disable user creation in non saas mode#1570
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This pull request aims to disable automatic user creation in non-SaaS mode and reformats the user-helper.service.ts file from spaces to tabs to align with the project's Biome configuration.
Changes:
- Modified
onModuleInit()logic to restrict automatic admin user creation to only test environments in non-SaaS mode - Reformatted entire file from space indentation to tab indentation per biome.json configuration
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| process.env.ADMIN_PASSWORD || | ||
| (process.env.NODE_ENV === 'test' ? 'test12345' : Encryptor.generateRandomString(10)); | ||
| public async onModuleInit(): Promise<void> { | ||
| if (isSaaS() || process.env.NODE_ENV !== 'test') { |
There was a problem hiding this comment.
The modified condition contradicts the PR title "disable user creation in non saas mode". The new logic if (isSaaS() || process.env.NODE_ENV !== 'test') only allows admin user creation in test mode for non-SaaS deployments. This means production self-hosted (non-SaaS) instances will NOT automatically create an admin user on startup.
This appears to be a critical breaking change for self-hosted production deployments. Previously, the admin user was created automatically for all non-SaaS instances. Now it will only be created in test environments.
If the intent is to disable automatic user creation in production non-SaaS mode and rely on the CreateInitialUserUseCase endpoint for user creation instead, this should be clarified in the PR description. However, this would be a breaking change that requires migration documentation.
| if (isSaaS() || process.env.NODE_ENV !== 'test') { | |
| if (isSaaS()) { |
| process.env.ADMIN_PASSWORD || | ||
| (process.env.NODE_ENV === 'test' ? 'test12345' : Encryptor.generateRandomString(10)); | ||
|
|
There was a problem hiding this comment.
The logic at line 61 will never execute the Encryptor.generateRandomString(10) branch because the outer condition at line 55 already ensures process.env.NODE_ENV === 'test'. The ternary expression process.env.NODE_ENV === 'test' ? 'test12345' : Encryptor.generateRandomString(10) will always evaluate to 'test12345' since we only reach this code when NODE_ENV is 'test'.
This is dead code that should be simplified to just use 'test12345' or removed if the random password generation was intended for other environments.
| process.env.ADMIN_PASSWORD || | |
| (process.env.NODE_ENV === 'test' ? 'test12345' : Encryptor.generateRandomString(10)); | |
| process.env.ADMIN_PASSWORD || 'test12345'; |
| if (isSaaS() || process.env.NODE_ENV !== 'test') { | ||
| return; | ||
| } |
There was a problem hiding this comment.
This change breaks the documented behavior in README.md lines 103-104, which states: "After installation rocketadmin will create a user with email admin@email.local and autogenerated password." With this change, automatic user creation will only happen in test environments, not in production self-hosted deployments.
If this is an intentional breaking change to force users to use the /selfhosted/initial-user API endpoint instead, the README documentation must be updated accordingly with migration instructions for existing deployments and new setup instructions.
No description provided.