Add health check endpoint and enhance admin verification logic

- Introduced a new public `/health` endpoint to verify database connectivity and list active admin users. - Updated `verify_admin` function to return the actual username on successful verification and handle various password hashing schemes, including legacy formats. - Modified login logic to use the returned username for session management. - Updated `login.html` form to support file uploads by adding `enctype` attribute.
2026-02-18 09:01:52 +02:00
parent 9193f2a7b1
commit 0c9494da56
5 changed files with 183 additions and 18 deletions
--- a/scripts/set_admin_password.py
+++ b/scripts/set_admin_password.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+"""
+Generate a bcrypt hash for a password. Use this to set or reset an admin user's
+password in the database when you can't log in.
+
+  python3 scripts/set_admin_password.py 'your_new_password'
+
+Then on the server (or any client with DB access):
+
+  psql -U postgres -d portal_auth -c "UPDATE users SET password_hash = '<paste hash here>' WHERE username = 'admin';"
+
+Or from the Auth LXC:
+  sudo -u postgres psql -d portal_auth -c "UPDATE users SET password_hash = '<hash>', role = 'admin', is_active = TRUE WHERE username = 'admin';"
+"""
+import sys
+import bcrypt
+
+def main():
+    if len(sys.argv) < 2:
+        print(__doc__, file=sys.stderr)
+        sys.exit(1)
+    password = sys.argv[1]
+    if len(password) < 8:
+        print("Password must be at least 8 characters.", file=sys.stderr)
+        sys.exit(1)
+    h = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
+    print(h)
+
+
+if __name__ == "__main__":
+    main()