Make system actor email configurable via SYSTEM_ACTOR_EMAIL
Allow system user email to be configured via environment variable with fallback to default 'system@mila.local'
This commit is contained in:
parent
ce292b431c
commit
15bf76ab25
GPG key ID:
40E7A58C4AA1EDB2
1 changed files with 7 additions and 2 deletions
|
|
@ -204,7 +204,8 @@ admin_user_with_role =
|
|||
|
||||
# Create system user for systemic operations (email sync, validations, cycle generation)
|
||||
# This user is used by Mv.Helpers.SystemActor for operations that must always run
|
||||
system_user_email = "system@mila.local"
|
||||
# Email is configurable via SYSTEM_ACTOR_EMAIL environment variable
|
||||
system_user_email = Mv.Helpers.SystemActor.system_user_email()
|
||||
|
||||
case Accounts.User
|
||||
|> Ash.Query.filter(email == ^system_user_email)
|
||||
|
|
@ -218,7 +219,11 @@ case Accounts.User
|
|||
|
||||
{:ok, nil} ->
|
||||
# System user doesn't exist - create it with admin role
|
||||
# Note: No password is set - this user should never be used for login
|
||||
# SECURITY: System user must NOT be able to log in:
|
||||
# - No password (hashed_password = nil) - prevents password login
|
||||
# - No OIDC ID (oidc_id = nil) - prevents OIDC login
|
||||
# - This user is ONLY for internal system operations via SystemActor
|
||||
# If either hashed_password or oidc_id is set, the user could potentially log in
|
||||
Accounts.create_user!(%{email: system_user_email},
|
||||
upsert?: true,
|
||||
upsert_identity: :unique_email
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue