spiritxishi opened a new pull request, #12154:
URL: https://github.com/apache/inlong/pull/12154
[INLONG-12150][Improve][Manager][Dashboard] Enforce password change on first
login for default admin account (#12150)
Fixes #12150
### Motivation
The default admin account (admin/inlong) has no mechanism prompting
credential rotation after deployment, leaving a hard-coded password accessible
to anyone who reaches the login page. This PR enforces a mandatory password
change on first login.
### Modifications
**Manager**: New LoginResponse DTO with mustChangePassword flag;
UserService.isDefaultUsernameAndPassword() checks against DEFAULT_USER +
SHA-256("inlong"); AnnoController.login() returns the new DTO.
**Dashboard**: New ForcePasswordChangeModal.tsx (non-closable, forces logout
on success); Login/index.tsx reads mustChangePassword and sets sessionStorage
flags; Layout renders the modal.
**Tests**: AnnoControllerTest verifies mustChangePassword=true for default
admin login.
### Verifying this change
*(Please pick either of the following options)*
- [ ] This change is a trivial rework/code cleanup without any test coverage.
- [ ] This change is already covered by existing tests, such as:
AnnoControllerTest.testLoginReturnsMustChangePasswordForDefaultAdmin —
verifies the backend returns mustChangePassword=true.
- [ ] This change added tests and can be verified as follows:
### Documentation
- Does this pull request introduce a new feature? (yes)
- If yes, how is the feature documented? ( Issue#10150 + JavaDocs + TSDoc
on LoginResponse, UserService.isDefaultUsernameAndPassword, and
ForcePasswordChangeModal.)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]