move the superuser password to application.conf to avoid the world fr…

…om seeing it
FEMR · Jul 7, 2015 · 9a1edc4 · 9a1edc4
1 parent 9a6b081
commit 9a1edc4
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/app/femr/util/startup/DatabaseSeeder.java b/app/femr/util/startup/DatabaseSeeder.java
@@ -1182,17 +1182,20 @@ private void seedAdminUser() {
         if (userCount == 0) {
             String defaultAdminUsername = Play.application().configuration().getString("default.admin.username");
             String defaultAdminPassword = Play.application().configuration().getString("default.admin.password");
+            String defaultSuperuserUsername = Play.application().configuration().getString("default.superuser.username");
+            String defaultSuperuserPassword = Play.application().configuration().getString("default.superuser.password");
+
             IPasswordEncryptor encryptor = new BCryptPasswordEncryptor();
 
             //create the Admin user
             //Admin is used for managing users, creating users, managing inventory, etc
             //Admin information is given to the manager/group leader/whoever is in charge
             User adminUser = new User();
-            String encryptedPassword = encryptor.encryptPassword(defaultAdminPassword);
+            String encryptedAdminPassword = encryptor.encryptPassword(defaultAdminPassword);
             adminUser.setFirstName("Administrator");
             adminUser.setLastName("");
             adminUser.setEmail(defaultAdminUsername);
-            adminUser.setPassword(encryptedPassword);
+            adminUser.setPassword(encryptedAdminPassword);
             adminUser.setLastLogin(dateUtils.getCurrentDateTime());
             adminUser.setDeleted(false);
             Role role = roleRepository.findOne(Ebean.find(Role.class).where().eq("name", "Administrator"));
@@ -1204,11 +1207,11 @@ private void seedAdminUser() {
             //SuperUser is an account that gives access to important configuration
             //settings
             User superUser = new User();
-            String encryptedSuperUserPassword = encryptor.encryptPassword("wsu1f8e6m8r");
+            String encryptedSuperuserPassword = encryptor.encryptPassword(defaultSuperuserPassword);
             superUser.setFirstName("SuperUser");
             superUser.setLastName("");
-            superUser.setEmail("superuser");
-            superUser.setPassword(encryptedSuperUserPassword);
+            superUser.setEmail(defaultSuperuserUsername);
+            superUser.setPassword(encryptedSuperuserPassword);
             superUser.setLastLogin(dateUtils.getCurrentDateTime());
             superUser.setDeleted(false);
             Role role1 = roleRepository.findOne(Ebean.find(Role.class).where().eq("name", "SuperUser"));

diff --git a/conf/application.conf b/conf/application.conf
@@ -1,6 +1,9 @@
 #Do not change admin username
 default.admin.username="admin"
 default.admin.password="admin"
+#Do not change superuser username
+default.superuser.username="superuser"
+default.superuser.password="superuser"
 
 #Session time out, in minutes
 sessionTimeout=50