Merge pull request #139 from OHDSI/user-conf

use not hashed password in configurations for new users.

Author: konstjar

datanode/config/config-dev.yml

@@ -25,13 +25,13 @@ datanode:
       email: [email protected]
       firstName: Datanode
       lastName: Admin
-      password: $2a$12$FLBjwwU2GOrCAASJg.E7N.uNiYd6rC4lLBN5hYmEiq49IPsMFnRxa
+      password: password
       roles: ADMIN
     user:
       email: [email protected]
       firstName: Datanode
       lastName: User
-      password: $2a$12$FLBjwwU2GOrCAASJg.E7N.uNiYd6rC4lLBN5hYmEiq49IPsMFnRxa
+      password: password
   jwt:
     expiration: 604800
 executionEngine:

datanode/src/main/java/com/odysseusinc/arachne/datanode/auth/basic/DbBasicCredentialsService.java

@@ -40,7 +40,6 @@
 import java.time.Clock;
 import java.time.Instant;
 import java.util.List;
-import java.util.Objects;
 import java.util.Optional;
 import java.util.UUID;
 
@@ -99,7 +98,7 @@ public void ensureRegistered(String login, String password, UserDTO info) {
     }
 
     private CredentialsEntity updateIfPassDiffers(String login, String password, CredentialsEntity credentials) {
-        if (!Objects.equals(password, credentials.getData())) {
+        if (!passwordEncoder.matches(password, credentials.getData())) {
             log.info("On service account [{}], force updated password due to mismatch", login);
             credentials.setTerminated(Instant.now(clock));
             return create(password, credentials.getUser());

install/docker/datanode.env

@@ -24,5 +24,5 @@ jasypt.encryptor.password=arachne
 datanode.users.admin.email=[email protected]
 datanode.users.admin.firstName=Datanode
 datanode.users.admin.lastName=Admin
-datanode.users.admin.password='$2a$10$JrltmCF6zqvfdpZTYOTM0uByU1Cx9C3X0x0iRQFqlXX3bTOEsWJae' # Bcrypt format
+datanode.users.admin.password='ohdsi'
 datanode.users.admin.roles='ADMIN'