chore: Add possibility to override admin credentials from environment variables in web UI

This commit adds the ability to override the admin credentials from environment variables in the web UI. By setting the `OVERRIDE_ADMIN_CREDS` variable to `yes`, the admin credentials can be changed even if they are already set. The `ADMIN_USERNAME` and `ADMIN_PASSWORD` variables can be used to specify the new username and password. The web UI will authenticate users using these variables.
2026-05-24 09:28:37 +00:00 · 2024-05-24 11:33:37 +01:00 · 2024-05-24 11:33:37 +01:00 · 67a08031e1
commit 67a08031e1
parent 6179d6f5ff
2 changed files with 22 additions and 4 deletions
--- a/docs/web-ui.md
+++ b/docs/web-ui.md
@ -752,6 +752,16 @@ When your BunkerWeb instance has upgraded to the PRO version, you will see your

 ### Username / Password

+!!! tip "Overriding admin credentials from environment variables"
+
+    If you want to override the admin credentials from environment variables, you can set the following variables :
+
+    - `OVERRIDE_ADMIN_CREDS` : set it to `yes` to enable the override even if the admin credentials are already set (default is `no`)
+    - `ADMIN_USERNAME` : username to access the web UI
+    - `ADMIN_PASSWORD` : password to access the web UI
+
+    The web UI will use these variables to authenticate you.
+
 !!! warning "Lost password/username"

    In case you forgot your UI credentials, you can reset them from the CLI following [the steps described in the troubleshooting section](troubleshooting.md#web-ui).
--- a/src/ui/gunicorn.conf.py
+++ b/src/ui/gunicorn.conf.py
@ -78,17 +78,25 @@ def on_starting(server):
        USER = User(**USER)

        if getenv("ADMIN_USERNAME") or getenv("ADMIN_PASSWORD"):
-            if USER.method == "manual":
+            override_admin_creds = getenv("OVERRIDE_ADMIN_CREDS", "no").lower() == "yes"
+            if USER.method == "manual" or override_admin_creds:
                updated = False
                if getenv("ADMIN_USERNAME", "") and USER.get_id() != getenv("ADMIN_USERNAME", ""):
                    USER.id = getenv("ADMIN_USERNAME", "")
                    updated = True
                if getenv("ADMIN_PASSWORD", "") and not USER.check_password(getenv("ADMIN_PASSWORD", "")):
-                    USER.update_password(getenv("ADMIN_PASSWORD", ""))
-                    updated = True
+                    if not USER_PASSWORD_RX.match(getenv("ADMIN_PASSWORD", "")):
+                        LOGGER.warning(
+                            "The admin password is not strong enough. It must contain at least 8 characters, including at least 1 uppercase letter, 1 lowercase letter, 1 number and 1 special character (#@?!$%^&*-). It will not be updated."
+                        )
+                    else:
+                        USER.update_password(getenv("ADMIN_PASSWORD", ""))
+                        updated = True

                if updated:
-                    ret = db.update_ui_user(USER.get_id(), USER.password_hash, USER.is_two_factor_enabled, USER.secret_token)
+                    if override_admin_creds:
+                        LOGGER.warning("Overriding the admin user credentials, as the OVERRIDE_ADMIN_CREDS environment variable is set to 'yes'.")
+                    ret = db.update_ui_user(USER.get_id(), USER.password_hash, USER.is_two_factor_enabled, USER.secret_token, method="manual")
                    if ret:
                        LOGGER.error(f"Couldn't update the admin user in the database: {ret}")
                        exit(1)