othman.suseno/calypso
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
calypso/docs/ADMIN-CREDENTIALS.md
Warp Agent a08514b4f2 Organize documentation: move all markdown files to docs/ directory 
- Created docs/ directory for better organization
- Moved 35 markdown files from root to docs/
- Includes all status reports, guides, and testing documentation

Co-Authored-By: Warp <agent@warp.dev>
2025-12-24 20:05:40 +00:00

2.7 KiB
Raw Permalink Blame History

Default Admin Credentials

🔐 Default Admin User

Username: admin
Password: admin123
Email: admin@calypso.local

⚠️ Important Notes

Password Hashing

After implementing security hardening (Phase D), the backend now uses Argon2id password hashing. This means:

  1. If the admin user was created BEFORE security hardening:

    • The password in the database might still be plaintext
    • You need to update it with an Argon2id hash
    • Use: ./scripts/update-admin-password.sh

  2. If the admin user was created AFTER security hardening:

    • The password should already be hashed
    • Login should work with admin123

Check Password Status

To check if the password is properly hashed:

sudo -u postgres psql calypso -c "SELECT username, CASE WHEN password_hash LIKE '\$argon2id%' THEN 'Argon2id (secure)' ELSE 'Plaintext (needs update)' END as password_type FROM users WHERE username = 'admin';"

If it shows "Plaintext (needs update)", run:

./scripts/update-admin-password.sh

🚀 Quick Setup

Create Admin User (if not exists)

./scripts/setup-test-user.sh

This script will:

  • Create the admin user with username: admin
  • Set password to: admin123
  • Assign admin role
  • Note: If created before security hardening, password will be plaintext

Update Password to Argon2id (if needed)

If the password is still plaintext, update it:

./scripts/update-admin-password.sh

This will:

  • Generate an Argon2id hash for admin123
  • Update the database
  • Allow login with the new secure hash

🧪 Testing Login

Via Frontend

  1. Open http://localhost:3000
  2. Enter credentials:
    • Username: admin
    • Password: admin123
  3. Click "Sign in"

Via API

curl -X POST http://localhost:8080/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username":"admin","password":"admin123"}'

🔒 Security Note

For Production:

  • Change the default password immediately
  • Use a strong password
  • Consider implementing password policies
  • Enable additional security features

For Testing/Development:

  • The default admin123 password is acceptable
  • Ensure it's properly hashed with Argon2id

📝 Summary

Default Credentials:

  • Username: admin
  • Password: admin123
  • Status: Password is now properly hashed with Argon2id

To Use:

  1. Ensure admin user exists: ./scripts/setup-test-user.sh
  2. If password is plaintext, update it: go run ./backend/cmd/hash-password/main.go "admin123" then update database
  3. Login with the credentials above

Current Status: Admin user exists and password is securely hashed