local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Make system actor email configurable via SYSTEM_ACTOR_EMAIL

Browse source 
Allow system user email to be configured via environment variable
with fallback to default 'system@mila.local'
This commit is contained in:
Moritz 2026-01-21 08:02:35 +01:00
parent 7e9de8e95b
commit ea399612be
1 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
priv/repo/seeds.exs
View file

@ -204,7 +204,8 @@ admin_user_with_role =
# Create system user for systemic operations (email sync, validations, cycle generation) # Create system user for systemic operations (email sync, validations, cycle generation)
# This user is used by Mv.Helpers.SystemActor for operations that must always run # This user is used by Mv.Helpers.SystemActor for operations that must always run
system_user_email = "system@mila.local" # Email is configurable via SYSTEM_ACTOR_EMAIL environment variable
system_user_email = Mv.Helpers.SystemActor.system_user_email()
case Accounts.User case Accounts.User
|> Ash.Query.filter(email == ^system_user_email) |> Ash.Query.filter(email == ^system_user_email)
@ -218,7 +219,11 @@ case Accounts.User
{:ok, nil} -> {:ok, nil} ->
# System user doesn't exist - create it with admin role # System user doesn't exist - create it with admin role
# Note: No password is set - this user should never be used for login # SECURITY: System user must NOT be able to log in:
# - No password (hashed_password = nil) - prevents password login
# - No OIDC ID (oidc_id = nil) - prevents OIDC login
# - This user is ONLY for internal system operations via SystemActor
# If either hashed_password or oidc_id is set, the user could potentially log in
Accounts.create_user!(%{email: system_user_email}, Accounts.create_user!(%{email: system_user_email},
upsert?: true, upsert?: true,
upsert_identity: :unique_email upsert_identity: :unique_email