From c8b2b664028cc3d4edb1f47cd1abfde3b6cc4c35 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 10 Jun 2022 22:48:27 +0300
Subject: [PATCH] set random password for admin when using default unless
 ADMIN_USER_PASS is set

---
 .env-dist          |  4 +++-
 README.md          |  9 +++++----
 src/app/startup.sh | 11 +++++++++++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/.env-dist b/.env-dist
index 4b7b193..50440a3 100644
--- a/.env-dist
+++ b/.env-dist
@@ -11,7 +11,9 @@
 
 # ADMIN_USER_* settings are applied on every startup.
 
-# Set admin user password to this value.
+# Set admin user password to this value. If not set, random password will be
+# generated if default password is being used, look for it in the 'app'
+# container logs.
 #ADMIN_USER_PASS=
 
 # Sets admin user access level to this value.
diff --git a/README.md b/README.md
index d9bcd8f..ce80ccc 100644
--- a/README.md
+++ b/README.md
@@ -52,18 +52,19 @@ docker-compose pull && docker-compose up -d
 
 See ``docker-compose`` documentation for more information and available options.
 
-#### Default login credentials
+#### Login credentials
 
-Username: `admin`, password: `password`
+You can set both internal 'admin' user password or, alternatively, create a separate user with necessary permissions
+on first launch through the environment, see `.env-dist` for more information.
 
 ### Updating
 
 You will need to pull a fresh image from Docker Hub to update tt-rss source code. Working copy
-will be synchronized on startup. 
+will be synchronized on startup.
 
 [Ouroboros](https://hub.docker.com/r/pyouroboros/ouroboros) or [Watchtower](https://hub.docker.com/r/containrrr/watchtower) easily automates this process.
 
-If database needs to be updated, tt-rss will prompt you to do so on next page refresh. Normally this happens 
+If database needs to be updated, tt-rss will prompt you to do so on next page refresh. Normally this happens
 automatically on container startup.
 
 #### Updating container scripts
diff --git a/src/app/startup.sh b/src/app/startup.sh
index a202013..cf3b420 100755
--- a/src/app/startup.sh
+++ b/src/app/startup.sh
@@ -120,6 +120,17 @@ sudo -Eu app php8 $DST_DIR/update.php --update-schema=force-yes
 
 if [ ! -z "$ADMIN_USER_PASS" ]; then
 	sudo -Eu app php8 $DST_DIR/update.php --user-set-password "admin:$ADMIN_USER_PASS"
+else
+	if sudo -Eu app php8 $DST_DIR/update.php --user-check-password "admin:password"; then
+		RANDOM_PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16 ; echo '')
+
+		echo "*****************************************************************************"
+		echo "* Setting initial built-in admin user password to '$RANDOM_PASS'        *"
+		echo "* If you want to set it manually, use ADMIN_USER_PASS environment variable. *"
+		echo "*****************************************************************************"
+
+		sudo -Eu app php8 $DST_DIR/update.php --user-set-password "admin:$RANDOM_PASS"
+	fi
 fi
 
 if [ ! -z "$ADMIN_USER_ACCESS_LEVEL" ]; then