.get("SUPERUSER_PASSWORD", "admin")) +# Sets the superuser API Token, defaults to widely known default +if not environ.get("SUPERUSER_API_TOKEN"): + print("⚠️ Warning: Defaulting to the old default admin token in your database. This token is widely known; please remove it.") su_api_token = _read_secret( "superuser_api_token", environ.get("SUPERUSER_API_TOKEN", "0123456789abcdef0123456789abcdef01234567"), ) +# Sets the superuser API key, defaults to a randomly generated key. +su_api_key = _read_secret( + "superuser_api_key", + environ.get("SUPERUSER_API_KEY"), +) + if not User.objects.filter(username=su_name): u = User.objects.create_superuser(su_name, su_email, su_password) msg = "" @@ -31,6 +39,9 @@ if not User.objects.filter(username=su_name): print("⚠️ No API token will be created as API_TOKEN_PEPPERS is not set") msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}" else: - t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2) - msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}, API Token: {t} (use with '{t.get_auth_header_prefix()}')" + if su_api_key: + t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2, key=su_api_key) + else: + t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2) + msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}, API Token: {su_api_token} (use with '{t.get_auth_header_prefix()}')" print(msg) From 76c103e6ae8a3206e47f42fd19926f3e47465236 Mon Sep 17 00:00:00 2001 From: Eduardo Pozo Date: Thu, 12 Mar 2026 20:43:32 +0100 Subject: [PATCH 2/3] Ruff formatting --- docker/super_user.py | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/super_user.py b/docker/super_user.py index f10bec5..f8e1a57 100644 --- a/docker/super_user.py +++ b/docker/super_user.py @@ -15,6 +15,7 @@ def _read_secret(secret_name: str, default: str | None = None) -> str | None: with f: return f.readline().strip() + su_name = environ.get("SUPERUSER_NAME", "admin") su_email = environ.get("SUPERUSER_EMAIL", "admin@example.com") su_password = _read_secret("superuser_password", environ.get("SUPERUSER_PASSWORD", "admin")) From e130d69c5bdbd0b438691a553321cb9b4cea816e Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Mon, 16 Mar 2026 10:47:03 +0100 Subject: [PATCH 3/3] Minor changes: - Use default for key - Changed message to not print the token --- docker/super_user.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/docker/super_user.py b/docker/super_user.py index f8e1a57..84d060b 100644 --- a/docker/super_user.py +++ b/docker/super_user.py @@ -19,18 +19,15 @@ def _read_secret(secret_name: str, default: str | None = None) -> str | None: su_name = environ.get("SUPERUSER_NAME", "admin") su_email = environ.get("SUPERUSER_EMAIL", "admin@example.com") su_password = _read_secret("superuser_password", environ.get("SUPERUSER_PASSWORD", "admin")) -# Sets the superuser API Token, defaults to widely known default if not environ.get("SUPERUSER_API_TOKEN"): - print("⚠️ Warning: Defaulting to the old default admin token in your database. This token is widely known; please remove it.") + print("⚠️ Warning: Defaulting to the old default admin token. This token is widely known; please remove it.") su_api_token = _read_secret( "superuser_api_token", environ.get("SUPERUSER_API_TOKEN", "0123456789abcdef0123456789abcdef01234567"), ) - -# Sets the superuser API key, defaults to a randomly generated key. su_api_key = _read_secret( "superuser_api_key", - environ.get("SUPERUSER_API_KEY"), + environ.get("SUPERUSER_API_KEY", "cae3ju9jeaqu"), ) if not User.objects.filter(username=su_name): @@ -44,5 +41,5 @@ if not User.objects.filter(username=su_name): t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2, key=su_api_key) else: t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2) - msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}, API Token: {su_api_token} (use with '{t.get_auth_header_prefix()}')" + msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}, API Token: use with '{t.get_auth_header_prefix()}'" print(msg)