Skip to content

[FR] Improve first account creation #5247

New issue
New issue
Open
Enhancement
Open
[FR] Improve first account creation#5247
Enhancement
Assignees
matmair
Labels
enhancementThis is an suggested enhancement or new featuresecurityRelates to a security issuesetupRelates to the InvenTree setup / installation process
Milestone
horizon
@matmair

Description

@matmair
matmair
opened on Jul 13, 2023

Please verify that this feature request has NOT been suggested before.

  • I checked and didn't find a similar feature request

Problem statement

Currently you either get issued credentials for the first login (by the packaged installer) or need to run a command to get your intial admin account. This works but leaves the admin to either

  • login and change the password
  • cerate an account from the CLI without access to all the tools browsers have included (ie password generators)

Suggested solution

With django-sesame integrated in #5209 we can now issue links that log users in. This means we can add a task that creates an empty admin user account and a scoped login url that can be used by an admin to login in and register in 1 step. This could later be expanded to flow into #2284 creating an easy and secure setup experience.

Describe alternatives you've considered

We could change the current creation task to include a login link (with the created users credentials) but that is pretty insecure.

Examples of other systems

most self-hosted enterprise solutions provide a first-use token

Do you want to develop this?

  • I want to develop this.

Metadata

Metadata

Assignees

Labels

enhancementThis is an suggested enhancement or new featuresecurityRelates to a security issuesetupRelates to the InvenTree setup / installation process

Type

Enhancement

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions